Информация опасносте
zero day с рейтингом 9.8 в Exim выглядит очень очень плохо https://www.zerodayinitiative.com/advisories/ZDI-23-1469/
вышли патчи https://www.exim.org/download.html
И немножко анализа происходящего
https://labs.watchtowr.com/exim-0days-90s-vulns-in-90s-software/
И немножко анализа происходящего
https://labs.watchtowr.com/exim-0days-90s-vulns-in-90s-software/
www.exim.org
Download sites for Exim
Exim is a message transfer agent (MTA) developed at the University of Cambridge for use on Unix systems connected to the Internet.
💩5👍3
libwebp продолжает напоминать о себе, теперь апдейтами у Microsoft
https://msrc.microsoft.com/blog/2023/10/microsofts-response-to-open-source-vulnerabilities-cve-2023-4863-and-cve-2023-5217/
https://msrc.microsoft.com/blog/2023/10/microsofts-response-to-open-source-vulnerabilities-cve-2023-4863-and-cve-2023-5217/
Microsoft
Microsoft’s Response to Open-Source Vulnerabilities - CVE-2023-4863 and CVE-2023-5217 | MSRC Blog
| Microsoft Security…
| Microsoft Security…
🤡8😁2
какая-то смешная и странная история про то, как некий чувак с помощью bluetooth на телефоне управляет бензоколонками. в итоге он типа активирует подачу топлива каким-то людям, которые затем бесплатно набирают топливо из колонки. Технических деталей, конечно же, нет
https://www.fox2detroit.com/news/detroit-man-steals-800-gallons-using-bluetooth-to-hack-gas-pumps-at-station
https://www.fox2detroit.com/news/detroit-man-steals-800-gallons-using-bluetooth-to-hack-gas-pumps-at-station
FOX 2 Detroit
Detroit man steals 800 gallons using Bluetooth to hack gas pumps at station
Some gas station owners are falling victim to a sophisticated scam.
🤔26🤣6✍4👍2👌1
октябрский патч безопасности у Android, включает исправления для 54 уязвимостей, включая две (CVE-2023-4863 — все еще libwep, и CVE-2023-4211) в ограниченной, таргетированной эксплуатации, по словам Google.
https://source.android.com/docs/security/bulletin/2023-10-01
https://source.android.com/docs/security/bulletin/2023-10-01
😱16👍4🤡2
Sony подтвердила взлом, и рассылает сотрудникам уведомление о том, что их персональная информация могла быть похищена в результате кибератаки
https://www.documentcloud.org/documents/24005170-sample-individual-notice-10032023?responsive=1&title=1
https://www.documentcloud.org/documents/24005170-sample-individual-notice-10032023?responsive=1&title=1
🥰17🌚9🤡4😁2👍1
Федеральная служба безопасности хочет обязать организаторов распространения информации (ОРИ) хранить и предоставлять сведения о геолокации пользователей и средствах их платежей.
Соответствующий проект постановления Правительства опубликован на портале проектов правовых актов.
http://regulation.gov.ru/p/142353
https://roskomsvoboda.org/post/fsb-trebuyet-platezh-i-geoloc/
Соответствующий проект постановления Правительства опубликован на портале проектов правовых актов.
http://regulation.gov.ru/p/142353
https://roskomsvoboda.org/post/fsb-trebuyet-platezh-i-geoloc/
🤡72🖕43🤬12😁4🗿3👍2❤1🔥1
Да где же этому конец
Impact: A local attacker may be able to elevate their privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.6.
https://support.apple.com/en-gb/HT213961
Impact: A local attacker may be able to elevate their privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.6.
https://support.apple.com/en-gb/HT213961
Apple Support
About the security content of iOS 17.0.3 and iPadOS 17.0.3
This document describes the security content of iOS 17.0.3 and iPadOS 17.0.3.
🎉17🤡11🌚3👍1
A vulnerability in Cisco Emergency Responder could allow an unauthenticated, remote attacker to log in to an affected device using the root account, which has default, static credentials that cannot be changed or deleted.
lol
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cer-priv-esc-B9t3hqk9
lol
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cer-priv-esc-B9t3hqk9
Cisco
Cisco Security Advisory: Cisco Emergency Responder Static Credentials Vulnerability
A vulnerability in Cisco Emergency Responder could allow an unauthenticated, remote attacker to log in to an affected device using the root account, which has default, static credentials that cannot be changed or deleted.
This vulnerability is due to the…
This vulnerability is due to the…
🤡20🥰13🗿4🤯3👍1
и у Atlassian там все тоже не очень. даже очень не очень — a maximum severity zero-day vulnerability
https://confluence.atlassian.com/security/cve-2023-22515-privilege-escalation-vulnerability-in-confluence-data-center-and-server-1295682276.html
https://jira.atlassian.com/browse/CONFSERVER-92475
https://confluence.atlassian.com/security/cve-2023-22515-privilege-escalation-vulnerability-in-confluence-data-center-and-server-1295682276.html
https://jira.atlassian.com/browse/CONFSERVER-92475
🥰18🤡10
отчет о том, как различные правоохранительные ветки в США (миграционная служба, пограничная служба, Секретная служба) скупают данные о геолоакции, собранные различными приложениями на смартфонах пользователей. Отчет подготовлен офисом генерального инспектора АНБ
https://www.documentcloud.org/documents/24016546-oig-23-61-sep23-redacted?ref=404media.co
https://www.404media.co/ice-cbp-secret-service-all-broke-law-with-smartphone-location-data/
https://www.documentcloud.org/documents/24016546-oig-23-61-sep23-redacted?ref=404media.co
https://www.404media.co/ice-cbp-secret-service-all-broke-law-with-smartphone-location-data/
404 Media
ICE, CBP, Secret Service All Illegally Used Smartphone Location Data
A bombshell government report also found that a CBP official used the data to track coworkers with no investigative purpose.
🤬19🤡13🔥10😁3🤣3👍2🗿2❤1
Информация опасносте
В Лас Вегасе уже несколько дней продолжается история со взломом трех крупных казино — Aria, Bellagio и MGM Grand. (совершенно “обычная” тема с ransomware — Caesars быстро заплатили выкуп в 15 млн и вернулись к работе, другие сопротивляются). собственно,…
MGM сообщила, что потери от кибер-инцидента составили около 100 млн долларов, плюс 10 млн долларов на различные статьи расходов на последствия взлома — юристы, консультанты, и прочее.
http://www.sec.gov/ix?doc=/Archives/edgar/data/789570/000119312523251667/d461062d8k.htm
При этом компания сообщила, что в рамках взлома были украдены персональные данные клиентов компании, включая имена, адреса, номера телефонов, даты рождения, и номера водительских удостоверений
https://www.mgmresorts.com/en/notice-of-data-breach.html
http://www.sec.gov/ix?doc=/Archives/edgar/data/789570/000119312523251667/d461062d8k.htm
При этом компания сообщила, что в рамках взлома были украдены персональные данные клиентов компании, включая имена, адреса, номера телефонов, даты рождения, и номера водительских удостоверений
https://www.mgmresorts.com/en/notice-of-data-breach.html
🍾14🙈9🥰7😁7🤡4🔥2😢2
23andme, один из первых сайтов, который предложил пользователям анализ ДНК, подтвердил утечку данных пользователей. Говорят, credentials stuffing, то есть использование утекших ранее логинов-паролей для выгрузки информации не только этих пользователей, но и всех их “родственников по ДНК”
https://www.bleepingcomputer.com/news/security/genetics-firm-23andme-says-user-data-stolen-in-credential-stuffing-attack/
https://www.bleepingcomputer.com/news/security/genetics-firm-23andme-says-user-data-stolen-in-credential-stuffing-attack/
BleepingComputer
Genetics firm 23andMe says user data stolen in credential stuffing attack
23andMe has confirmed to BleepingComputer that it is aware of user data from its platform circulating on hacker forums and attributes the leak to a credential-stuffing attack.
🤡42😁12👏7🤬4💋2🤩1
Google сделала passkey механизмом аутентификации по умолчанию для учетных записей Google
https://blog.google/technology/safety-security/passkeys-default-google-accounts/
https://blog.google/technology/safety-security/passkeys-default-google-accounts/
Google
Passwordless by default: Make the switch to passkeys
Google is making it even easier to get started with passkeys by offering the ability to set them up for all users — by default.
🔥42🤡13👎5👍3🤮3🤔2❤1
очень серьезная уязвимость у Cisco
• Cisco has identified active exploitation of a previously unknown vulnerability in the Web User Interface (Web UI) feature of Cisco IOS XE software (CVE-2023-20198) when exposed to the internet or untrusted networks. This affects both physical and virtual devices running Cisco IOS XE software that also have the HTTP or HTTPS Server feature enabled.
• Successful exploitation of this vulnerability allows an attacker to create an account on the affected device with privilege level 15 access, effectively granting them full control of the compromised device and allowing possible subsequent unauthorized activity.
• The recommendation that Cisco has provided in its security advisory to disable the HTTP server feature on internet-facing systems is consistent with not only best practices but also guidance the U.S. government has provided in the past on mitigating risk from internet-exposed management interfaces.
• Cisco support centers collaborated with the security team after using methods and procedures to correlate similar indicators in a very small number of cases out of our normal substantial daily case volume.
• This is a critical vulnerability, and we strongly recommend affected entities immediately implement the steps outlined in Cisco’s PSIRT advisory.
https://blog.talosintelligence.com/active-exploitation-of-cisco-ios-xe-software/
• Cisco has identified active exploitation of a previously unknown vulnerability in the Web User Interface (Web UI) feature of Cisco IOS XE software (CVE-2023-20198) when exposed to the internet or untrusted networks. This affects both physical and virtual devices running Cisco IOS XE software that also have the HTTP or HTTPS Server feature enabled.
• Successful exploitation of this vulnerability allows an attacker to create an account on the affected device with privilege level 15 access, effectively granting them full control of the compromised device and allowing possible subsequent unauthorized activity.
• The recommendation that Cisco has provided in its security advisory to disable the HTTP server feature on internet-facing systems is consistent with not only best practices but also guidance the U.S. government has provided in the past on mitigating risk from internet-exposed management interfaces.
• Cisco support centers collaborated with the security team after using methods and procedures to correlate similar indicators in a very small number of cases out of our normal substantial daily case volume.
• This is a critical vulnerability, and we strongly recommend affected entities immediately implement the steps outlined in Cisco’s PSIRT advisory.
https://blog.talosintelligence.com/active-exploitation-of-cisco-ios-xe-software/
Cisco
Cisco Security Advisory: Multiple Vulnerabilities in Cisco IOS XE Software Web UI Feature
Cisco is providing an update for the ongoing investigation into observed exploitation of the web UI feature in Cisco IOS XE Software. We are updating the list of fixed releases and adding the Software Checker.
Fix information can be found in the Fixed Software…
Fix information can be found in the Fixed Software…
😱26👍6🤡3❤2🥴1