itsecalert | Технологии

Telegram-канал itsecalert - IT Security Alerts

12305

This channel posts IT security related topics and especially alerts. Submissions over at @itsectalk welcome!

Подписаться на канал

IT Security Alerts

For those asking: Yes, this Channel is indeed still active. But please note that we will most likely only notify on REALLY important vulnerabilities. Feel free to join our group over at @itsectalk as well.

Читать полностью…

IT Security Alerts

⚠️ vSphere Data Protection (VDP) has multiple security vulns patched, including an authentication bypass!

* VDP arbitrary file upload vulnerability
* VDP authentication bypass vulnerability
* VDP path traversal vulnerability

If you use VDP, please look into patching it.
(Severity: 🔸 high)
More Info: http://yt.gl/vmware18
#alert #severityhigh #vdp #vmware #vsphere


This alert is brought to you by Cyborg REL from @itsectalk 😁 Feel free to forward this message to your vmware admins 👌🏼

Читать полностью…

IT Security Alerts

⚠️ WD "My Cloud *" contains a hardcoded backdoor. It lets anyone log in as user mydlinkBRionyg with the password abc12345cba. It is fixed in firmware 2.30.174.
More info: http://yt.gl/wdmcbd

#alert #backdoor #wd #westerndigital #mycloud

Feel free to discuss this in @itsectalk and forward the message to your friends/family using WD my cloud.

Читать полностью…

IT Security Alerts

⚠️🚨 Intel CPU design flaw! Will be fixed by Linux , macOS, Windows kernel redesigns. There will be a performance hit which will vary. Affected models are all "modern intel processors produced in the past decade". Please note that there are not many details out yet. More Info: http://yt.gl/intelexp

We advice to read vendor patch notices and prepare scheduled restarts of your systems.

#alert #vulnerability #intel #hardware #windows #macos #linux

🏅 Thanks to the security guys at https://dnstrails.com and the anonymous reporter.
📢 Forward this message to your Sysadmins
🎤 Join our chat at @itsectalk

Читать полностью…

IT Security Alerts

Do you use macOS or do you know someone who alerts about macOS are useful to?

Читать полностью…

IT Security Alerts

❗️Uber suffered a massive hack in 2016 and disclosed it just now. I highly recommend you to read the announcement yourself: http://yt.gl/qcje2
#disclosure #dataleak #uber #databreach #hacked

Please note: if you are using automated alerts, please ensure you monitor for the alert hashtag. Any item not tagged with alert should not trigger any alert on your side. More information: https://infected.io/it-security-alerts-telegram-channel

Discuss here: @itsectalk ✌🏼️

Читать полностью…

IT Security Alerts

⚠️‼️ WPA2 (which most personal and cooperate wi-fi use) has several protocol-level flaws. Be adviced that no details are known yet, security researchers will release them later today. (No severity rating from our side until we have more information)
More info: http://yt.gl/krackattack (this will be released later today)
http://yt.gl/krcm7 (Arstechnica with all current info)
#alert #prenotification #exploit #zeroday #wifi #wireless #wpa2

Please feel free to discuss this in our @itsectalk group & forward 📬 to your net- and sysadmins!

Читать полностью…

IT Security Alerts

⚠️ 2.2 Million infected CCleaner installations! Check if your clients have CCleaner installed . (Severity: 🔸 high) Further Information:
on Forbes http://yt.gl/s2x0c and on talos http://yt.gl/0h0hc
#severityhigh #malware #alert #ccleaner

Thanks to the submission by WALK3R to https://infected.io/alert-submission 🙌🏼
Feel free to forward this to your internal IT admins... 😇

Читать полностью…

IT Security Alerts

⚠️ Apache Struts remote code execution vulnerability! CVSSv3 Base Score 8.1 -(Severity: 🔸 high) Further Information: http://yt.gl/8rnd1
#severityhigh #vulnerability #alert #apache #struts

Thanks to the anonymous report via https://infected.io/alert-submission

Читать полностью…

IT Security Alerts

⚠️ Intel AMT Privilege Escalation vulnerability. It's affecting almost all FW versions. Rating is "Critical" with a CVSS of 9.8 for one vulnerability. (Severity: 🔶high) Further Info: http://yt.gl/ybyg1
#severityhigh #vulnerability #alert #intel #amt

Forward this to your internal IT. Often Intel AMT is featured by most computers - even though you might have never heard of it.

Читать полностью…

IT Security Alerts

⚠️ Confluence Wiki has a cirtical vulnerability allowing unauthorized users to access your pages. Affected: Versions above 6.0.0 - fixed in 6.0.7 and 6.1.0 (Severity: 🔸 high) Further Information: http://yt.gl/4rvuv
#alert #severityhigh #vulnerability #atlassian #confluence #wiki

📬 Forward this to your sysadmin friends and help them protect their data! Join our discussion group at /channel/itsectalk @itsectalk ✉️

Читать полностью…

IT Security Alerts

⚠️ Imagemagick DoS/Possible RCE vulnerabilities. Updates released on debian/suse. (Severity: 🔸high) Further Information: https://lists.debian.org/debian-security-announce/2017/msg00052.html
#alert #vulnerability #severityhigh #imagemagick #imageprocessing

Join our discussion group at /channel/itsectalk @itsectalk and feel free to forward this message to your fellow sysadmins! ✉️ Thanks to Univaniwo for reporting this.

Читать полностью…

IT Security Alerts

⚠️ Important Oracle Java updates fixing CVSS 9.6+ vulnerabilities out! Update your clients ASAP! (Severity: 🔸high) Further Information: http://yt.gl/javasejan
#alert #severityhigh #vulnerability #java #oracle

Don't forget to join our new telegram group at /channel/itsectalk @itsectalk if you want to discuss this vulnerability.

Читать полностью…

IT Security Alerts

🔕 Hi everyone! First of all I want to thank you for casting your vote - you are a really helpful audience 🙌🏼 Second: we are about to say goodbye to 2016. IT Security has been important as never before and it's a sector which will keep growing for quite some time. Our job? Attackers are advancing and so are we. Real time alerts about vulnerabilities have never been so important as now.

We hope that our contributions helped keeping your systems and company secure. We also want to take the chance to wish you a great year 2k17 🎉.

Over n' out, your @itsecguy 👀

PS. The group will be announced separately within the next days.

Читать полностью…

IT Security Alerts

Are you affected by this PHP related vulnerability? (This helps us creating relevant content for this channel!)

Читать полностью…

IT Security Alerts

⚠️ Signal, Skype, Slack, Rot, Keeper and all other Electron apps contain a remote code execution vulnerability. Electron released a fix.

* Affected Desktop apps: Signal, Skype, Slack, Rot, Keeper (and many others - see https://yt.gl/electronapps)
* Electron Apps with default prtocol handler (like myapp:// ) are vulnerable
* The devlopers should generate an update asap

Advice: Do not click on any untrusted links. Do not allow webpages to open electron desktop apps.

If you develop (!) Electron Apps, please update to the newest versions: 1.8.2-beta.4, 1.7.11 and 1.6.16 and send an update to your customers.
Skype (newest version) and slack (3.0.3) are already fixed.
"Full" list of all Electron Apps: https://yt.gl/electronapps

macOS and Linux are not vulnerable to this issue.
CVE-2018-1000006
(Severity: 🔸 high ) More Info: https://yt.gl/p0xta
#alert #severityhigh #electron #windows

Thanks to @JonasMuc and @CyborgRel from the @itsectalk admin team for reporting and gathering information on this vulernability. Please forward the info to the team responsible for updating desktop apps!

Читать полностью…

IT Security Alerts

⚠ Critical CSRF Security Vulnerability in phpMyAdmin Database Tool Patched:


"By deceiving a user to click on a crafted URL," the advisory states,
"it is possible to perform harmful database operations such as deleting
records, dropping/truncating tables, etc."

The attack reportedly works even if the user was authenticated in cPanel and phpMyAdmin was closed after use

(Severity: 🔹medium ) More Info: http://yt.gl/3u94c
#alert #severitymedium #PHP #MYSQL

Читать полностью…

IT Security Alerts

⚠️🔄 Meltdown and Spectre affect Intel, AMD and ARM processors. Every processor since 1995 (except Intel Itanium and Intel Atom before 2013) is affected. Especially dangerous on hypervisors.

— Further Information —
Researcher Info: http://yt.gl/meltdown
Intel: http://yt.gl/ih062 | AMD: (no statement)
Microsoft: http://yt.gl/9c1qm | Red Hat: http://yt.gl/7ektf | SUSE: http://yt.gl/6u80m | Ubuntu: http://yt.gl/iy49w

#alert #updated #vulnerability #intel #amd #arm #hardware #windows #macos #linux

📢 Forward this message to your friends & colleagues
🎤 Join our chat at @itsectalk to discuss this issue

Читать полностью…

IT Security Alerts

⚠️ TLS - It may be possible to obtain the secret key to a TLS connection via ROBOT attack. Affected users and system administrators are encouraged to disable TLS RSA cyphers if possible. (severity: 🔹medium) Further Info: http://www.kb.cert.org/vuls/id/144389
#vulnerability #severitymedium #linux
#SSL #TLS

Читать полностью…

IT Security Alerts

⚠ macOS High Sierra allows root login without password! Sounds like a bad joke - unfortunately it's true. Workaround provided - Apple is working on resolving the problem. (Severity: 🔸high) More Info: http://yt.gl/macosroot
#alert #severityhigh #macos #macoshighsierra #vulnerability

This was reported by Chris from http://dnstrails.com/ - If you want to discuss this issue, join us on @itsectalk - Feel free to forward to your macOS friends ;)

Читать полностью…

IT Security Alerts

⚠️ Update WPA2: The details have been released and can be found at http://yt.gl/krackattack - basically every setup is vulnerable by now. Vendors will be able to patch the flaw and it will be backwards-compatible. Priority should be updating clients! Vendors were notified 14 July and some have patches available. Please ensure to read the disclosure above.
#alert #severityhigh #wpa2 #wifi

Читать полностью…

IT Security Alerts

Linux (CentOS6/7, Red Hat 6/7 - many builds affected) PIE Stack corruption leads to Local Privilege Escalation. (No severity rating from our side) Further information: https://www.qualys.com/2017/09/26/cve-2017-1000253/cve-2017-1000253.txt
#alert #exploit #linux #centos #redhat

Thanks for the anonymous submission to https://infected.io/alert-submission 👍🏻 keep reporting and help sysadmins around the globe 🌏

Читать полностью…

IT Security Alerts

⚠️ Python - malicious packets found. Ensure that you have the correct libraries and no affected ones installed on your systems! (No severity rating from our side). Further information: http://yt.gl/4uy72

#vulnerability #alert #python #pip

Please forward this to your sysadmins. Feel free to join our IT Security Telegram Group as well: /channel/itsectalk 🏅

Читать полностью…

IT Security Alerts

🔕 This channel is not dead. Please remember to report vulnerabilities via https://infected.io/alert-submission and discuss them in @itsectalk so we know they are relevant for people!

Over n' out.

Читать полностью…

IT Security Alerts

⚠️ℹ️ Hipchat (hosted) is also affected. Mail addresses and some other information has been accessed by an attacker. *INFO* Right now the download pages seem to be down and there are several outages in the Atlassian ecosystem. Check out http://yt.gl/n7mug and the status page at http://status.atlassian.com/
#alert #severityhigh #databreach #hacked #atlassian #hipchat #confluence #wiki #chat

📬 Forward this to your sysadmin friends and help them protect their data! Join our discussion group at /channel/itsectalk @itsectalk ✉️

Читать полностью…

IT Security Alerts

⚠️ WordPress fixes 6 possible XSS vulnerabilities and 39 bugs. Please update your installation. (Severity: 🔸high) Further information: https://codex.wordpress.org/Version_4.7.3
#alert #vulnerability #severityhigh #wordpress

Useful to you? It might be useful for your sysadmin friends as well - feel free to forward this message!

Читать полностью…

IT Security Alerts

⚠️ Cloudflare Memory Leak vulnerability. It's fixed and they're sending out mails to affected customers. Further information: https://blog.cloudflare.com/incident-report-on-memory-leak-caused-by-cloudflare-parser-bug/
#alert #vulnerability #memoryleak #provider #cloudflare

Discuss this vulnerability in our new telegram group at /channel/itsectalk @itsectalk

Читать полностью…

IT Security Alerts

🔕 Thanks for voting. We have created a group which you can join and discuss with other ITSEC interested people. Feel free to ask questions and post interesting ressources.

➡️ Join here /channel/itsectalk // @itsectalk ⬅️

📲 Please forward this to your sysadmin friends and other people which could profit from the group.

Читать полностью…

IT Security Alerts

❓ Please excuse this message on our own behalf. We have been asked several times if there is a good chat group about ITSEC on telegram - and there isn't any. Would you be interested in an actual group where you can talk to other ITSEC interested people? #

😶 Okay. I would join, but most likely not participate. – 232
👍👍👍👍👍👍👍 48%

😀 That would be great, I would join and participate! – 213
👍👍👍👍👍👍 44%

😒 No. I don't think that's a good idea. Would not join. – 38
👍 8%

👥 483 people voted so far.

Читать полностью…

IT Security Alerts

⚠️🚨 Extremely critical RCE in PHPMailer! If you got ANY PHP application -> check it ASAP! The POC exploit code is in the wild - we expect large scale attacks tryign to abuse this flaw shortly!
(Severity: 🔸high) Further Information: http://yt.gl/phpmailer
#alert #severityhigh #vulnerability #zeroday #php #phpmailer
Thanks for your anonymous reports through https://infected.io/alert-submission - help us and report vulnerabilities which affect the mass!
📲 Forward this to your admin colleagues & friends!

Читать полностью…
Подписаться на канал