IT Security Alerts

@itsecalert Нравится 0
Это ваш канал? Подтвердите владение для дополнительных возможностей

This channel posts IT security related topics and especially alerts. Submissions: https://infected.io/telegram-submissio
Гео и язык канала
не указан, Английский
Категория
Технологии


Гео канала
не указан
Язык канала
Английский
Категория
Технологии
Добавлен в индекс
16.09.2017 04:33
реклама
Telegram Analytics
Подписывайся, чтобы быть в курсе новостей TGStat.
TGAlertsBot
Мониторинг упоминаний ключевых слов в каналах и чатах.
SearcheeBot
Ваш гид в мире Telegram-каналов
6 491
подписчиков
~0
охват 1 публикации
~158
дневной охват
N/A
постов в день
N/A
ERR %
0.01
индекс цитирования
Репосты и упоминания канала
1 упоминаний канала
0 упоминаний публикаций
14 репостов
Тарчан
ZLONOV.ru
Today-OK is A-OK: "New" Year
#TechGuruDay
Stas'M Corp.
#TechGuruDay
#TechGuruDay
#TechGuruDay
#TechGuruDay
#TechGuruDay
#TechGuruDay
TL;DR - Костя
TL;DR - Костя
Каналы, которые цитирует @itsecalert
Упоминаний и репостов не обнаружено
Последние публикации
Удалённые
С упоминаниями
Репосты
IT Security Alerts 23 Apr, 01:03
⚠️ iPhones/iPads Mail app vulnerable

"The flaws could eventually let remote hackers secretly take complete control over Apple devices just by sending an email to any targeted individual with his email account logged-in to the vulnerable app."

Severity: 🔶 High
More Information: https://yt.gl/tjqz8

#alert #severityhigh #vulnerability #apple #mailapp

📬 Spread the news, forward the message to your mobile management admins.
❓ Questions? Feedback? Want to discuss? Join us at @itsectalk
Читать полностью
IT Security Alerts 22 Feb, 21:15
This channel is not dead, but we need your help. If you find something that might be interesting for broadcasting, please let us know in @itsectalk - thanks! 🚨
IT Security Alerts 14 Aug 2019, 00:18
⚠ Two unauthenticated RCE vulns in Microsoft Remote Desktop. Exploitation likely, says Microsoft. Affects Win 10, Win 7, Win 8.1, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2.

Updates are available and they should be applied immediately, especially for those systems acessible through the internet.

Severity: 🔶 High
More Information: https://yt.gl/20191181 and https://yt.gl/20191182

#alert #vulnberability #severityhigh #microsoft #remotedesktopservice #terminalservice #update

✉ Join the discussion over at our Telegram group @itsectalk and forward this to your enterprise administrator.
Читать полностью
IT Security Alerts 8 Jul 2019, 10:24
⚠️ Logitech "Unifying" (wireless RX), several vulnerabilities.
Affected are all products (keyboards, mice, presenters) that carry the "Unifying" logo.

Updates are available for some vulns, but applying the updates is not straight forward, please check the more information link.

Severity: 🔶 High
More Information: https://yt.gl/logitechunifying

#alert #severityhigh #vulnerability #hardware #logitech #unifying

📬 Spread the news, forward the message to your enterprise admins.
❓ Questions? Feedback? Want to discuss? Join us at @itsectalk
Читать полностью
IT Security Alerts 19 Jun 2019, 14:50
⚠️ Linux/FreeBSD Denial of Service attacks possible. Netflix has identified several TCP networking vulnerabilities in FreeBSD and Linux kernels.

- CVE-2019-11477: SACK Panic (Linux >= 2.6.29)
- 3 more CVEs

Severity: 🔶 High
More Information: https://yt.gl/sackpanic

#alert #severityhigh #vulnerability #linux #freebsd #networking #kernel

📬 Spread the news, forward the message to your sysadmins.
❓ Questions? Feedback? Want to discuss? Join us at @itsectalk
Читать полностью
IT Security Alerts 14 May 2019, 21:17
⚠️ Unauthenticated, remote code execution exploit for Microsot Remote Desktop Services - former Terminal (Windows 7, Server 2008 +r2). An attacker could install programs; view, change, or delete data; or create new accounts with full user rights. ✅ Update your systems now - a patch has been released.

CVSS Base Score: 9.8 - Severity: 🔶 High
More information & official advisory: https://yt.gl/rdpservicex

#alert #severityhigh #vulnerability #microsoft #remotedesktopservice #terminalservice #update

✉️ Join the discussion over at our Telegram group @itsectalk and forward this to your enterprise administrator.

*If you are affected, please vote ✔️ below. If you are unaffected, please vote ❌*
✔ 110
❌ 260
Читать полностью
IT Security Alerts 8 Mar 2019, 07:38
⚠️Chrome and Windows zero-day update, including CVE-2019-5786

Google has issued a more detailed announcement regarding CVE-2019-5786. This announcement includes new information about how the vulnerability was being exploited in the wild. The Chrome exploit was combined with a Windows 7 zero-day that remains unpatched. The Windows vulnerability permits local privilege escalation.

Google believes that security additions in Windows 10 makes attacks against the newer OS unrealistic, if not impossible:

"We strongly believe this vulnerability may only be exploitable on Windows 7 due to recent exploit mitigations added in newer versions of Windows. To date, we have only observed active exploitation against Windows 7 32-bit systems."

As it's likely that no patch will be available for the Windows 7 vulnerability for some time, Google's only mitigation advice is to upgrade to Windows 10:

"As mitigation advice for this vulnerability users should consider upgrading to Windows 10 if they are still running an older version of Windows, and to apply Windows patches from Microsoft when they become available. We will update this post when they are available."

No IOCs or alternative mitigations have been disclosed.

(Severity: 🔸high)

Announcement: https://security.googleblog.com/2019/03/disclosing-vulnerabilities-to-protect.html

#alert #severityHigh #vulnerability #browser #chrome #windows #rce #uaf #privilegeEscalation #exploitedNow #zeroDay #CVE20195786
Читать полностью
IT Security Alerts 7 Mar 2019, 20:04
⚠️Chrome/Chromium zero-day RCE (CVE-2019-5786), actively exploited in the wild. Affected Versions: < 72.0.3626.121

Information is beginning to circulate regarding CVE-2019-5786, a use-after-free (UAF) vulnerability in Chrome's FileReader API. The Chrome security team has indicated that it is being actively exploited in the wild. Details are limited, but the vulnerability is believed to permit remote code execution (RCE).

Some news sources have conflated this with another, less severe issue spotted by EdgeSpot relating to PDF files. Both EdgeSpot and Google have indicated that the issues are unrelated.

CVE-2019-5786 has been patched in Chrome version 72.0.3626.121, currently available on the stable channel. Other Chromium-based browsers, such as Vivaldi, may or may not be affected.

(Severity: 🔸high)

Additional information:

- Announcement from Google: https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop.html
- Chromium bug (not yet public): https://bugs.chromium.org/p/chromium/issues/detail?id=936448
- Tweet from a Chrome security engineer: https://twitter.com/justinschuh/status/1103087046661267456
- Patch: https://github.com/chromium/chromium/blob/ba9748e78ec7e9c0d594e7edf7b2c07ea2a90449/third_party/blink/renderer/platform/wtf/typed_arrays/array_buffer_builder.h#L63-L67
- Patch review: https://chromium-review.googlesource.com/c/1492873 and https://chromium-review.googlesource.com/c/1495209
- Technical explanation: https://news.ycombinator.com/item?id=19325083
- Sophos: https://nakedsecurity.sophos.com/2019/03/06/serious-chrome-zero-day-google-says-update-right-this-minute/
- Forbes (conflates CVE-2019-5786 and the PDF issue reported by EdgeSpot): https://www.forbes.com/sites/daveywinder/2019/03/07/google-confirms-serious-chrome-security-problem-heres-how-to-fix-it/

#alert #severityHigh #vulnerability #browser #chrome #rce #uaf #CVE20195786
Читать полностью
IT Security Alerts 17 Jan 2019, 22:42
⚠️Firefox Information Exposure. Affected Versions:
IT Security Alerts 17 Jan 2019, 22:42
⚠️PSA: On February 1, 2019, "DNS Flag Day," a large number of public DNS resolvers and ISPs will be removing workarounds intended to support authoritative nameservers that lack EDNS support. When this happens, sites relying on nameservers that don't properly support EDNS will go offline. A significant number of major websites have yet to update and are expected to go offline on Feburary 1.

Summary and compatibility testing tool: https://yt.gl/y4vgq

Technical information: https://yt.gl/i5hpy

Discuss this at @itsectalk!

#alert #breakingChange #dnsFlagDay
Читать полностью
IT Security Alerts 12 Dec 2018, 13:24
🎉🥇 We recently hit 5000 followers 🥇We want to take this opportunity to remind you to report any new vulnerabilities to our submission form https://infected.io/telegram-submissio - with over 5000 members in this channel we need feedback on what you think is a newsworthy vulnerability. We try to only post the most relevant vulnerabilities here in order to avoid flooding you with unrelated messages. That is why we would like to invite you to the @itsectalk group.

~ The IT Security Alerts & Group Admin Team
#infectedio #announcement
❤ 109
🍻 43
🙌🏼 23
Читать полностью
IT Security Alerts 16 Sep 2018, 18:18
⚠ Malicious Command Execution via bash-completion (CVE-2018-7738) At minimum, affected versions: Ubuntu 18.04
This issue affects any system using the util-linux
mount/umount bash-completion scripts between version 2.24 and 2.31.

A series of bugs apply with specially formatted USB drive name, which on mount run code.

example:

sudo mkfs.ntfs -f -L 'IFS=,;a=sudo,reboot;\$a' /dev/sdb1

umount

(severity: 🔷 low) - requires physical access
More info: https://yt.gl/say6z

#alert #severityLow #local #bash

Discuss this at @itsectalk and let your Linux sysadmins know.
Читать полностью
IT Security Alerts 16 Sep 2018, 16:20
⚠ CSS attack uses all memory, freeze/restarts IOS and OSX.

Disclosed on Twitter, When a user visits a page hosting this specially crafted CSS &
HTML, depending on the iOS version, the device will quickly use up all
available resources. On iOS this will cause either a kernel panic and a
reboot or a restarting of the iOS SpringBoard.

For Mac users, this will cause your computer to freeze briefly and
slow down, but you can close the Safari tab to stop the attack.

(severity: 🔶 medium)
More information: https://yt.gl/gamf2

#alert #severityMedium #remote #html #css #osx #ios #iphone

Discuss this at @itsectalk and feel free to forward this to your Apple sysadmin buddies!
Читать полностью
IT Security Alerts 13 Aug 2018, 23:12
⚠️ Fax machines, at least HP officejet, vulnerable to code injection... OVER FAX. You can jump from a phone line connection into the network. HP fixed this issue and released new firmware.

(severity: 🔶 high)
More information: https://yt.gl/1cz6r
Video demonstation: https://yt.gl/dkf2e

#alert #severityhigh #hp #officejet #remotecodeexecution #faxmachine

Check your offices for said printer and if it is connected to a phone line for receiving faxes. Sadly, this is not a joke at this time.

Discuss this at @itsectalk and subscribe/share on LinkedIn: https://www.linkedin.com/feed/update/urn:li:activity:6434863821919125504
Читать полностью
IT Security Alerts 8 Jun 2018, 01:53
⚠️ Flash zero-day. Flash versions 29.0.0.171 (and earlier) are affected by a zero-day that is already in use for targeted attacks. (Severity: 🔶 high)
More information: https://yt.gl/of75n

#alert #severityhigh #flash #adobe #adobeflash #vulnerability #zeroday

📢 Let your sysadmins know: simply forward our post or share on linkedin. Feel free to join the discussion at @itsectalk ✔️
https://www.linkedin.com/feed/update/urn:li:activity:6410624482708320256
Читать полностью
IT Security Alerts 7 Jun 2018, 21:12
⚠️ "vpnfilter" - new devices added. Asus, D-Link, Huawei, Linksys, Mikrotik, Netgear, QNAP, TP-Link, Ubiquiti, UPVEL, ZTE known to be affected. New devices for almost all vendors added! ➡️ Make sure to check the updated list!

❗️Over 500.000 devices affected, we encourage you to check if you have an affected device in your network.

(Severity: 🔶 High)
Further Information: https://yt.gl/qsk9m

#alert #severityhigh #vulnerability #update #vpnfilter #Asus, #D-Link #Huawei #Linksys #Mikrotik #Netgear #QNAP #TP-Link #Ubiquiti #UPVEL #ZTE

Feel free to discuss this issue in @itsectalk - thanks to our community member Purgatory for reporting this.
Follow us on LinkedIn and share directly with your network!
https://www.linkedin.com/feed/update/urn:li:activity:6410553701429321728
Читать полностью
IT Security Alerts 7 Jun 2018, 00:53
⚠️ Zip Slip Vulnerability
Many decompression implementations were found to be vulnerable to a simple directory traversal exploit. Decompression tools, libraries, and code snippets that fail to validate paths could decompress a file to an arbitrary location chosen by the attacker, potentially overwriting sensitive files and allowing for remote code execution. The vulnerability exists in a wide range of software. While many have been patched, it's likely that more will be found as time progresses.

(Severity: 🔶 High)

More Info:
Public disclosure: https://yt.gl/u63vi
List of affected products and CVE IDs: https://yt.gl/bfyhi
#alert #severityhigh #vulnerability #ZipSlip

Feel free to discuss this issue in @itsectalk
Follow us on LinkedIn and share directly with your network!
https://www.linkedin.com/feed/update/urn:li:activity:6410246775789092864/
Читать полностью
IT Security Alerts 5 Jun 2018, 00:33
⚠️ macOS Security Updates 2018-003 and iOS 11.4
Several bugfixes in the new security update 2018-003 and iOS 11.4. Please update your phones and systems.
On both systems (!) apple fixed code execution vulnerabilities.

(Severity: 🔸high)

More Info:
iOS 11.4: https://yt.gl/6xra4
MacOS: https://yt.gl/c8mpy
#alert #severityhigh #macos #ios #vulnerability #HT208849 #HT208848

Feel free to discuss this issue in @itsectalk
Follow us on LinkedIn and share directly with your network!
https://www.linkedin.com/feed/update/urn:li:activity:6409518243823788032
Читать полностью
IT Security Alerts 30 May 2018, 00:26
⚠️ Git - remote code execution vulnerability in submodules. Please check for updates of your Git client. Git for Windows was patched - update as soon as possible.

More information: https://yt.gl/gre3b
(severity: 🔶 high)

#alert #vulnerability #severityhigh #git
Feel free to discuss this issue in @itsectalk
Follow us on LinkedIn and share directly with your network!
https://www.linkedin.com/feed/update/urn:li:activity:6407341108107583488
Читать полностью
IT Security Alerts 22 May 2018, 23:14
⚠️ DrayTek Vigor vulnerability affecting over 20 routers

Through an unknown attack, the router Settings could be changed. DrayTek will rollout new updates asap.

If possible disable WAN mgmt or enable TLS, check the routers DNS servers and wait for an update.

More Information: https://yt.gl/9s0vo
(severity: 🔶 high)

#alert #vulnerability #severityhigh #draytek
Feel free to discuss this issue in @itsectalk
Follow us on LinkedIn and share directly with your network!
https://www.linkedin.com/company/18509395/
Читать полностью