Tesla tackles CORS misconfigurations that left internal networks vulnerable
Tesla is one of several organizations to remedy cross-origin resource sharing (CORS) misconfigurations after security researchers proved they could exfiltrate data from the carmaker’s internal network.
That’s according to Truffle Security, which said its researchers earned a “few thousand dollars” from CORS vulnerabilities submitted through various bug bounty programs.
https://portswigger.net/daily-swig/tesla-tackles-cors-misconfigurations-that-left-internal-networks-vulnerable
Tesla is one of several organizations to remedy cross-origin resource sharing (CORS) misconfigurations after security researchers proved they could exfiltrate data from the carmaker’s internal network.
That’s according to Truffle Security, which said its researchers earned a “few thousand dollars” from CORS vulnerabilities submitted through various bug bounty programs.
https://portswigger.net/daily-swig/tesla-tackles-cors-misconfigurations-that-left-internal-networks-vulnerable
The Daily Swig | Cybersecurity news and views
Tesla tackles CORS misconfigurations that left internal networks vulnerable
Typosquatting ploy successfully bypassed firewalls of multiple organizations
Ongoing Flipper Zero phishing attacks target infosec community
Flipper Zero is a portable multi-functional cybersecurity tool for pen-testers and hacking enthusiasts. The tool allows researchers to tinker with a wide range of hardware by supporting RFID emulation, digital access key cloning, radio communications, NFC, infrared, Bluetooth, and more.
https://www.bleepingcomputer.com/news/security/ongoing-flipper-zero-phishing-attacks-target-infosec-community/
Flipper Zero is a portable multi-functional cybersecurity tool for pen-testers and hacking enthusiasts. The tool allows researchers to tinker with a wide range of hardware by supporting RFID emulation, digital access key cloning, radio communications, NFC, infrared, Bluetooth, and more.
https://www.bleepingcomputer.com/news/security/ongoing-flipper-zero-phishing-attacks-target-infosec-community/
BleepingComputer
Ongoing Flipper Zero phishing attacks target infosec community
A new phishing campaign is exploiting the increasing interest of security community members towards Flipper Zero to steal their personal information and cryptocurrency.
Twitter Leak – Cos’è e cosa fare
TL;DR pubblicato in Rete un enorme archivio di informazioni personali, più di 200 milioni di account, raccolte attraverso… Source
by Zerozone.it - https://www.zerozone.it/cybersecurity/twitter-leak-cose-e-cosa-fare/22705
TL;DR pubblicato in Rete un enorme archivio di informazioni personali, più di 200 milioni di account, raccolte attraverso… Source
by Zerozone.it - https://www.zerozone.it/cybersecurity/twitter-leak-cose-e-cosa-fare/22705
Il blog di Michele Pinassi
Il blog di Michele Pinassi • Twitter Leak - Cos’è e cosa fare
Pubblicato on-the-wild l'enorme archivio dei dati personali di oltre 200 milioni di utenti Twitter. Se avete un account su Twitter, la probabilità che anche voi siate nel leak…
PowerShell 远程代码执行漏洞(CVE-2022-41076)
PowerShell 远程代码执行漏洞(CVE-2022-41076)
by SeeBug - http://www.seebug.org/vuldb/ssvid-99627
PowerShell 远程代码执行漏洞(CVE-2022-41076)
by SeeBug - http://www.seebug.org/vuldb/ssvid-99627
👍1
Microsoft Exchange Server 权限提升漏洞(CVE-2022-41080)
Microsoft Exchange Server 权限提升漏洞(CVE-2022-41080)
by SeeBug - http://www.seebug.org/vuldb/ssvid-99628
Microsoft Exchange Server 权限提升漏洞(CVE-2022-41080)
by SeeBug - http://www.seebug.org/vuldb/ssvid-99628
La Settimana Cibernetica del 8 gennaio 2023
Scarica il riepilogo delle notizie pubblicate dallo CSIRT Italia dal 2 all'8 gennaio 2023.
by CSIRT - https://www.csirt.gov.it/contenuti/la-settimana-cibernetica-del-8-gennaio-2023
Scarica il riepilogo delle notizie pubblicate dallo CSIRT Italia dal 2 all'8 gennaio 2023.
by CSIRT - https://www.csirt.gov.it/contenuti/la-settimana-cibernetica-del-8-gennaio-2023
Vulnerabilità Zoom
(AL01/230109/CSIRT-ITA)
Rilevate vulnerabilità, di cui 4 con gravità “alta”, nel noto software di videoconferenza Zoom Rooms.
by CSIRT - https://www.csirt.gov.it/contenuti/vulnerabilita-zoom-al01-230109-csirt-ita
(AL01/230109/CSIRT-ITA)
Rilevate vulnerabilità, di cui 4 con gravità “alta”, nel noto software di videoconferenza Zoom Rooms.
by CSIRT - https://www.csirt.gov.it/contenuti/vulnerabilita-zoom-al01-230109-csirt-ita
Tenda W15Ev2 AC1200 未授权RCE等多个漏洞(CVE-2022-40843 CVE-2022-40845 CVE-2022-40847 CVE-2022-41396 CVE-2022-41395 CVE-2022-42053 CVE-2022-42058 CVE-2022-42060 CVE-2022-40844 CVE-2022-40846)
Tenda W15Ev2 AC1200 未授权RCE等多个漏洞(CVE-2022-40843 CVE-2022-40845 CVE-2022-40847 CVE-2022-41396 CVE-2022-41395 CVE-2022-42053 CVE-2022-42058 CVE-2022-42060 CVE-2022-40844 CVE-2022-40846)
by SeeBug - http://www.seebug.org/vuldb/ssvid-99629
Tenda W15Ev2 AC1200 未授权RCE等多个漏洞(CVE-2022-40843 CVE-2022-40845 CVE-2022-40847 CVE-2022-41396 CVE-2022-41395 CVE-2022-42053 CVE-2022-42058 CVE-2022-42060 CVE-2022-40844 CVE-2022-40846)
by SeeBug - http://www.seebug.org/vuldb/ssvid-99629
SAP Security Patch Day
(AL01/230110/CSIRT-ITA)
SAP rilascia il Security Patch Day di gennaio che risolve 9 nuove vulnerabilità nei propri prodotti, di cui 4 con gravità “critica”.
by CSIRT - https://www.csirt.gov.it/contenuti/sap-security-patch-day-al01-230110-csirt-ita
(AL01/230110/CSIRT-ITA)
SAP rilascia il Security Patch Day di gennaio che risolve 9 nuove vulnerabilità nei propri prodotti, di cui 4 con gravità “critica”.
by CSIRT - https://www.csirt.gov.it/contenuti/sap-security-patch-day-al01-230110-csirt-ita
Vulnerabilità in prodotti Schneider Electric
(AL02/230110/CSIRT-ITA)
Sanate nuove vulnerabilità presenti in alcuni prodotti – anche SCADA - di Schneider Electric, di cui una con gravità “critica”
by CSIRT - https://www.csirt.gov.it/contenuti/vulnerabilita-in-prodotti-schneider-electric-al02-230110-csirt-ita
(AL02/230110/CSIRT-ITA)
Sanate nuove vulnerabilità presenti in alcuni prodotti – anche SCADA - di Schneider Electric, di cui una con gravità “critica”
by CSIRT - https://www.csirt.gov.it/contenuti/vulnerabilita-in-prodotti-schneider-electric-al02-230110-csirt-ita
Aggiornamenti per prodotti Siemens
(AL03/230110/CSIRT-ITA)
Siemens ha rilasciato aggiornamenti di sicurezza per correggere molteplici nuove vulnerabilità nei propri prodotti, di cui 10 con gravità "alta" e 5 con gravità "critica".
by CSIRT - https://www.csirt.gov.it/contenuti/aggiornamenti-per-prodotti-siemens-al03-230110-csirt-ita
(AL03/230110/CSIRT-ITA)
Siemens ha rilasciato aggiornamenti di sicurezza per correggere molteplici nuove vulnerabilità nei propri prodotti, di cui 10 con gravità "alta" e 5 con gravità "critica".
by CSIRT - https://www.csirt.gov.it/contenuti/aggiornamenti-per-prodotti-siemens-al03-230110-csirt-ita
Your attention didn’t collapse. It was stolen
When he was nine years old, my godson Adam developed a brief but freakishly intense obsession with Elvis Presley. He took to singing Jailhouse Rock at the top of his voice with all the low crooning and pelvis-jiggling of the King himself. One day, as I tucked him in, he looked at me very earnestly and asked: “Johann, will you take me to Graceland one day?” Without really thinking, I agreed. I never gave it another thought, until everything had gone wrong.
https://amp.theguardian.com/science/2022/jan/02/attention-span-focus-screens-apps-smartphones-social-media
When he was nine years old, my godson Adam developed a brief but freakishly intense obsession with Elvis Presley. He took to singing Jailhouse Rock at the top of his voice with all the low crooning and pelvis-jiggling of the King himself. One day, as I tucked him in, he looked at me very earnestly and asked: “Johann, will you take me to Graceland one day?” Without really thinking, I agreed. I never gave it another thought, until everything had gone wrong.
https://amp.theguardian.com/science/2022/jan/02/attention-span-focus-screens-apps-smartphones-social-media
the Guardian
Your attention didn’t collapse. It was stolen
Social media and many other facets of modern life are destroying our ability to concentrate. We need to reclaim our minds while we still can
VMware ESXi, Workstation, and Fusion 堆界外写入漏洞(CVE-2022-31705)
VMware ESXi, Workstation, and Fusion 堆界外写入漏洞(CVE-2022-31705)
by SeeBug - http://www.seebug.org/vuldb/ssvid-99630
VMware ESXi, Workstation, and Fusion 堆界外写入漏洞(CVE-2022-31705)
by SeeBug - http://www.seebug.org/vuldb/ssvid-99630
Aggiornamenti Mensili Microsoft
(AL01/230111/CSIRT-ITA)
Microsoft ha rilasciato gli aggiornamenti di sicurezza mensili che risolvono un totale di 98 nuove vulnerabilità, 2 di tipo 0-day.
by CSIRT - https://www.csirt.gov.it/contenuti/aggiornamenti-mensili-microsoft-al01-230111-csirt-ita
(AL01/230111/CSIRT-ITA)
Microsoft ha rilasciato gli aggiornamenti di sicurezza mensili che risolvono un totale di 98 nuove vulnerabilità, 2 di tipo 0-day.
by CSIRT - https://www.csirt.gov.it/contenuti/aggiornamenti-mensili-microsoft-al01-230111-csirt-ita
Adobe rilascia aggiornamenti per sanare diverse vulnerabilità
(AL02/230111/CSIRT-ITA)
Adobe ha rilasciato aggiornamenti di sicurezza per risolvere vulnerabilità nei prodotti Acrobat, Acrobat Reader, inDesign, InCopy e Dimension.
by CSIRT - https://www.csirt.gov.it/contenuti/adobe-rilascia-aggiornamenti-per-sanare-diverse-vulnerabilita-al02-230111-csirt-ita
(AL02/230111/CSIRT-ITA)
Adobe ha rilasciato aggiornamenti di sicurezza per risolvere vulnerabilità nei prodotti Acrobat, Acrobat Reader, inDesign, InCopy e Dimension.
by CSIRT - https://www.csirt.gov.it/contenuti/adobe-rilascia-aggiornamenti-per-sanare-diverse-vulnerabilita-al02-230111-csirt-ita
Risolte vulnerabilità in Google Chrome
(AL03/230111/CSIRT-ITA)
Google ha rilasciato un aggiornamento per il browser Chrome per correggere 17 vulnerabilità di sicurezza, di cui 2 con gravità “alta”.
by CSIRT - https://www.csirt.gov.it/contenuti/risolte-vulnerabilita-in-google-chrome-al03-230111-csirt-ita
(AL03/230111/CSIRT-ITA)
Google ha rilasciato un aggiornamento per il browser Chrome per correggere 17 vulnerabilità di sicurezza, di cui 2 con gravità “alta”.
by CSIRT - https://www.csirt.gov.it/contenuti/risolte-vulnerabilita-in-google-chrome-al03-230111-csirt-ita
Windows Backup Service 权限提升漏洞(CVE-2023-21752)
Windows Backup Service 权限提升漏洞(CVE-2023-21752)
by SeeBug - http://www.seebug.org/vuldb/ssvid-99632
Windows Backup Service 权限提升漏洞(CVE-2023-21752)
by SeeBug - http://www.seebug.org/vuldb/ssvid-99632
linux ksmbd DOS漏洞(CVE-2023-0210)
linux ksmbd DOS漏洞(CVE-2023-0210)
by SeeBug - http://www.seebug.org/vuldb/ssvid-99633
linux ksmbd DOS漏洞(CVE-2023-0210)
by SeeBug - http://www.seebug.org/vuldb/ssvid-99633
T95 AllWinner T616 Malware Analysis · Cleanup
Does your T95 Android TV Box contain a folder named:
/data/system/Corejava
...and a file named
/data/system/shared_prefs/open_preference.xml?
Your T95 is infected with malware pre-installed, ready to do whatever the C2 servers decide. Yes, malware from Amazon straight to your door! If they insist on selling these devices they really should add an "Includes Malware" category in the Android TV section.
https://github.com/DesktopECHO/T95-H616-Malware
Does your T95 Android TV Box contain a folder named:
/data/system/Corejava
...and a file named
/data/system/shared_prefs/open_preference.xml?
Your T95 is infected with malware pre-installed, ready to do whatever the C2 servers decide. Yes, malware from Amazon straight to your door! If they insist on selling these devices they really should add an "Includes Malware" category in the Android TV section.
https://github.com/DesktopECHO/T95-H616-Malware
GitHub
GitHub - DesktopECHO/T95-H616-Malware: "Pre-Owned" malware in ROM for AllWinner H616/H618 & RockChip RK3328 Android TV Boxes
"Pre-Owned" malware in ROM for AllWinner H616/H618 & RockChip RK3328 Android TV Boxes - DesktopECHO/T95-H616-Malware