当前节点:rss
时间节点
2022年9月22日 18:39checkpoint research
Introduction In 2022, Check Point Research (CPR) observed a new wave of a long-standing campaign targeting the Uyghur community, a Turkic ethnic group originating from Central Asia, one of the largest minority ethnic groups in China. This malicious activity, which we attributed to the threat actor Scarlet Mimic, was first brought to light back in... Click to Read More
The post 7 Years of Scarlet Mimic’s Mobile Surveillance Campaign Targeting Uyghurs appeared first on Check Point Research.
引言2022年,Check Point Research (CPR)观察到针对维吾尔族的新一轮长期运动,维吾尔族是一个起源于中亚的突厥民族,是中国最大的少数民族之一。这个恶意行为,我们认为是威胁演员斯嘉丽 · 模仿者所为,首次曝光是在... 点击阅读更多
后7年的猩红模仿的移动监视运动的目标维吾尔族首先出现在检查点研究。
2022年9月22日 18:09Seebug
作者:lxraa 本文为作者投稿,Seebug Paper 期待你的分享,凡经采用即有礼品相送! 投稿邮箱:paper@seebug.org 前言 由于目前公司部分业务使用erlang实现,中文互联网上对于erlang安全问题研究较少,为了了解erlang应用的安全问题本人结合代码和公开资料进行了一些研究。 本文为erlang安全研究项目中针对erlang distribution通信协议...
2022年9月22日 17:35Stories by SAFARAS K A on Medi
This write-up for the lab JWT authentication bypass via jwk header injection is part of my walk-through series for PortSwigger’s Web…
Continue reading on InfoSec Write-ups »
这篇关于通过 jwk 头注入绕过实验室 JWT 身份验证的文章是我的 PortSwigger Web 演练系列的一部分..。
继续阅读资讯安全网的文章”
2022年9月22日 17:31360漏洞预警
2022年09月22日,360CERT监测发现 `Microsoft官方` 发布了 `Microsoft Endpoint Configuration Manager(MECM)` 的风险通告,漏洞编号为 `CVE-2022-37972` ,漏洞等级: `高危` ,漏洞评分: `7.5` 。
2022年9月22日 15:36Stories by SAFARAS K A on Medi
Hello guys, I am Faique a security researcher and a bug bounty hunter and I welcome you to my write-up on a story of a hack that I did couple of months ago, firstly I thought of not sharing it because it was an easy finding and also I got no bounty from them but then thought of sharing it, as infosec community has taught me so much that it’s now my responsibility to give back to the community. So make sure to follow me & enjoy the write-up
I started hunting on the target because my brother jokingly told me to hack it because he wanted to pass the exam. I cannot disclose the name of the target so I will call it redacted.com.
I did basic recon like gathering subdomains but I didn't found anything. So I thought of focusing on the main domains instead of subdomains.
redacted.com had functionality to sign in, so that students could sign in and give their exams.
I didn't have any credentials that I’ll use to test for bugs. So while browsing on the target I saw the login url https://redacted.com/login,
I changed the
2022年9月22日 15:36Stories by SAFARAS K A on Medi
This is the first room that I chose to write about. I was postponing that, but finally I decided to start that journey.
So I randomly chose this room just because its looks interesting and funny. xD
This room shows us that in today’s digital world, a lot of evidence in criminal investigations are found in different digital devices.
So the Digital Forensics is responsible to analyze and process this digitals evidences, helping to clear what really happened in the situation.
In addition, this room introduces us to the basics of how to work with it.
Task 1
1 — Consider the desk in the photo above. In addition to the smartphone, camera, and SD cards, what would be interesting for digital forensics?
Thinking about the definition, that’s become easy! The only other digital device into the picture is the laptop.
Answer: Laptop
Task 2
Going deeper in this topic, now this task presents better the step-by-step of what to do working as a digital forensics investigator.
To answer the second task, we just need to find the
2022年9月22日 15:36Stories by SAFARAS K A on Medi
This is the second walkthrough that I decide to write and diferently from de first, this has more to do with my main interest that is pentest.
So I had a lot of fun completing this room and writing this text.
This room give an opportunity for those who are starting like me, to apply what learned in a real scenario of pentest.
I hope this little text can be useful to someone else. =D
Task 1
1.1 — Deploy the machine and connect to our network
This question doesn’t need an answer.
1.2 — Find the services exposed by the machine
This doesn’t need an answer too, but in order to do what was ask we need follow the next steps:
Step 1: Run nmap on IP Address of the target using the command:
nmap “target IP”
Step 2: Look at the result to see the services running on the open ports.
Let’s save it for later!
1.3 — What is the name of the hidden directory on the web server(enter name without /)?
For this task we just need to use some directory bruteforce tool like dirb, dirbuster, gobuster or any other that you programmed.
2022年9月22日 15:35Stories by SAFARAS K A on Medi
Understanding the NMAP methodology — Part 1
Understanding the NMAP methodology from beginner to advance
Description :
We are going to learn about network mapping with nmap from beginner to advance in multiple articles. Today we are going to cover Basic Scanning and understand how actually nmap work behind the scenes.
Network Mapping
Understanding the basics
Hand Shaking
Before starting with nmap and scanning it is important to know how really a network work in real. When we visit any website or access any service on the internet our browser goes to website and asks, “Can i connect with you ?” and if website or service is available then it will say, “ Yes, please you can.” and then our browser will say, “Thank you.” and it will load the website. In technical terms a “hand shaking” process happens behind the scenes.
What is TCP Header ?
A TCP header holds information about the connection and the current data being sent over a connection including Source port, destination port, flags, data and many more. The imp
2022年9月22日 15:35Stories by SAFARAS K A on Medi
As everyone knows information gathering in cyber security and ethical hacking is very important. The more you know about the target, the more success you will get. We are going to see information gathering with very good tool called informer based on OSINT.
Informer is OSINT based information gathering tool made with python programming language. It has reach features like whois information gathering, geo-location information gathering, DNS information gathering, sub-domain information gathering and shodan information gathering abilities.
Github Link : https://github.com/sudo0x18/informer
1. Download and Setup
For downloading and installation you must have git and python installed in your device. Clone the repository with git into your computer device and install all requirements.
#Clone repo
git clone https://github.com/sudo0x18/informer.git
#Move into directory
cd informer
#Install requirements
pip install -r requirements.txt
2. Usage and Menu
Usage and available option in every tool is very important to und
2022年9月22日 15:35Stories by SAFARAS K A on Medi
Hello guys, I am Faique a security researcher and a bug bounty hunter and I welcome you to my write-up on a story of a hack that I did couple of months ago, firstly I thought of not sharing it because it was an easy finding and also I got no bounty from them but then thought of sharing it, as infosec community has taught me so much that it’s now my responsibility to give back to the community. So make sure to follow me & enjoy the write-up
I started hunting on the target because my brother jokingly told me to hack it because he wanted to pass the exam. I cannot disclose the name of the target so I will call it redacted.com.
I did basic recon like gathering subdomains but I didn't found anything. So I thought of focusing on the main domains instead of subdomains.
redacted.com had functionality to sign in, so that students could sign in and give their exams.
I didn't have any credentials that I’ll use to test for bugs. So while browsing on the target I saw the login url https://redacted.com/login,
I changed the
2022年9月22日 15:31360漏洞预警
2022年09月22日,360CERT监测发现 `Redhat官方` 更新了 `Linux Kernel` 的风险通告,漏洞编号为 `CVE-2022-2588` ,漏洞等级: `高危` ,漏洞评分: `7.8` 。
2022年9月22日 15:31tyler_download的专栏
GoLex,一个基于go语言的词法解析生成器基本介绍
2022年9月22日 15:09Github_POC
An XSS (Cross Site Scripting) vulnerability was found in HelpSystems Cobalt Strike through 4.7 that allowed a remote attacker to execute HTML on the Cobalt Strike teamserver. To exploit the vulnerability, one must first inspect a Cobalt Strike payload, and then modify the username field in the payload (or create a new payload with the extracted information and then modify that username field to be malformed).
[GitHub]CVE-2022-39197
在4.7版本的帮助系统钴袭击中发现了一个 XSS (跨网站脚本)漏洞,该漏洞允许远程攻击者在钴袭击团队服务器上执行 HTML。要利用这个漏洞,首先必须检查一个 Cobalt Strike 有效载荷,然后修改有效载荷中的用户名字段(或者用提取的信息创建一个新的有效载荷,然后修改该用户名字段使其格式不正常)。
CVE-2022-39197
2022年9月22日 15:09Seebug
作者:xxhzz@星阑科技PortalLab 原文链接:https://mp.weixin.qq.com/s/3DECgzKcovoCQcdZLGXCzA 前言 在研究分析了CVE-2022-22980 Spring Data MongoDB SpEL表达式注入漏洞之后,想起之前在spring4shell爆出之前,存在于SpringCloud Function中的一个SpEL表达式注入漏洞,...
2022年9月22日 14:39Seebug
作者:认真做研究地@星阑科技PortalLab 原文链接:https://mp.weixin.qq.com/s/zS2TBfBsK1gzkLxs5u3GmQ 项目介绍 Apache Flume 是一个分布式的,可靠的,并且可用于高效地收集,汇总和移动大量日志数据的软件。它具有基于流数据流的简单而灵活的体系结构。它具有可调的可靠性机制以及许多故障转移和恢复机制,并且具有健壮性和容错性。它使用一...
2022年9月22日 13:34Data Breach – Security Affairs
A disgruntled developer seems to be responsible for the leak of the builder for the latest encryptor of the LockBit ransomware gang. The leak of the builder for the latest encryptor of the LockBit ransomware gang made the headlines, it seems that the person who published it is a disgruntled developer. The latest version of […]
The post A disgruntled developer is the alleged source of the leak of the Lockbit 3.0 builder appeared first on Security Affairs.
一个心怀不满的开发者似乎应该为 LockBit 勒索软件团伙的最新加密器的建造者泄露负责。洛克比特勒索软件团伙的最新加密器的建造者泄密事件成为了头条新闻,似乎发布它的人是一个心怀不满的开发者。最新版本的[ ... ]
一位心怀不满的开发者是据称泄露 Lockbit 3.0构建器的源头,该消息最早出现在《安全事务》上。
2022年9月22日 13:31360漏洞预警
2022年09月22日,360CERT监测发现了 `Cobalt Strike` 远程代码执行漏洞,漏洞编号为 `CVE-2022-39197` ,漏洞等级: `严重` ,漏洞评分: `9.8` 。
2022年9月22日 11:31360漏洞预警
360-CERT每日安全简报
2022年9月22日 10:08跳跳糖
PPL表示“受保护的流程”,但在此之前,只有“受保护的流程”。Windows Vista / Server 2008引入了受保护进程的概念,其目的不是保护您的数据或凭据。其最初目标是保护媒体内容并符合DRM(数字版权管理)要求。Microsoft开发了此机制,以便您的媒体播放器可以读取例如蓝光,同时防止您复制其内容。当时的要求是映像文件(即可执行文件)必须使用特殊的Windows Media证书进行数字签名(如Windows Internals的“受保护的过程”部分所述)。
2022年9月22日 09:09Github_POC
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.
[GitHub]CVE-2021-44228 POC / Example
Apache Log4j22.0-beta9到2.15.0(不包括安全版本2.12.2、2.12.3和2.3.1)在配置、日志消息和参数中使用的 JNDI 特性不能防止攻击者控制的 LDAP 和其他 JNDI 相关端点。当启用消息查找替换时,可以控制日志消息或日志消息参数的攻击者可以执行从 LDAP 服务器加载的任意代码。在 log4j 2.15.0中,默认情况下禁用了此行为。从版本2.16.0(以及2.12.2、2.12.3和2.3.1)开始,这个功能已经被完全删除了。请注意,此漏洞特定于 log4j-core,不影响 log4net、 
2022年9月22日 05:33Trustwave Blog
For the sixth consecutive year, Trustwave has been named a Top 10 MSSP by MSSP Alert in its 2022 Top 250 MSSPs List. Trustwave garnered 7th place on MSSP’s list, a strong indicator of the company’s status as a managed security service provider.
连续第六年,Trustwave 被 MSSP 警报(MSSP Alert)评为2022年 MSSP 前250名的前10名。Trustwave 在 MSSP 的排名中位列第7,这是该公司作为托管安全服务提供商地位的一个有力指标。
2022年9月22日 03:10Github_POC
Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.
[GitHub]Creosote is our solution to searching for the tarfile vulnerability described by CVE-2007-4559.
Python 中 tarfile 模块的(1)提取和(2)提取函数中的目录遍历漏洞允许用户辅助的远程攻击者通过。.(点点)在 TAR 归档文件中的文件名序列,这是 CVE-2001-1267的一个相关问题。
Creosote 是我们搜索 CVE-2007-4559描述的 tarfile 漏洞的解决方案。
2022年9月22日 02:40Github_POC
[GitHub]Creosote is our solution to searching for the tarfile vulnerability described by CVE-2007-4559.
Creosote 是我们搜索 CVE-2007-4559描述的 tarfile 漏洞的解决方案。
2022年9月22日 01:38WordPress › Error
TL;DR Changelog 39: Communication is key  Communicating with others about a bug or vulnerability that has been found and submitted as report is one of the necessary key features for a bug bounty platform. Communication between the relevant stakeholders should be quick, easy and transparent but also provide some assurance about the follow-up and help […]
The post Edit & Remove Messages appeared first on Intigriti.
通信是关键与其他人就已经发现并作为报告提交的 bug 或漏洞进行沟通是 bug 奖励平台的必要关键特性之一。相关利益相关者之间的沟通应该是快速、简单和透明的,但也应该为后续行动和帮助提供一些保证[ ... ]
后编辑和删除消息第一次出现在 Intigriti。
2022年9月22日 01:35Stories by SAFARAS K A on Medi
As everyone knows information gathering in cyber security and ethical hacking is very important. The more you know about the target, the more success you will get. We are going to see information gathering with very good tool called informer based on OSINT.
Informer is OSINT based information gathering tool made with python programming language. It has reach features like whois information gathering, geo-location information gathering, DNS information gathering, sub-domain information gathering and shodan information gathering abilities.
Github Link : https://github.com/sudo0x18/informer
1. Download and Setup
For downloading and installation you must have git and python installed in your device. Clone the repository with git into your computer device and install all requirements.
#Clone repo
git clone https://github.com/sudo0x18/informer.git
#Move into directory
cd informer
#Install requirements
pip install -r requirements.txt
2. Usage and Menu
Usage and available option in every tool is very important to und
2022年9月22日 01:34Microsoft Security Blog
In this follow-up post in our series about threat hunting, we talk about some general hunting strategies, frameworks, tools, and how Microsoft incident responders work with threat intelligence.
The post The art and science behind Microsoft threat hunting: Part 2 appeared first on Microsoft Security Blog.
在我们关于威胁搜寻系列的后续文章中,我们将讨论一些通用的搜寻策略、框架、工具,以及微软事件响应者如何利用威胁情报工作。
微软威胁搜寻背后的艺术和科学: 第2部分首先出现在微软安全博客上。
2022年9月22日 01:34Microsoft Security Blog
A fake mobile banking rewards app delivered through a link in an SMS campaign has been making the rounds, targeting customers of Indian banking institutions. Users who install the mobile app are unknowingly installing an Android malware with remote access trojan (RAT) capabilities.
The post Rewards plus: Fake mobile banking rewards apps lure users to install info-stealing RAT on Android devices appeared first on Microsoft Security Blog.
一个通过短信服务链接发送的虚假手机银行奖励应用程序已经开始流传,目标客户是印度银行机构的客户。安装移动应用程序的用户在不知不觉中安装了具有远程访问木马(RAT)功能的 Android 恶意软件。
虚假的手机银行奖励应用程序吸引用户在 Android 设备上安装窃取信息的 RAT,这篇文章最早出现在微软安全博客上。
2022年9月21日 23:38WordPress › Error
After putting in-person live hacking events on hold due to social distancing regulations and travel restrictions, Yahoo made a ground-breaking comeback this month with their 1337UP0822 event. The global media and tech company combined forces with Intigriti to host their first in-person live hacking event in more than two years.  Today, we’re highlighting noteworthy performances […]
The post Yahoo’s 1337UP0822 live hacking event rallies researchers from around the world  appeared first on Intigriti.
由于社交距离规定和旅行限制,雅虎暂停了面对面的黑客活动。本月,雅虎以其1337UP0822活动实现了突破性的回归。这家全球媒体和科技公司与 Intigriti 联手举办了两年多来的首次现场黑客活动。今天,我们强调值得注意的表演[ ... ]
雅虎的1337UP0822实时黑客事件聚集了来自世界各地的研究人员,这篇文章首先出现在 Intigriti 上。
2022年9月21日 23:34Trustwave Blog
At Trustwave, we understand that people and times change. What may have appeared to be a dream job a decade ago may no longer hold the same luster, or perhaps the field a person has chosen is now struggling to survive so a new path should be chosen.
在 Trustwave,我们知道人和时代在变化。十年前看似梦寐以求的工作,现在可能已不再那么光彩夺目,或者一个人选择的领域如今正在为生存而挣扎,因此应该选择一条新的道路。
2022年9月21日 22:10Packet Storm
Red Hat Security Advisory 2022-6602-01 - The GNU Privacy Guard is a tool for encrypting data and creating digital signatures, compliant with OpenPGP and S/MIME standards. Issues addressed include a spoofing vulnerability.
红帽安全咨询2022-6602-01-GnuPG 是一个加密数据和创建数字签名的工具,符合 OpenPGP 和 s/MIME 标准。所解决的问题包括一个欺骗漏洞。
2022年9月21日 22:10Packet Storm
Red Hat Security Advisory 2022-6536-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.11.5.
Red Hat Security Advisory 2022-6536-01-Red Hat OpenShift Container Platform 是 Red Hat 的云计算 Kubernetes 应用平台解决方案,专为内部或私有云部署而设计。本建议包含 Red Hat OpenShift Container Platform 4.11.5的 RPM 包。
2022年9月21日 22:10Packet Storm
WiFiMouse version 1.8.3.4 suffers from a remote code execution vulnerability.
WiFiMouse 版本1.8.3.4存在远程代码执行漏洞。
2022年9月21日 22:10Packet Storm
Red Hat Security Advisory 2022-6634-01 - WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Issues addressed include a code execution vulnerability.
Red Hat Security Advisory 2022-6634-01-WebKitGTK 是便携式 web 渲染引擎 WebKit 到 GTK 平台的端口。所解决的问题包括代码执行漏洞。
2022年9月21日 22:10Packet Storm
Red Hat Security Advisory 2022-6610-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include buffer overflow and heap overflow vulnerabilities.
Red Hat Security Advisory 2022-6610-01-内核包含 Linux 内核,这是任何 Linux 操作系统的核心。解决的问题包括缓冲区溢出和堆溢出漏洞。
2022年9月21日 22:10Packet Storm
Red Hat Security Advisory 2022-6608-01 - dbus-broker is an implementation of a message bus as defined by the D-Bus specification. Its aim is to provide high performance and reliability, while keeping compatibility to the D-Bus reference implementation. It is exclusively written for Linux systems, and makes use of many modern features provided by recent Linux kernel releases. Issues addressed include buffer over-read and null pointer vulnerabilities.
Red Hat Security Advisory 2022-6608-01-dbus-Broker 是由 D-Bus 规范定义的消息总线的实现。其目标是提供高性能和可靠性,同时保持与 D-Bus 参考实现的兼容性。它是专门为 Linux 系统编写的,并利用了最近 Linux 内核版本提供的许多现代特性。解决的问题包括缓冲区过读和空指针漏洞。
2022年9月21日 22:10Packet Storm
Red Hat Security Advisory 2022-6595-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include HTTP request smuggling and denial of service vulnerabilities.
Red Hat Security Advisory 2022-6595-01-Node.js 是一个软件开发平台,用于以 JavaScript 编程语言构建快速且可伸缩的网络应用程序。解决的问题包括 HTTP 请求走私和分布式拒绝服务攻击漏洞。
2022年9月21日 22:10Packet Storm
Ubuntu Security Notice 5618-1 - It was discovered the Ghostscript incorrectly handled memory when processing certain inputs. By tricking a user into opening a specially crafted PDF file, an attacker could cause the program to crash.
Ubuntu 安全通知5618-1-发现 Ghostscript 在处理某些输入时不正确地处理了内存。通过欺骗用户打开一个特制的 PDF 文件,攻击者可能会导致程序崩溃。
2022年9月21日 22:10Packet Storm
Google's American Fuzzy Lop is a brute-force fuzzer coupled with an exceedingly simple but rock-solid instrumentation-guided genetic algorithm. afl++ is a superior fork to Google's afl. It has more speed, more and better mutations, more and better instrumentation, custom module support, etc.
谷歌的美国模糊线圈是一个野蛮的力量模糊加上一个极其简单,但坚固的仪器指导遗传算法。Afl + + 是比谷歌 afl 更好的分支。它具有更快的速度,更多更好的变化,更多更好的仪器,自定义模块支持等。
2022年9月21日 22:10Packet Storm
This Metasploit module utilizes the Unified Remote remote control protocol to type out and deploy a payload. The remote control protocol can be configured to have no passwords, a group password, or individual user accounts. If the web page is accessible, the access control is set to no password for exploitation, then reverted. If the web page is not accessible, exploitation will be tried blindly. This module has been successfully tested against version 3.11.0.2483 (50) on Windows 10.
这个 Metasploit 模块使用统一远程控制协议来输出和部署有效负载。可以将远程控制协议配置为没有密码、组密码或单个用户帐户。如果网页是可访问的,则访问控制设置为无密码可用,然后恢复。如果网页无法访问,就会盲目地进行开发。该模块已经在 Windows 10上成功地针对3.11.0.2483(50)版本进行了测试。
2022年9月21日 22:10Packet Storm
Red Hat Security Advisory 2022-6585-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include a double free vulnerability.
红帽安全咨询2022-6585-01-Ruby 是一个可扩展的、可解释的、面向对象的脚本语言。它具有处理文本文件和执行系统管理任务的特性。所解决的问题包括双自由漏洞。
2022年9月21日 22:10Packet Storm
Red Hat Security Advisory 2022-6582-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include buffer overflow and heap overflow vulnerabilities.
Red Hat Security Advisory 2022-6582-01-Kernel-rt 包提供实时 Linux 内核,可以对具有极高确定性要求的系统进行微调。解决的问题包括缓冲区溢出和堆溢出漏洞。
2022年9月21日 22:10Packet Storm
Red Hat Security Advisory 2022-6590-01 - MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon and many client programs and libraries.
Red Hat Security Advisory 2022-6590-01-MySQL 是一个多用户、多线程的 SQL 数据库服务器。它由 MySQL 服务器守护进程和许多客户机程序和库组成。
2022年9月21日 22:10Packet Storm
Red Hat Security Advisory 2022-6592-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include a heap overflow vulnerability.
Red Hat Security Advisory 2022-6592-01-这是一个内核实时补丁模块,由 RPM 安装后脚本自动加载,以修改正在运行的内核的代码。所解决的问题包括堆溢出漏洞。
2022年9月21日 22:10Packet Storm
Red Hat Security Advisory 2022-6580-01 - The Booth cluster ticket manager is a component to bridge high availability clusters spanning multiple sites, in particular, to provide decision inputs to local Pacemaker cluster resource managers. It operates as a distributed consensus-based service, presumably on a separate physical network. Tickets facilitated by a Booth formation are the units of authorization that can be bound to certain resources. This will ensure that the resources are run at only one site at a time.
Red Hat Security Advisory 2022-6580-01-红帽安全咨询2022-6580-01-Booth 集群票务管理器是跨越多个站点的高可用性集群的桥梁组件,特别是为本地 Pacemaker 集群资源管理器提供决策输入。它作为一个基于共识的分布式服务运行,可能在一个单独的物理网络上。由展位组成的门票是可以绑定到某些资源的授权单位。这将确保每次只在一个站点上运行资源。
2022年9月21日 22:10Packet Storm
Ubuntu Security Notice 5621-1 - It was discovered that the framebuffer driver on the Linux kernel did not verify size limits when changing font or screen size, leading to an out-of- bounds write. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Domingo Dirutigliano and Nicola Guerrera discovered that the netfilter subsystem in the Linux kernel did not properly handle rules that truncated packets below the packet header size. When such rules are in place, a remote attacker could possibly use this to cause a denial of service.
Ubuntu 安全公告5621-1-发现 Linux 内核上的 framebuffer 驱动程序在改变字体或屏幕大小时没有验证大小限制,导致了一个出界写入。一个本地攻击者可以利用这个分布式拒绝服务攻击导致一个错误或者可能执行任意的代码。Domingo Dirutigliano 和 Nicola Guerrera 发现 Linux 内核中的 netfilter 子系统不能正确处理将包截断到低于包头大小的规则。当这些规则到位时,远程攻击者可能会利用这些规则引起分布式拒绝服务攻击。
2022年9月21日 22:10Packet Storm
Ubuntu Security Notice 5622-1 - It was discovered that the framebuffer driver on the Linux kernel did not verify size limits when changing font or screen size, leading to an out-of- bounds write. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Moshe Kol, Amit Klein and Yossi Gilad discovered that the IP implementation in the Linux kernel did not provide sufficient randomization when calculating port offsets. An attacker could possibly use this to expose sensitive information.
Ubuntu 安全公告5622-1-发现 Linux 内核上的 framebuffer 驱动程序在改变字体或屏幕大小时没有检查大小限制,导致了一个出界写入。一个本地攻击者可以利用这个分布式拒绝服务攻击导致一个错误或者可能执行任意的代码。Moshe Kol,Amit Klein 和 Yossi Gilad 发现 Linux 内核中的 IP 实现在计算端口偏移量时没有提供足够的随机性。攻击者可能会使用这个来暴露敏感信息。
2022年9月21日 22:10Packet Storm
Ubuntu Security Notice 5624-1 - It was discovered that the framebuffer driver on the Linux kernel did not verify size limits when changing font or screen size, leading to an out-of- bounds write. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Duoming Zhou discovered that race conditions existed in the timer handling implementation of the Linux kernel's Rose X.25 protocol layer, resulting in use-after-free vulnerabilities. A local attacker could use this to cause a denial of service.
Ubuntu 安全公告5624-1-发现 Linux 内核上的 framebuffer 驱动程序在改变字体或屏幕大小时没有验证大小限制,导致了一个出界写入。一个本地攻击者可以利用这个分布式拒绝服务攻击导致一个错误或者可能执行任意的代码。周发现,在 Linux 内核 Rose X.25协议层的定时器处理实现中存在竞态条件,导致免费使用后出现漏洞。当地的攻击者可以利用这一点引起分布式拒绝服务攻击。
2022年9月21日 22:10Packet Storm
Ubuntu Security Notice 5623-1 - Asaf Modelevsky discovered that the Intel 10GbE PCI Express Ethernet driver for the Linux kernel performed insufficient control flow management. A local attacker could possibly use this to cause a denial of service. It was discovered that the framebuffer driver on the Linux kernel did not verify size limits when changing font or screen size, leading to an out-of- bounds write. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
Ubuntu 安全公告5623-1-Asaf Modelevsky 发现用于 Linux 内核的 Intel 10GbE PCI Express 以太网驱动程序执行的控制流管理不足。当地的攻击者可能会利用这个引起分布式拒绝服务攻击。发现 Linux 内核上的 framebuffer 驱动程序在更改字体或屏幕大小时没有验证大小限制,导致写入超出界限。一个本地攻击者可以利用这个分布式拒绝服务攻击导致一个错误或者可能执行任意的代码。
2022年9月21日 22:10Packet Storm
Ubuntu Security Notice 5626-1 - Yehuda Afek, Anat Bremler-Barr, and Shani Stajnrod discovered that Bind incorrectly handled large delegations. A remote attacker could possibly use this issue to reduce performance, leading to a denial of service. It was discovered that Bind incorrectly handled statistics requests. A remote attacker could possibly use this issue to obtain sensitive memory contents, or cause a denial of service. This issue only affected Ubuntu 22.04 LTS.
Ubuntu 安全通知5626-1-Yehuda Afek,Anat Bremler-Barr 和 Shani Stajnrod 发现 Bind 错误地处理了大型代表团。远程攻击者可能会利用这个问题来降低性能,从而导致分布式拒绝服务攻击。发现 Bind 错误地处理了统计请求。远程攻击者可能会利用这个问题来获取敏感的内存内容,或者引起分布式拒绝服务攻击。这个问题只影响了 Ubuntu 22.04 LTS。
2022年9月21日 22:10Packet Storm
Ubuntu Security Notice 5625-1 - It was discovered that Mako incorrectly handled certain regular expressions. An attacker could possibly use this issue to cause a denial of service.
Ubuntu 安全通知5625-1-发现 Mako 错误地处理了某些正则表达式。攻击者可能会利用这个问题引发分布式拒绝服务攻击。
2022年9月21日 21:40Packet Storm
2022年9月21日 21:40Packet Storm
2022年9月21日 21:40Packet Storm
2022年9月21日 21:40Packet Storm
2022年9月21日 21:37Software Integrity Blog
Understanding the latest BSIMM report trends can help you plan strategic improvements to your own security efforts.
The post BSIMM13: Trends and recommendations to help improve your software security program appeared first on Application Security Blog.
了解最新的 BSIMM 报告趋势可以帮助您规划自己的安全工作的战略改进。
BSIMM13: 有助于改进软件安全程序的趋势和建议首先出现在应用程序安全博客上。
2022年9月21日 21:31Microsoft Security Response Ce
Summary Today, Microsoft released new versions of the Azure Key Vault libraries and Azure Identity libraries as part of the Azure Software Development Kit (SDK) that includes defense-in-depth feature improvements. We also published best practice guidance to help protect applications and services that allow externally controlled input into the Azure Key Vault client URI for …
Defense-in-Depth Updates for Azure Identity libraries and Azure Key Vault libraries within Azure SDK plus Best Practice Implementation Guidance Read More »
今天,微软发布了 Azure 密钥库和 Azure 身份库的新版本,作为 Azure 软件开发工具包(SDK)的一部分,其中包括深度防御功能的改进。我们还发布了最佳实践指南,以帮助保护允许外部控制的输入到 Azure Key Vault 客户端 URI 的应用程序和服务。
Azure 身份库和 Azure 密钥库在 Azure SDK 中的深度防御更新加上最佳实践实施指南阅读更多
2022年9月21日 20:40Github_POC
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.
[GitHub]A Proof-Of-Concept for the CVE-2021-44228 vulnerability.
Apache Log4j22.0-beta9到2.15.0(不包括安全版本2.12.2、2.12.3和2.3.1)在配置、日志消息和参数中使用的 JNDI 特性不能防止攻击者控制的 LDAP 和其他 JNDI 相关端点。当启用消息查找替换时,可以控制日志消息或日志消息参数的攻击者可以执行从 LDAP 服务器加载的任意代码。在 log4j 2.15.0中,默认情况下禁用了此行为。从版本2.16.0(以及2.12.2、2.12.3和2.3.1)开始,这个功能已经被完全删除了。请注意,此漏洞
2022年9月21日 20:40Github_POC
Multiple API endpoints in Atlassian Bitbucket Server and Data Center 7.0.0 before version 7.6.17, from version 7.7.0 before version 7.17.10, from version 7.18.0 before version 7.21.4, from version 8.0.0 before version 8.0.3, from version 8.1.0 before version 8.1.3, and from version 8.2.0 before version 8.2.2, and from version 8.3.0 before 8.3.1 allows remote attackers with read permissions to a public or private Bitbucket repository to execute arbitrary code by sending a malicious HTTP request. This vulnerability was reported via our Bug Bounty Program by TheGrandPew.
[GitHub]Bitbucket CVE-2022-36804 unauthenticated remote command execution
Bitbucket 7.6.17之前的版本7.7.0,版本7.17.10之前的版本7.7.0,版本7.21.4之前的版本7.18.0,版本8.0.3之前的版本8.0.0,版本8.1.3之前的版本8.1.0,版本8.2.2之前的版本8.2.0,以及版本8.3.1之前的版本8.3.0中的多个 API 端点允许对公共或私有 Bitbucket 存储库具有读权限的远程攻击者通过发送恶意 HTTP 请求来执行任意代码。这个漏洞是通过我们的错误赏金计划报道的。
[ GitHub ] Bitbucket CVE-2022-36804未经身份验证的远程命令执行
2022年9月21日 20:10checkpoint research
Author: Jiri Vinopal Introduction For a reverse engineer, the ability to directly call a function from the analyzed binary can be a shortcut that bypasses a lot of grief. While in some cases it is just possible to understand the function logic and reimplement it in a higher-level language, this is not always feasible, and... Click to Read More
The post Native function and Assembly Code Invocation appeared first on Check Point Research.
作者: Jiri Vinopal 简介对于一个反向工程师来说,从被分析的二进制文件中直接调用一个函数的能力是一个绕过许多麻烦的捷径。虽然在某些情况下,理解函数逻辑并在更高级的语言中重新实现它是可能的,但这并不总是可行的,并且... ... 单击以阅读更多内容
后本机函数和汇编代码调用首先出现在 CheckPointResearch 上。
2022年9月21日 19:36Stories by SAFARAS K A on Medi
Erlik 2 — Vulnerable-Flask-App
Tested — Kali 2022.1
GitHub - anil-yelken/Vulnerable-Flask-App: Erlik 2 - Vulnerable-Flask-App
Description
It is a vulnerable Flask Web App. It is a lab environment created for people who want to improve themselves in the field of web penetration testing.
Features
It contains the following vulnerabilities.
-HTML Injection
-XSS
-SSTI
-SQL Injection
-Information Disclosure
-Command Injection
-Brute Force
-Deserialization
-Broken Authentication
-DOS
-File Upload
Installation
git clone https://github.com/anil-yelken/Vulnerable-Flask-App
cd Vulnerable-Flask-App
sudo pip3 install -r requirements.txt
Usage
python3 vulnerable-flask-app.py
Contact
https://twitter.com/anilyelken06
Anil Yelken - Medium
From Infosec Writeups: A lot is coming up in the Infosec every day that it’s hard to keep up with. Join our weekly newsletter to get all the latest Infosec trends in the form of 5 articles, 4 Threads, 3 videos, 2 Github Repos and tools, and 1 job alert for FREE!
Vulnerable Flask App was orig