April 2024 - rwth-security - lists.rwth-aachen.de

CVE-2024-31497: Critical PuTTY Vulnerability Exposes Private Keys – Immediate Action Required
by Bernd Kohler 17 Apr '24

17 Apr '24

Hallo zusammen, sofern nicht selber schon gesehen/-lesen hier [0] FYI "CVE-2024-31497: Critical PuTTY Vulnerability Exposes Private Keys – Immediate Action Required" VG Bernd [0] https://securityonline.info/cve-2024-31497-critical-putty-vulnerability-exp… -- Bernd Kohler IT Center Abteilung: Netze RWTH Aachen University Wendlingweg 10 52074 Aachen Tel: +49 241 80-29793 Fax: +49 241 80-22666 kohler(a)itc.rwth-aachen.de www.itc.rwth-aachen.de Social Media Kanäle des IT Centers: https://blog.rwth-aachen.de/itc/ https://www.facebook.com/itcenterrwth https://www.linkedin.com/company/itcenterrwth https://twitter.com/ITCenterRWTH https://www.youtube.com/channel/UCKKDJJukeRwO0LP-ac8x8rQ

1 1

Cisco Duo warns third-party data breach exposed SMS MFA logs
by Bernd Kohler 15 Apr '24

15 Apr '24

Hallo zusammen, sofern nicht selber schon gesehen/-lesen hier [0] FYI "Cisco Duo warns third-party data breach exposed SMS MFA logs" VG Bernd [0] https://www.bleepingcomputer.com/news/security/cisco-duo-warns-third-party-… -- Bernd Kohler IT Center Abteilung: Netze RWTH Aachen University Wendlingweg 10 52074 Aachen Tel: +49 241 80-29793 Fax: +49 241 80-22666 kohler(a)itc.rwth-aachen.de www.itc.rwth-aachen.de Social Media Kanäle des IT Centers: https://blog.rwth-aachen.de/itc/ https://www.facebook.com/itcenterrwth https://www.linkedin.com/company/itcenterrwth https://twitter.com/ITCenterRWTH https://www.youtube.com/channel/UCKKDJJukeRwO0LP-ac8x8rQ

1 0

DevSecOpsGuides - Attacking Kubernetes/Docker/Cloud (inkl. AWS und
by Bernd Kohler 15 Apr '24

15 Apr '24

Hallo zusammen, sofern nicht selber schon gesehen/-lesen hier folgendes FYI [0] - Attacking Kubernetes [1] - Attacking Docker [2] - Cloud Attacks [3] - Attacking AWS [4] - Attacking Azure VG Bernd [0] https://blog.devsecopsguides.com/attacking-kubernetes [1] https://blog.devsecopsguides.com/attacking-docker [2] https://devsecopsguides.com/docs/attacks/cloud/ [3] https://blog.devsecopsguides.com/attacking-aws [4] https://blog.devsecopsguides.com/attacking-azure -- Bernd Kohler IT Center Abteilung: Netze RWTH Aachen University Wendlingweg 10 52074 Aachen Tel: +49 241 80-29793 Fax: +49 241 80-22666 kohler(a)itc.rwth-aachen.de www.itc.rwth-aachen.de Social Media Kanäle des IT Centers: https://blog.rwth-aachen.de/itc/ https://www.facebook.com/itcenterrwth https://www.linkedin.com/company/itcenterrwth https://twitter.com/ITCenterRWTH https://www.youtube.com/channel/UCKKDJJukeRwO0LP-ac8x8rQ

1 0

New Spectre Variant (CVE-2024-2201) Exposes Limitations of Current
by Bernd Kohler 10 Apr '24

10 Apr '24

Hallo zusammen, sofern nicht selber schon gesehen/-lesen hier [0] FYI "New Spectre Variant (CVE-2024-2201) Exposes Limitations of Current Defenses" VG Bernd [0] https://securityonline.info/new-spectre-variant-cve-2024-2201-exposes-limit… -- Bernd Kohler IT Center Abteilung: Netze RWTH Aachen University Wendlingweg 10 52074 Aachen Tel: +49 241 80-29793 Fax: +49 241 80-22666 kohler(a)itc.rwth-aachen.de https://www.itc.rwth-aachen.de Social Media Kanäle des IT Centers: https://blog.rwth-aachen.de/itc/ https://www.facebook.com/itcenterrwth https://www.linkedin.com/company/itcenterrwth https://twitter.com/ITCenterRWTH https://www.youtube.com/c/ITCenterRWTHAachen

1 0

HTTP/2 CONTINUATION Flood
by Bernd Kohler 10 Apr '24

10 Apr '24

Hallo zusammen, sofern nicht selber schon gesehen/-lesen hier [0] FYI "HTTP/2 CONTINUATION Flood" VG Bernd [0] https://nowotarski.info/http2-continuation-flood/ -- Bernd Kohler IT Center Abteilung: Netze RWTH Aachen University Wendlingweg 10 52074 Aachen Tel: +49 241 80-29793 Fax: +49 241 80-22666 kohler(a)itc.rwth-aachen.de https://www.itc.rwth-aachen.de Social Media Kanäle des IT Centers: https://blog.rwth-aachen.de/itc/ https://www.facebook.com/itcenterrwth https://www.linkedin.com/company/itcenterrwth https://twitter.com/ITCenterRWTH https://www.youtube.com/c/ITCenterRWTHAachen

1 0

reverst: HTTP reverse tunnels over QUIC
by Bernd Kohler 09 Apr '24

09 Apr '24

Hallo zusammen, sofern nicht selber schon gesehen/-lesen hier [0] FYI "reverst: HTTP reverse tunnels over QUIC" VG Bernd [0] https://github.com/flipt-io/reverst/ -- Bernd Kohler IT Center Abteilung: Netze RWTH Aachen University Wendlingweg 10 52074 Aachen Tel: +49 241 80-29793 Fax: +49 241 80-22666 kohler(a)itc.rwth-aachen.de https://www.itc.rwth-aachen.de Social Media Kanäle des IT Centers: https://blog.rwth-aachen.de/itc/ https://www.facebook.com/itcenterrwth https://www.linkedin.com/company/itcenterrwth https://twitter.com/ITCenterRWTH https://www.youtube.com/c/ITCenterRWTHAachen

1 0

New Chrome feature aims to stop hackers from using stolen cookies
by Bernd Kohler 09 Apr '24

09 Apr '24

Hallo zusammen, sofern nicht selber schon gesehen/-lesen hier [0] FYI "New Chrome feature aims to stop hackers from using stolen cookies" --> es geht um Device Bound Session Credentials (DBSC) --> produktiv (derzeit Prototyp) laut [1] ab Chrome Version 131 --> Aktivierung mit chrome://flags/ --> "enable-bound-session-credentials" (Wechsel von "Default" nach "Enabled"; anschließend Relaunch) VG Bernd [0] https://www.bleepingcomputer.com/news/security/new-chrome-feature-aims-to-s… [1] https://github.com/WICG/dbsc/wiki/DBSC-timeline -- Bernd Kohler IT Center Abteilung: Netze RWTH Aachen University Wendlingweg 10 52074 Aachen Tel: +49 241 80-29793 Fax: +49 241 80-22666 kohler(a)itc.rwth-aachen.de https://www.itc.rwth-aachen.de Social Media Kanäle des IT Centers: https://blog.rwth-aachen.de/itc/ https://www.facebook.com/itcenterrwth https://www.linkedin.com/company/itcenterrwth https://twitter.com/ITCenterRWTH https://www.youtube.com/c/ITCenterRWTHAachen

1 0