Articole interesante din presă sau de pe bloguri

puterfixer

Administrator
Sugar daddy
Joined
Oct 30, 2003
Plus o gaură cât casa în toate echipamentele Citrix Netscaler folosite de corporații pentru accesul la intranet, vulnerabilitate publicată de Citrix fără un patch ci doar mitigation steps, la care unii au făcut reverse engineering și deja sunt la liber două exploit-uri proof of concept și weaponized cu care se pot face niște minunății pe Netscaler-urile alea. Știu, nu e-n ograda noastră, da' când cineva se fufu-n interneți, ne cam doare pe toți.
 

Quark

Zis și Brucan
Sugar daddy
Joined
Nov 6, 2003
Location
the past.
Pănă la urmă văd că numai Win10 e afectat:

CryptoAPI spoofing vulnerability – CVE-2020-0601: This vulnerability affects all machines running 32- or 64-bit Windows 10 operating systems, including Windows Server versions 2016 and 2019. This vulnerability allows Elliptic Curve Cryptography (ECC) certificate validation to bypass the trust store, enabling unwanted or malicious software to masquerade as authentically signed by a trusted or trustworthy organization. This could deceive users or thwart malware detection methods such as antivirus. Additionally, a maliciously crafted certificate could be issued for a hostname that did not authorize it, and a browser that relies on Windows CryptoAPI would not issue a warning, allowing an attacker to decrypt, modify, or inject data on user connections without detection.
 

IceCub

Membru Senior
Joined
Jun 27, 2005
Location
/dev/urandom
But wait... there's more!

Multiple Windows RDP vulnerabilities – CVE-2020-0609, CVE-2020-0610, and CVE-2020-0611: These vulnerabilities affect Windows Server 2012 and newer. In addition, CVE-2020-0611 affects Windows 7 and newer. These vulnerabilities—in the Windows Remote Desktop client and RDP Gateway Server—allow for remote code execution, where arbitrary code could be run freely. The server vulnerabilities do not require authentication or user interaction and can be exploited by a specially crafted request. The client vulnerability can be exploited by convincing a user to connect to a malicious server.

Sursa
 

Quark

Zis și Brucan
Sugar daddy
Joined
Nov 6, 2003
Location
the past.
Se pare că e mai complicată:

"Although Emergency Directive 20-02 applies only to certain Executive Branch departments and agencies, CISA strongly recommends state and local governments, the private sector, and others also patch these critical vulnerabilities as soon as possible." :biggrin:
 

ursamajor

צָפְנַת פַּעְנֵחַ
Sugar daddy
Joined
Nov 4, 2005
Location
BR
:wink: Nuș' cum dreaq se face, dar "comunistoidul" ăsta parcă mi-a ghicit gândurile. :kul:
 

puterfixer

Administrator
Sugar daddy
Joined
Oct 30, 2003
Momentul wtf al serii - ceva de pe xf raportează vizitele la facebook, și acuma nebunesc să aflu CE. Fac pariu că e mizeria aia de Tapatalk.
 

radul

Membru Senior
Joined
Sep 8, 2004
Location
Iasi

Olivian Breda

Internet marketer
Sugar daddy
Joined
Aug 18, 2005
Location
Bucuresti
O perspectivă alternativă asupra Avast. Autorul e creatorul Moz.com (fost SEOMoz), unul din cele mai importante site-uri / aplicații de SEO.

Avast's Shutdown of Jumpshot Will Harm the Web and the World | SparkToro https://sparktoro.com/blog/avasts-shutdown-of-jumpshot-will-harm-the-web-and-the-world/

Jumpshot was one of the best and only sources for collecting high quality, aggregated, fully anonymized data about how people use the web. It’s loss will be felt keenly across numerous industries, including the web marketing world. But, in my opinion, the greatest loss is for those who seek to hold powerful tech companies to account for their lies and anti-competitive behavior.
 

Olivian Breda

Internet marketer
Sugar daddy
Joined
Aug 18, 2005
Location
Bucuresti
De acord, nu e tocmai cea mai bine văzută meserie. Dar tipul de la Moz mi se pare și meseriaș bun și, în general, cu caracter bun.
 
Top Bottom