EIP Stack Group OpENer Ethernet/IP server out-of-bounds write vulnerability
https://talosintelligence.com/vulnerability_reports/TALOS-2020-1170
https://talosintelligence.com/vulnerability_reports/TALOS-2020-1170
Forwarded from Sys-Admin Up (Yevgeniy Goncharov)
GitHub - Netflix/consoleme: A Central Control Plane for AWS Permissions and Access
https://github.com/Netflix/consoleme
https://github.com/Netflix/consoleme
GitHub
GitHub - Netflix/consoleme: A Central Control Plane for AWS Permissions and Access
A Central Control Plane for AWS Permissions and Access - Netflix/consoleme
How to join a Linux system to an Active Directory domain
https://www.redhat.com/sysadmin/linux-active-directory
https://www.redhat.com/sysadmin/linux-active-directory
Redhat
How to join a Linux system to an Active Directory domain
Microsoft's Active Directory (AD) is the go-to directory service for many organizations. If you and your team are responsible for a mixed Windows and Linux e...
Windows NTFS Denial of Service Vulnerability (update available)
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-28312
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-28312
socta2021_3.pdf
37.9 MB
ОЦЕНКА УГРОЗЫ ОРГАНИЗОВАННОЙ ПРЕСТУПНОСТИ В ЕВРОПЕЙСКОМ СОЮЗЕ (отчет Европола)
DDoS attack trends for 2021 Q1
https://blog.cloudflare.com/ddos-attack-trends-for-2021-q1/
https://blog.cloudflare.com/ddos-attack-trends-for-2021-q1/
The Cloudflare Blog
DDoS attack trends for 2021 Q1
Today, along with this deep-dive analysis blog, we’re excited to announce the new Radar DDoS Report page, our first fully automated data notebook built on top of Jupyter, Clickhouse, and Workers.
Adversary Dossier: Ryuk Ransomware Anatomy of an Attack in 2021
https://www.advanced-intel.com/post/adversary-dossier-ryuk-ransomware-anatomy-of-an-attack-in-2021
https://www.advanced-intel.com/post/adversary-dossier-ryuk-ransomware-anatomy-of-an-attack-in-2021
WordPress: Authenticated disclosure of password-protected posts and pages
https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-pmmh-2f36-wvhq
https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-pmmh-2f36-wvhq
GitHub
WordPress: Authenticated disclosure of password-protected posts and pages
### Impact
One of the blocks in the WordPress editor can be exploited in a way that exposes password-protected posts and pages. This requires at least contributor privileges.
### Patches
This ...
One of the blocks in the WordPress editor can be exploited in a way that exposes password-protected posts and pages. This requires at least contributor privileges.
### Patches
This ...
Hard Drive And SSD Shortages May Occur In The Near Future If New Cryptocurrency Succeeds
Сначала возник дефицит видеокарт, теперь возможно грядет дефицит SSD/HDD..
https://wccftech.com/hard-drive-and-ssd-shortages-may-occur-in-the-near-future-if-new-cryptocurrency-succeeds/
Сначала возник дефицит видеокарт, теперь возможно грядет дефицит SSD/HDD..
https://wccftech.com/hard-drive-and-ssd-shortages-may-occur-in-the-near-future-if-new-cryptocurrency-succeeds/
Wccftech
Hard Drive And SSD Shortages May Occur In The Near Future If New Cryptocurrency Succeeds
Emerging cryptocurrency, Chia, is mined by using storage space and may lead to hard drive and SSD shortages in the near future.
Когда BMP изображение может быть угрозой
Все начинается, как обычно с doc документа, заканчивается установкой вредоносного RAT ( Remote Access Trojan )
PoC
https://blog.malwarebytes.com/malwarebytes-news/2021/04/lazarus-apt-conceals-malicious-code-within-bmp-file-to-drop-its-rat/amp/
Все начинается, как обычно с doc документа, заканчивается установкой вредоносного RAT ( Remote Access Trojan )
PoC
https://blog.malwarebytes.com/malwarebytes-news/2021/04/lazarus-apt-conceals-malicious-code-within-bmp-file-to-drop-its-rat/amp/
Recent Chromium bug used to attack Chinese WeChat users
https://therecord.media/recent-chromium-bug-used-to-attack-chinese-wechat-users/
https://therecord.media/recent-chromium-bug-used-to-attack-chinese-wechat-users/
therecord.media
Recent Chromium bug used to attack Chinese WeChat users
A Chrome exploit published online last week has been weaponized and abused to attack WeChat users in China, a local security firm reported on Friday.
Start building your own private network on Cloudflare today
https://blog.cloudflare.com/build-your-own-private-network-on-cloudflare/
https://blog.cloudflare.com/build-your-own-private-network-on-cloudflare/
The Cloudflare Blog
Start building your own private network on Cloudflare today
Starting today, your team can build a private network on Cloudflare’s network.
От пентеста до АРТ-атаки: группа киберпреступников FIN7 маскирует свою малварь под инструментарий этичного хакера / BI.ZONE / Хабр
https://m.habr.com/ru/company/bizone/blog/553136/
https://m.habr.com/ru/company/bizone/blog/553136/
Хабр
От пентеста до АРТ-атаки: группа киберпреступников FIN7 маскирует свою малварь под инструментарий этичного хакера
Статья подготовлена командой BI.ZONE Cyber Threat Research Мы не первый раз натыкаемся на киберпреступные группировки, которые прикидываются легальными организациями и маскируют свою малварь под...
Security Notice: SonicWall Email Security Zero-Day Vulnerabilities
https://www.sonicwall.com/support/product-notification/security-notice-sonicwall-email-security-zero-day-vulnerabilities/210416112932360/
https://www.sonicwall.com/support/product-notification/security-notice-sonicwall-email-security-zero-day-vulnerabilities/210416112932360/
GitHub Actions: Control permissions for GITHUB_TOKEN - GitHub Changelog
https://github.blog/changelog/2021-04-20-github-actions-control-permissions-for-github_token/
https://github.blog/changelog/2021-04-20-github-actions-control-permissions-for-github_token/
The GitHub Blog
GitHub Actions: Control permissions for GITHUB_TOKEN - GitHub Changelog
GitHub Actions now lets you control the permissions granted to the GITHUB_TOKEN secret. The GITHUB_TOKEN is an automatically generated secret that lets you make authenticated calls to the GitHub API…
PARETO: The most sophisticated CTV botnet ever found...and disrupted
https://www.humansecurity.com/pareto
https://www.humansecurity.com/pareto
HUMAN Security
Disrupting PARETO - HUMAN Security
HUMAN's Satori Threat Intelligence and Research Team uncovered and disrupted PARETO, the most sophisticated CTV operation ever found.
Announcing Windows 10 Insider Preview Build 21364 | Windows Insider Blog
https://blogs.windows.com/windows-insider/2021/04/21/announcing-windows-10-insider-preview-build-21364/
https://blogs.windows.com/windows-insider/2021/04/21/announcing-windows-10-insider-preview-build-21364/
Windows Insider Blog
Announcing Windows 10 Insider Preview Build 21364
UPDATE 4/28: We are starting to roll out Cumulative Update Build 21364.1011 (KB5003402). This update does not include anything new and is designed to test our servicing pipeline including our ability to release servicing updates on
Facebook has a new mega-leak on its hands
https://arstechnica.com/gadgets/2021/04/tool-links-email-addresses-to-facebook-accounts-at-scale/
https://arstechnica.com/gadgets/2021/04/tool-links-email-addresses-to-facebook-accounts-at-scale/
Ars Technica
Brace yourselves. Facebook has a new mega-leak on its hands
Facebook Email Search v1.0 can process 5 million email addresses per day, researcher says.