/ categories / Technology /

IT Security Alerts


@itsecalert
6695

This channel posts IT security related topics and especially alerts. Submissions: https://infected.io/telegram-submissio


TOP channels

Telegram News


@telegram
3.05M -710

The official Telegram on Telegram. Much recursion. Very Telegram. Wow.

Computer™


@WINCOMPUTER
93.64K +43

Computer Softwares And Games Plus Hacks And Tricks 🐣 ⭐️🌟 🌟 🌟 🌟

Google Camera Port Updates


@googlecameraport
78.64K +291

Notification channel for new apks posted on https://www.celsoazevedo.com/files/android/google-camera/ . Disclaimer: This is not the official Google Camera, files are created by various devs, I cannot assure you they are safe. Use at your own risk.

Paytm Loot Updates


@paytmlootupdates
64.30K +81

Latest Tricks, Latest Offer, Unlimited Tricks, Loot Offers, Online Refer Script, Otpbypass Tricks, App Promotion / Channel Promotion Contact Admin :- @technotyboy

Software N Application


@software_application
62.65K +109

Software atau Application untuk komputer dan smartphone terkini. Software adalah untuk Windows sahaja.

Tech Guide


@TechGuide
62.12K +77

Android, iOS, Windows, Computer related Tips, Tricks, Guide & News. Paid Promotion: @DrDigit Partnership: https://telegramguide.com

Latest publications

8432

⚠ Two unauthenticated RCE vulns in Microsoft Remote Desktop. Exploitation likely, says Microsoft. Affects Win 10, Win 7, Win 8.1, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2.

Updates are available and they should be applied immediately, especially for those systems acessible through the internet.

Severity: 🔶 High
More Information: https://yt.gl/20191181 and https://yt.gl/20191182

#alert #vulnberability #severityhigh #microsoft #remotedesktopservice #terminalservice #update

✉ Join the discussion over at our Telegram group @itsectalk and forward this to your enterprise administrator.


21:09 13.08.19
11.58K

⚠️ Logitech "Unifying" (wireless RX), several vulnerabilities.
Affected are all products (keyboards, mice, presenters) that carry the "Unifying" logo.

Updates are available for some vulns, but applying the updates is not straight forward, please check the more information link.

Severity: 🔶 High
More Information: https://yt.gl/logitechunifying

#alert #severityhigh #vulnerability #hardware #logitech #unifying

📬 Spread the news, forward the message to your enterprise admins.
❓ Questions? Feedback? Want to discuss? Join us at @itsectalk


07:07 08.07.19
8912

⚠️ Linux/FreeBSD Denial of Service attacks possible. Netflix has identified several TCP networking vulnerabilities in FreeBSD and Linux kernels.

- CVE-2019-11477: SACK Panic (Linux >= 2.6.29)
- 3 more CVEs

Severity: 🔶 High
More Information: https://yt.gl/sackpanic

#alert #severityhigh #vulnerability #linux #freebsd #networking #kernel

📬 Spread the news, forward the message to your sysadmins.
❓ Questions? Feedback? Want to discuss? Join us at @itsectalk


11:11 19.06.19
11.63K

⚠️ Unauthenticated, remote code execution exploit for Microsot Remote Desktop Services - former Terminal (Windows 7, Server 2008 +r2). An attacker could install programs; view, change, or delete data; or create new accounts with full user rights. ✅ Update your systems now - a patch has been released.

CVSS Base Score: 9.8 - Severity: 🔶 High
More information & official advisory: https://yt.gl/rdpservicex

#alert #severityhigh #vulnerability #microsoft #remotedesktopservice #terminalservice #update

✉️ Join the discussion over at our Telegram group @itsectalk and forward this to your enterprise administrator.

If you are affected, please vote ✔️ below. If you are unaffected, please vote ❌


18:06 14.05.19
11.48K

⚠️Chrome and Windows zero-day update, including CVE-2019-5786

Google has issued a more detailed announcement regarding CVE-2019-5786. This announcement includes new information about how the vulnerability was being exploited in the wild. The Chrome exploit was combined with a Windows 7 zero-day that remains unpatched. The Windows vulnerability permits local privilege escalation.

Google believes that security additions in Windows 10 makes attacks against the newer OS unrealistic, if not impossible:

"We strongly believe this vulnerability may only be exploitable on Windows 7 due to recent exploit mitigations added in newer versions of Windows. To date, we have only observed active exploitation against Windows 7 32-bit systems."

As it's likely that no patch will be available for the Windows 7 vulnerability for some time, Google's only mitigation advice is to upgrade to Windows 10:

"As mitigation advice for this vulnerability users should consider upgrading to Windows 10 if they are still running an older version of Windows, and to apply Windows patches from Microsoft when they become available. We will update this post when they are available."

No IOCs or alternative mitigations have been disclosed.

(Severity: 🔸high)

Announcement: https://security.googleblog.com/2019/03/disclosing-vulnerabilities-to-protect.html

#alert #severityHigh #vulnerability #browser #chrome #windows #rce #uaf #privilegeEscalation #exploitedNow #zeroDay #CVE20195786


04:04 08.03.19
9314

⚠️Chrome/Chromium zero-day RCE (CVE-2019-5786), actively exploited in the wild. Affected Versions: < 72.0.3626.121

Information is beginning to circulate regarding CVE-2019-5786, a use-after-free (UAF) vulnerability in Chrome's FileReader API. The Chrome security team has indicated that it is being actively exploited in the wild. Details are limited, but the vulnerability is believed to permit remote code execution (RCE).

Some news sources have conflated this with another, less severe issue spotted by EdgeSpot relating to PDF files. Both EdgeSpot and Google have indicated that the issues are unrelated.

CVE-2019-5786 has been patched in Chrome version 72.0.3626.121, currently available on the stable channel. Other Chromium-based browsers, such as Vivaldi, may or may not be affected.

(Severity: 🔸high)

Additional information:

- Announcement from Google: https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop.html
- Chromium bug (not yet public): https://bugs.chromium.org/p/chromium/issues/detail?id=936448
- Tweet from a Chrome security engineer: https://twitter.com/justinschuh/status/1103087046661267456
- Patch: https://github.com/chromium/chromium/blob/ba9748e78ec7e9c0d594e7edf7b2c07ea2a90449/thirdparty/blink/renderer/platform/wtf/typedarrays/arraybufferbuilder.h#L63-L67
- Patch review: https://chromium-review.googlesource.com/c/1492873 and https://chromium-review.googlesource.com/c/1495209
- Technical explanation: https://news.ycombinator.com/item?id=19325083
- Sophos: https://nakedsecurity.sophos.com/2019/03/06/serious-chrome-zero-day-google-says-update-right-this-minute/
- Forbes (conflates CVE-2019-5786 and the PDF issue reported by EdgeSpot): https://www.forbes.com/sites/daveywinder/2019/03/07/google-confirms-serious-chrome-security-problem-heres-how-to-fix-it/

#alert #severityHigh #vulnerability #browser #chrome #rce #uaf #CVE20195786


17:05 07.03.19
8171

⚠️Firefox Information Exposure. Affected Versions: <= 64

All files from a directory can be uploaded to a remote webserver by an attacker if a victim is tricked into interacting with a downloaded HTML using Firefox.

(Severity: 🔸medium)

Further information: https://yt.gl/hpiav

Vulnerability test: https://yt.gl/ws80y

Currently there is no update availble. Don't download and run unknown HTML files.

#alert #severityMedium #vulnerability #browser #firefox #SYSS2018041


19:07 17.01.19