Xavier «X» Santolaria :verified_paw: :donor: · @0x58
729 followers · 1369 posts · Server infosec.exchange🗞️ Weekly #infosec Shared Links newsletter for week 07/2023 is out! Read, like, and subscribe below.
It includes, but not only:
- #FBI is investigating a cybersecurity incident on its network
- #GoDaddy: Hackers stole source code, installed #malware in multi-year breach
- Scandinavian Airlines says cyberattack caused passenger #dataleak
- #Atlassian says recent data leak stems from third-party vendor hack
- Critical RCE Vulnerability Discovered in #ClamAV Open Source Antivirus Software
- #SAP’s February 2023 Security Updates Patch High-Severity Vulnerabilities
- North Korea's APT37 Targeting Southern Counterpart with New M2RAT Malware
- 9 New #Microsoft Bugs to Patch Now
- Proof of Concept by the #Qualys Security Advisory Team, exploiting the double-free vulnerability in #OpenSSH server
- #Ransomware hits Technion university, protests tech layoffs and Israel
- New #ESXiArgs Ransomware Variant Emerges After CISA Releases Decryptor Tool
#infosec #fbi #godaddy #malware #dataleak #atlassian #clamav #sap #microsoft #qualys #openssh #ransomware #esxiargs #cybersecurity
Marco Ivaldi · @raptor
1696 followers · 943 posts · Server infosec.exchange
Of course the master heap #xdev at #Qualys managed to achieve significant progress in #exploiting the recent double-free #vulnerability in #OpenSSH server 9.1 (CVE-2023-25136) 💚
“Quick update: we were able to gain arbitrary control of the rip register through this bug (i.e., we can jump wherever we want in sshd's address space) on an unpatched installation of OpenBSD 7.2 (which runs OpenSSH 9.1 by default). This is by no means the end of the story: this was only step 1, bypass the malloc and double-free protections.”
“The trick to bypass malloc's double-free and use-after-free protections is to re-allocate the memory that was occupied by options.kex_algorithms as soon as it is free: from malloc's point of view, no attempt is made to free, read, or write memory that is already free; from sshd's point of view, however, an aliasing attack occurs: two different pointers to two different objects refer to the same chunk of memory, and a write to one object overwrites the other object. This opens up a world of possibilities.”
#xdev #qualys #exploiting #vulnerability #openssh
F0rm4t · @F0rm4t
11 followers · 17 posts · Server infosec.exchange
NEW Microsoft Sentinel SOAR solutions
We are launching 14 new solutions which adds 14 SOAR connectors and another 25+ playbooks to expand our SOAR capabilities in Multicloud SOAR, Vulnerability enrichment, Incident management, migration, and threat intelligence categories. With this, there are 330+ playbooks available in Microsoft Sentinel content hub either in the 50+ SOAR solutions or as standalone playbooks.
#microsoft #intelligence #soar #siem #playbook #automation #enrichment #cloud #multicloud #threat #threatintelligence #azure #aws #cgp #minemeld #qualys #Rapid7 #OpenCTI #Checkphish #AbuseIPDB #URLhaus #ServiceNow #Fortinet #Threatx #azure #logicapp #management #content
#microsoft #intelligence #soar #siem #playbook #automation #enrichment #cloud #multicloud #threat #threatintelligence #azure #aws #cgp #minemeld #qualys #rapid7 #opencti #CheckPhish #abuseipdb #URLhaus #servicenow #fortinet #threatx #logicapp #management #content
John Fitzpatrick · @j0hn_f
113 followers · 93 posts · Server infosec.exchangeThe #Qualys research team's advisories are pretty good huh? Loads of detail and good to read.
This is their #CVE-2022-3328 advisory - a race condition in Snapd (default install on Ubuntu) which they've leveraged a couple of other vulns in order to get root: https://www.qualys.com/2022/11/30/cve-2022-3328/advisory-snap.txt
infosec-jobs.com · @infosec_jobs
1129 followers · 14498 posts · Server mastodon.socialHIRING: Vulnerability Security Engineer / Paris, France https://infosec-jobs.com/J19295/ #InfoSec #InfoSecJobs #Cybersecurity #jobsearch #hiringnow #CyberCareer #Paris #France #AWS #Cloud #Cryptography #Ecommerce #Exploit #GIAC #Malware #Metasploit #OWASP #Qualys #SANS
#infosec #infosecjobs #cybersecurity #jobsearch #hiringnow #cybercareer #paris #france #aws #cloud #cryptography #ecommerce #exploit #giac #malware #metasploit #owasp #qualys #sans
WhatDoesKmean · @seercle
1 followers · 12 posts · Server red.niboe.info
Qualys API - Host List and Asset Management with Python
#python #apis #vulnerability #assets #qualys
https://loggar.hashnode.dev/qualys-api-host-list-and-asset-management-with-python
#qualys #assets #vulnerability #apis #python
Neurosploit · @neurosploit
28 followers · 66 posts · Server bitcoinhackers.orgRT @qualys
The #Qualys Research Team has discovered an easily exploitable memory corruption vulnerability (#Pwnkit) in polkit a SUID-root program that allows any unprivileged local user to gain root privileges on all major linux systems in its default configuration: https://fal.cn/3lCr6
informapirata :privacypride: · @informapirata
3842 followers · 8765 posts · Server mastodon.unoLa vulnerabilità #PwnKit (chiamata così dalla società #Qualys) che garantisce agli aggressori i privilegi di root sui sistemi Linux, è stata rivelata in un'utilità di sistema chiamata #Polkit.
L'exploit esiste da 12 anni, ma è emerso solo poche ore dopo la pubblicazione dei dettagli tecnici!
Di Ravie #Lakshmanan su #TheHackerNews
https://thehackernews.com/2022/01/12-year-old-polkit-flaw-lets.html
#PwnKit #qualys #polkit #Lakshmanan #thehackernews
Julien M. · @julm
485 followers · 4935 posts · Server framapiaf.org#Qualys #SecurityAdvisory
> #Sequoia: A deep root in #Linux's #filesystem layer (#CVE-2021-33909)
> by creating, mounting, and deleting a deep
directory structure whose total path length exceeds 1GB [...]
> We [...] obtained full #root privileges on default installations
https://www.openwall.com/lists/oss-security/2021/07/20/1
#eBPF #infosec
#infosec #ebpf #root #cve #filesystem #linux #sequoia #securityadvisory #qualys
ITSEC News · @itsecbot
856 followers · 32557 posts · Server schleuss.onlineUkrainian Police Nab Six Tied to CLOP Ransomware - Authorities in Ukraine this week charged six people alleged to be part of the CLOP... https://krebsonsecurity.com/2021/06/ukrainian-police-nab-six-tied-to-clop-ransomware/ #universityofmarylandandtheuniversityofcalifornia #stanforduniversitymedicalschool #filetransferappliance #neer-do-wellnews #ransomware #accellion #darkside #intel471 #jonesday #krogers #singtel #att&ck #qualys #babuk #mitre #clop
#clop #mitre #babuk #qualys #att #singtel #krogers #jonesday #intel471 #darkside #accellion #ransomware #neer #filetransferappliance #stanforduniversitymedicalschool #universityofmarylandandtheuniversityofcalifornia
Shin.Ice :debian: · @ShinIce
111 followers · 1195 posts · Server social.tchncs.dethe company I'm working for decided to place the core products behinde #cloudflare , the fight to avoid this was futile 😒
now, months after this, new security concerns are popping up...unfortunately not from our "IT Security Manager" but from us: this "security" guy is pushing hard to install company wide #qualys and #zscaler 🙈
I'm really sick of this 💩 Time to cut of with some wine in the weekend 🍷 and change thoughts!
🖱🛠👉👕👈 SOSOrdinet 🎣🖥️🐛 🗞️ · @SOSOrdinet
15 followers · 845 posts · Server social.targaryen.house
#Cl0p : variante du #ransomware qui exploite une vulnérabilité 0-day depuis les #FTA d’ #Accellion via le Web-Shell… #Qualys impacté !
#Cl0p #ransomware #fta #Accellion #qualys #securite #webshell #date #vieprivee
Julien M. · @julm
485 followers · 4935 posts · Server framapiaf.org#Qualys #SecurityAdvisory #InfoSec
Heap-based buffer overflow in #Sudo (#CVE-2021-3156)
"This #vulnerability:
- is #exploitable by any local user (normal users and system users, sudoers and non-sudoers), without #authentication (i.e., the attacker does not need to know the user's password);
- was introduced in July 2011"
https://www.openwall.com/lists/oss-security/2021/01/26/3
#authentication #exploitable #vulnerability #cve #sudo #infosec #securityadvisory #qualys
ITSEC News · @itsecbot
687 followers · 32461 posts · Server schleuss.onlineMicrosoft Patch Tuesday, March 2020 Edition - Microsoft Corp. today released updates to plug more than 100 security holes in its various Windows o... more: https://krebsonsecurity.com/2020/03/microsoft-patch-tuesday-march-2020-edition/ #applicationinspector #recordedfuture #cve-2020-0688 #cve-2020-0852 #cve-2020-0872 #timetopatch #animeshjain #qualys
#qualys #animeshjain #timetopatch #cve #recordedfuture #applicationinspector
ITSEC News · @itsecbot
687 followers · 32461 posts · Server schleuss.onlineMicrosoft Patch Tuesday, February 2020 Edition - Microsoft today released updates to plug nearly 100 security holes in various versions of its Window... more: https://krebsonsecurity.com/2020/02/microsoft-patch-tuesday-february-2020-edition/ #microsoftpatchtuesdayfebruary2020 #recordedfuture #cve-2019-1280 #cve-2020-0618 #cve-2020-0674 #cve-2020-0688 #timetopatch #jimmygraham #alanliska #qualys
#qualys #alanliska #jimmygraham #timetopatch #cve #recordedfuture #microsoftpatchtuesdayfebruary2020
ITSEC News · @itsecbot
687 followers · 32461 posts · Server schleuss.onlinePatch Tuesday, January 2020 Edition - Microsoft today released updates to plug 50 security holes in various flavors of Windows and related... more: https://krebsonsecurity.com/2020/01/patch-tuesday-january-2020-edition/ #johnshopkinsuniversity #cve-2020-0601 #kennethwhite #matthewgreen #timetopatch #windows10 #mongodb #qualys
#qualys #mongodb #windows10 #timetopatch #matthewgreen #kennethwhite #cve #johnshopkinsuniversity
Nomis · @nomis38
57 followers · 1387 posts · Server framapiaf.org
Thomas B. Rücker · @tbr
412 followers · 4965 posts · Server society.oftrolls.com#StackClash PoC/Exploits by #Qualys are now public
http://www.openwall.com/lists/oss-security/2017/06/28/14