SSD Advisory – QNAP Pre-Auth CGI_Find_Parameter RCE
https://ssd-disclosure.com/ssd-advisory-qnap-pre-auth-cgi_find_parameter-rce/
https://ssd-disclosure.com/ssd-advisory-qnap-pre-auth-cgi_find_parameter-rce/
SSD Secure Disclosure
SSD Advisory – QNAP Pre-Auth CGI_Find_Parameter RCE - SSD Secure Disclosure
TL;DR Find out how a memory corruption vulnerability can lead to a pre-auth remote code execution on QNAP QTS’s Surveillance Station plugin. Vulnerability Summary QNAP NAS with “Surveillance Station Local Display function can perform monitoring and playback…
Name:Wreck
Forescout Research Labs and JSOF discover nine new vulnerabilities affecting four popular TCP/IP stacks used in millions of IoT, OT and IT devices:
https://www.forescout.com/research-labs/namewreck/
Forescout Research Labs and JSOF discover nine new vulnerabilities affecting four popular TCP/IP stacks used in millions of IoT, OT and IT devices:
https://www.forescout.com/research-labs/namewreck/
Forescout
NAME:WRECK - Forescout
NAME:WRECK NAME:WRECK Vedere Labs and JSOF discover nine new vulnerabilities affecting four popular TCP/IP stacks used in millions of IoT, OT and IT devices. Read Report 9 DNS-Related Vulnerabilities 4 TCP/IP Stacks 100M+ Estimated Devices Affected NAME:WRECK…
В новом релизе Chrome закрыт ряд High уязвимостей
https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop.html?m=1
https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop.html?m=1
Chrome Releases
Stable Channel Update for Desktop
The Stable channel has been updated to 89.0.4389.128 for Windows, Mac and Linux which will roll out over the coming days/weeks. A full list ...
Released: April 2021 Exchange Server Security Updates
https://techcommunity.microsoft.com/t5/exchange-team-blog/released-april-2021-exchange-server-security-updates/ba-p/2254617
https://msrc-blog.microsoft.com/2021/04/13/april-2021-update-tuesday-packages-now-available/
https://techcommunity.microsoft.com/t5/exchange-team-blog/released-april-2021-exchange-server-security-updates/ba-p/2254617
https://msrc-blog.microsoft.com/2021/04/13/april-2021-update-tuesday-packages-now-available/
TECHCOMMUNITY.MICROSOFT.COM
Released: April 2021 Exchange Server Security Updates | Microsoft Community Hub
We are releasing a set of security updates for Exchange Server 2013, 2016 and 2019.
Why Brave Disables FLoC | Brave Browser
https://brave.com/why-brave-disables-floc/
https://brave.com/why-brave-disables-floc/
Brave
Why Brave Disables FLoC | Brave
Brave opposes FLoC, a recent Google proposal that would have your browser share your browsing behavior and interests by default with every site and advertiser with which you interact.
Adobe critical vulnerabilities
Security Updates:
- Photoshop: https://helpx.adobe.com/security/products/photoshop/apsb21-28.html
- Bridge: https://helpx.adobe.com/security/products/bridge/apsb21-23.html
- Digital Editions: https://helpx.adobe.com/security/products/Digital-Editions/apsb21-26.html
Security Updates:
- Photoshop: https://helpx.adobe.com/security/products/photoshop/apsb21-28.html
- Bridge: https://helpx.adobe.com/security/products/bridge/apsb21-23.html
- Digital Editions: https://helpx.adobe.com/security/products/Digital-Editions/apsb21-26.html
Adobe
Adobe Security Bulletin
Security updates available for Adobe Photoshop | APSB21-28
Forwarded from Sys-Admin Up (Yevgeniy Goncharov)
Копирование файлов/каталогов между PowerShell сессиями
https://sys-adm.in/programming/powershell-menu/955-kopirovanie-fajlov-katalogov-mezhdu-powershell-sessiyami.html
https://sys-adm.in/programming/powershell-menu/955-kopirovanie-fajlov-katalogov-mezhdu-powershell-sessiyami.html
lab.sys-adm.in
Sys-Admin Laboratory
Open Sys-Admin BLD DNS - Focus on information for free with adblocking and implicit cybersecurity threat prevention.
GitLab Critical Security Release
RCE
https://about.gitlab.com/releases/2021/04/14/security-release-gitlab-13-10-3-released/
RCE
https://about.gitlab.com/releases/2021/04/14/security-release-gitlab-13-10-3-released/
GitLab
GitLab Critical Security Release: 13.10.3, 13.9.6, and 13.8.8
Learn more about GitLab Critical Security Release: 13.10.3, 13.9.6, and 13.8.8 for GitLab Community Edition (CE) and Enterprise Edition (EE).
Remote exploitation of a man-in-the-disk vulnerability in WhatsApp (CVE-2021-24027)
https://census-labs.com/news/2021/04/14/whatsapp-mitd-remote-exploitation-CVE-2021-24027/
https://census-labs.com/news/2021/04/14/whatsapp-mitd-remote-exploitation-CVE-2021-24027/
Census-Labs
CENSUS | Cybersecurity Engineering
In this article we will have a look at how a simple phishing attack through an Android messaging application could result in the direct leakage of data found in unprotected device storage (/sdcard). Then we will show how the two aforementioned WhatsApp vulnerabilities…
Анализ уязвимостей удаленного выполнения кода движка Chromium V8 JavaScript
Статья на китайском, кто трансляторы справляются*
http://noahblog.360.cn/chromium_v8_remote_code_execution_vulnerability_analysis/
Статья на китайском, кто трансляторы справляются*
http://noahblog.360.cn/chromium_v8_remote_code_execution_vulnerability_analysis/
Improve your page experience with AMP and Cloudflare Workers Unbound
https://blog.cloudflare.com/amp-optimizer-on-cloudflare-workers/
https://blog.cloudflare.com/amp-optimizer-on-cloudflare-workers/
The Cloudflare Blog
Improve your page experience with AMP and Cloudflare Workers Unbound
Google’s new page experience measurements are going to be included in their search ranking in May 2021. Learn more about how to improve your page experience with AMP and Cloudflare Workers.
Russian Foreign Intelligence Service Exploiting Five Publicly Known Vulnerabilities to Compromise U.S. and Allied Networks
https://www.nsa.gov/News-Features/Feature-Stories/Article-View/Article/2573391/russian-foreign-intelligence-service-exploiting-five-publicly-known-vulnerabili/
P.S. спасибо за ссылку другу канала - @Thatskriptkid ✌️
https://www.nsa.gov/News-Features/Feature-Stories/Article-View/Article/2573391/russian-foreign-intelligence-service-exploiting-five-publicly-known-vulnerabili/
P.S. спасибо за ссылку другу канала - @Thatskriptkid ✌️
Таргетированный фишинг на участников цепей поставок covid вакцины
Транспортные компании, ИТ компании, здравоохранение. Видимыми целями являются - данные (как пример хищение сведений о переговорах цепей поставок, методах хранения вакцин, температурных режимах хранения)
В отчёте нет технических данных, есть анализ текущей ситуации, описание целей фишеров и признаков данной компании, какие производственные области находятся под ударом...
https://securityintelligence.com/posts/covid-19-vaccine-global-cold-chain-security/
Транспортные компании, ИТ компании, здравоохранение. Видимыми целями являются - данные (как пример хищение сведений о переговорах цепей поставок, методах хранения вакцин, температурных режимах хранения)
В отчёте нет технических данных, есть анализ текущей ситуации, описание целей фишеров и признаков данной компании, какие производственные области находятся под ударом...
https://securityintelligence.com/posts/covid-19-vaccine-global-cold-chain-security/
Security Intelligence
An update: The COVID-19 vaccine’s global cold chain continues to be a target
In December 2020, the COVID-19 cold chain was targeted by cyber adversaries. IBM Security X-Force discovered another 50 files tied to spear-phishing emails.
New Vulnerability Affecting Container Engines CRI-O and Podman (CVE-2021-20291)
https://unit42.paloaltonetworks.com/cve-2021-20291/
https://unit42.paloaltonetworks.com/cve-2021-20291/
Unit 42
New Vulnerability Affecting Container Engines CRI-O and Podman (CVE-2021-20291)
CVE-2021-20291 leads to a denial of service of the container engines CRI-O and Podman when pulling a malicious image from a registry.
Work with GitHub Actions in your terminal with GitHub CLI - The GitHub Blog
https://github.blog/2021-04-15-work-with-github-actions-in-your-terminal-with-github-cli/
https://github.blog/2021-04-15-work-with-github-actions-in-your-terminal-with-github-cli/
The GitHub Blog
Work with GitHub Actions in your terminal with GitHub CLI
As of 1.9.0, GitHub Actions is available in your terminal. Two new top-level commands, `gh run` and `gh workflow`, provide insight into workflow runs.
Allow arbitrary URLs, expect arbitrary code execution
https://positive.security/blog/url-open-rce
P.S. Ссылка не моя, за что спасибо ✌️
https://positive.security/blog/url-open-rce
P.S. Ссылка не моя, за что спасибо ✌️
positive.security
Allow arbitrary URLs, expect arbitrary code execution | Positive Security
Insecure URL handling leading to 1-click code execution vulnerabilities in Telegram, Nextcloud (CVE-2021-22879), VLC, LibreOffice (CVE-2021-25631), OpenOffice (CVE-2021-30245), Bitcoin/Dogecoin Wallets, Wireshark (CVE-2021-22191) and Mumble (CVE-2021-27229).
При покупке шлюза Zyxel серии USG FLEX - 4G/LTE роутер в подарок
Для получения 4G/LTE роутера, необходимо конечно купить шлюз USG FLEX, зерегить его в системе управления сетью Zyxel Nebula, после чего отправить письмо, что мол так и так, купил железку, зарегистрировал в Nebula, где мой роутер? 🙂
Детали здесь.
При покупке шлюза Zyxel серии USG FLEX - 4G/LTE роутер в подарок
Для получения 4G/LTE роутера, необходимо конечно купить шлюз USG FLEX, зерегить его в системе управления сетью Zyxel Nebula, после чего отправить письмо, что мол так и так, купил железку, зарегистрировал в Nebula, где мой роутер? 🙂
Детали здесь.
EIP Stack Group OpENer Ethernet/IP server out-of-bounds write vulnerability
https://talosintelligence.com/vulnerability_reports/TALOS-2020-1170
https://talosintelligence.com/vulnerability_reports/TALOS-2020-1170
Forwarded from Sys-Admin Up (Yevgeniy Goncharov)
GitHub - Netflix/consoleme: A Central Control Plane for AWS Permissions and Access
https://github.com/Netflix/consoleme
https://github.com/Netflix/consoleme
GitHub
GitHub - Netflix/consoleme: A Central Control Plane for AWS Permissions and Access
A Central Control Plane for AWS Permissions and Access - Netflix/consoleme