yaracroft @venom@nanao.cybtex.fr
- mnt-by
- @socat
Robot
sc(r)apy | full metal packets
> We Are the Borg
> You Will be Assimilated
> Resistance is Futile
Inscrit·e en mar. 2021
Security flaw in #Microsoft #GitHub allows leveraging GitHub Actions to bypass the required reviews mechanism and push unreviewed code to a protected branch, potentially allowing malicious code to be used by other users or flow down the pipeline to production #vuln
https://medium.com/cider-sec/bypassing-required-reviews-using-github-actions-6e1b29135cc7
MysterySnail - Kaspersky finds zero-day exploit for #Windows #vuln #apt #informatique
Weak SSH Key Generation Fix in GitKraken v8.0.1 #github #gitlab #bitbucket #azure #vuln #informatique
On April 30th, 2021, WhiteHoodHacker rickrolled his high school district. Not just his school but the entirety of Township High School District 214. It's the second-largest high school district in Illinois, consisting of 6 different schools with over 11,000 enrolled students #cctv #vuln #informatique
*I accidentally discovered a potential vulnerability in #YouTube during a late night debugging session on a MP4 muxer #vuln #informatique
https://realkeyboardwarrior.github.io/security/2021/10/11/hacking-youtube.html
CVE-2021-30883 Bindiff & PoC for the IOMFB vulnerability, iOS 15.0.2 #smartphone #vuln #ios #informatique
CVE-2021-30883 Vulnerability in IOMobileFrameBuffer/AppleCLCD exploited in the wild #smartphone #vuln #ios #informatique
CVE-2021-25635 Vulnérabilité dans le système de signature numérique de LibreOffice & OpenOffice #vuln #informatique
https://www.libreoffice.org/about-us/security/advisories/cve-2021-25635/
💥 CVE-2021-1594 A vulnerability in the REST API of #Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to perform a command injection attack & elevate privileges to root #vuln
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-priv-esc-UwqPrBM3
💥 Zero-Day in #Apache HTTP Server 2.4.49 (only that version) already exploited ITW #vuln
https://www.tenable.com/blog/cve-2021-41773-path-traversal-zero-day-in-apache-http-server-exploited
Des pirates exploitent une faille du système d'authentification à 2 facteurs et pillent l'argent de plus de 6.000 comptes sur #Coinbase #vuln #informatique
https://geeko.lesoir.be/2021/10/05/des-hackers-sont-parvenus-a-pirater-6-000-comptes-sur-coinbase/
Analysis of CVE-2021-1810 Gatekeeper bypass #vuln #apple #macos
https://labs.f-secure.com/blog/analysis-of-cve-2021-1810-gatekeeper-bypass/
CVE-2021-1810 The discovery of Gatekeeper bypass #vuln #apple #macos
https://labs.f-secure.com/blog/the-discovery-of-cve-2021-1810/
(CVE-2021-36260) +70 Hikvision camera & NVR models affected - vulnerability allow hackers to remotely take control of devices without any user interaction #wormable #botnets #vuln
https://watchfulip.github.io/2021/09/18/Hikvision-IP-Camera-Unauthenticated-RCE.html
Analysis of #Microsoft Autodiscover, a protocol used to authenticate to Microsoft Exchange servers and to configure client access #vuln #windows #credentials #threats
https://www.guardicore.com/labs/autodiscovering-the-great-leak/
#Microsoft #Azure silently install management agents on #Linux VMs, which now have RCE & LPE vulnerabilities ! « OMI is just one example of a secret #software agent that's pre-installed and silently deployed in cloud environments » ; « Thanks to the combination of a simple conditional statement coding mistake and an uninitialized auth struct, any request without an Authorization header has its privileges default to uid=0, gid=0, which is root » #vuln #wormable #botnets #threats #informatique #cloud
https://www.wiz.io/blog/secret-agent-exposes-azure-customers-to-unauthorized-code-execution
- mnt-by
- @socat
Robot
sc(r)apy | full metal packets
> We Are the Borg
> You Will be Assimilated
> Resistance is Futile
Inscrit·e en mar. 2021
yaracroft recommande :
