ITX Mike · @mspsadmin
144 followers · 1117 posts · Server msps.ioI wonder how many people are going to run into issues on October 10th related to CVE-2022-37967 and patch #KB5020805
That's when the KrbtgtFullPacSignature Audit gets removed and the setting locks to Enforced.
https://ioc.exchange/@miketheitguy/109337062909975918
#CVE #Windows #WindowsServer #Infotech #InfoSec #SysAdmin #Kerberos #ActiveDirectory
#kb5020805 #CVE #windows #windowsserver #InfoTech #infosec #sysadmin #kerberos #activedirectory
madomado · @madomado
20 followers · 171 posts · Server floss.social
Aida Akl · @AAKL
398 followers · 696 posts · Server noc.socialCollectionRAT seems to do it all, in addition to using #Microsoft's Microsoft Foundation Class framework. But why? Is this a one-stop shopping spree? Or are they looking for something specific? #cybersecurity #infosec
North Korea's #Lazarus APT actors use public ManageEngine exploit to breach internet org #malware #CVE-2022-47966 https://www.bleepingcomputer.com/news/security/hackers-use-public-manageengine-exploit-to-breach-internet-org/ @BleepingComputer @billtoulas
#CVE #malware #lazarus #infosec #cybersecurity #microsoft
dispatch · @dispatch
568 followers · 3291 posts · Server ioc.exchangeMicrosoft Patch Tuesday, August 2023 Edition https://krebsonsecurity.com/2023/08/microsoft-patch-tuesday-august-2023-edition/ #MicrosoftPatchTuesdayAugust2023 #NikolasCemerikic #CVE-2023-21709 #CVE-2023-36884 #CVE-2023-36910 #CVE-2023-38180 #SecurityTools #ImmersiveLabs #SatnamNarang #TimetoPatch #microsoft #Tenable #adobe
#microsoftpatchtuesdayaugust2023 #nikolascemerikic #CVE #SecurityTools #ImmersiveLabs #SatnamNarang #TimetoPatch #microsoft #Tenable #adobe
adlerweb // BitBastelei · @adlerweb
658 followers · 4932 posts · Server social.adlerweb.infoEs gibt wohl mal wieder einen neuen #CPUBug in Prozessoren von #Intel - #CVE-2022-40982 aka INTEL-SA-00828 erlaubt es Daten anderer Nutzer auf dem selben System auszulesen. Betroffen sind CPUs zwischen #Skylake und #TigerLage. As usual gibt es für supportete CPUs einen neuen Microcode, der einen Workaround implementiert (und Performance kostet)
https://downfall.page/
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00828.html
#cpubug #intel #CVE #Skylake #tigerlage
Dimitris Kardarakos · @dimitrisk
303 followers · 194 posts · Server floss.social
The most efficient way to fix a security vulnerability: prevent testers from verifying the fix.
"It now appears that it's either fixed, or we are blocked from testing. We don't know the fix, or mitigation, so hard to say if it's truly fixed, or Microsoft put a control in place like a firewall rule or ACL to block us."
#Azure #Microsoft #security #CVE #cloud
Code Intelligence · @CodeIntelligence
103 followers · 52 posts · Server ioc.exchange
How we found a Prototype Pollution in protobuf.js - Live Demo 🚨
Our team has recently found a prototype pollution vulnerability in protobuf.js (CVE-2023-36665).
With a high CVSS Score of 9.8, this vulnerability would have put affected applications at risk of remote code execution and denial of service attacks.
Our colleague Peter Samarin wrote the bug detector behind it all, and will be giving a live demo of how this CVE was found.
Thursday, August 10th at 4:00 PM CEST/ 10:00 AM EDT
Sign up and reserve your spot today. ⏰
https://www.code-intelligence.com/webinar/how-we-found-a-prototype-pollution-in-protobufjs#register
#javascript #CVE #cybersecurity
Carlos Mogas da Silva · @r3pek
331 followers · 1624 posts · Server mastodon.r3pek.org
dispatch · @dispatch
558 followers · 3231 posts · Server ioc.exchangeApple & Microsoft Patch Tuesday, July 2023 Edition https://krebsonsecurity.com/2023/07/apple-microsoft-patch-tuesday-july-2023-edition/ #PatchTuesdayJuly2023 #CVE-2023-32046 #CVE-2023-32049 #CVE-2023-35311 #CVE-2023-36884 #SecurityTools #Applezero-day #ImmersiveLabs #AndrewBrandt #Safari16.5.2 #TimetoPatch #AdamBarnett #macOS13.4.1 #KevinBreen #Storm-0978 #trendmicro #iOS16.5.1 #Rapid7 #sophos #Cisco
#patchtuesdayjuly2023 #CVE #SecurityTools #applezero #ImmersiveLabs #AndrewBrandt #Safari16 #TimetoPatch #adambarnett #macOS13 #KevinBreen #storm #trendmicro #iOS16 #rapid7 #sophos #cisco
Code Intelligence · @CodeIntelligence
103 followers · 49 posts · Server ioc.exchangeWe found a prototype pollution vulnerability in protobufjs: CVE-2023-36665 🚨
Snyk CVSS Score: 8.6 (high)
Affected applications are at risk of remote code execution and denial of service attacks. The vulnerability was found by our open-source JavaScript fuzzer Jazzer.js, running in Google's OSS-Fuzz.
Mitigation:
Versions from 6.10.0 to 7.2.4 are affected and hence vulnerable to prototype pollution. The maintainer issued an update that fixed this vulnerability on April 18, 2023. We strongly recommend that impacted users upgrade to newer versions that include the fixes, i.e., version 7.2.4 and above.
Hats off to our colleague Peter for writing the bug detector and disclosing the vulnerability to the project maintainer 🙌
More info in our blog: https://www.code-intelligence.com/blog/cve-protobufjs-prototype-pollution-cve-2023-36665
#javascript #jazzerjs #CVE #opensource #protobufjs
DeltaLima 🐧 · @DeltaLima
142 followers · 2609 posts · Server social.la10cy.net
Short reminder to #mastoadmin : Have you already installed the latest version 4.1.3 of #mastodon? It fixes a very high scored CVE, which allows attackers to get a webshell on your mastodon system 😱
https://github.com/mastodon/mastodon/releases/tag/v4.1.3
#mastoadmin #mastodon #tootroot #CVE #security #patch
dispatch · @dispatch
551 followers · 3179 posts · Server ioc.exchangeCISA Order Highlights Persistent Risk at Network Edge https://krebsonsecurity.com/2023/06/cisa-order-highlights-persistent-risk-at-network-edge/ #CybersecurityandInfrastructureSecurityAgency #RiskyBusinesspodcast #BarracudaNetworks #ProgressSoftware #LatestWarnings #TheComingStorm #CVE-2023-27997 #MOVEitTransfer #TimetoPatch #AdamBoileau #PatrickGray #GoAnywhere #Fortinet #Mandiant #Fortra #CISA
#CybersecurityandInfrastructureSecurityAgency #riskybusinesspodcast #BarracudaNetworks #progresssoftware #LatestWarnings #TheComingStorm #CVE #moveittransfer #TimetoPatch #adamboileau #patrickgray #goanywhere #fortinet #mandiant #fortra #cisa
dispatch · @dispatch
551 followers · 3175 posts · Server ioc.exchangeMicrosoft Patch Tuesday, June 2023 Edition https://krebsonsecurity.com/2023/06/microsoft-patch-tuesday-june-2023-edition/ #MicrosoftPatchTuesdayJune2023 #CVE-2023-28310 #CVE-2023-29357 #CVE-2023-29363 #CVE-2023-32014 #CVE-2023-32015 #CVE-2023-32031 #SecurityTools #ImmersiveLabs #TimetoPatch #KevinBreen #Action1
#microsoftpatchtuesdayjune2023 #CVE #SecurityTools #ImmersiveLabs #TimetoPatch #KevinBreen #action1
dispatch · @dispatch
546 followers · 3165 posts · Server ioc.exchangeBarracuda Urges Replacing — Not Patching — Its Email Security Gateways https://krebsonsecurity.com/2023/06/barracuda-urges-replacing-not-patching-its-email-security-gateways/ #InternationalComputerScienceInstitute #EmailSecurityGateway #BarracudaNetworks #LatestWarnings #NicholasWeaver #CaitlinCondon #CVE-2023-2868 #TimetoPatch #Mandiant #Rapid7
#InternationalComputerScienceInstitute #emailsecuritygateway #BarracudaNetworks #LatestWarnings #NicholasWeaver #CaitlinCondon #CVE #TimetoPatch #mandiant #rapid7
Emory L. · @emory
161 followers · 1394 posts · Server soc.kvet.ch
users of #microsoft #Edge browser that are worried about #CVE-2023-2033 (and you should be) it's easy to get version strings mixed up so in Edge (and presumably Brave and Vivalidi and any other Chrome-engine browser), make sure in `about://` that the chromium version is not older than 112.0.5615.121!
#microsoft #edge #CVE #infosec #bestPractices
dispatch · @dispatch
533 followers · 3033 posts · Server ioc.exchangeMicrosoft (& Apple) Patch Tuesday, April 2023 Edition https://krebsonsecurity.com/2023/04/microsoft-apple-patch-tuesday-april-2023-edition/ #WindowsCommonLogSystemFileSystem #TrendMicroZeroDayInitiative #macOS12.6.5and11.7.6. #Nokoyawaransomware #iOS/iPadOS16.4.1 #TheComingStorm #CVE-2022-37969 #CVE-2023-28219 #CVE-2023-28220 #CVE-2023-28252 #SecurityTools #DBAPPSecurity #DustinChilds #TimetoPatch #BharatJogi #iOS15.5.7 #Mandiant #Qualys
#windowscommonlogsystemfilesystem #TrendMicroZeroDayInitiative #macOS12 #nokoyawaransomware #ios #TheComingStorm #CVE #SecurityTools #dbappsecurity #DustinChilds #TimetoPatch #bharatjogi #iOS15 #mandiant #Qualys
Marcos Paulo de Souza · @mpdesouza
73 followers · 96 posts · Server floss.socialAt SUSE, we from the Kernel Livepatching team need to make sure that live patches work properly, but how to test a live patch when you don't have a vulnerability reproducer for the bug? You create one!
#Linux #kernel #ltp #CVE #livepatch
dispatch · @dispatch
528 followers · 2981 posts · Server ioc.exchangeMicrosoft Patch Tuesday, March 2023 Edition https://krebsonsecurity.com/2023/03/microsoft-patch-tuesday-march-2023-edition/ #MicrosoftPatchTuesdayMarch2023 #Microsoft365AppsforEnterprise #WindowsSmartScreen #ZeroDayInitiative #TheComingStorm #CVE-2023-23397 #CVE-2023-24800 #SecurityTools #ImmersiveLabs #DustinChilds #TimetoPatch #KevinBreen #Rapid7
#microsoftpatchtuesdaymarch2023 #microsoft365appsforenterprise #windowssmartscreen #ZeroDayInitiative #TheComingStorm #CVE #SecurityTools #ImmersiveLabs #DustinChilds #TimetoPatch #KevinBreen #rapid7
Jeff the Alien · @hackdefendr
340 followers · 3316 posts · Server defenders.townDid you know that the MS13-98 #vulnerability was updated last year and actually still impacts a number of server releases up to #Windows #Server 2019?
It's true! Ask me how I know?
#infosec #CVE #vulnerability #windows #Server
dispatch · @dispatch
527 followers · 2916 posts · Server ioc.exchangeMicrosoft Patch Tuesday, February 2023 Edition https://krebsonsecurity.com/2023/02/microsoft-patch-tuesday-february-2023-edition/ #MicrosoftPatchTuesdayFebruary2023 #TrendMicroZeroDayInitiative #sansinternetstormcenter #InternetExplorer11 #JohannesUllrich #MicrosoftOffice #LatestWarnings #CVE-2023-21529 #CVE-2023-21706 #CVE-2023-21707 #CVE-2023-21715 #CVE-2023-21716 #CVE-2023-21823 #CVE-2023-23376 #SecurityTools #ImmersiveLabs #DustinChilds #TimetoPatch #KevinBreen #Mandiant
#microsoftpatchtuesdayfebruary2023 #TrendMicroZeroDayInitiative #sansinternetstormcenter #internetexplorer11 #johannesullrich #microsoftoffice #LatestWarnings #CVE #SecurityTools #ImmersiveLabs #DustinChilds #TimetoPatch #KevinBreen #mandiant