Aktuelle Sicherheitslücken - Seite 41
URL: https://www.overclockers.at/applications/aktuelle-sicherheitsluecken_238671/page_41 - zur Vollversion wechseln!
Jedimaster schrieb am 15.11.2023 um 10:24
Falls jemand einen AMD Virtualisierungshost im Einsatz hat und 'fremde' mithostet - evtl. interessant:
https://www.heise.de/news/CacheWarp...Us-9528270.html
Viper780 schrieb am 15.11.2023 um 10:47
Allen mit Ice Lake, Rocket Lake, Tiger Lake, Raptor Lake, Alder Lake, Sapphire Rapids (und vielleicht anderen) können auch gleich mit patchen
Google researchers discover 'Reptar,’ a new CPU vulnerability | Google Cloud BlogA new CPU vulnerability, ‘Reptar,’ found by Google researchers, has been patched by Google and Intel. Here’s what you need to know.
Link: cloud.google.com
sichNix schrieb am 15.11.2023 um 12:11
Confluence backdoor ‘Effluence’ persists even after patchingGot a Confluence server? Listen up. Malware said to have wide-ranging capabilities
Link: www.theregister.com
sichNix schrieb am 24.11.2023 um 08:43
Cloud-Computing-Software ownCloud und Nextcloud angreifbarAngreifer können unbefugt auf Dateien auf Nextcloud- und ownCloud-Servern zugreifen. Sicherheitsupdates und Workarounds schaffen Abhilfe.
Link: www.heise.de
Disclosure of sensitive credentials and configuration in containerized deployments - ownCloudRisk: critical CVSS v3 Base Score: 10 CVSS v3 Vector: AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H CWE ID: CWE-200 CWE Name: Exposure of Sensitive Information to an Unauthorized Actor Description The “graphapi” app relies on a third-party library that provides a URL. When this URL is accessed, it reveals the configuration details of the PHP environment (phpinfo). This information includes […]
Link: owncloud.com
WebDAV Api Authentication Bypass using Pre-Signed URLs - ownCloudRisk: high CVSS v3 Base Score: 9.8 CVSS v3 Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CWE ID: CWE-665 CWE Name: Improper Initialization Description It is possible to access, modify or delete any file without authentication if the username of the victim is known and the victim has no signing-key configured (which is the default). Affected core 10.6.0 – 10.13.0 […]
Link: owncloud.com
mr.nice. schrieb am 28.11.2023 um 18:46
FYI ich habe gerade eine hack notice für ebay.com erhalten, Zugangsdaten ändern kann nicht schaden.
smashIt schrieb am 28.11.2023 um 19:05
hier noch nichts.
war die mail echt?
mr.nice. schrieb am 28.11.2023 um 19:15
Laut den Metadaten ist sie echt.
eBay, Inc. Data Security hack as reported to the State of New Hampshire Department of Justice, Oct 26 2023.
Fraglich warum ich sie jetzt erst erhalten habe.
smashIt schrieb am 28.11.2023 um 19:32
dann bin ich mal gespannt, wann die mail bei mir eintrudelt.
InfiX schrieb am 28.11.2023 um 20:38
ich hab auch (noch?) nichts bekommen.
Elbart schrieb am 06.12.2023 um 21:09
Just about every Windows and Linux device vulnerable to new LogoFAIL firmware attackUEFIs booting Windows and Linux devices can be hacked by malicious logo images.
Link: arstechnica.com
LogoFAIL is a newly discovered set of high-impact security vulnerabilities affecting different image parsing libraries used in the system firmware by various vendors during the device boot process. These vulnerabilities are present in most cases inside reference code, impacting not a single vendor but the entire ecosystem across this code and device vendors where it is used. This attack can give a threat actor an advantage in bypassing most endpoint security solutions and delivering a stealth firmware bootkit that will persist in a firmware capsule with a modified logo image.
that schrieb am 06.12.2023 um 21:44
Just about every Windows and Linux device vulnerable to new LogoFAIL firmware attack
Na toll, um den Expoit zu installieren, braucht man erstmal Root/Admin-Rechte, um die EFI-Partition zu mounten und das Logo reinzukopieren.
smashIt schrieb am 24.01.2024 um 01:46
Mother of All Breaches: a Historic Data Leak Reveals 26 Billion Records | CybernewsThe supermassive leak contains data from numerous previous breaches, comprising an astounding 12 terabytes of information, spanning over a mind-boggling 26 billion records. The leak is almost certainly the largest ever discovered.
There are data leaks, and then there’s this. A supermassive Mother of all Breaches (MOAB for short) includes records from thousands of meticulously compiled and reindexed leaks, breaches, and privately sold databases. The full and searchable list is included at the end of this article.
Bob Dyachenko, cybersecurity researcher and owner at SecurityDiscovery.com, together with the Cybernews team, has discovered billions upon billions of exposed records on an open instance whose owner is unlikely ever to be identified.
Link: cybernews.com
26 milliarden einträge sind schon eine ansage 
Jedimaster schrieb am 06.02.2024 um 14:32
Unglaublich was heutzutags alles sicherheitsrelevant sein kann ...Wer also nicht 'gut durch' oder als 'Eisblock' aufwachen möchte und eine Wärmepumpe sein Eigen nennt sollte eventuell handeln 
https://www.heise.de/news/Waermepum...rt-9618846.html
Daeda schrieb am 06.02.2024 um 15:50
wenigstens wars passwort nicht "root" oder 12345
COLOSSUS schrieb am 06.02.2024 um 15:54
wenigstens wars passwort nicht "root" oder 12345
Bitte in Zukunft keine vertraulichen, zum Zugriff auf den oc.at-Server notwendigen Daten im Forum posten. Vielen Dank!
overclockers.at v4.thecommunity
© all rights reserved by overclockers.at 2000-2025