/ POC for CVE-2022-22972 affecting VMware Workspace ONE, vIDM, and vRealize Automation 7.6.
https://github.com/horizon3ai/CVE-2022-22972
https://github.com/horizon3ai/CVE-2022-22972
GitHub
GitHub - horizon3ai/CVE-2022-22972
Contribute to horizon3ai/CVE-2022-22972 development by creating an account on GitHub.
Forwarded from Sys-Admin Up (Yevgeniy Goncharov)
/ High-severity vulnerabilities in a mobile framework owned by mce Systems
mce Systems used by multiple large mobile service providers in pre-installed Android System apps that potentially exposed users to remote (albeit complex) or local attacks..:
http://www.microsoft.com/security/blog/2022/05/27/android-apps-with-millions-of-downloads-exposed-to-high-severity-vulnerabilities/
mce Systems used by multiple large mobile service providers in pre-installed Android System apps that potentially exposed users to remote (albeit complex) or local attacks..:
http://www.microsoft.com/security/blog/2022/05/27/android-apps-with-millions-of-downloads-exposed-to-high-severity-vulnerabilities/
Microsoft News
Android apps with millions of downloads exposed to high-severity vulnerabilities
Microsoft uncovered high-severity vulnerabilities in a mobile framework used by multiple large mobile service providers in pre-installed Android System apps that potentially exposed users to remote or local attacks.
/ GhostTouch: Targeted Attacks on Touchscreens without Physical Touch
* https://www.usenix.org/conference/usenixsecurity22/presentation/wang-kai
* https://www.usenix.org/conference/usenixsecurity22/presentation/wang-kai
/ Follina — a Microsoft Office code execution vulnerability
* https://doublepulsar.com/follina-a-microsoft-office-code-execution-vulnerability-1a47fce5629e
* https://doublepulsar.com/follina-a-microsoft-office-code-execution-vulnerability-1a47fce5629e
Medium
Follina — a Microsoft Office code execution vulnerability
Two days ago, Nao_sec identified an odd looking Word document in the wild, uploaded from an IP address in Belarus:
/ Compromised US Academic Credentials Identified Across Various Public and Dark Web Forums
FBI warns
* https://www.ic3.gov/Media/News/2022/220526.pdf
FBI warns
* https://www.ic3.gov/Media/News/2022/220526.pdf
/ Linux Kernel use-after-free write in netfilter
A use-after-free write vulnerability was identified within the netfilter subsystem
which can be exploited to achieve privilege escalation to root:
https://www.openwall.com/lists/oss-security/2022/05/31/1
A use-after-free write vulnerability was identified within the netfilter subsystem
which can be exploited to achieve privilege escalation to root:
https://www.openwall.com/lists/oss-security/2022/05/31/1
Sys-Admin InfoSec
/ Follina — a Microsoft Office code execution vulnerability * https://doublepulsar.com/follina-a-microsoft-office-code-execution-vulnerability-1a47fce5629e
GitHub
GitHub - chvancooten/follina.py: POC to replicate the full 'Follina' Office RCE vulnerability for testing purposes
POC to replicate the full 'Follina' Office RCE vulnerability for testing purposes - chvancooten/follina.py
/ Horde Webmail - Remote Code Execution via Email
https://blog.sonarsource.com/horde-webmail-rce-via-email/
https://blog.sonarsource.com/horde-webmail-rce-via-email/
Sonarsource
Horde Webmail - Remote Code Execution via Email
We discovered vulnerabilities in Horde Webmail that allow an attacker to execute arbitrary code on Horde instances by having a victim open an email
/ Over 3.6 million exposed MySQL servers on IPv4 and IPv6
https://www.shadowserver.org/news/over-3-6m-exposed-mysql-servers-on-ipv4-and-ipv6/
https://www.shadowserver.org/news/over-3-6m-exposed-mysql-servers-on-ipv4-and-ipv6/
www.shadowserver.org
Over 3.6 million exposed MySQL servers on IPv4 and IPv6 | The Shadowserver Foundation
We have recently began scanning for accessible MySQL server instances on port 3306/TCP. These are instances that respond to our MySQL connection request with a Server Greeting. Surprisingly to us, we found around 2.3M IPv4 addresses responding with such…
/ Vulnerability within the UNISOC baseband opens mobile phones communications to remote hacker attacks
https://research.checkpoint.com/2022/vulnerability-within-the-unisoc-baseband/
https://research.checkpoint.com/2022/vulnerability-within-the-unisoc-baseband/
Check Point Research
Vulnerability within the UNISOC baseband opens mobile phones communications to remote hacker attacks - Check Point Research
Introduction Do you remember push-button telephones? Many of them were based on chips from Spreadtrum Communications Inc., a Chinese chip manufacturer founded in 2001. In 2011, over half of all phones in China were powered by Spreadtrum chips. In 2018, Spreadtrum…
/ New Windows Search zero-day added to Microsoft protocol nightmare
https://www.bleepingcomputer.com/news/security/new-windows-search-zero-day-added-to-microsoft-protocol-nightmare/
https://www.bleepingcomputer.com/news/security/new-windows-search-zero-day-added-to-microsoft-protocol-nightmare/
BleepingComputer
New Windows Search zero-day added to Microsoft protocol nightmare
A new Windows Search zero-day vulnerability can be used to automatically open a search window containing remotely-hosted malware executables simply by launching a Word document.
Forwarded from Sys-Admin Up (Yevgeniy Goncharov)
R4IoT: When Ransomware Meets IoT and OT
Next-generation ransomware report:
https://www.forescout.com/resources/r4iot-next-generation-ransomware-report
Next-generation ransomware report:
https://www.forescout.com/resources/r4iot-next-generation-ransomware-report
Open BLD DNS Updating News: Pre-release BLD, Debian migration and Alerting infrastructure
I'm happy to present BLD DNS pre-release services already in production. What's new:
🚀 Speedup:
• Cache and updating process of additional blocking lists, was improved
• Improved memory handling. Redis cluster added.
• Improved DNS prefetching process
🛸 Security:
• Fully removed support olders TLS versions
• All code depenses (include vulnerabilities fixes) was updated
• Added cross check server availability with alerts
• All BLD servers has A statuses in SSLLABS
• All BLD servers divided to specified categories
• Added notifications (alerts) to Telegram Bot
🪚 Stability:
• Added additional systemd timers for watching BLD services statuses
• Added DNS tracking service and automatic restart of BLD services
🚜 Migration:
• All migration (from distro to distro) processes 90% automated
• All CentOS servers deprecated and changed to Debian 🎉
🛰 Today, the BLD infrastructure has 10 servers located around the world 🎈🎈🎉
BLD works without agents or any additional tools, but you can use secure and clean Internet in/on:
• Browsers (Chrome, Brave, Firefox, Edge and etc)
• Mobile devices (Android, iOS)
• Computers or networks (Primaty/Secondary DNS)
If you not tried BLD DNS - get more details on official BLD site:
• https://lab.sys-adm.in
#free #bld #sys-admin #sevices
I'm happy to present BLD DNS pre-release services already in production. What's new:
🚀 Speedup:
• Cache and updating process of additional blocking lists, was improved
• Improved memory handling. Redis cluster added.
• Improved DNS prefetching process
🛸 Security:
• Fully removed support olders TLS versions
• All code depenses (include vulnerabilities fixes) was updated
• Added cross check server availability with alerts
• All BLD servers has A statuses in SSLLABS
• All BLD servers divided to specified categories
• Added notifications (alerts) to Telegram Bot
🪚 Stability:
• Added additional systemd timers for watching BLD services statuses
• Added DNS tracking service and automatic restart of BLD services
🚜 Migration:
• All migration (from distro to distro) processes 90% automated
• All CentOS servers deprecated and changed to Debian 🎉
🛰 Today, the BLD infrastructure has 10 servers located around the world 🎈🎈🎉
BLD works without agents or any additional tools, but you can use secure and clean Internet in/on:
• Browsers (Chrome, Brave, Firefox, Edge and etc)
• Mobile devices (Android, iOS)
• Computers or networks (Primaty/Secondary DNS)
If you not tried BLD DNS - get more details on official BLD site:
• https://lab.sys-adm.in
#free #bld #sys-admin #sevices
Sys-Admin InfoSec pinned «Open BLD DNS Updating News: Pre-release BLD, Debian migration and Alerting infrastructure I'm happy to present BLD DNS pre-release services already in production. What's new: 🚀 Speedup: • Cache and updating process of additional blocking lists, was improved…»
2022-MS-Vulnerability-Report.pdf
1.3 MB
/ Microsoft Vulnerabilities Report 2022
Historically, the report has delivered a holistic annual view of the vulnerabilities within Microsoft’s platforms and products, and has established an
undeniable business case for the importance of removing admin rights to reduce risk…
Historically, the report has delivered a holistic annual view of the vulnerabilities within Microsoft’s platforms and products, and has established an
undeniable business case for the importance of removing admin rights to reduce risk…
Forwarded from Sys-Admin Up (Yevgeniy Goncharov)
Confluence Server and Data Center - CVE-2022-26134 - Critical severity unauthenticated remote code execution vulnerability
https://confluence.atlassian.com/doc/confluence-security-advisory-2022-06-02-1130377146.html
https://confluence.atlassian.com/doc/confluence-security-advisory-2022-06-02-1130377146.html
/ Technical Advisory – Multiple Vulnerabilities in U-Boot (CVE-2022-30790, CVE-2022-30552)
U-boot is a popular boot loader for embedded systems with implementations for a large number of architectures and prominent in most Linux based embedded systems such as ChromeOS and Android Devices:
https://research.nccgroup.com/2022/06/03/technical-advisory-multiple-vulnerabilities-in-u-boot-cve-2022-30790-cve-2022-30552/
U-boot is a popular boot loader for embedded systems with implementations for a large number of architectures and prominent in most Linux based embedded systems such as ChromeOS and Android Devices:
https://research.nccgroup.com/2022/06/03/technical-advisory-multiple-vulnerabilities-in-u-boot-cve-2022-30790-cve-2022-30552/
/ 7 Top Trends in Cybersecurity for 2022 from Gartner
https://www.gartner.com/en/articles/7-top-trends-in-cybersecurity-for-2022
https://www.gartner.com/en/articles/7-top-trends-in-cybersecurity-for-2022
Gartner
7 Top Trends in Cybersecurity for 2022
Security and risk executives face a critical juncture in 2022, as the digital footprint of organizations expands and centralized cybersecurity control becomes obsolete. Discover the 7️⃣ top trends in #Cybersecurity from @Gartner_IT. #GartnerSEC
/ What is DNSCrypt
DNSCrypt is a protocol that encrypts, authenticates and optionally anonymizes communications between a DNS client and a DNS resolver. It prevents DNS spoofing. It uses cryptographic signatures to verify that responses originate from the chosen DNS resolver and haven’t been tampered with.
It is an open specification, with free and open source reference implementations, and it is not affiliated with any company nor organization:
https://dnscrypt.info/
DNSCrypt is a protocol that encrypts, authenticates and optionally anonymizes communications between a DNS client and a DNS resolver. It prevents DNS spoofing. It uses cryptographic signatures to verify that responses originate from the chosen DNS resolver and haven’t been tampered with.
It is an open specification, with free and open source reference implementations, and it is not affiliated with any company nor organization:
https://dnscrypt.info/
DNSCrypt
DNSCrypt version 2 - Official Project Home Page
New home of the DNSCrypt project, now implementing multiple protocols to improve DNS security. Download official DNSCrypt & DoH servers and clients here.