Cyber Security Newsfeeds from around the world
Date Discovered. October 16, 2019 Description. VMware SD-WAN by VeloCloud is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in further attacks. VeloCloud Orchestrator vers…
Continue ReadingAccording to the advisory, malicious actors with administrative access to a project could potentially exploit the flaw in order to “create a robot account inside of an adjacent project via the Harbor API.” Doing so would allow them to push, pull or mod…
Continue ReadingTalos Vulnerability Report TALOS-2019-0818 AMD ATI Radeon ATIDXX64.DLL shader functionality remote code execution vulnerability September 16, 2019 CVE Number. CVE-2019-5049.
Summary. An exploitable memory corruption vulnerability exists in AMD ATIDXX6…
Continue ReadingVMware this week released patches to address a critical vulnerability in Harbor, which was found to impact VMware Cloud Foundation and VMware Harbor Container Registry for PCF. Harbor is an open source registry project for storing, signing and scanning…
Continue Readingis introducing PowerProtect DD Series Appliances, the next- generation of its Data Domain protection storage appliances, enabling organizations to protect, manage and recover data at scale across diverse environments. In addition, Dell Technologies is …
Continue ReadingSecurity Advisory. This security advisory describes one high risk vulnerability.
1) Improper access control. Severity: High. CVSSv3: [PCI] CVE-ID: CVE-2019-16097. CWE-ID: Description. CWE-284 – Improper Access Control The vulnerability allows a remote…
Continue Reading## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## # Exploitation and Caveats from zerosum0x0: # # 1. Register with channel MS_T120 (and others such as RDPDR/RDPSND)…
Continue ReadingVMware this week patched code execution, command injection, information disclosure and denial-of-service (DoS) vulnerabilities in its ESXi, vCenter Server, Workstation, Fusion, VMRC and Horizon Client products. On Monday, the company announced the avai…
Continue ReadingNewsletter compiled by Jon Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. We’re all still trying to shake off the summer. Gone are the early Fridays, beach vacations…
Continue Reading# macOS-Kernel-Exploit ## DISCLAIMER You need to know the KASLR slide to use the exploit. Also SMAP needs to be disabled which means that it’s not exploitable on Macs after 2015. These limitations make the exploit pretty much unusable for in-the-wild e…
Continue Reading