Changes

From Security Weekly Wiki
Jump to navigationJump to search
473 bytes added ,  19:20, 5 December 2019
no edit summary
#[https://www.zdnet.com/article/openbsd-patches-severe-authentication-bypass-privilege-escalation-vulnerabilities/ OpenBSD patches authentication bypass, privilege escalation vulnerabilities | ZDNet]
#[https://arstechnica.com/information-technology/2019/12/hackerone-breach-lets-outside-hacker-read-customers-private-bug-reports/ HackerOne breach lets outside hacker read customers private bug reports] - Oops: '', the HackerOne analyst sent the community member parts of a cURL command that mistakenly included a valid session cookie that gave anyone with possession of it the ability to read and partially modify data the analyst had access to.'' One must be careful when sharing information with a bunch of hackers.
#[https://www.wired.com/story/microsoft-outlook-home-page-hack/ Hackers Find Ways Around a Years-Old Microsoft Outlook Fix]- ''"We've been using Outlook Home Page attacks for several years in our red team engagements," says Dave Kennedy, TrustedSec's founder and CEO. "Our goal is to use real-world attacks and adversary capabilities against our customers, and Home Page attacks largely go unnoticed in almost every organization. When you have a Microsoft Office product making modifications to the Office Registry, it's very difficult for defenders to pick up on because it looks legitimate."''
#[https://www.zdnet.com/article/two-malicious-python-libraries-removed-from-pypi/ Two malicious Python libraries caught stealing SSH and GPG keys | ZDNet]
#[https://hotforsecurity.bitdefender.com/blog/mystery-server-found-to-host-private-data-in-the-open-for-1-2-billion-people-21827.html Mystery Server Found to Host Private Data in the Open for 1.2...]
6,509

edits

Navigation menu