12286
This channel posts IT security related topics and especially alerts. Submissions over at @itsectalk welcome!
⚠ new RouterOS vulnerability affecting all RouterOS versions since v6.29.
the vulnerability allowed a special tool to connect to the [MikroTik] Winbox port, and request the system user database file.
This zero-day (which doesn't have a CVE identifier yet) should not be confused with a recent vulnerability discovered by CORE Security researchers (which affects the router's SMB service), and is not the same vulnerability recently exploited by the Hajime botnet.
More Information: https://yt.gl/xmow8
(severity: 🔶 high)
#alert #vulnerability #severityhigh #winbox #MikroTik #RouterOS
Feel free to discuss this issue in @itsectalk
Follow us on LinkedIn and share directly with your network!
https://www.linkedin.com/company/18509395/
⚠️ GitLab Critical Security Release: 10.5.6, 10.4.6, and 10.3.9
Gitlab just released an update fix a Server Side Request Forgery (SSRF) vulnerability and the auth0 integration.
Please asap your GitLab Instances.
Affects GitLab CE/EE 8.3 and up
More Information: https://yt.gl/it18
(severity: 🔶 High)
#alert #vulnerability #severityhigh #gitLab #CVE-2018-8801
Feel free to discuss this in @itsectalk
Thanks for the submission @rherzog at https://infected.io/alert-submission 👍🏻 keep reporting and help sysadmins around the globe 🌏
⚠️ PostgreSQL - escalation of privileges
effected Versions: PostgreSQL < 9.3.22, PostgreSQL < 9.4.17, PostgreSQL < 9.5.12, PostgreSQL < 9.6.8, PostgreSQL < 10.3
The problem described in CVE-2018-1058 centers around the default "public" schema and how PostgreSQL uses the search_path setting. The attacker could insert a trojan-horse function that, when executed by a superuser, grants escalated privileges.
Based on your setup, your installation is probably affected, but it may not be in imminent danger.
There are patches for several Distributions available. Today openSuse got an update.
Further information, samples and more: https://yt.gl/gqh7l
(severity: 🔹medium)
#alert #vulnerability #severityhigh #PostgreSQL #CVE-2018-1058
Feel free to discuss this in @itsectalk and let your local PostgreSQL admin know! ✉️📢
⚠️ F5 Networks BIG-IP Firewalls - Several vulnerabilities (Apache Portable + Linux kernel)
- Linux Kernal bug need local access and a valid user.
- Apache Bug should also work remotely
Currently no fix available
Further information and links to F5: https://yt.gl/ryb06 (by CERT Germany, only available in German)
(severity: 🔸high)
#alert #vulnerability #severityhigh #f5networks #bigip #CVE-2017-1000111 #CVE-2017-1000112 #CVE-2017-12613
Feel free to discuss this in @itsectalk and let your local firewall admin know! ✉️📢
⚠️ Samba - Unprivileged user can change any user and admin password.
All versions of Samba from 4.0.0 onwards are affacted, but it works only in Samba Active Directory DC setups.
Check the Samba-wiki for some possible workarounds.
Further information: https://yt.gl/sd1p7
(severity: 🔸high)
#alert #vulnerability #severityhigh #samba #CVE-2018-1057
Feel free to discuss this in @itsectalk and let your local samba 🥁 admin know!
✒️ Additional info to SSO alert (previous):
Since the previous SSO alert was somewhat abstract, here is an excellent breakdown.
Warning, this is terrifyingly embarrassing: https://yt.gl/j7cin
Usually we don't release updates, but as this is critical we decided to update you on this topic.
#update #2FA #SSO #SAML #login
Please forward this to your sysadmin friends and feel free to join the discussion at @itsectalk ✌🏼 (update provided by @CyborgRel)
⚠️ Microsoft Windows 10: Only with Local access: Full access to a file.
Vulnerability allows an attacker to trick Windows 10 into giving full access to a file by manipulating how that file is handled by the OS.
Fix will maybe published on Patch Tuesday in march.
(severity: 🔸high)
Further information: https://yt.gl/adcrk
#alert #vulnerability #severityhigh #microsoft #windows #SvcMoveFileInheritSecurity
PS. Forward this to your fellow windows sysadmin friends ✌️
Want to discuss this issue? Check out our group @itsectalk - thanks to @CyborgRel & @JonasMuc for the report 👍🏼
⚠️ Wordpress 4.9.4. READ EVEN IF YOU AUTO-UPDATE!
WP 4.9.3 contains a severe bug which caused the auto-updater to break for most people. Dashboard → Updates and click “Update Now.”
(No severity rating from our side.)
More Info: https://yt.gl/tl5nq
#alert #update #wordpress #wp
Update & let your ✉️ team & friends 📢 know about this issue. Want to discuss this issue? Check out our group @itsectalk - thanks to @JonasMuc for the report 👍🏼
⚠ Desktop Virtualization platform VirtualBox from Oracle just patched ten vulnerabilities which allow attackers to break
out of guest operating systems and attack the host operating system
The vulnerabilities are collectively published as CVE-2018-2676,
CVE-2018-2685, CVE-2018-2686, CVE-2018-2687, CVE-2018-2688,
CVE-2018-2689, CVE-2018-2690, CVE-2018-2693, CVE-2018-2694, and
CVE-2018-2698. While they all share the same resultant effect, the
method involved—and subsequently the ease with which attackers can
leverage the vulnerability—varies.
If you use Virtualbox, please look into patching it.
(Severity: 🔸 high)
More Info: https://goo.gl/ytfqmF
#alert #severityhigh #virtualbox
This alert is brought to you by @rtyu1120 from @itsectalk 👍🏼
(and we're hoping you don't use VirtualBox in a production environment) 🙌🏼
⚠️ vSphere Data Protection (VDP) has multiple security vulns patched, including an authentication bypass!
* VDP arbitrary file upload vulnerability
* VDP authentication bypass vulnerability
* VDP path traversal vulnerability
If you use VDP, please look into patching it.
(Severity: 🔸 high)
More Info: http://yt.gl/vmware18
#alert #severityhigh #vdp #vmware #vsphere
This alert is brought to you by Cyborg REL from @itsectalk 😁 Feel free to forward this message to your vmware admins 👌🏼
⚠️ WD "My Cloud *" contains a hardcoded backdoor. It lets anyone log in as user mydlinkBRionyg with the password abc12345cba. It is fixed in firmware 2.30.174.
More info: http://yt.gl/wdmcbd
#alert #backdoor #wd #westerndigital #mycloud
Feel free to discuss this in @itsectalk and forward the message to your friends/family using WD my cloud.
⚠️🚨 Intel CPU design flaw! Will be fixed by Linux , macOS, Windows kernel redesigns. There will be a performance hit which will vary. Affected models are all "modern intel processors produced in the past decade". Please note that there are not many details out yet. More Info: http://yt.gl/intelexp
We advice to read vendor patch notices and prepare scheduled restarts of your systems.
#alert #vulnerability #intel #hardware #windows #macos #linux
🏅 Thanks to the security guys at https://dnstrails.com and the anonymous reporter.
📢 Forward this message to your Sysadmins
🎤 Join our chat at @itsectalk
Do you use macOS or do you know someone who alerts about macOS are useful to?
Читать полностью…
❗️Uber suffered a massive hack in 2016 and disclosed it just now. I highly recommend you to read the announcement yourself: http://yt.gl/qcje2
#disclosure #dataleak #uber #databreach #hacked
Please note: if you are using automated alerts, please ensure you monitor for the alert hashtag. Any item not tagged with alert should not trigger any alert on your side. More information: https://infected.io/it-security-alerts-telegram-channel
Discuss here: @itsectalk ✌🏼️
⚠️‼️ WPA2 (which most personal and cooperate wi-fi use) has several protocol-level flaws. Be adviced that no details are known yet, security researchers will release them later today. (No severity rating from our side until we have more information)
More info: http://yt.gl/krackattack (this will be released later today)
http://yt.gl/krcm7 (Arstechnica with all current info)
#alert #prenotification #exploit #zeroday #wifi #wireless #wpa2
Please feel free to discuss this in our @itsectalk group & forward 📬 to your net- and sysadmins!
⚠️ Windows 10/8/7 + Server 2008/2012/2016 - Microsoft Malware Protection Engine, Microsoft Windows Defender
REMOTE CODE EXECUTION vulnerability.
To exploit this vulnerability, a specially crafted file must be scanned by an affected version of the Microsoft Malware Protection Engine. As these scanners are usually configured to scan all files written, incoming mail attachments can trigger the RCE without user interaction necessary.
Microsoft released an update which should be deployed by you immediately.
Affects Versions below 1.1.14700.5 on all Windows Systems (begins with Windows 7 and Windows Server 2008).
More Information: https://yt.gl/dsk2q
(severity: 🔶 high)
#alert #vulnerability #severityhigh #windows #CVE-2018-0986
Feel free to discuss this issue in @itsectalk and do your colleagues a favor and forward them this critical vulnerability.
Follow us & share on LinkedIn: https://www.linkedin.com/feed/update/urn:li:activity:6387603734268121088
⚠️ Drupal
Drupal 7 and 8 core highly critical release on March 28th, 2018 PSA-2018-001
There will be a security release of Drupal 7.x, 8.3.x, 8.4.x, and 8.5.x on March 28th 2018 between 18:00 - 19:30 UTC, one week from the publication of this document, that will fix a highly critical security vulnerability. The Drupal Security Team urges you to reserve time for core updates at that time because exploits might be developed within hours or days. Security release announcements will appear on the Drupal.org security advisory page.
It looks very possible the the vuln is the same one as this:
https://yt.gl/w9s17
and already patched here (whoops?) https://yt.gl/jt5eq
(severity: 🔶 High)
Credit: Philip Baker - Thanks! ❤️
#alert #vulnerability #severityhigh #Drupal
Feel free to discuss this in @itsectalk and let your local Drupal admin know! ✉️📢
Let us know if you're using F5 firewalls or this alert is relevant for you. We are trying to only send alerts that are useful for a broad audience. Thanks!
Читать полностью…
Are alerts about samba useful to you? Please vote - it helps us figuring out what alerts to send.
Читать полностью…
⚠️ EXIM buffer overflow can be leveraged to gain Pre-auth Remote Code Execution
Affected: All Exim versions below 4.90.1
Patched version 4.90.1 is already released and we suggest to upgrade exim immediately.
(severity: 🔸high)
Further Info:
CVE: https://yt.gl/6tqgl
Blog: https://yt.gl/m19z8
#alert #vulnerability #severityhigh #mail #email #exim #sysadmin
Feel free to forward to your sysadimns, mail providers etc. 📢 Join us @itsectalk as well to discuss this vulnerability.
⚠️ single sign-on (SSO) issues across multiple providers and libraries due to incorrect handling in the Security Assertion Markup Language (SAML) backend
This vulnerability can allow an attacker with authenticated access to trick SAML systems into authenticating as a different user without knowledge of the victim user’s password.
A number of patches are already out - Affected SAML service providers should update ASAP. Please see the linked sites for more information.
If you are just a user of an SSO based service (Example SSO enabled sites: Google,Github, Microsoft, Box, Cisco, Duo, etc..) turning on 2FA might be a very good idea (though it might not help depending on the implementation) - It is possible that most of those above providers are unaffected, this news is still developing. See the CVE link.
(severity: 🔸high)
More Info:
CVE: https://goo.gl/v3bRJo
Blog: https://goo.gl/FEoEzZ
#alert #vulnerability #severityhigh #2FA #SSO #SAML #login
This alert is brought to you by @jooiiee from @itsectalk 👍🏼
🎉🥇 We recently hit 4000 followers 🥇 I wanted to take this opportiunity to thank you for following along here. I created this channel because I was facing the issue that people around the world had: How do I keep up to date with all the vulnerabilities recently popping up? 🙇🏼 There are many ressources on the web - but the main problem is, that they are all passive and scraping them automatically to create alerts is a well... painful job🙅🏼♂️. @itsecalerts eleminates all these problems - it's easy to script telegram to listen for #hashtags and create alert applications AND in addition you get push notifications to your mobile.👻 I want to thank the team who helps moderating @itsectalk (the chat group where over 1000 professionals discuss security related topics): @CyborgRel @Zenex @JonasMuc
💰Last but not least, I would appreciate donations via
BTC: 1LytwBNqkbFxx7KkWchZD93HhsiT3SvJJi
Bitcoin Cash: qr5c3x8rhhk7qmd4dk6u2djz64f06nmt9s3yznlkn8
Ether: 0x3607bF4764e1029A9e0cb5fe6E5Dc84Ea046418E
LTC: LSoXcu8Pwr3sHQdg35kV29JhWDAPpPJkTT
I would ask for 10 USD if this channel is of use for you. Of course, this is no obligation and the channel will always stay free!
Thanks!
#infectedio #announcement
⚠️ Cisco ASA and Firepower with FTD 6.2.2: Vulnerable SSL VPN functionality (Remote Code Execution and Denial of Service)
An attacker could exploit this vulnerability by sending multiple, crafted XML packets to a webvpn-configured interface on the affected system.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
If you use FTD 6.2.2 please look into patching it.
(Severity: 🔸high)
More Info: https://yt.gl/ds8n5
#alert #vulnerability #severityhigh #cisco #asa #vpn #firepower #CSCvg35618
Forward to your network admin friends and colleagues 😬 This alert is brought to you by @GranPC from @itsectalk 👍🏼
⚠️ Signal, Skype, Slack, Rot, Keeper and all other Electron apps contain a remote code execution vulnerability. Electron released a fix.
* Affected Desktop apps: Signal, Skype, Slack, Rot, Keeper (and many others - see https://yt.gl/electronapps)
* Electron Apps with default prtocol handler (like myapp:// ) are vulnerable
* The devlopers should generate an update asap
Advice: Do not click on any untrusted links. Do not allow webpages to open electron desktop apps.
If you develop (!) Electron Apps, please update to the newest versions: 1.8.2-beta.4, 1.7.11 and 1.6.16 and send an update to your customers.
Skype (newest version) and slack (3.0.3) are already fixed.
"Full" list of all Electron Apps: https://yt.gl/electronapps
macOS and Linux are not vulnerable to this issue.
CVE-2018-1000006
(Severity: 🔸 high ) More Info: https://yt.gl/p0xta
#alert #severityhigh #electron #windows
Thanks to @JonasMuc and @CyborgRel from the @itsectalk admin team for reporting and gathering information on this vulernability. Please forward the info to the team responsible for updating desktop apps!
⚠ Critical CSRF Security Vulnerability in phpMyAdmin Database Tool Patched:
"By deceiving a user to click on a crafted URL," the advisory states,
"it is possible to perform harmful database operations such as deleting
records, dropping/truncating tables, etc."
The attack reportedly works even if the user was authenticated in cPanel and phpMyAdmin was closed after use
(Severity: 🔹medium ) More Info: http://yt.gl/3u94c
#alert #severitymedium #PHP #MYSQL
⚠️🔄 Meltdown and Spectre affect Intel, AMD and ARM processors. Every processor since 1995 (except Intel Itanium and Intel Atom before 2013) is affected. Especially dangerous on hypervisors.
— Further Information —
Researcher Info: http://yt.gl/meltdown
Intel: http://yt.gl/ih062 | AMD: (no statement)
Microsoft: http://yt.gl/9c1qm | Red Hat: http://yt.gl/7ektf | SUSE: http://yt.gl/6u80m | Ubuntu: http://yt.gl/iy49w
#alert #updated #vulnerability #intel #amd #arm #hardware #windows #macos #linux
📢 Forward this message to your friends & colleagues
🎤 Join our chat at @itsectalk to discuss this issue
⚠️ TLS - It may be possible to obtain the secret key to a TLS connection via ROBOT attack. Affected users and system administrators are encouraged to disable TLS RSA cyphers if possible. (severity: 🔹medium) Further Info: http://www.kb.cert.org/vuls/id/144389
#vulnerability #severitymedium #linux
#SSL #TLS
⚠ macOS High Sierra allows root login without password! Sounds like a bad joke - unfortunately it's true. Workaround provided - Apple is working on resolving the problem. (Severity: 🔸high) More Info: http://yt.gl/macosroot
#alert #severityhigh #macos #macoshighsierra #vulnerability
This was reported by Chris from http://dnstrails.com/ - If you want to discuss this issue, join us on @itsectalk - Feel free to forward to your macOS friends ;)
⚠️ Update WPA2: The details have been released and can be found at http://yt.gl/krackattack - basically every setup is vulnerable by now. Vendors will be able to patch the flaw and it will be backwards-compatible. Priority should be updating clients! Vendors were notified 14 July and some have patches available. Please ensure to read the disclosure above.
#alert #severityhigh #wpa2 #wifi
Linux (CentOS6/7, Red Hat 6/7 - many builds affected) PIE Stack corruption leads to Local Privilege Escalation. (No severity rating from our side) Further information: https://www.qualys.com/2017/09/26/cve-2017-1000253/cve-2017-1000253.txt
#alert #exploit #linux #centos #redhat
Thanks for the anonymous submission to https://infected.io/alert-submission 👍🏻 keep reporting and help sysadmins around the globe 🌏