All posts tagged hack

■■■■□ Zero-Day: GitLab has addressed a critical vulnerability, tracked as CVE-2022-1162 (CVSS score of 9.1), that could allow remote attackers to take over user accounts. https://securityaffairs.co/wordpress/129730/hacking/cve-2022-1162-flaw-gitlab.html https://t.me/cKure/11111

■■■■□ How The Tables Have Turned: An analysis of two new Linux vulnerabilities in nf_tables https://blog.dbouman.nl/2022/04/02/How-The-Tables-Have-Turned-CVE-2022-1015-1016/ https://t.me/cKure/11110

■□□□□ Russia Ukraine Cyber-War: 62,000 emails from the Marathon Group, an investment firm owned by Alexander Vinokurov, who is under EU sanctions for “providing a substantial source of revenue to the Government of Russia.” https://ddosecrets.com/wiki/Marathon_Group https://t.me/cKure/11109

■■□□□ The global 5G in defense market reached a value of $765.2 million in 2021, and looking forward, the market is set to reach a value of $8,952.30 million by 2027 exhibiting a CAGR of 48.50% during 2022-2027, according to ResearchAndMarkets. Keeping in mind the uncertainties of COVID-19, we are continuously tracking and evaluating the…

■■■□□ Cyber-War: Cyber-Attack on Ukraine and Europe as Russia launches sophisticated wiper-ware. Tens of thousands of Viasat satellite broadband modems that were disabled in a cyber-attack late last month were wiped by malware with links to the Russian government’s destructive VPNFilter, according to SentinelOne. https://go.theregister.com/feed/www.theregister.com/2022/04/01/sentinelone_wiper_viasat/ https://t.me/cKure/11107

■■■■□ Apple has just sent out two security advisories covering two zero-day security holes, namely: Apple Bulletin HT213219: Kernel code execution bug CVE-2022-22675. This update is for iOS and iPadOS, both of which go to version 15.4.1. https://support.apple.com/en-us/HT213219 Apple Bulletin HT213220: Kernel code execution bug CVE-2022-22675 and kernel data leakage bug CVE-2022-22674. This update is…

■■■■□ Zero-Day: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-22675: An out-of-bounds write issue was addressed with improved bounds checking. Impact: An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited. https://support.apple.com/en-gb/HT213219 https://t.me/cKure/11105

■■□□□ United States : The United States Department of Justice (DoJ) has revealed it has indicted an NSA employee for allegedly sharing top secret national security information with an unnamed person who worked in the private sector. https://www.justice.gov/usao-md/pr/national-security-agency-employee-facing-federal-indictment-willful-transmission-and https://regmedia.co.uk/2022/04/01/unkenholz_indictment.pdf https://www.theregister.com/2022/04/01/nsa_employee_secret_data_leak/ https://t.me/cKure/11104

■□□□□ Wyze Cam devices are affected by three security vulnerabilities that can allow attackers to takeover them and access camera feeds. The three flaws reported by the cybersecurity firm are: • An authentication bypass tracked CVE-2019-9564 • A stack-based buffer overflow, tracked as CVE-2019-12266, which could lead to remote control execution. • An unauthenticated access…

■■■□□ ICYMI: CVE-2014-0094 Apache Struts Security Bypass Vulnerability. https://hacksum.net/2014/04/28/cve-2014-0094-apache-struts-security-bypass-vulnerability/ https://t.me/cKure/11102