Microsoft June “Patch Tuesday” Addresses 73 Vulnerabilities
https://securityboulevard.com/2023/06/microsoft-june-patch-tuesday-addresses-73-vulnerabilities/
Российские хакеры анонсировали мощную атаку на западную финансовую систему в ближайшие 48 часов. Задача номер один — парализовать работу SWIFT.
По нашей информации, ради этой кампании объединились ребята из группировок KillNet, Revil и Anonymous Sudan. Планируют "дать отпор безумцам по формуле «нет денег — нет оружия — нет киевского режима»". Среди целей: банки Европы и США, Swift и Федеральная резервная система США (аналог нашего Центрального банка).
Для справки: Revil считается одним из самых активных мобов среди хакеров по всему миру. Ребята прославились тем, что похищали схемы будущих продуктов Apple, взламывали органы местного управления Техаса и атаковали крупнейшего поставщика мяса в мире — JBS. Теперь они будут работать с ребятами из KillNet, которые в августе прошлого года сломали сайт ведущей американской оборонной корпорации Lockheed Martin и доказали, что агенты ФБР любят куколд-порно. Ну а про "анонимусов" вы слышали.
Deus Vult 1001100
😋 Подписывайся на Mash
GoodbyeDPI — Deep Packet Inspection circumvention utility (for Windows)
https://github.com/ValdikSS/GoodbyeDPI
High-Severity Privilege Escalation Vulnerability Patched in VMware Workstation
https://www.securityweek.com/high-severity-privilege-escalation-vulnerability-patched-in-vmware-workstation/
https://www.vmware.com/security/advisories/VMSA-2023-0003.html
Django contains Uncontrolled Resource Consumption via cached header
https://github.com/advisories/GHSA-q2jf-h9jm-m7p4
Exploitation attempts for Oracle E-Business Suite flaw observed after PoC release
https://securityaffairs.com/141782/hacking/oracle-e-business-suite-flaw-poc.html
GTA Online New Hack allows Remotely Modify Users PC Data
https://www.cyberkendra.com/2023/01/gta-online-new-hack-allows-remotely.html
Bad things come in large packages: .pkg signature verification bypass on macOS
https://sector7.computest.nl/post/2023-01-xar/
#apple #macOS
Unpatchable Hardware Vulnerability Allows Hacking of Siemens PLCs
https://nationalcybersecurity.com/unpatchable-hardware-vulnerability-allows-hacking-of-siemens-plcs-hacking-cybersecurity-infosec-comptia-pentest-hacker/
SIEM Training
https://gist.github.com/isaqueprofeta/d14f394d8679fce0a11d7961d514fcdd
ZEROBOT BOTNET CAN NOW HACK INTO APACHE, APACHE SPARK SERVERS
https://www.securitynewspaper.com/2022/12/26/zerobot-botnet-can-now-hack-into-apache-apache-spark-servers/
Dynamic Linq Injection Remote Code Execution Vulnerability (CVE-2023-32571)
https://research.nccgroup.com/2023/06/13/dynamic-linq-injection-remote-code-execution-vulnerability-cve-2023-32571/
GreenTunnel is an anti-censorship utility designed to bypass the DPI system that is put in place by various ISPs to block access to certain websites.
https://github.com/SadeghHayeri/GreenTunnel
Security Bulletin: IBM WebSphere Application Server is vulnerable to a remote code execution vulnerability (CVE-2023-23477)
https://www.ibm.com/support/pages/node/6891111
Jira Service Management Server and Data Center Advisory (CVE-2023-22501)
https://confluence.atlassian.com/jira/jira-service-management-server-and-data-center-advisory-2023-02-01-1188786458.html
A Vulnerability in vBulletin Could Allow for Remote Command Execution
https://www.cisecurity.org/advisory/a-vulnerability-in-vbulletin-could-allow-for-remote-command-execution_2023-013
PHP Development Server <= 7.4.21 - Remote Source Disclosure
https://blog.projectdiscovery.io/php-http-server-source-disclosure/
2022 Microsoft Teams RCE
https://blog.pksecurity.io/2023/01/16/2022-microsoft-teams-rce.html
CVE-2023-22602: Apache Shiro Authentication Bypass Vulnerability
https://securityonline.info/cve-2023-22602-apache-shiro-authentication-bypass-vulnerability/
Microsoft's first Patch Tuesday of 2023 delivers a massive 98 fixes
https://www.zdnet.com/article/microsofts-first-patch-tuesday-of-2023-delivers-a-massive-98-fixes/#ftag=RSSbaffb68
https://www.computerweekly.com/news/252529073/Microsoft-fixes-EoP-zero-day-on-January-Patch-Tuesday
Disclosing a New Vulnerability in JWT Secret Poisoning (CVE-2022-23529)
https://unit42.paloaltonetworks.com/jsonwebtoken-vulnerability-cve-2022-23529/
CVE-2022-47523: ManageEngine Password Manager Pro, PAM360 and Access Manager Plus SQL Injection Vulnerability
https://www.tenable.com/blog/cve-2022-47523-manageengine-password-manager-pro-pam360-and-access-manager-plus-sql-injection
WebKitGTK and WPE WebKit Security Advisory WSA-2022-0011
https://seclists.org/oss-sec/2022/q4/241
Password Manager for IIS 2.0 has a cross-site scripting (XSS) vulnerability. CVE-2022-36664
https://nvd.nist.gov/vuln/detail/CVE-2022-36664
Critical Citrix ADC and Gateway zero-day exploited by hackers
dtacsec/critical-citrix-adc-and-gateway-zero-day-exploited-by-hackers-8710b4530b68" rel="nofollow">https://medium.com/@dtacsec/critical-citrix-adc-and-gateway-zero-day-exploited-by-hackers-8710b4530b68