Karl Voit :emacs: :orgmode:<p>"If it’s smart, it’s vulnerable"</p><p>Schöne neue IT-Welt:</p><p>"Durch die <a href="https://graz.social/tags/Sicherheitsl%C3%BCcken" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Sicherheitslücken</span></a> haben es die Forscher geschafft, eine Root-Shell auf einem <a href="https://graz.social/tags/Bose" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Bose</span></a>-Lautsprecher zu erhalten, und dann davon in ein <a href="https://graz.social/tags/Autoradio" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Autoradio</span></a> von <a href="https://graz.social/tags/Panasonic" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Panasonic</span></a> einzubrechen. Somit kann man sich von einem <a href="https://graz.social/tags/AirPlay" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AirPlay</span></a>- und <a href="https://graz.social/tags/CarPlay" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CarPlay</span></a>-Gerät zum nächsten hacken."</p><p>"Außerdem beschwerten sich die Forscher, dass <a href="https://graz.social/tags/Apple" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Apple</span></a> ein Rate-Limit zum Übermitteln von <a href="https://graz.social/tags/Schwachstellen" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Schwachstellen</span></a> hat – nach 16 CVEs gibt es die Meldung, man könne weitere Lücken erst am nächsten Tag melden."</p><p>"In einer Live-Demo zeigte er, wie man [...] eine Socket-Kommunikation trotz geblocktem Port bei der <a href="https://graz.social/tags/Defender" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Defender</span></a>-Firewall durchführen kann, komplett vorbei am <a href="https://graz.social/tags/Betriebssystem" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Betriebssystem</span></a>. Auch bei <a href="https://graz.social/tags/UEFI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>UEFI</span></a>-Malware bleibt es also ein ewiges Katz-und-Maus-Rennen."</p><p><a href="https://www.heise.de/news/Black-Hat-If-it-s-smart-it-s-vulnerable-10513370.html" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">heise.de/news/Black-Hat-If-it-</span><span class="invisible">s-smart-it-s-vulnerable-10513370.html</span></a></p><p><a href="https://graz.social/tags/CVE" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CVE</span></a> <a href="https://graz.social/tags/Malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Malware</span></a> <a href="https://graz.social/tags/Security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Security</span></a></p>
#cve
34 posts16 participants0 posts today
Phishing attacks exploit WinRAR flaw CVE-2025-8088 to install RomCom – Source: securityaffairs.com https://ciso2ciso.com/phishing-attacks-exploit-winrar-flaw-cve-2025-8088-to-install-romcom-source-securityaffairs-com/ #rssfeedpostgeneratorecho #informationsecuritynews #SecurityAffairscom #CyberSecurityNews #PierluigiPaganini #SecurityAffairs #SecurityAffairs #CVE-2025-8088 #BreakingNews #Cyberwarfare #SecurityNews #hackingnews #Security #hacking #RomCom #WinRAR
CISO2CISO.COM & CYBER SECURITY GROUP · Phishing attacks exploit WinRAR flaw CVE-2025-8088 to install RomCom – Source: securityaffairs.comSource: securityaffairs.com - Author: Pierluigi Paganini WinRAR flaw CVE-2025-8088, fixed in v7.13, was exploited as a zero-day in phis
HackerOne Bug Bounty Disclosure: man-in-the-middle-through-broken-ssl-certificate-verification-kinnay - https://www.redpacketsecurity.com/hackerone-bugbounty-disclosure-man-in-the-middle-through-broken-ssl-certificate-verification-kinnay/
RedPacket Security · HackerOne Bug Bounty Disclosure: man-in-the-middle-through-broken-ssl-certificate-verification-kinnay - RedPacket SecurityCompany Name: Nintendo
CISA, Microsoft warn of critical Exchange hybrid flaw CVE-2025-53786 – Source: securityaffairs.com https://ciso2ciso.com/cisa-microsoft-warn-of-critical-exchange-hybrid-flaw-cve-2025-53786-source-securityaffairs-com/ #rssfeedpostgeneratorecho #informationsecuritynews #SecurityAffairscom #CyberSecurityNews #MicrosoftExchange #PierluigiPaganini #SecurityAffairs #SecurityAffairs #CVE-2025-53786 #BreakingNews #hackingnews #Security #hacking
CISO2CISO.COM & CYBER SECURITY GROUP · CISA, Microsoft warn of critical Exchange hybrid flaw CVE-2025-53786 – Source: securityaffairs.comSource: securityaffairs.com - Author: Pierluigi Paganini CISA and Microsoft warn of CVE-2025-53786, a high-severity Exchange flaw allow
We have a new tutorial up on the Puppet blog! This step-by-step tutorial shows how to use vulnerability remediation in Puppet Enterprise Advanced to:
* Locate a CVE an the nodes affected by the CVE
* Create a job to remediate the vulnerability on those nodes.
* Review the progress and success of the patching.
https://www.puppet.com/blog/vulnerability-remediation-puppet-advanced-patching
Multiple Security Vulnerabilities Found in WWBN AVideo, MedDream, and Eclipse ThreadX https://gbhackers.com/multiple-security-vulnerabilities/ #CVE/vulnerability #CyberSecurityNews #Vulnerabilities #cybersecurity #Vulnerability
CISA Issues Urgent Advisory to Address Microsoft Exchange Flaw https://gbhackers.com/cisa-advisory-microsoft-exchange-flaw/ #CVE/vulnerability #CyberSecurityNews #Vulnerability #cybersecurity #Microsoft
GBHackers Security | #1 Globally Trusted Cyber Security News Platform · CISA Issues Urgent Advisory to Address Microsoft Exchange FlawCISA has issued an Emergency Directive, requiring federal agencies to address a critical vulnerability in Microsoft Exchange hybrid configurations immediately.
Retbleed Vulnerability Exploited to Access Any Process’s Memory on Newer CPUs https://gbhackers.com/retbleed-vulnerability-exploited/ #CVE/vulnerability #CyberSecurityNews #Vulnerabilities #Vulnerability #cybersecurity
Replied in thread
If you get #checkpoint without a #cve or a #backdoor you won the jackpot
Microsoft to Pull Plug on Shared EWS Access in Hybrid Exchange by October https://thecyberexpress.com/exchange-web-services-changes/ #ExchangeWebServices #TheCyberExpressNews #richcoexistence #TheCyberExpress #CVE-2025-53786 #ExchangeOnline #FirewallDaily #CyberNews #EWS
The Cyber Express · Exchange Web Services Changes Coming by Oct 2025
HackerOne Bug Bounty Disclosure: use-after-free-that-leads-to-arbitrary-write-for-some-versions-letshack - https://www.redpacketsecurity.com/hackerone-bugbounty-disclosure-use-after-free-that-leads-to-arbitrary-write-for-some-versions-letshack/
RedPacket Security · HackerOne Bug Bounty Disclosure: use-after-free-that-leads-to-arbitrary-write-for-some-versions-letshack - RedPacket SecurityCompany Name: curl
rhoo ils ont renommé la "contribution volontaire obligatoire"
Rockwell Arena Simulation Flaws Allow Remote Execution of Malicious Code https://gbhackers.com/rockwell-arena-simulation-flaws/ #CVE/vulnerability #CyberSecurityNews #Vulnerabilities #cybersecurity #Vulnerability
We Speak CVE Podcast episode 28 now available!
“Mapping the Root Causes of CVEs”
https://youtu.be/3nNmrv4j1YE
#CVE #CWE #Vulnerability #Cybersecurity #VulnerabilityManagement
Minutes from the CVE Board teleconference meeting on July 23 are now available
https://mail-archive.com/cve-editorial-board-list@mitre.org/msg00286.html
#cve #vulnerability #vulnerabilitymanagement #hssedi #cisa #infosec #cybersecurity
mail-archive.comCVE Board Meeting Minutes: July 23, 2025
Adobe AEM Forms 0-Day Vulnerability Allows Attackers to Run Arbitrary Code https://gbhackers.com/adobe-aem-forms-0-day-vulnerability-allows-attackers-to-run-arbitrary-code/ #CVE/vulnerability #CyberSecurityNews #Vulnerabilities #cybersecurity #Vulnerability