April 2024 - rwth-security - lists.rwth-aachen.de

Critical Vulnerabilities in Popular Database Library Expose Millions

von Bernd Kohler

Hallo zusammen, sofern nicht selber schon gesehen/-lesen hier [0] FYI "Critical Vulnerabilities in Popular Database Library Expose Millions of Applications to Attack" --> "flaws in node-mysql2" --> "update to version 3.9.7 or later" VG Bernd [0] https://securityonline.info/cve-2024-21508-rce-node-mysql2/?expand_article=1 -- Bernd Kohler IT Center Abteilung: Netze RWTH Aachen University Wendlingweg 10 52074 Aachen Tel: +49 241 80-29793 Fax: +49 241 80-22666 kohler(a)itc.rwth-aachen.de https://www.itc.rwth-aachen.de Social Media Kanäle des IT Centers: https://blog.rwth-aachen.de/itc/ https://www.facebook.com/itcenterrwth https://www.linkedin.com/company/itcenterrwth https://twitter.com/ITCenterRWTH https://www.youtube.com/c/ITCenterRWTHAachen

3 Wochen, 2 Tage

1
0
0 0

Microsoft releases Exchange hotfixes for security update issues

von Bernd Kohler

Hallo zusammen, sofern nicht selber schon gesehen/-lesen hier [0] FYI "Microsoft releases Exchange hotfixes for security update issues" --> "Microsoft has released hotfix updates to address multiple known issues impacting Exchange servers after installing the March 2024 security updates. ..." VG Bernd [0] https://www.bleepingcomputer.com/news/microsoft/microsoft-releases-exchange… -- Bernd Kohler IT Center Abteilung: Netze RWTH Aachen University Wendlingweg 10 52074 Aachen Tel: +49 241 80-29793 Fax: +49 241 80-22666 kohler(a)itc.rwth-aachen.de https://www.itc.rwth-aachen.de Social Media Kanäle des IT Centers: https://blog.rwth-aachen.de/itc/ https://www.facebook.com/itcenterrwth https://www.linkedin.com/company/itcenterrwth https://twitter.com/ITCenterRWTH https://www.youtube.com/c/ITCenterRWTHAachen

3 Wochen, 2 Tage

1
0
0 0

dauthi - perform authentication attacks against various Mobile Device

von Bernd Kohler

Hallo zusammen, sofern nicht selber schon gesehen/-lesen hier [0] FYI "dauthi" --> "Dauthi is a tool designed to perform authentication attacks against various Mobile Device Management (MDM) solutions ..." VG Bernd [0] https://github.com/emptynebuli/dauthi -- Bernd Kohler IT Center Abteilung: Netze RWTH Aachen University Wendlingweg 10 52074 Aachen Tel: +49 241 80-29793 Fax: +49 241 80-22666 kohler(a)itc.rwth-aachen.de https://www.itc.rwth-aachen.de Social Media Kanäle des IT Centers: https://blog.rwth-aachen.de/itc/ https://www.facebook.com/itcenterrwth https://www.linkedin.com/company/itcenterrwth https://twitter.com/ITCenterRWTH https://www.youtube.com/c/ITCenterRWTHAachen

3 Wochen, 2 Tage

1
0
0 0

CrushFTP scanner bzgl. CVE-2024-4040

von Bernd Kohler

Hallo zusammen, kurze Ergänzung zu dem Artkiel [0] "Attacken auf Dateiübertragungsserver CrushFTP beobachtet" das Airbus-CERT hat auf [1] einen CVE-2024-4040 - exploit scanners bereitgestellt Sofern noch nicht selber gesehen/-lesen hier FYI und VG Bernd [0] https://heise.de/-9693009 [1] https://github.com/airbus-cert/CVE-2024-4040 -- Bernd Kohler IT Center Abteilung: Netze RWTH Aachen University Wendlingweg 10 52074 Aachen Tel: +49 241 80-29793 Fax: +49 241 80-22666 kohler(a)itc.rwth-aachen.de https://www.itc.rwth-aachen.de Social Media Kanäle des IT Centers: https://blog.rwth-aachen.de/itc/ https://www.facebook.com/itcenterrwth https://www.linkedin.com/company/itcenterrwth https://twitter.com/ITCenterRWTH https://www.youtube.com/c/ITCenterRWTHAachen

3 Wochen, 3 Tage

1
0
0 0

HTTP Downgrade attacks with SmuggleFuzz

von Bernd Kohler

Hallo zusammen, sofern nicht selber schon gesehen/-lesen hier [0] FYI "HTTP Downgrade attacks with SmuggleFuzz" --> siehe dazu auch die schon etwas ältere Info-Seite [1] VG Bernd [0] https://moopinger.github.io/blog/smugglefuzz/fuzzing/smuggling/2024/01/31/S… [1] https://portswigger.net/research/http2 -- Bernd Kohler IT Center Abteilung: Netze RWTH Aachen University Wendlingweg 10 52074 Aachen Tel: +49 241 80-29793 Fax: +49 241 80-22666 kohler(a)itc.rwth-aachen.de https://www.itc.rwth-aachen.de Social Media Kanäle des IT Centers: https://blog.rwth-aachen.de/itc/ https://www.facebook.com/itcenterrwth https://www.linkedin.com/company/itcenterrwth https://twitter.com/ITCenterRWTH https://www.youtube.com/c/ITCenterRWTHAachen

3 Wochen, 3 Tage

1
1
0 0

Russia's APT28 Exploited Windows Print Spooler Flaw to Deploy

von Bernd Kohler

Hallo zusammen, sofern nicht selber schon gesehen/-lesen hier [0] FYI "Russia's APT28 Exploited Windows Print Spooler Flaw to Deploy 'GooseEgg' Malware" VG Bernd [0] https://thehackernews.com/2024/04/russias-apt28-exploited-windows-print.html -- Bernd Kohler IT Center Abteilung: Netze RWTH Aachen University Wendlingweg 10 52074 Aachen Tel: +49 241 80-29793 Fax: +49 241 80-22666 kohler(a)itc.rwth-aachen.de https://www.itc.rwth-aachen.de Social Media Kanäle des IT Centers: https://blog.rwth-aachen.de/itc/ https://www.facebook.com/itcenterrwth https://www.linkedin.com/company/itcenterrwth https://twitter.com/ITCenterRWTH https://www.youtube.com/c/ITCenterRWTHAachen

3 Wochen, 3 Tage

1
0
0 0

GitLab affected by GitHub-style CDN flaw allowing malware hosting

von Bernd Kohler

Hallo zusammen, sofern nicht selber schon gesehen/-lesen hier [0] FYI "GitLab affected by GitHub-style CDN flaw allowing malware hosting" --> "... Following our investigation, however, we learned that these files—which are malware, were nowhere to be found on Microsoft's code repo. Rather, these existed on GitHub's CDN and were likely uploaded by a threat actor who abused the platform's "comments" feature. ..." VG Bernd [0] https://www.bleepingcomputer.com/news/security/gitlab-affected-by-github-st… -- Bernd Kohler IT Center Abteilung: Netze RWTH Aachen University Wendlingweg 10 52074 Aachen Tel: +49 241 80-29793 Fax: +49 241 80-22666 kohler(a)itc.rwth-aachen.de https://www.itc.rwth-aachen.de Social Media Kanäle des IT Centers: https://blog.rwth-aachen.de/itc/ https://www.facebook.com/itcenterrwth https://www.linkedin.com/company/itcenterrwth https://twitter.com/ITCenterRWTH https://www.youtube.com/c/ITCenterRWTHAachen

3 Wochen, 3 Tage

1
0
0 0

Oracle VirtualBox Elevation of Privilege Vulnerability

von Bernd Kohler

Hallo zusammen, sofern nicht selber schon gesehen/-lesen hier [0] FYI "Oracle VirtualBox Elevation of Privilege Vulnerability (CVE-2024-21111): PoC Published" --> betroffen sind Version vor 7.0.16 --> "... allows attackers with basic access to a Windows system running VirtualBox to escalate their privileges. ..." VG Bernd [0] https://securityonline.info/oracle-virtualbox-elevation-of-privilege-vulner… -- Bernd Kohler IT Center Abteilung: Netze RWTH Aachen University Wendlingweg 10 52074 Aachen Tel: +49 241 80-29793 Fax: +49 241 80-22666 kohler(a)itc.rwth-aachen.de https://www.itc.rwth-aachen.de Social Media Kanäle des IT Centers: https://blog.rwth-aachen.de/itc/ https://www.facebook.com/itcenterrwth https://www.linkedin.com/company/itcenterrwth https://twitter.com/ITCenterRWTH https://www.youtube.com/c/ITCenterRWTHAachen

3 Wochen, 3 Tage

1
0
0 0

ClamAV Issues Urgent Patch for High-Risk DoS Vulnerability

von Bernd Kohler

Hallo zusammen, sofern nicht selber schon gesehen/-lesen hier [0] FYI "ClamAV Issues Urgent Patch for High-Risk DoS Vulnerability CVE-2024-20380" VG Bernd [0] https://securityonline.info/clamav-issues-urgent-patch-for-high-risk-dos-vu… -- Bernd Kohler IT Center Abteilung: Netze RWTH Aachen University Wendlingweg 10 52074 Aachen Tel: +49 241 80-29793 Fax: +49 241 80-22666 kohler(a)itc.rwth-aachen.de www.itc.rwth-aachen.de Social Media Kanäle des IT Centers: https://blog.rwth-aachen.de/itc/ https://www.facebook.com/itcenterrwth https://www.linkedin.com/company/itcenterrwth https://twitter.com/ITCenterRWTH https://www.youtube.com/channel/UCKKDJJukeRwO0LP-ac8x8rQ

3 Wochen, 6 Tage

1
0
0 0

CVE-2024-31497: Critical PuTTY Vulnerability Exposes Private Keys – Immediate Action Required

von Bernd Kohler

Hallo zusammen, sofern nicht selber schon gesehen/-lesen hier [0] FYI "CVE-2024-31497: Critical PuTTY Vulnerability Exposes Private Keys – Immediate Action Required" VG Bernd [0] https://securityonline.info/cve-2024-31497-critical-putty-vulnerability-exp… -- Bernd Kohler IT Center Abteilung: Netze RWTH Aachen University Wendlingweg 10 52074 Aachen Tel: +49 241 80-29793 Fax: +49 241 80-22666 kohler(a)itc.rwth-aachen.de www.itc.rwth-aachen.de Social Media Kanäle des IT Centers: https://blog.rwth-aachen.de/itc/ https://www.facebook.com/itcenterrwth https://www.linkedin.com/company/itcenterrwth https://twitter.com/ITCenterRWTH https://www.youtube.com/channel/UCKKDJJukeRwO0LP-ac8x8rQ

1 Monat

1
1
0 0

2024

2023

2022

2021

2020

2019

2018

rwth-security April 2024