Deep dive into the Solorigate second-stage activation: From SUNBURST to TEARDROP and Raindrop

More than a month into the discovery of Solorigate, investigations continue to unearth new details that prove it is one of the most sophisticated and protracted intrusion attacks of the decade. Our continued analysis of threat data shows that the attackers behind Solorigate are skilled campaign...

SolarWinds Hackers Also Breached Malwarebytes Cybersecurity Firm

Malwarebytes on Tuesday said it was breached by the same group who broke into SolarWinds to access some of its internal emails, making it the fourth major cybersecurity vendor to be targeted after FireEye, Microsoft, and CrowdStrike. The company said its intrusion was not the result of a SolarWin...

QIWI: mysql.initial.sql file is accessable for everyone

здравствуйте. я нашел mysql.initial.sql файл Roundcube Webmail initial database structure. оно открыта для всех. это sql файл которая создает структуру разных таблиц как user,session,cache и так далее PoC url: https://contact.rapida.ru/mysql.initial.sql F1164134 F1164136 Impact information...

Updated gdm packages fix a security vulnerability

Kevin Backhouse discovered that GDM incorrectly launched the initial setup tool when the accountsservice daemon was not reachable. A local attacker able to cause accountsservice to crash or stop responding could trick GDM into launching the initial setup tool and create a privileged user...

Exploit for Incorrect Default Permissions in Microsoft

Awesome Red Teaming List of Awesome Red Team / Red Teaming Resources This list is for anyone wishing to learn about Red Teaming but do not have a starting point. Anyway, this is a living resources and will update regularly with latest Adversarial Tactics and Techniques based on Mitre ATT&CK You c...

EulerOS 2.0 SP8 : gdm (EulerOS-SA-2020-2511)

According to the version of the gdm package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - gdm3 versions before 3.36.2 or 3.38.2 would start gnome-initial-setup if gdm3 can't contact the accountservice service via dbus in a timely manner on...

Advanced Persistent Threat Actors Targeting U.S. Think Tanks

Summary This Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge ATT &CK® framework. See the ATT&CK for Enterprise for all referenced threat actor tactics and techniques. The Cybersecurity and Infrastructure Security Agency CISA and the Federal Bureau of Investigation FB...

LIMITED RELEASE - WorxMail for Windows 10.2.8

Package name: WorxMail1028.xap For: WorxMail for Windows Version 10.2.0 Replaces: None Date: March, 2016 Languages supported: English US Readme version: 1.00 Readme Revision History Version| Date| Change Description ---|---|--- 1.00| March, 2016| Initial release Important Notes about This Update...

openGauss: Changing the Password of the Initial User

An initial user is the system administrator with the ID 10 and has the highest permission in openGauss. This user cannot be modified. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

DEBIAN-CVE-2020-16125

gdm3 versions before 3.36.2 or 3.38.2 would start gnome-initial-setup if gdm3 can't contact the accountservice service via dbus in a timely manner; on Ubuntu and potentially derivatives this could be be chained with an additional issue that could allow a local user to create a new privileged...

CVE-2020-16125 gdm3 would start gnome-initial-setup if it cannot contact accountservice

gdm3 versions before 3.36.2 or 3.38.2 would start gnome-initial-setup if gdm3 can't contact the accountservice service via dbus in a timely manner; on Ubuntu and potentially derivatives this could be be chained with an additional issue that could allow a local user to create a new privileged...

gnome-software and fwupd security, bug fix, and enhancement update

appstream-data 8-20200724 - Regenerate the RHEL metadata to include the EPEL apps too - Resolves: 1844488 8-20200630 - Regenerate the RHEL metadata - Resolves: 1844488 fwupd 1.4.2-4.0.1 - Build with the updated Oracle certificate - Use oraclesecureboot301 as certdir Orabug: 29881368 - Use new...

USN-4614-1 gdm3 vulnerability

Kevin Backhouse discovered that GDM incorrectly launched the initial setup tool when the accountsservice daemon was not reachable. A local attacker able to cause accountsservice to crash or stop responding could trick GDM into launching the initial setup tool and create a privileged user...

initial-setup bug fix and enhancement update

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section...

CVE-2020-8183

A logic error in Nextcloud Server 19.0.0 caused a plaintext storage of the share password when it was given on the initial create API call...

CVE-2020-8183

A logic error in Nextcloud Server 19.0.0 caused a plaintext storage of the share password when it was given on the initial create API call...

Kegtap, Singlemalt, Winekey Malware Serve Up Ransomware to Hospitals

The boozy names might sound like the kind of thing conjured up in a frat-house common room, but malware families Kegtap, Singlemalt and Winekey are being used to gain initial network access in potentially lethal ransomware attacks on healthcare organizations in the midst of a global pandemic,...

CVE-2020-3549

A vulnerability in the sftunnel functionality of Cisco Firepower Management Center FMC Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to obtain the device registration hash. The vulnerability is due to insufficient sftunnel negotiation...

Awesome-Red-Teaming

This is a list of resources for Red Teaming, a list that will be updated regularly with the latest adversarial tactics and techniques based on the Mitre ATT&CK framework. The list covers various topics such as Initial Access, Execution, Persistence, Privilege Escalation, Defense Evasion, Credenti...

CVE-2020-16974

An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges...