• Marți, 28 ianuarie, forumul va fi transferat pe un server nou cu începere la ora 10:00. Forumul va fi închis pe serverul vechi și va fi reactivat pe serverul nou după finalizarea transferului. Propagarea prin internet a schimbării adresei IP s-ar putea să dureze între 20 de minute și câteva ore, în funcție de serviciul DNS folosit de vizitatori.

Articole interesante din presă sau de pe bloguri

puterfixer

Administrator
Sugar daddy
Joined
Oct 30, 2003
Plus o gaură cât casa în toate echipamentele Citrix Netscaler folosite de corporații pentru accesul la intranet, vulnerabilitate publicată de Citrix fără un patch ci doar mitigation steps, la care unii au făcut reverse engineering și deja sunt la liber două exploit-uri proof of concept și weaponized cu care se pot face niște minunății pe Netscaler-urile alea. Știu, nu e-n ograda noastră, da' când cineva se fufu-n interneți, ne cam doare pe toți.
 

Quark

FJB43V
Sugar daddy
Joined
Nov 6, 2003
Location
the past.
Pănă la urmă văd că numai Win10 e afectat:

CryptoAPI spoofing vulnerability – CVE-2020-0601: This vulnerability affects all machines running 32- or 64-bit Windows 10 operating systems, including Windows Server versions 2016 and 2019. This vulnerability allows Elliptic Curve Cryptography (ECC) certificate validation to bypass the trust store, enabling unwanted or malicious software to masquerade as authentically signed by a trusted or trustworthy organization. This could deceive users or thwart malware detection methods such as antivirus. Additionally, a maliciously crafted certificate could be issued for a hostname that did not authorize it, and a browser that relies on Windows CryptoAPI would not issue a warning, allowing an attacker to decrypt, modify, or inject data on user connections without detection.
 

IceCub

Membru Senior
Joined
Jun 27, 2005
Location
/dev/urandom
But wait... there's more!

Multiple Windows RDP vulnerabilities – CVE-2020-0609, CVE-2020-0610, and CVE-2020-0611: These vulnerabilities affect Windows Server 2012 and newer. In addition, CVE-2020-0611 affects Windows 7 and newer. These vulnerabilities—in the Windows Remote Desktop client and RDP Gateway Server—allow for remote code execution, where arbitrary code could be run freely. The server vulnerabilities do not require authentication or user interaction and can be exploited by a specially crafted request. The client vulnerability can be exploited by convincing a user to connect to a malicious server.

Sursa
 

Quark

FJB43V
Sugar daddy
Joined
Nov 6, 2003
Location
the past.
Se pare că e mai complicată:

"Although Emergency Directive 20-02 applies only to certain Executive Branch departments and agencies, CISA strongly recommends state and local governments, the private sector, and others also patch these critical vulnerabilities as soon as possible." :biggrin:
 

ursamajor

צָפְנַת פַּעְנֵחַ
Sugar daddy
Joined
Nov 4, 2005
Location
BR
:wink: Nuș' cum dreaq se face, dar "comunistoidul" ăsta parcă mi-a ghicit gândurile. :kul:
 
Top Bottom