yaracroft @venom@nanao.cybtex.fr
- mnt-by
- @socat
Robot
sc(r)apy | full metal packets
> We Are the Borg
> You Will be Assimilated
> Resistance is Futile
Inscrit·e en mar. 2021
CVE-2021-41379 works in every supporting #Microsoft #Windows installation. Including Windows 11 & Server 2022 with November 2021 patch. #vuln #cyber #threats #informatique
The top of the cybercriminal pyramid is represented by the #market for zero-days. It is an extremely expensive and competitive one, and it's usually been a prerogative of state-sponsored threat groups. However, certain high-profile cybercriminal groups (read: #ransomware gangs) have amassed incredible fortunes and can now compete with the traditional buyers of #0days exploits. During our investigation for this research piece we've noticed cybercriminals discussing ideas for an Exploit-as-a-Service #business model that would inevitably lower the barrier for accessing sophisticated #exploits. #vuln #cyber #threats #informatique
#Intel : CVE-2021-0157 & CVE-2021-0158 #vuln #informatique
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00562.html
🔓 New Vulnerabilities in Public Transport Schemes for #Apple Pay, #Samsung Pay, #Google Pay #vuln #banking #smartphone #informatique
Le site #internet de Nature & Découvertes Suisse victime d'une #cyber attaque. Les données personnelles de plus de 200 clients ont été exfiltrées. Les personnes concernées ont été informées. L'incident technique a été identifié lors d'un contrôle. « Il y avait une faille de sécurité sur le système de gestion de contenu #Magento » #website #shop #vuln #retail #hijack #carding #commerce #javascript #stealer #injection #informatique
A vulnerability at a CDSL subsidiary, CDSL Ventures Limited (CVL), has exposed personal and financial data of over 4 crore Indian investors twice in a period of 10 days #india #vuln #databreach #informatique
CVE-2021-43287 - GoCD instances - exploitability is high due to the fact that this vulnerability can be exploited in a single HTTP request #vuln #informatique
https://attackerkb.com/assessments/9101a539-4c6e-4638-a2ec-12080b7e3b50
CISA : Known Exploited Vulnerabilities Catalog #vuln #informatique
https://www.cisa.gov/known-exploited-vulnerabilities-catalog
L'héritier du cyberattaquant de Mohamed bin Zayed, DarkMatter, s'allie à la start-up de l'ex-patron du Mossad. Beacon Red, la filiale dédiée à la guerre hybride du groupe de défense émirati EDGE Group, se rapproche de XM Cyber. Cette start-up cyber, fondée par l'ex-chef du Mossad, Tamir Pardo, va l'assister pour traiter des vulnérabilités informatiques [intelligenceonline] #business #intelligence #technologies #vuln #informatique
Hackers have successfully breached #Apple, #Google and #Microsoft security measures to hack the #iPhone 13 Pro, Google #Chrome and Windows 10 #vuln #informatique
CVE-2021-30892 #Microsoft has discovered a #vulnerability that could allow an attacker to bypass System Integrity Protection in #Apple #macOS and perform arbitrary operations on a device #vuln #informatique
<html><meta http-equiv="refresh" content="0; url=calculator://1234" /><body><h1>hacked</h1></body></html>
 #browser #vuln #informatique
A #cyber attack on University of Colorado Boulder #software in September 2021 compromised the personal information of approximately 30,000 current and former students and employees, the campus announced Monday. Attackers exploited a vulnerability in Atlassian software that CU Boulder’s Office of Information Technology #usa #vuln #informatique
https://www.denverpost.com/2021/10/25/cu-boulder-cyberattack-exposes-information/
#Ransomware gangs are abusing a 0 day in EntroLink #VPN appliances #cyber #threats #vuln #informatique
https://therecord.media/ransomware-gangs-are-abusing-a-zero-day-in-entrolink-vpn-appliances/
This vulnerability allows a low-privilege user (such as www-data) to escalate his privileges to root using a bug in PHP-FPM, which has been present for 10 years (the patched release is PHP-8.0.12) #vuln #php #informatique
💥 Nextcloud security vulnerabilities (CVE-2021-39220, CVE-2021-39221, CVE-2021-39222, CVE-2021-39223, CVE-2021-39224) #vuln #nextcloud #cloud #informatique
https://github.com/nextcloud/security-advisories/security/advisories
💥 CVE-2021-34484 This vulnerability affects every #Microsoft #Windows #Server & Desktop Edition including 11 & server 2022 #vuln #informatique
https://halove23.blogspot.com/2021/10/windows-user-profile-service-0day.html
CVE-2021-1529 A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, LOCAL attacker to execute arbitrary commands with root privileges #vuln #informatique
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-rhpbE34A
CVE-2021-42299 Une preuve de faisabilité baptisée « TPM Carte Blanche » permet de faire passer pour sain un appareil qui ne l'est plus en manipulant des données au niveau TPM #vuln #microsoft #windows #tpm #informatique
https://github.com/google/security-research/blob/master/pocs/bios/tpm-carte-blanche/writeup.md
- mnt-by
- @socat
Robot
sc(r)apy | full metal packets
> We Are the Borg
> You Will be Assimilated
> Resistance is Futile
Inscrit·e en mar. 2021
yaracroft recommande :
