Hallo zusammen,
sofern nicht selber schon gesehen/-lesen hier [0] FYI
"Unpatched Prototype Pollution Flaw Affects All Versions of Popular Lodash Library"
"... a popular npm library used by more than 4 million projects on GitHub alone,
is affected by a high severity security vulnerability that could allow attackers
to compromise the security of affected services using the library and their
respective user base ..."
--> affects all versions of lodash, including the latest version 4.17.11.
VG
Bernd
[0]
https://thehackernews.com/2019/07/lodash-prototype-pollution.html
--
Bernd Kohler
IT Center
Abteilung: Netze
RWTH Aachen University
Wendlingweg 10
52074 Aachen
Tel: +49 241 80-29793
Fax: +49 241 80-22666
kohler(a)itc.rwth-aachen.de
https://www.itc.rwth-aachen.de
Hallo zusammen,
sofern nicht selber schon gesehen/-lesen hier [0] FYI
"Zoom Zero Day: 4+ Million Webcams & maybe an RCE? Just get them to visit your website!"
"... A vulnerability in the Mac Zoom Client allows any malicious website to enable your camera without your permission ..."
Dazu passend auf TWitter gefunden
• Drag the Zoom app to the trash
Then in Terminal:
• lsof -i :19421 (to get the PID)
• kill -9 [PID] (this kills the crab)
• rm -rf ~/.zoomus (gtfo)
• touch ~/.zoomus (and stay out)
VG
Bernd
[0]
https://medium.com/@jonathan.leitschuh/zoom-zero-day-4-million-webcams-mayb…
--
Bernd Kohler
IT Center
Abteilung: Netze
RWTH Aachen University
Wendlingweg 10
52074 Aachen
Tel: +49 241 80-29793
Fax: +49 241 80-22666
kohler(a)itc.rwth-aachen.de
https://www.itc.rwth-aachen.de
Hallo zusammen,
sofern nicht selber schon gesehen/-lesen hier [0] FYI
"SKS Keyserver Network Under Attack"
VG
Bernd
[0]
--
Bernd Kohler
IT Center
Abteilung: Netze
RWTH Aachen University
Wendlignweg 10
52074 Aachen
Tel: +49 241 80-29793
Fax: +49 241 80-22666
kohler(a)itc.rwth-aachen.de
www.itc.rwth-aachen.de
The real world meets IPv6 - first DDoS attack
http://h-online.com/-1440502
Hallo zusammen,
sofern nicht selber schon gesehen/-lesen hier die Empfehlung [0] des BSI FYI
"Sichere Konfiguration von Microsoft Office 2013/2016/2019"
In diesem Zuge bietet heise.de einen Emailcheck [1] mit z.B.
- HTML
- JavaScript
- eingebettetem Bild
- verschleiertem Link
- diversen Anhängen und
- dem EICAR Test Virus (in diversen Formen)
VG
Bernd
[0]
https://www.allianz-fuer-cybersicherheit.de/ACS/DE/_/downloads/BSI-CS_135.h…
[1]
https://www.heise.de/security/dienste/Emailcheck-2109.html
--
Bernd Kohler
IT Center
Abteilung: Netze
RWTH Aachen University
Wendlignweg 10
52074 Aachen
Tel: +49 241 80-29793
Fax: +49 241 80-22666
kohler(a)itc.rwth-aachen.de
www.itc.rwth-aachen.de
The real world meets IPv6 - first DDoS attack
http://h-online.com/-1440502
Und leider direkt noch ein Grund die Systeme mal wieder zu patchen:
https://access.redhat.com/security/vulnerabilities/tcpsack
„Three related flaws were found in the Linux kernel’s handling of TCP networking. The most severe vulnerability could allow a remote attacker to trigger a kernel panic in systems running the affected software and, as a result, impact the system’s availability.“
Mit besten Grüßen,
Andre
--
Dr.-Ing. André Stollenwerk
Informatik 11 - Embedded Software
RWTH Aachen University
Ahornstrasse 55, 52074 Aachen, Germany
phone: +49 241 80 21166
web: http://www.embedded.rwth-aachen.de
Hallo zusammen,
sofern nicht selber schon gesehen/-lesen hier [0] bzw. [1] FYI
"REGULATION (EU) 2019/881 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL
of 17 April 2019
on ENISA (the European Union Agency for Cybersecurity) and on information and communications technology cybersecurity
certification and repealing Regulation (EU) No 526/2013 (Cybersecurity Act)"
--> das ganze tritt am 27.06.2019 ("Date of effect: 27/06/2019") in Kraft
VG
Bernd
[0]
https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=uriserv:OJ.L_.2019.151.…
[1]
https://eur-lex.europa.eu/legal-content/DE/TXT/PDF/?uri=CELEX:32019R0881&fr…
--
Bernd Kohler
IT Center
Abteilung: Netze
RWTH Aachen University
Wendlingweg 10
52074 Aachen
Tel: +49 241 80-29793
Fax: +49 241 80-22666
kohler(a)itc.rwth-aachen.de
https://www.itc.rwth-aachen.de