Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in Optical BB unit E-WMTA2.3 allows a remote attacker to hijack the authentication of administrators via a specially crafted page...

basic/unit-name.c in systemd prior to 246.15 247.8 248.5 and 249.1 has a Memory Allocation with an Excessive Size Value (involving strdupa and alloca for a pathname controlled by a local attacker) that results in an operating system crash.

...

CVE-2021-20783

Cross-site request forgery CSRF vulnerability in Optical BB unit E-WMTA2.3 allows a remote attacker to hijack the authentication of administrators via a specially crafted page...

CVE-2021-20783

The CVE-2021-20783 entry concerns a CSRF vulnerability in the Optical BB unit E-WMTA2.3, allowing a remote attacker to hijack administrator sessions through a specially crafted page. Affected component: Optical BB unit E-WMTA2.3. Root cause stated: cross-site request forgery vulnerability; exploi...

Machine Learning Testing for Data Scientists

In one software development project after another, it has been proven that testing saves time. Does this hold true for machine learning projects? Should data scientists write tests? Will it make their work better and/or faster? We believe the answer is YES! In this post we describe a full...

OESA-2021-1271 systemd security update

systemd is a system and service manager that runs as PID 1 and starts the rest of the system. Security Fixes: basic/unit-name.c in systemd 220 through 248 has a Memory Allocation with an Excessive Size Value involving strdupa and alloca for a pathname controlled by a local attacker that results i...

systemd: uncontrolled allocation on the stack in function unit_name_path_escape leads to crash

A flaw was found in systemd. The use of alloca function with an uncontrolled size in function unitnamepathescape allows a local attacker, able to mount a filesystem on a very long path, to crash systemd and the whole system by allocating a very large space in the stack. The highest threat from th...

SUSE: Security Advisory (SUSE-SU-2021:2404-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

DEBIAN-CVE-2021-33910

basic/unit-name.c in systemd prior to 246.15, 247.8, 248.5, and 249.1 has a Memory Allocation with an Excessive Size Value involving strdupa and alloca for a pathname controlled by a local attacker that results in an operating system crash...

UBUNTU-CVE-2021-33910

basic/unit-name.c in systemd prior to 246.15, 247.8, 248.5, and 249.1 has a Memory Allocation with an Excessive Size Value involving strdupa and alloca for a pathname controlled by a local attacker that results in an operating system crash...

systemd 安全漏洞

systemd is a Linux-based system and service manager from the individual developer Lennart Poettering in Germany. The product is compatible with SysV and LSB startup scripts and provides a framework for representing dependencies between system services. A security vulnerability exists in systemd...

Ubuntu 16.04 ESM : systemd vulnerabilities (USN-5013-2)

The remote Ubuntu 16.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5013-2 advisory. USN-5013-1 fixed several vulnerabilities in systemd. This update provides the corresponding update for Ubuntu 16.04 ESM. Tenable has extracted the...

Microsoft delivers comprehensive solution to battle rise in consent phishing emails

Microsoft threat analysts are tracking a continued increase in consent phishing emails, also called illicit consent grants, that abuse OAuth request links in an attempt to trick recipients into granting attacker-owned apps permissions to access sensitive data. This blog offers a look into the...

Optical BB unit E-WMTA2.3 vulnerable to cross-site request forgery

Overview Optical BB unit E-WMTA2.3 provided by SoftBank contains a cross-site request forgery vulnerability CWE-352. Hiroki Nishino reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact If a user views a malicious...

JVN#34364599: Optical BB unit E-WMTA2.3 vulnerable to cross-site request forgery

Optical BB unit E-WMTA2.3 provided by SoftBank contains a cross-site request forgery vulnerability CWE-352. Impact If a user views a malicious page while logged in, unintended operations may be performed. Solution Update the firmware According to the developer, the fixed firmware for this...

Beware password-spraying fancy bears

The NSA, FBI, and CISA, in cooperation with the UKs National Cyber Security Centre NCSC, have issued a report that describes in detail why, and how, they think that a Russian military unit is behind large-scale brute-force attacks on the cloud-IT resources of government and private sector compani...

CVE-2021-28692

inappropriate x86 IOMMU timeout detection / handling IOMMUs process commands issued to them in parallel with the operation of the CPUs issuing such commands. In the current implementation in Xen, asynchronous notification of the completion of such commands is not used. Instead, the issuing CPU...

Encouraging women to embrace their cybersecurity superpowers

The cybersecurity challenges of today require a diversity of skills, perspectives, and experiences, yet women remain underrepresented in this field. On International Women’s Day, some Microsoft Security women leaders penned a powerful blog highlighting the underrepresentation of women in...

EU to Launch Bloc-wide Rapid Response Joint Cyber Unit

By Deeba Ahmed The task force is quite similar to Washington’s ransomware task force, but the EU’s version will coordinate with authorities across the bloc. This is a post from HackRead.com Read the original post: EU to Launch Bloc-wide Rapid Response Joint Cyber Unit...

Swift-Attack - Unit Tests For Blue Teams To Aid With Building Detections For Some Common macOS Post Exploitation Methods

Unit tests for blue teams to aid with building detections for some common macOS post exploitation methods. I have included some post exploitation examples using both command line history and on disk binaries which should be easier for detection as well as post exploitation examples using API call...