Metasploit Weekly Wrap-Up

Bofloader - Windows Meterpreter Gets Beacon Object File Loader Support This week brings a new and frequently requested feature to the Windows Meterpreter, the Beacon Object File loader. This new extension, bofloader, allows for users to execute Beacon Object Files as written for either Cobalt...

GSD-2022-1005112 igb: Add lock to avoid data race

igb: Add lock to avoid data race This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.19.4 by commit 64c0c233a88591bb23569ae12eed7f74e5bd39ce, it...

SUSE-SU-2022:3153-1 Security update for gdk-pixbuf

This update for gdk-pixbuf fixes the following issues: Update to version 2.42.9: - CVE-2021-44648: Fixed overflow vulnerability in lzw code size bsc1194633. Bugfixes: - Fixed loading of larger images glgoGNOME/gdk-pixbuf216. - Avoided bashism in baselibs postscript bsc1195391...

vbcperth.com.au Cross Site Scripting vulnerability OBB-2839179

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

FCC warns of steep rise in phishing over SMS

After the FCC Federal Communications Commission made a huge splash weeks ago when it told Google and Apple to pull TikTok from their respective app stores, the federal agency is now warning Americans of an increased wave of SMS phishing attacks. SMS phishing, otherwise known as smishing or...

FCC warns of steep rise in phishing over SMS

After the FCC Federal Communications Commission made a huge splash weeks ago when it told Google and Apple to pull TikTok from their respective app stores, the federal agency is now warning Americans of an increased wave of SMS phishing attacks. SMS phishing, otherwise known as smishing or...

Mind the Gap – How to Ensure Your Vulnerability Detection Methods are up to Scratch — The Hacker News

With global cybercrime costs expected to reach $10.5 trillion annually by 2025, it comes as little surprise that the risk of attack is companies' biggest concern globally. To help businesses uncover and fix the vulnerabilities and misconfigurations affecting their systems, there is an overabundan...

ALPINE-CVE-2022-29187

Git is a distributed revision control system. Git prior to versions 2.37.1, 2.36.2, 2.35.4, 2.34.4, 2.33.4, 2.32.3, 2.31.4, and 2.30.5, is vulnerable to privilege escalation in all platforms. An unsuspecting user could still be affected by the issue reported in CVE-2022-24765, for example when...

PT-2022-3601 · Git +10 · Git +10

Name of the Vulnerable Software and Affected Versions: Git versions prior to 2.37.1 Git versions prior to 2.36.2 Git versions prior to 2.35.4 Git versions prior to 2.34.4 Git versions prior to 2.33.4 Git versions prior to 2.32.3 Git versions prior to 2.31.4 Git versions prior to 2.30.5 Descriptio...

GSD-2022-1003977 PCI: Avoid pci_dev_lock() AB/BA deadlock with sriov_numvfs_store()

PCI: Avoid pcidevlock AB/BA deadlock with sriovnumvfsstore This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.14.283 by commit...

GSD-2022-1003492 bcache: avoid journal no-space deadlock by reserving 1 journal bucket

bcache: avoid journal no-space deadlock by reserving 1 journal bucket This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.121 by commit...

Malicious Package

Overview contract-metadata is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package...

demircihotel.com Cross Site Scripting vulnerability OBB-2662072

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

[Infographic] Cloud Misconfigurations: Don't Become a Breach Statistic

!\Infographic\ Cloud Misconfigurations: Don't Become a Breach Statistichttps://blog.rapid7.com/content/images/2022/05/miconfigurations-infographic-clip2.jpg No one wants their company to be named in the latest headline-grabbing data breach. Luckily, there are steps you can take to keep your...

GSD-2022-1001789 f2fs: use spin_lock to avoid hang

f2fs: use spinlock to avoid hang This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.33 by commit 2eff60346e7ae1a24cd868b8fdcf58e946e7dde1. Fo...

Dell Technologies Dell PowerScale OneFS安全漏洞

Dell PowerScale OneFS is the PowerScale OneFS operating system that provides horizontal scaling NAS. A security vulnerability exists in Dell PowerScale OneFS, which can be exploited by an attacker to not log information that identifies the source of changes to account information...

How to speed up your computer or laptop

Why do machines always throw a tantrum when you are in a hurry? It’s called Murphy’s Law which some people may know as the butter side down rule. Anything that can go wrong will go wrong. And usually at a time when it is most inconvenient. That being said, there are ways to speed things up. Let’s...

uftm.edu.br Cross Site Scripting vulnerability OBB-2288480

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

UVI-2021-1000366 Bluetooth: avoid deadlock between hci_dev->lock and socket lock

Bluetooth: avoid deadlock between hcidev-lock and socket lock This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.37 by commit...

CVE-2021-25217

In ISC DHCP 4.1-ESV-R1 - 4.1-ESV-R16, ISC DHCP 4.4.0 - 4.4.2 Other branches of ISC DHCP i.e., releases in the 4.0.x series or lower and releases in the 4.3.x series are beyond their End-of-Life EOL and no longer supported by ISC. From inspection it is clear that the defect is also present in...