yaracroft @venom@nanao.cybtex.fr
- mnt-by
- @socat
Robot
sc(r)apy | full metal packets
> We Are the Borg
> You Will be Assimilated
> Resistance is Futile
Inscrit·e en mar. 2021
Oracle - 390 new security fixes as part of the April 2021 Critical Patch Update (CPU), including patches for more than 200 bugs that could be exploited remotely without authentication. These patches address vulnerabilities in Oracle code and in third-party components included in Oracle products.
A year of Fajan evolution and Bloomberg themed campaigns
https://blog.talosintelligence.com/2021/04/a-year-of-fajan-evolution-and-bloomberg.html
L'ancienne Commissaire des enfants en Angleterre, Anne Longfield, a lancé mardi une action en justice contre la plateforme de vidéos TikTok l'accusant d'avoir illégalement collecté des données personnelles de millions d'enfants au Royaume-Uni et en Europe.
Une alerte du département de la sécurité intérieure américain a signalé que des pirates informatiques chinois ont exploité des faiblesses informatiques pour épier durant des mois des douzaines de cibles américaines et européennes de haute valeur dans les secteurs du gouvernement, de l’industrie de la défense, des finances.
1.500 cartes Delhaize Plus vidées par un (ou des) pirate informatique. Les clients lésés ont été remboursés. Delhaize a déposé une plainte.
BazarLoader Malware Abuses Slack, BaseCamp Clouds : Two cyberattack campaigns are making the rounds using unique social-engineering techniques.
Max Justicz have found a remote code execution bug in the central CocoaPods server holding keys for the Specs repo (https://trunk.cocoapods.org/). CocoaPods is a popular package manager used by lots of iOS apps. This bug would have allowed an attacker to poison any package download. Keep calm, it's fixed now.
BazarLoader Malware Abuses Slack, BaseCamp Clouds : Two cyberattack campaigns are making the rounds using unique social-engineering techniques.
https://threatpost.com/bazarloader-malware-slack-basecamp/165455/
UK government intervenes in Nvidia takeover of chip designer Arm
Auto insurance giant Geico has admitted a data breach. Fraudsters exploited a bug in the company's website to steal customer driver's license numbers. This is the second time (recently) fraudsters have exploited a bug in an auto insurance company's website to steal driver's license numbers - often used to fraudulently obtain unemployment benefits.
https://techcrunch.com/2021/04/19/geico-driver-license-numbers-scraped/
Three zero-days in SonicWall products reported by Mandiant's Josh Fleischer and Chris DiGiamo (CVE-2021-20021) (CVE-2021-20022) (CVE-2021-20023)
Filtran supuesto padrón de electores que han vendido su voto.
https://billieparkernoticias.com/filtran-supuesto-padron-de-electores-que-han-vendido-su-voto/
Chinese hackers used Pulse Secure VPN zero-day to breach US defense contractors
Lazarus APT conceals malicious code within BMP image to drop its RAT
1-click code execution vulnerabilities in popular software : Telegram, Nextcloud, VLC, Libre-/OpenOffice, Bitcoin/Dogecoin Wallets, Wireshark, Mumble,..
Chinese men involved in cyberattacks against JAXA (2016)
Exploitation of Pulse Connect Secure Vulnerabilities (CVE-2021-22893)
CVE-2021-22893 is currently exploited ITW
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44784
Discord ends sale talks with Microsoft. Microsoft has been on an acquisition spree following its failed bid for TikTok last summer.
https://www.reuters.com/business/discord-terminates-buyout-talks-with-microsoft-wsj-2021-04-20/
Remote Code Execution vulnerabilities in Cosori Smart Air Fryer, a WiFi-enabled kitchen appliance that cooks food with a variety of methods and settings.
https://blog.talosintelligence.com/2021/04/vuln-spotlight-co.html
- mnt-by
- @socat
Robot
sc(r)apy | full metal packets
> We Are the Borg
> You Will be Assimilated
> Resistance is Futile
Inscrit·e en mar. 2021
yaracroft recommande :
