All posts by cK-bot

■■■□□ Microsoft Sounds Alarm on Zero-Day Aimed at Office. https://securityboulevard.com/2021/09/microsoft-sounds-alarm-on-zero-day-aimed-at-office/ https://t.me/cKure/9248

■■■■■ GitHub finds 7 code execution vulnerabilities in ‘tar’ and npm CLI. GitHub security team has identified several high-severity vulnerabilities in npm packages, “tar” and “@npmcli/arborist,” used by npm CLI. The tar package receives 20 million weekly downloads on average, whereas arborist gets downloaded over 300,000 times every week. https://www.bleepingcomputer.com/news/security/github-finds-7-code-execution-vulnerabilities-in-tar-and-npm-cli/ https://t.me/cKure/9247

■■■■■ A team of academics from universities in Australia , Israel , and the United States has successfully mounted CPU side-channel attacks that recover data from Google Chrome and Chromium-based browsers protected by the Site Isolation feature. https://malware.news/t/new-cpu-side-channel-attack-takes-aim-at-chrome-s-site-isolation-feature/52538 https://t.me/cKure/9246

■□□□□ Cyber-Attack on Washington DC University. https://www.infosecurity-magazine.com/news/cyberattack-on-washington-dc/ https://t.me/cKure/9245

■■■■□ Critical Vulnerability in HAProxy (CVE-2021-40346): Integer Overflow Enables HTTP Smuggling https://jfrog.com/blog/critical-vulnerability-in-haproxy-cve-2021-40346-integer-overflow-enables-http-smuggling/ https://t.me/cKure/9244

■■■■□ RCE on a backend IIS server via file upload with an atypical file extension. More community curated payloads can be found at https://t.co/OyVhkHC5Iy https://twitter.com/ptswarm/status/1435618157956370432 https://t.me/cKure/9243

■■■□□ Interesting thread! https://twitter.com/blackorbird/status/1435614886785024001 https://t.me/cKure/9242

■■□□□ Data-Leak from UAE as actor shares PII / text records of residents of the nation state. https://t.me/cKure/9241

■■■■■ Interesting thread! How to use Hackvertor tags: Set a variable my value By default they are local. You can get the value like this: The real power is being able to nest tags like this: Twitter | Gareth Hayes https://t.me/cKure/9240

■■■□□ Microsoft on Tuesday warned of an actively exploited zero-day flaw impacting Internet Explorer that’s being used to hijack vulnerable Windows systems by leveraging weaponized Office documents. Tracked as CVE-2021-40444 (CVSS score: 8.8), the remote code execution flaw is rooted in MSHTML (aka Trident), a proprietary browser engine for the now-discontinued Internet Explorer and which…