From Security Weekly WikiJump to navigationJump to search
#[https://www.us-cert.gov/ncas/current-activity/2020/06/26/apache-releases-security-advisory-apache-tomcat Apache Releases Security Advisory for Apache Tomcat | CISA]
#[https://securityaffairs.co/wordpress/105263/cyber-crime/cardplanet-admin-sentenced.html The man behind Cardplanet credit card market sentenced to 9 years in prison]
#[https://medium.com/ochrona/python-path-traversal-prevention-the-tarbomb-5be58f06dd70 Python Arbitrary File Write Prevention: The Tarbomb] - ''As an example of how this could work, imagine you’re on your MacBook trying to open a file you just downloaded from your email, accounts_2020_06.tar.gz. From your downloads folder, you would expect the archive to be extracted into a new folder named accounts_2020_06. However, what if the archive contained a file with the path ../.bash_profile and contained a modified version of a bash profile that opened a backdoor on your system? If taken literally, this malicious file would overwrite your valid bash profile and you wouldn’t even know it.Luckily, the macOS archive utility and many other decompression tools check for these scenarios. However, not all do, case in point — tarfile, part of the python standard library, is vulnerable to this type of attack when used out of the box.''
#[https://threatpost.com/unpatched-wi-fi-extender-remote-control/156990/ Unpatched Wi-Fi Extender Opens Home Networks to Remote Control]
#[https://medium.com/london-blockchain-labs/the-internet-is-too-unsafe-we-need-more-hackers-c9742fc1a03b The Internet is too unsafe: We need more hackers]