12286
This channel posts IT security related topics and especially alerts. Submissions over at @itsectalk welcome!
For those asking: Yes, this Channel is indeed still active. But please note that we will most likely only notify on REALLY important vulnerabilities. Feel free to join our group over at @itsectalk as well.
Читать полностью…
For anyone who has the misfortune of dealing with interoperability between Windows and Linux: a significant Samba security update was just released. https://www.cisa.gov/uscert/ncas/current-activity/2022/02/01/samba-releases-security-updates
CVE IDs:
CVE-2021-44141
CVE-2021-44142
CVE-2022-0336
⚠️ "Barcode Scanner" app on Android turned evil! Removed from playstore but not from your devices. It had over 10 million installs so there is a good chance that you know someone that has it. Please let them know.
App Name: Barcode Scanner
MD5: A922F91BAF324FA07B3C40846EBBFE30
Package Name: com.qrcodescanner.barcodescanner
Severity: 🔸High
Additional information
https://yt.gl/barcodeevil
#alert #severityHigh #maliciousupdate #barcodescanner #android
➡️ Please forward to your friends and family that could be using this app. Thanks for the report that was sent in.
⚠️SonicWall VPN Portal Critical Flaw
Tripwire VERT has identified a stack-based buffer overflow in SonicWall Network Security Appliance (NSA).
A fix is available.
SonicWall has indicated that the following versions are vulnerable:
* SonicOS 6.5.4.7-79n and earlier
* SonicOS 6.5.1.11-4n and earlier
* SonicOS 6.0.5.3-93o and earlier
* SonicOSv 6.5.4.4-44v-21-794 and earlier
* SonicOS 7.0.0.0-1
(Severity: 🔸high)
Additional information:
https://www.tripwire.com/state-of-security/vert/sonicwall-vpn-portal-critical-flaw-cve-2020-5135/
#alert #severityHigh #vulnerability #firewall #sonicwall
#CVE2020-5135
This channel is not dead, but we need your help. If you find something that might be interesting for broadcasting, please let us know in @itsectalk - thanks! 🚨
Читать полностью…
⚠️ Logitech "Unifying" (wireless RX), several vulnerabilities.
Affected are all products (keyboards, mice, presenters) that carry the "Unifying" logo.
Updates are available for some vulns, but applying the updates is not straight forward, please check the more information link.
Severity: 🔶 High
More Information: https://yt.gl/logitechunifying
#alert #severityhigh #vulnerability #hardware #logitech #unifying
📬 Spread the news, forward the message to your enterprise admins.
❓ Questions? Feedback? Want to discuss? Join us at @itsectalk
⚠️ Unauthenticated, remote code execution exploit for Microsot Remote Desktop Services - former Terminal (Windows 7, Server 2008 +r2). An attacker could install programs; view, change, or delete data; or create new accounts with full user rights. ✅ Update your systems now - a patch has been released.
CVSS Base Score: 9.8 - Severity: 🔶 High
More information & official advisory: https://yt.gl/rdpservicex
#alert #severityhigh #vulnerability #microsoft #remotedesktopservice #terminalservice #update
✉️ Join the discussion over at our Telegram group @itsectalk and forward this to your enterprise administrator.
*If you are affected, please vote ✔️ below. If you are unaffected, please vote ❌*
⚠️Chrome/Chromium zero-day RCE (CVE-2019-5786), actively exploited in the wild. Affected Versions: < 72.0.3626.121
Information is beginning to circulate regarding CVE-2019-5786, a use-after-free (UAF) vulnerability in Chrome's FileReader API. The Chrome security team has indicated that it is being actively exploited in the wild. Details are limited, but the vulnerability is believed to permit remote code execution (RCE).
Some news sources have conflated this with another, less severe issue spotted by EdgeSpot relating to PDF files. Both EdgeSpot and Google have indicated that the issues are unrelated.
CVE-2019-5786 has been patched in Chrome version 72.0.3626.121, currently available on the stable channel. Other Chromium-based browsers, such as Vivaldi, may or may not be affected.
(Severity: 🔸high)
Additional information:
- Announcement from Google: https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop.html
- Chromium bug (not yet public): https://bugs.chromium.org/p/chromium/issues/detail?id=936448
- Tweet from a Chrome security engineer: https://twitter.com/justinschuh/status/1103087046661267456
- Patch: https://github.com/chromium/chromium/blob/ba9748e78ec7e9c0d594e7edf7b2c07ea2a90449/third_party/blink/renderer/platform/wtf/typed_arrays/array_buffer_builder.h#L63-L67
- Patch review: https://chromium-review.googlesource.com/c/1492873 and https://chromium-review.googlesource.com/c/1495209
- Technical explanation: https://news.ycombinator.com/item?id=19325083
- Sophos: https://nakedsecurity.sophos.com/2019/03/06/serious-chrome-zero-day-google-says-update-right-this-minute/
- Forbes (conflates CVE-2019-5786 and the PDF issue reported by EdgeSpot): https://www.forbes.com/sites/daveywinder/2019/03/07/google-confirms-serious-chrome-security-problem-heres-how-to-fix-it/
#alert #severityHigh #vulnerability #browser #chrome #rce #uaf #CVE20195786
⚠️PSA: On February 1, 2019, "DNS Flag Day," a large number of public DNS resolvers and ISPs will be removing workarounds intended to support authoritative nameservers that lack EDNS support. When this happens, sites relying on nameservers that don't properly support EDNS will go offline. A significant number of major websites have yet to update and are expected to go offline on Feburary 1.
Summary and compatibility testing tool: https://yt.gl/y4vgq
Technical information: https://yt.gl/i5hpy
Discuss this at @itsectalk!
#alert #breakingChange #dnsFlagDay
⚠ Malicious Command Execution via bash-completion (CVE-2018-7738) At minimum, affected versions: Ubuntu 18.04
This issue affects any system using the util-linux
mount/umount bash-completion scripts between version 2.24 and 2.31.
A series of bugs apply with specially formatted USB drive name, which on mount run code.
example:
sudo mkfs.ntfs -f -L 'IFS=,;a=sudo,reboot;\$a' /dev/sdb1
umount
(severity: 🔷 low) - requires physical access
More info: https://yt.gl/say6z
#alert #severityLow #local #bash
Discuss this at @itsectalk and let your Linux sysadmins know.
⚠️ Fax machines, at least HP officejet, vulnerable to code injection... OVER FAX. You can jump from a phone line connection into the network. HP fixed this issue and released new firmware.
(severity: 🔶 high)
More information: https://yt.gl/1cz6r
Video demonstation: https://yt.gl/dkf2e
#alert #severityhigh #hp #officejet #remotecodeexecution #faxmachine
Check your offices for said printer and if it is connected to a phone line for receiving faxes. Sadly, this is not a joke at this time.
Discuss this at @itsectalk and subscribe/share on LinkedIn: https://www.linkedin.com/feed/update/urn:li:activity:6434863821919125504
⚠️ "vpnfilter" - new devices added. Asus, D-Link, Huawei, Linksys, Mikrotik, Netgear, QNAP, TP-Link, Ubiquiti, UPVEL, ZTE known to be affected. New devices for almost all vendors added! ➡️ Make sure to check the updated list!
❗️Over 500.000 devices affected, we encourage you to check if you have an affected device in your network.
(Severity: 🔶 High)
Further Information: https://yt.gl/qsk9m
#alert #severityhigh #vulnerability #update #vpnfilter #Asus, #D-Link #Huawei #Linksys #Mikrotik #Netgear #QNAP #TP-Link #Ubiquiti #UPVEL #ZTE
Feel free to discuss this issue in @itsectalk - thanks to our community member Purgatory for reporting this.
Follow us on LinkedIn and share directly with your network!
https://www.linkedin.com/feed/update/urn:li:activity:6410553701429321728
⚠️ macOS Security Updates 2018-003 and iOS 11.4
Several bugfixes in the new security update 2018-003 and iOS 11.4. Please update your phones and systems.
On both systems (!) apple fixed code execution vulnerabilities.
(Severity: 🔸high)
More Info:
iOS 11.4: https://yt.gl/6xra4
MacOS: https://yt.gl/c8mpy
#alert #severityhigh #macos #ios #vulnerability #HT208849 #HT208848
Feel free to discuss this issue in @itsectalk
Follow us on LinkedIn and share directly with your network!
https://www.linkedin.com/feed/update/urn:li:activity:6409518243823788032
⚠️ DrayTek Vigor vulnerability affecting over 20 routers
Through an unknown attack, the router Settings could be changed. DrayTek will rollout new updates asap.
If possible disable WAN mgmt or enable TLS, check the routers DNS servers and wait for an update.
More Information: https://yt.gl/9s0vo
(severity: 🔶 high)
#alert #vulnerability #severityhigh #draytek
Feel free to discuss this issue in @itsectalk
Follow us on LinkedIn and share directly with your network!
https://www.linkedin.com/company/18509395/
⚠ Twitter - internal password leak.
You're adviced to change your twitter password, as it might have been stored in an internal log in plaintext. 330 million users affected. There is no sign of compromise, yet.
Further information: https://yt.gl/pmc1n
#alert #databreach #severitymedium #twitter
Feel free to join us on @itsectalk - the discussion group for security professionals. We're also posting to LinkedIn so you can share alerts with your network: https://www.linkedin.com/feed/update/urn:li:activity:6398068312558829568
⚠️ Atlassian Confluence On-Premise (All recent versions) Remote Code Execution vulnerability!
If your Confluence is reachable from the Internet, take immediate action and restrict access. This is being exploited in the wild! There is no patch available as of right now.
Affected: All recent On-Prem Confluence Servers & Data Center
More Information (Advisory/Updates): https://yt.gl/f1kcv
(severity: 🔶 very high)
#alert #vulnerability #severityhigh #exchange #CVE-2021-26855 #CVE-2021-26857 #CVE-2021-26858 #CVE-2021-27065.
➡️ Feel free to discuss this issue in @itsectalk and do your colleagues a favor and forward them this critical vulnerability.
⚠️ Microsoft Exchange Server - GENERAL ADVISORY - UPDATE IMMEDIATELY!
Several new flaws (CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065) have been reported and Microsoft issued an emergency fix. It is reported that the vulnerabilities are actively being exploited.
Affected: Exchange Server 2013, Exchange Server 2016, and Exchange Server 2019.
More Information (Advisory/Updates): https://yt.gl/exchangeexp
(severity: 🔶 very high)
#alert #vulnerability #severityhigh #atlassian #confluence CVE-2022-26134.
➡️ Feel free to discuss this issue in @itsectalk and do your colleagues a favor and forward them this critical vulnerability.
⚠️Buffer overflow in sudo (linux utility) - ❗️ affects most distributions/versions - CVE-2021-3156
While a local user is required to exploit this vulnerability, even the account 'nobody' can exploit this vulnerability. An unprivileged user can gain root privileges on affected hosts!
Check if you are affected!
To check if you are affected, run sudoedit -s / as non-root user. If the response is sudoedit: your system is vulnerable.
The following "sudo" versions are vulnerable
* All legacy versions from 1.8.2 to 1.8.31p2
* All stable versions from 1.9.0 to 1.9.5p1
Severity: 🔸High
Additional information
https://yt.gl/sudobufferoverflow
#alert #severityHigh #vulnerability #linux #sudo
🌟 Feel free to discuss this issue in @itsectalk 👍 Please vote if this information was helpful to you.
⚠️ iPhones/iPads Mail app vulnerable
"The flaws could eventually let remote hackers secretly take complete control over Apple devices just by sending an email to any targeted individual with his email account logged-in to the vulnerable app."
Severity: 🔶 High
More Information: https://yt.gl/tjqz8
#alert #severityhigh #vulnerability #apple #mailapp
📬 Spread the news, forward the message to your mobile management admins.
❓ Questions? Feedback? Want to discuss? Join us at @itsectalk
⚠ Two unauthenticated RCE vulns in Microsoft Remote Desktop. Exploitation likely, says Microsoft. Affects Win 10, Win 7, Win 8.1, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2.
Updates are available and they should be applied immediately, especially for those systems acessible through the internet.
Severity: 🔶 High
More Information: https://yt.gl/20191181 and https://yt.gl/20191182
#alert #vulnberability #severityhigh #microsoft #remotedesktopservice #terminalservice #update
✉ Join the discussion over at our Telegram group @itsectalk and forward this to your enterprise administrator.
⚠️ Linux/FreeBSD Denial of Service attacks possible. Netflix has identified several TCP networking vulnerabilities in FreeBSD and Linux kernels.
- CVE-2019-11477: SACK Panic (Linux >= 2.6.29)
- 3 more CVEs
Severity: 🔶 High
More Information: https://yt.gl/sackpanic
#alert #severityhigh #vulnerability #linux #freebsd #networking #kernel
📬 Spread the news, forward the message to your sysadmins.
❓ Questions? Feedback? Want to discuss? Join us at @itsectalk
⚠️Chrome and Windows zero-day update, including CVE-2019-5786
Google has issued a more detailed announcement regarding CVE-2019-5786. This announcement includes new information about how the vulnerability was being exploited in the wild. The Chrome exploit was combined with a Windows 7 zero-day that remains unpatched. The Windows vulnerability permits local privilege escalation.
Google believes that security additions in Windows 10 makes attacks against the newer OS unrealistic, if not impossible:
"We strongly believe this vulnerability may only be exploitable on Windows 7 due to recent exploit mitigations added in newer versions of Windows. To date, we have only observed active exploitation against Windows 7 32-bit systems."
As it's likely that no patch will be available for the Windows 7 vulnerability for some time, Google's only mitigation advice is to upgrade to Windows 10:
"As mitigation advice for this vulnerability users should consider upgrading to Windows 10 if they are still running an older version of Windows, and to apply Windows patches from Microsoft when they become available. We will update this post when they are available."
No IOCs or alternative mitigations have been disclosed.
(Severity: 🔸high)
Announcement: https://security.googleblog.com/2019/03/disclosing-vulnerabilities-to-protect.html
#alert #severityHigh #vulnerability #browser #chrome #windows #rce #uaf #privilegeEscalation #exploitedNow #zeroDay #CVE20195786
⚠️Firefox Information Exposure. Affected Versions: <= 64
All files from a directory can be uploaded to a remote webserver by an attacker if a victim is tricked into interacting with a downloaded HTML using Firefox.
(Severity: 🔸medium)
Further information: https://yt.gl/hpiav
Vulnerability test: https://yt.gl/ws80y
Currently there is no update availble. Don't download and run unknown HTML files.
#alert #severityMedium #vulnerability #browser #firefox #SYSS2018041
🎉🥇 We recently hit 5000 followers 🥇We want to take this opportunity to remind you to report any new vulnerabilities to our submission form https://infected.io/telegram-submissio - with over 5000 members in this channel we need feedback on what you think is a newsworthy vulnerability. We try to only post the most relevant vulnerabilities here in order to avoid flooding you with unrelated messages. That is why we would like to invite you to the @itsectalk group.
~ The IT Security Alerts & Group Admin Team
#infectedio #announcement
⚠ CSS attack uses all memory, freeze/restarts IOS and OSX.
Disclosed on Twitter, When a user visits a page hosting this specially crafted CSS &
HTML, depending on the iOS version, the device will quickly use up all
available resources. On iOS this will cause either a kernel panic and a
reboot or a restarting of the iOS SpringBoard.
For Mac users, this will cause your computer to freeze briefly and
slow down, but you can close the Safari tab to stop the attack.
(severity: 🔶 medium)
More information: https://yt.gl/gamf2
#alert #severityMedium #remote #html #css #osx #ios #iphone
Discuss this at @itsectalk and feel free to forward this to your Apple sysadmin buddies!
⚠️ Flash zero-day. Flash versions 29.0.0.171 (and earlier) are affected by a zero-day that is already in use for targeted attacks. (Severity: 🔶 high)
More information: https://yt.gl/of75n
#alert #severityhigh #flash #adobe #adobeflash #vulnerability #zeroday
📢 Let your sysadmins know: simply forward our post or share on linkedin. Feel free to join the discussion at @itsectalk ✔️
https://www.linkedin.com/feed/update/urn:li:activity:6410624482708320256
⚠️ Zip Slip Vulnerability
Many decompression implementations were found to be vulnerable to a simple directory traversal exploit. Decompression tools, libraries, and code snippets that fail to validate paths could decompress a file to an arbitrary location chosen by the attacker, potentially overwriting sensitive files and allowing for remote code execution. The vulnerability exists in a wide range of software. While many have been patched, it's likely that more will be found as time progresses.
(Severity: 🔶 High)
More Info:
Public disclosure: https://yt.gl/u63vi
List of affected products and CVE IDs: https://yt.gl/bfyhi
#alert #severityhigh #vulnerability #ZipSlip
Feel free to discuss this issue in @itsectalk
Follow us on LinkedIn and share directly with your network!
https://www.linkedin.com/feed/update/urn:li:activity:6410246775789092864/
⚠️ Git - remote code execution vulnerability in submodules. Please check for updates of your Git client. Git for Windows was patched - update as soon as possible.
More information: https://yt.gl/gre3b
(severity: 🔶 high)
#alert #vulnerability #severityhigh #git
Feel free to discuss this issue in @itsectalk
Follow us on LinkedIn and share directly with your network!
https://www.linkedin.com/feed/update/urn:li:activity:6407341108107583488
⚠️ PGP and S/MIME vulnerability - potential exposure of contents of past messages! The full details will be published in a paper on Tuesday at 07:00 AM UTC (3:00 AM Eastern, midnight Pacific). By EFF: "Our advice, which mirrors that of the researchers, is to immediately disable and/or uninstall tools that automatically decrypt PGP-encrypted email."
Infos and mitigation (EFF website): https://yt.gl/q9m2y
Severity: ➖Not rated from our side, as no details are released yet.
#alert #vulnerability #prerelease #PGP #smime
Please forward this to anyone who is using PGP/SMIME 👍🏼
Discuss this issue in our group talk: @itsectalk
And find our release on LinkedIn, for easy sharing with your network: https://www.linkedin.com/feed/update/urn:li:activity:6401702396229087232
⚠️ Ransomware has been released for HPE iLO 4 v. < 2.53
The bug is probably related to an old vulnerability. The new trojan will crypt your hard drive and/or delete data the ransom is around 2BTC for the key.
Update your iLO4 now and only allow remote management interfaces only through a secure VPN.
More information: https://yt.gl/8o9fe
old CVE: https://yt.gl/n8khm
(severity: 🔶 high)
#alert #vulnerability #severityhigh #hp #ilo4 #ransomware #CVE-2017-12542
Thanks to @nekocentral for the alert.
Feel free to discuss this issue in @itsectalk
Follow us on LinkedIn and share directly with your network!
https://www.linkedin.com/company/18509395/