- rwth-security - lists.rwth-aachen.de

GitLab affected by GitHub-style CDN flaw allowing malware hosting

von Bernd Kohler

Hallo zusammen, sofern nicht selber schon gesehen/-lesen hier [0] FYI "GitLab affected by GitHub-style CDN flaw allowing malware hosting" --> "... Following our investigation, however, we learned that these files—which are malware, were nowhere to be found on Microsoft's code repo. Rather, these existed on GitHub's CDN and were likely uploaded by a threat actor who abused the platform's "comments" feature. ..." VG Bernd [0] https://www.bleepingcomputer.com/news/security/gitlab-affected-by-github-st… -- Bernd Kohler IT Center Abteilung: Netze RWTH Aachen University Wendlingweg 10 52074 Aachen Tel: +49 241 80-29793 Fax: +49 241 80-22666 kohler(a)itc.rwth-aachen.de https://www.itc.rwth-aachen.de Social Media Kanäle des IT Centers: https://blog.rwth-aachen.de/itc/ https://www.facebook.com/itcenterrwth https://www.linkedin.com/company/itcenterrwth https://twitter.com/ITCenterRWTH https://www.youtube.com/c/ITCenterRWTHAachen

5 Tage, 19 Stunden

1
0
0 0

Oracle VirtualBox Elevation of Privilege Vulnerability

von Bernd Kohler

Hallo zusammen, sofern nicht selber schon gesehen/-lesen hier [0] FYI "Oracle VirtualBox Elevation of Privilege Vulnerability (CVE-2024-21111): PoC Published" --> betroffen sind Version vor 7.0.16 --> "... allows attackers with basic access to a Windows system running VirtualBox to escalate their privileges. ..." VG Bernd [0] https://securityonline.info/oracle-virtualbox-elevation-of-privilege-vulner… -- Bernd Kohler IT Center Abteilung: Netze RWTH Aachen University Wendlingweg 10 52074 Aachen Tel: +49 241 80-29793 Fax: +49 241 80-22666 kohler(a)itc.rwth-aachen.de https://www.itc.rwth-aachen.de Social Media Kanäle des IT Centers: https://blog.rwth-aachen.de/itc/ https://www.facebook.com/itcenterrwth https://www.linkedin.com/company/itcenterrwth https://twitter.com/ITCenterRWTH https://www.youtube.com/c/ITCenterRWTHAachen

6 Tage, 10 Stunden

1
0
0 0

ClamAV Issues Urgent Patch for High-Risk DoS Vulnerability

von Bernd Kohler

Hallo zusammen, sofern nicht selber schon gesehen/-lesen hier [0] FYI "ClamAV Issues Urgent Patch for High-Risk DoS Vulnerability CVE-2024-20380" VG Bernd [0] https://securityonline.info/clamav-issues-urgent-patch-for-high-risk-dos-vu… -- Bernd Kohler IT Center Abteilung: Netze RWTH Aachen University Wendlingweg 10 52074 Aachen Tel: +49 241 80-29793 Fax: +49 241 80-22666 kohler(a)itc.rwth-aachen.de www.itc.rwth-aachen.de Social Media Kanäle des IT Centers: https://blog.rwth-aachen.de/itc/ https://www.facebook.com/itcenterrwth https://www.linkedin.com/company/itcenterrwth https://twitter.com/ITCenterRWTH https://www.youtube.com/channel/UCKKDJJukeRwO0LP-ac8x8rQ

1 Woche, 2 Tage

1
0
0 0

CVE-2024-31497: Critical PuTTY Vulnerability Exposes Private Keys – Immediate Action Required

von Bernd Kohler

Hallo zusammen, sofern nicht selber schon gesehen/-lesen hier [0] FYI "CVE-2024-31497: Critical PuTTY Vulnerability Exposes Private Keys – Immediate Action Required" VG Bernd [0] https://securityonline.info/cve-2024-31497-critical-putty-vulnerability-exp… -- Bernd Kohler IT Center Abteilung: Netze RWTH Aachen University Wendlingweg 10 52074 Aachen Tel: +49 241 80-29793 Fax: +49 241 80-22666 kohler(a)itc.rwth-aachen.de www.itc.rwth-aachen.de Social Media Kanäle des IT Centers: https://blog.rwth-aachen.de/itc/ https://www.facebook.com/itcenterrwth https://www.linkedin.com/company/itcenterrwth https://twitter.com/ITCenterRWTH https://www.youtube.com/channel/UCKKDJJukeRwO0LP-ac8x8rQ

1 Woche, 4 Tage

1
1
0 0

Cisco Duo warns third-party data breach exposed SMS MFA logs

von Bernd Kohler

Hallo zusammen, sofern nicht selber schon gesehen/-lesen hier [0] FYI "Cisco Duo warns third-party data breach exposed SMS MFA logs" VG Bernd [0] https://www.bleepingcomputer.com/news/security/cisco-duo-warns-third-party-… -- Bernd Kohler IT Center Abteilung: Netze RWTH Aachen University Wendlingweg 10 52074 Aachen Tel: +49 241 80-29793 Fax: +49 241 80-22666 kohler(a)itc.rwth-aachen.de www.itc.rwth-aachen.de Social Media Kanäle des IT Centers: https://blog.rwth-aachen.de/itc/ https://www.facebook.com/itcenterrwth https://www.linkedin.com/company/itcenterrwth https://twitter.com/ITCenterRWTH https://www.youtube.com/channel/UCKKDJJukeRwO0LP-ac8x8rQ

1 Woche, 6 Tage

1
0
0 0

DevSecOpsGuides - Attacking Kubernetes/Docker/Cloud (inkl. AWS und

von Bernd Kohler

Hallo zusammen, sofern nicht selber schon gesehen/-lesen hier folgendes FYI [0] - Attacking Kubernetes [1] - Attacking Docker [2] - Cloud Attacks [3] - Attacking AWS [4] - Attacking Azure VG Bernd [0] https://blog.devsecopsguides.com/attacking-kubernetes [1] https://blog.devsecopsguides.com/attacking-docker [2] https://devsecopsguides.com/docs/attacks/cloud/ [3] https://blog.devsecopsguides.com/attacking-aws [4] https://blog.devsecopsguides.com/attacking-azure -- Bernd Kohler IT Center Abteilung: Netze RWTH Aachen University Wendlingweg 10 52074 Aachen Tel: +49 241 80-29793 Fax: +49 241 80-22666 kohler(a)itc.rwth-aachen.de www.itc.rwth-aachen.de Social Media Kanäle des IT Centers: https://blog.rwth-aachen.de/itc/ https://www.facebook.com/itcenterrwth https://www.linkedin.com/company/itcenterrwth https://twitter.com/ITCenterRWTH https://www.youtube.com/channel/UCKKDJJukeRwO0LP-ac8x8rQ

1 Woche, 6 Tage

1
0
0 0

New Spectre Variant (CVE-2024-2201) Exposes Limitations of Current

von Bernd Kohler

Hallo zusammen, sofern nicht selber schon gesehen/-lesen hier [0] FYI "New Spectre Variant (CVE-2024-2201) Exposes Limitations of Current Defenses" VG Bernd [0] https://securityonline.info/new-spectre-variant-cve-2024-2201-exposes-limit… -- Bernd Kohler IT Center Abteilung: Netze RWTH Aachen University Wendlingweg 10 52074 Aachen Tel: +49 241 80-29793 Fax: +49 241 80-22666 kohler(a)itc.rwth-aachen.de https://www.itc.rwth-aachen.de Social Media Kanäle des IT Centers: https://blog.rwth-aachen.de/itc/ https://www.facebook.com/itcenterrwth https://www.linkedin.com/company/itcenterrwth https://twitter.com/ITCenterRWTH https://www.youtube.com/c/ITCenterRWTHAachen

2 Wochen, 4 Tage

1
0
0 0

HTTP/2 CONTINUATION Flood

von Bernd Kohler

Hallo zusammen, sofern nicht selber schon gesehen/-lesen hier [0] FYI "HTTP/2 CONTINUATION Flood" VG Bernd [0] https://nowotarski.info/http2-continuation-flood/ -- Bernd Kohler IT Center Abteilung: Netze RWTH Aachen University Wendlingweg 10 52074 Aachen Tel: +49 241 80-29793 Fax: +49 241 80-22666 kohler(a)itc.rwth-aachen.de https://www.itc.rwth-aachen.de Social Media Kanäle des IT Centers: https://blog.rwth-aachen.de/itc/ https://www.facebook.com/itcenterrwth https://www.linkedin.com/company/itcenterrwth https://twitter.com/ITCenterRWTH https://www.youtube.com/c/ITCenterRWTHAachen

2 Wochen, 4 Tage

1
0
0 0

reverst: HTTP reverse tunnels over QUIC

von Bernd Kohler

Hallo zusammen, sofern nicht selber schon gesehen/-lesen hier [0] FYI "reverst: HTTP reverse tunnels over QUIC" VG Bernd [0] https://github.com/flipt-io/reverst/ -- Bernd Kohler IT Center Abteilung: Netze RWTH Aachen University Wendlingweg 10 52074 Aachen Tel: +49 241 80-29793 Fax: +49 241 80-22666 kohler(a)itc.rwth-aachen.de https://www.itc.rwth-aachen.de Social Media Kanäle des IT Centers: https://blog.rwth-aachen.de/itc/ https://www.facebook.com/itcenterrwth https://www.linkedin.com/company/itcenterrwth https://twitter.com/ITCenterRWTH https://www.youtube.com/c/ITCenterRWTHAachen

2 Wochen, 5 Tage

1
0
0 0

New Chrome feature aims to stop hackers from using stolen cookies

von Bernd Kohler

Hallo zusammen, sofern nicht selber schon gesehen/-lesen hier [0] FYI "New Chrome feature aims to stop hackers from using stolen cookies" --> es geht um Device Bound Session Credentials (DBSC) --> produktiv (derzeit Prototyp) laut [1] ab Chrome Version 131 --> Aktivierung mit chrome://flags/ --> "enable-bound-session-credentials" (Wechsel von "Default" nach "Enabled"; anschließend Relaunch) VG Bernd [0] https://www.bleepingcomputer.com/news/security/new-chrome-feature-aims-to-s… [1] https://github.com/WICG/dbsc/wiki/DBSC-timeline -- Bernd Kohler IT Center Abteilung: Netze RWTH Aachen University Wendlingweg 10 52074 Aachen Tel: +49 241 80-29793 Fax: +49 241 80-22666 kohler(a)itc.rwth-aachen.de https://www.itc.rwth-aachen.de Social Media Kanäle des IT Centers: https://blog.rwth-aachen.de/itc/ https://www.facebook.com/itcenterrwth https://www.linkedin.com/company/itcenterrwth https://twitter.com/ITCenterRWTH https://www.youtube.com/c/ITCenterRWTHAachen

2 Wochen, 5 Tage

1
0
0 0

2024

2023

2022

2021

2020

2019

2018

rwth-security