Cyberveillecurated by Decio
Nuage de tags
Mur d'images
Quotidien
Quotidien Hebdomadaire Mensuel

Quotidien Shaarli

Tous les liens d'un jour sur une page.

Jour précédent
Jour suivant

June 9, 2022

People’s Republic of China State-Sponsored Cyber Actors Exploit Network Providers and Devices

Best Practices • Apply patches as soon as possible • Disable unnecessary ports and protocols • Replace end-of-life infrastructure • Implement a centralized patch management system

09:04
CISA, EN, 2022, Advisory, uscert, csirt, cert, China, Alert, state-sponsored, exploited, PRC
EXCLUSIVE: U.S. Government Ordered Travel Companies To Spy On Russian Hacker For Years And Report His Whereabouts Every Week

Critics say the government isn’t doing enough to inform the public about such secretive surveillance.

08:32
forbes, EN, 2022, Sabre, Travelport, U.S., Forbes, Russian, Aleksei-Burkov, hacker, Amadeus, ACLU, privacy
Microsoft Diagnostic Tool "DogWalk" Package Path Traversal Gets Free Micropatches (0day/WontFix)

With the "Follina" / CVE-2022-30190 0day still hot, i.e., still waiting for an official fix while apparently already getting exploited by nation-backed attackers, another related unfixed vulnerability in Microsoft's Diagnostic Tool (MSDT) bubbled to the surface.

In January 2020, security researcher Imre Rad published an article titled "The trouble with Microsoft’s Troubleshooters," describing a method for having a malicious executable file being saved to user's Startup folder, where it would subsequently get executed upon user's next login. What the user has to do for this to happen is open a "diagcab" file...

08:29
0patch, EN, 2022, Follina, diagcab, CVE-2022-30190, 0-day, 0day, Diagnostic, research