IT Security Alerts


Гео и язык канала: не указан, Английский
Категория: Технологии


This channel posts IT security related topics and especially alerts. Submissions over at @itsectalk welcome!

Связанные каналы

Гео и язык канала
не указан, Английский
Категория
Технологии
Статистика
Фильтр публикаций


For those asking: Yes, this Channel is indeed still active. But please note that we will most likely only notify on REALLY important vulnerabilities. Feel free to join our group over at @itsectalk as well.


⚠️ Atlassian Confluence On-Premise (All recent versions) Remote Code Execution vulnerability!

If your Confluence is reachable from the Internet, take immediate action and restrict access. This is being exploited in the wild! There is no patch available as of right now.

Affected: All recent On-Prem Confluence Servers & Data Center
More Information (Advisory/Updates): https://yt.gl/f1kcv
(severity: 🔶 very high)

#alert #vulnerability #severityhigh #exchange #CVE-2021-26855 #CVE-2021-26857 #CVE-2021-26858 #CVE-2021-27065.

➡️ Feel free to discuss this issue in @itsectalk and do your colleagues a favor and forward them this critical vulnerability.




⚠️ Microsoft Exchange Server - GENERAL ADVISORY - UPDATE IMMEDIATELY!
Several new flaws (CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065) have been reported and Microsoft issued an emergency fix. It is reported that the vulnerabilities are actively being exploited.

Affected: Exchange Server 2013, Exchange Server 2016, and Exchange Server 2019.

More Information (Advisory/Updates): https://yt.gl/exchangeexp

(severity: 🔶 very high)

#alert #vulnerability #severityhigh #atlassian #confluence CVE-2022-26134.

➡️ Feel free to discuss this issue in @itsectalk and do your colleagues a favor and forward them this critical vulnerability.


⚠️ "Barcode Scanner" app on Android turned evil! Removed from playstore but not from your devices. It had over 10 million installs so there is a good chance that you know someone that has it. Please let them know.

App Name: Barcode Scanner
MD5: A922F91BAF324FA07B3C40846EBBFE30
Package Name: com.qrcodescanner.barcodescanner

Severity: 🔸High

Additional information
https://yt.gl/barcodeevil

#alert #severityHigh #maliciousupdate #barcodescanner #android

➡️ Please forward to your friends and family that could be using this app. Thanks for the report that was sent in.




Репост из: @like
⚠️Buffer overflow in sudo (linux utility) - ❗️ affects most distributions/versions - CVE-2021-3156
While a local user is required to exploit this vulnerability, even the account 'nobody' can exploit this vulnerability. An unprivileged user can gain root privileges on affected hosts!

Check if you are affected!
To check if you are affected, run sudoedit -s / as non-root user. If the response is sudoedit: your system is vulnerable.

The following "sudo" versions are vulnerable
* All legacy versions from 1.8.2 to 1.8.31p2
* All stable versions from 1.9.0 to 1.9.5p1

Severity: 🔸High

Additional information
https://yt.gl/sudobufferoverflow

#alert #severityHigh #vulnerability #linux #sudo

🌟 Feel free to discuss this issue in @itsectalk 👍 Please vote if this information was helpful to you.


⚠️SonicWall VPN Portal Critical Flaw
Tripwire VERT has identified a stack-based buffer overflow in SonicWall Network Security Appliance (NSA).
A fix is available.

SonicWall has indicated that the following versions are vulnerable:
* SonicOS 6.5.4.7-79n and earlier
* SonicOS 6.5.1.11-4n and earlier
* SonicOS 6.0.5.3-93o and earlier
* SonicOSv 6.5.4.4-44v-21-794 and earlier
* SonicOS 7.0.0.0-1

(Severity: 🔸high)

Additional information:
https://www.tripwire.com/state-of-security/vert/sonicwall-vpn-portal-critical-flaw-cve-2020-5135/

#alert #severityHigh #vulnerability #firewall #sonicwall
#CVE2020-5135


⚠️ iPhones/iPads Mail app vulnerable

"The flaws could eventually let remote hackers secretly take complete control over Apple devices just by sending an email to any targeted individual with his email account logged-in to the vulnerable app."

Severity: 🔶 High
More Information: https://yt.gl/tjqz8

#alert #severityhigh #vulnerability #apple #mailapp

📬 Spread the news, forward the message to your mobile management admins.
❓ Questions? Feedback? Want to discuss? Join us at @itsectalk


This channel is not dead, but we need your help. If you find something that might be interesting for broadcasting, please let us know in @itsectalk - thanks! 🚨


⚠ Two unauthenticated RCE vulns in Microsoft Remote Desktop. Exploitation likely, says Microsoft. Affects Win 10, Win 7, Win 8.1, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2.

Updates are available and they should be applied immediately, especially for those systems acessible through the internet.

Severity: 🔶 High
More Information: https://yt.gl/20191181 and https://yt.gl/20191182

#alert #vulnberability #severityhigh #microsoft #remotedesktopservice #terminalservice #update

✉ Join the discussion over at our Telegram group @itsectalk and forward this to your enterprise administrator.


⚠️ Logitech "Unifying" (wireless RX), several vulnerabilities.
Affected are all products (keyboards, mice, presenters) that carry the "Unifying" logo.

Updates are available for some vulns, but applying the updates is not straight forward, please check the more information link.

Severity: 🔶 High
More Information: https://yt.gl/logitechunifying

#alert #severityhigh #vulnerability #hardware #logitech #unifying

📬 Spread the news, forward the message to your enterprise admins.
❓ Questions? Feedback? Want to discuss? Join us at @itsectalk


⚠️ Linux/FreeBSD Denial of Service attacks possible. Netflix has identified several TCP networking vulnerabilities in FreeBSD and Linux kernels.

- CVE-2019-11477: SACK Panic (Linux >= 2.6.29)
- 3 more CVEs

Severity: 🔶 High
More Information: https://yt.gl/sackpanic

#alert #severityhigh #vulnerability #linux #freebsd #networking #kernel

📬 Spread the news, forward the message to your sysadmins.
❓ Questions? Feedback? Want to discuss? Join us at @itsectalk


⚠️ Unauthenticated, remote code execution exploit for Microsot Remote Desktop Services - former Terminal (Windows 7, Server 2008 +r2). An attacker could install programs; view, change, or delete data; or create new accounts with full user rights. ✅ Update your systems now - a patch has been released.

CVSS Base Score: 9.8 - Severity: 🔶 High
More information & official advisory: https://yt.gl/rdpservicex

#alert #severityhigh #vulnerability #microsoft #remotedesktopservice #terminalservice #update

✉️ Join the discussion over at our Telegram group @itsectalk and forward this to your enterprise administrator.

*If you are affected, please vote ✔️ below. If you are unaffected, please vote ❌*


⚠️Chrome and Windows zero-day update, including CVE-2019-5786

Google has issued a more detailed announcement regarding CVE-2019-5786. This announcement includes new information about how the vulnerability was being exploited in the wild. The Chrome exploit was combined with a Windows 7 zero-day that remains unpatched. The Windows vulnerability permits local privilege escalation.

Google believes that security additions in Windows 10 makes attacks against the newer OS unrealistic, if not impossible:

"We strongly believe this vulnerability may only be exploitable on Windows 7 due to recent exploit mitigations added in newer versions of Windows. To date, we have only observed active exploitation against Windows 7 32-bit systems."

As it's likely that no patch will be available for the Windows 7 vulnerability for some time, Google's only mitigation advice is to upgrade to Windows 10:

"As mitigation advice for this vulnerability users should consider upgrading to Windows 10 if they are still running an older version of Windows, and to apply Windows patches from Microsoft when they become available. We will update this post when they are available."

No IOCs or alternative mitigations have been disclosed.

(Severity: 🔸high)

Announcement: https://security.googleblog.com/2019/03/disclosing-vulnerabilities-to-protect.html

#alert #severityHigh #vulnerability #browser #chrome #windows #rce #uaf #privilegeEscalation #exploitedNow #zeroDay #CVE20195786


⚠️Chrome/Chromium zero-day RCE (CVE-2019-5786), actively exploited in the wild. Affected Versions: < 72.0.3626.121

Information is beginning to circulate regarding CVE-2019-5786, a use-after-free (UAF) vulnerability in Chrome's FileReader API. The Chrome security team has indicated that it is being actively exploited in the wild. Details are limited, but the vulnerability is believed to permit remote code execution (RCE).

Some news sources have conflated this with another, less severe issue spotted by EdgeSpot relating to PDF files. Both EdgeSpot and Google have indicated that the issues are unrelated.

CVE-2019-5786 has been patched in Chrome version 72.0.3626.121, currently available on the stable channel. Other Chromium-based browsers, such as Vivaldi, may or may not be affected.

(Severity: 🔸high)

Additional information:

- Announcement from Google: https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop.html
- Chromium bug (not yet public): https://bugs.chromium.org/p/chromium/issues/detail?id=936448
- Tweet from a Chrome security engineer: https://twitter.com/justinschuh/status/1103087046661267456
- Patch: https://github.com/chromium/chromium/blob/ba9748e78ec7e9c0d594e7edf7b2c07ea2a90449/third_party/blink/renderer/platform/wtf/typed_arrays/array_buffer_builder.h#L63-L67
- Patch review: https://chromium-review.googlesource.com/c/1492873 and https://chromium-review.googlesource.com/c/1495209
- Technical explanation: https://news.ycombinator.com/item?id=19325083
- Sophos: https://nakedsecurity.sophos.com/2019/03/06/serious-chrome-zero-day-google-says-update-right-this-minute/
- Forbes (conflates CVE-2019-5786 and the PDF issue reported by EdgeSpot): https://www.forbes.com/sites/daveywinder/2019/03/07/google-confirms-serious-chrome-security-problem-heres-how-to-fix-it/

#alert #severityHigh #vulnerability #browser #chrome #rce #uaf #CVE20195786


⚠️Firefox Information Exposure. Affected Versions:


⚠️PSA: On February 1, 2019, "DNS Flag Day," a large number of public DNS resolvers and ISPs will be removing workarounds intended to support authoritative nameservers that lack EDNS support. When this happens, sites relying on nameservers that don't properly support EDNS will go offline. A significant number of major websites have yet to update and are expected to go offline on Feburary 1.

Summary and compatibility testing tool: https://yt.gl/y4vgq

Technical information: https://yt.gl/i5hpy

Discuss this at @itsectalk!

#alert #breakingChange #dnsFlagDay


🎉🥇 We recently hit 5000 followers 🥇We want to take this opportunity to remind you to report any new vulnerabilities to our submission form https://infected.io/telegram-submissio - with over 5000 members in this channel we need feedback on what you think is a newsworthy vulnerability. We try to only post the most relevant vulnerabilities here in order to avoid flooding you with unrelated messages. That is why we would like to invite you to the @itsectalk group.

~ The IT Security Alerts & Group Admin Team
#infectedio #announcement


⚠ Malicious Command Execution via bash-completion (CVE-2018-7738) At minimum, affected versions: Ubuntu 18.04
This issue affects any system using the util-linux
mount/umount bash-completion scripts between version 2.24 and 2.31.

A series of bugs apply with specially formatted USB drive name, which on mount run code.

example:

sudo mkfs.ntfs -f -L 'IFS=,;a=sudo,reboot;\$a' /dev/sdb1

umount

(severity: 🔷 low) - requires physical access
More info: https://yt.gl/say6z

#alert #severityLow #local #bash

Discuss this at @itsectalk and let your Linux sysadmins know.

Показано 20 последних публикаций.

12 327

подписчиков
Статистика канала