[Bug 1816163] CVE-2020-6062 coturn: specially crafted HTTP POST request can lead to server crash and denial of service - Report Cyber Crime

Author:Source March 23, 2020

 Category Applications CERT-LatestNews VulnerabilitiesAll VulnerabilitiesApplications

An exploitable denial-of-service vulnerability exists in the way CoTURN 4.5.1.1 web server parses POST requests. A specially crafted HTTP POST request can lead to server crash and denial of service. External Reference:

This CVE Bugzilla entry is for community support informational purposes only as….

Source link

 Category Microsoft VulnerabilitiesAll VulnerabilitiesApplications VulnerabilitiesGoogle VulnerabilitiesMicrosoft

AI框架安全依旧堪忧：360 AI安全研究院披露Tensorflow 24个漏洞

September 28, 2020

近日，360 AI安全研究院（AIVUL团队）对Google Tensorflow进行了安全测试，在不到一个月的时间内发现多个安全问题，最终获得谷歌分配的24个CVE编号，其中危险等级严重的漏洞（critical severity）2个，高危（high severity）8个，中危（moderate severity）12个，低危（low severity）2个，影响上千万开发者及用户。 0x01 机器学习框架安全问题. 近年来，谷歌（Google）、脸书（Facebook）、微软（Microsoft）等公司发布了一系列开源的人工智能框架，如Tensorflow、PyTorch、MXNet、CN…. Source link

 Tags 24个漏洞, AI安全研究院披露Tensorflow, AI框架安全依旧堪忧360, Operating Systems Vulnerabilities, 资讯

vamtam-theme-circle-post

 Category Microsoft VulnerabilitiesAdobe VulnerabilitiesAll VulnerabilitiesApple VulnerabilitiesApplications VulnerabilitiesFirmware VulnerabilitiesLinux VulnerabilitiesMicrosoft VulnerabilitiesOS

macOS Mojave : cascade de problèmes avec la dernière mise à jour de sécurité

September 28, 2020

La dernière mise à jour de sécurité pour macOS Mojave cause de multiples problèmes à...

 Tags Avec, Bug macOS Mojave, cascade, dernière, jour, macOS, macOS Mojave, mise, mise à jour de sécurité, Mojave, Operating Systems Vulnerabilities, problèmes, sécurité

vamtam-theme-circle-post

 Category Microsoft VulnerabilitiesAdobe VulnerabilitiesAll VulnerabilitiesMicrosoft

Webinare: Ob HR, Sales oder im Daily Business – Adobe Sign optimiert deine Workflows

September 28, 2020

In drei kompakten Webinaren erfährst du, wie Adobe Sign dein Unternehmen voranbringt – und das...

 Tags Adobe, Business, Daily, deine, oder, Operating Systems Vulnerabilities, optimiert, sales, sign, Webinare, workflows

vamtam-theme-circle-post

 Category CERT-LatestNews Cybersecurity-Covid-19 KasperskyNews Malware Microsoft ThreatsActivists ThreatsCybercrime ThreatsEconomic ThreatsStrategic VulnerabilitiesAll VulnerabilitiesApplications VulnerabilitiesCisco VulnerabilitiesDBMS VulnerabilitiesMicrosoft VulnerabilitiesNetwork VulnerabilitiesOracle

US Judge Blocks Trump’s TikTok Ban – Security news

September 28, 2020

US Judge Blocks Trump’s TikTok BanA US federal judge has blocked a government-mandated ban on...

 Tags Ban, Blocks, Judge, News, Operating Systems Vulnerabilities, Security, TikTok, Trumps

vamtam-theme-circle-post

 Category CERT-LatestNews Microsoft ThreatsCybercrime VulnerabilitiesAll VulnerabilitiesCrypto VulnerabilitiesDBMS VulnerabilitiesMicrosoft VulnerabilitiesNetwork

Corporations and Government Agencies Prepare for Attacks – Secure Your Workplace Network

September 28, 2020

Last month, Microsoft announced that it had patched one of the most dangerous bugs ever...

 Tags agencies, Attacks, Corporations, Government, network, Operating Systems Vulnerabilities, Prepare, Secure, Workplace

 Category APTFilter CERT-LatestNews DDoS-Threats Microsoft VulnerabilitiesAll VulnerabilitiesMicrosoft

ADLab 针对新型黑客组织“海毒蛇”深度追踪与分析

September 28, 2020

表2 文件托管服务器上恶意文件列表. 从表2中我们可以看出，“海毒蛇”组织长期保持着对物联网攻击的兴趣，他们在过去一年时间里持续使用Gafgyt、Mirai等物联网僵尸以获取物联网攻击资源。从物联网僵尸的上传记录来看，他们至少从2019年6月（这个时间应该会更早，因为我们并不能看到该黑客组织的所有基础设施的使用记录)开始就利用Gafgyt、Mirai等物联网僵尸入侵物联网设备，以构建僵尸网络。2020年7月，使用OneDrive云存储空间作为媒介向目标投放AgentTesla窃密木马。2020年8月，开始利用钓鱼邮件向各企业投放Remcos…. Source link

 Tags ADLab, Operating Systems Vulnerabilities, 针对新型黑客组织海毒蛇深度追踪与分析

vamtam-theme-circle-post

 Category CERT-LatestNews Microsoft ThreatsCybercrime VulnerabilitiesAll VulnerabilitiesFirmware VulnerabilitiesMicrosoft

Kernel exploitation: weaponizing CVE-2020-17382 MSI Ambient Link driver :: — uf0

September 28, 2020

Preamble – Why are drivers still a valuable target? Kernels are, no euphemism intended, complex...

 Tags Ambient, CVE202017382, driver, exploit dev, exploitation, hacking, infosec, kernel, Link, MSI, Operating Systems Vulnerabilities, Reverse Engineering, uf0, weaponizing

vamtam-theme-circle-post

 Category CERT-LatestNews Malware Microsoft ThreatsCybercrime VulnerabilitiesAll VulnerabilitiesApplications VulnerabilitiesMicrosoft

1-click meterpreter exploit chain with BeEF and AV/AMSI bypass | by ゆり

September 28, 2020

The idea was to perform delivery using phishing via link that would redirect user to...

 Tags 1click, AVAMSI, BeEF, Bypass, chain, Exploit, meterpreter, Operating Systems Vulnerabilities, ゆり

 Category Microsoft VulnerabilitiesAll VulnerabilitiesDBMS VulnerabilitiesGoogle VulnerabilitiesMicrosoft VulnerabilitiesOS

安全事件周报（09.21-09.27）

September 28, 2020

日期: 2020年09月22日等级: 高作者: Lawrence Abrams 标签: Italy, Luxottica, eyewear, RansomWare, Citrix ADX, CVE-2019-19781....

vamtam-theme-circle-post

 Category CERT-LatestNews Malware Microsoft ThreatsCybercrime VulnerabilitiesAll VulnerabilitiesApplications VulnerabilitiesGoogle VulnerabilitiesMicrosoft VulnerabilitiesNetwork

Attackers Exploiting ‘ZeroLogon’ Windows Flaw — Krebs on Security

September 28, 2020

Microsoft warned on Wednesday that malicious hackers are exploiting a particularly dangerous flaw in Windows...

 Tags Attackers, Exploiting, Flaw, Krebs, Operating Systems Vulnerabilities, Security, Windows, Zerologon



OMB’s new coronavirus contractor guidance doesn’t answer some of the toughest questions Situational Awareness for Cybersecurity Architecture: Network Visibility