CERT/CC @certcc
CERT Coordination Center at the Carnegie Mellon University Software Engineering Institute. cert.org Pittsburgh, PA, USA Joined March 2009-
Tweets103
-
Followers3K
-
Following0
-
Likes2
You all know by now about the #log4j CVE-2021-44228 that affects lots of Java applications, right? No? Well that extra sleep must be nice! We've published a vulnerability note with details: kb.cert.org/vuls/id/930724 We link to PowerShell and Python3 scanners to find jar files too.
We have been communicating our findings to and collaborating with Pulse Secure. They have published more details about the Integrity Checker Tool (ICT) here: kb.pulsesecure.net/articles/Pulse…
Since the Pulse Connect Secure ICT has been public since March, it would be wise to assume that attackers have worked around it by now. Yes, run the ICT if you haven't already by now. No, a clean ICT report doesn't necessarily mean you're fine.
It is important to realize that the Pulse Secure Integrity Checker Tool (ICT) and the PCS factory reset functionality can both be subverted by an attacker on a compromised PCS device. If we can do this, assume that attackers can do this as well. 🤔
If you have a Pulse Connect Secure system and did not immediately apply the instantaneous XML workaround published on April 20, assume compromise until you can prove otherwise. Run the PCS Integrity Assurance package as soon as possible (requires reboot). kb.pulsesecure.net/articles/Pulse…
@cscart We have a vulnerability report that we would like to share with you. How would you like to receive vulnerability reports?
This is not a drill - patch your Exchange Servers ASAP We're seeing active exploitation by #HAFNIUM microsoft.com/security/blog/…
We've published vulnerability note VU#490028 about Zerologon / CVE-2020-1472. Windows Domain controllers without the August update from Microsoft are vulnerable to complete domain takeover by an unauthenticated attacker. Samba DCs < 4.8 affected by default kb.cert.org/vuls/id/490028
Citrix vulnerabilities in Citrix ADC (formerly known as NetScaler ADC), Citrix Gateway (formerly known as NetScaler Gateway) and Citrix SD-WAN WANOP. Impacts include system compromise by an unauthenticated user on the management network. support.citrix.com/article/CTX276…
Please patch all devices affected by CVE-2020-2021 immediately, especially if SAML is in use. Foreign APTs will likely attempt exploit soon. We appreciate @PaloAltoNtwks’ proactive response to this vulnerability. security.paloaltonetworks.com/CVE-2020-2021
@p1onk @zmanion The CERT/CC has a form to report vulnerabilities: kb.cert.org/vuls/report/
Microsoft has released ADV200006 about an 0day vulnerability being exploited in the wild in Microsoft Windows Adobe Type Manager Type 1 font parsing. There are almost as many workarounds provided as there are attack vectors! kb.cert.org/vuls/id/354840/
Microsoft has released updates for this issue: portal.msrc.microsoft.com/en-US/security…
Disable SMB compression and block SMB both inbound AND outbound to help prevent exploitation of an unpatched "wormable" vulnerability in Microsoft Windows SMBv3. kb.cert.org/vuls/id/872016/ ADV200005 CVE-2020-0796 VU#872016
VU#338824 Microsoft Internet Explorer is being actively exploited in the wild using a new unpatched vulnerability in the Scripting Engine. Disable access to JScript.dll as a workaround. kb.cert.org/vuls/id/338824/
If you use "Disable all macros without notification" in Microsoft Office for Mac, you may be in for an unpleasant surprise. XLM macros in SYLK (.SLK) content will run without any prompting. This allows for arbitrary code execution without any clicks. kb.cert.org/vuls/id/125336/
Any device that has a software stack associated with it may become unsafe when it has outlived its support life span. It's Time to Retire Your Unsupported Things insights.sei.cmu.edu/cert/2019/10/i…
CVE Celebrates 20 Years! cve.mitre.org/news/archives/…! #cve #cveentries #cveids #cna #vulnerabilities #cybersecurity
@todb Indeed. But guess what happens to a narrowly-targeted attack that suddenly has a patch available?
It's important to note that these updates are NOT currently being deployed via Windows Update or Microsoft Update. Despite being actively exploited in the wild, manual actions must be taken to receive the fixes.
Out of band security vulnerability fixes CVE-2019-1367 and CVE-2019-1255 have been released today. For more information please see portal.msrc.microsoft.com/en-US/security… and portal.msrc.microsoft.com/en-US/security… .
Will Dormann is on Ma... @wdormann
26K Followers 1K Following I play with vulnerabilities and exploits. I used to be here on Twitter but now I'm here: @[email protected] https://t.co/hXggdAVkSQ
Will @BushidoToken
38K Followers 3K Following Senior Threat Intel Advisor @TeamCymru | Co-founder @CuratedIntel | Co-author @SANSForensics FOR589 | Co-founder @BSidesBournemth | @darknetdiaries #126: REvil
CISA Cyber @CISACyber
298K Followers 73 Following Part of @CISAgov, we respond to major incidents, analyze threats, and exchange critical cybersecurity information with partners around the world.
Mohammed Meeran @mmeeran_26
0 Followers 787 Following
ungr18 @ungr18pj
0 Followers 34 Following
Water Master🇬🇭 @Dapaah20
862 Followers 5K Following Jesus Christ died for all human beings. Every person, regardless of age, color, nationality or race is valuable to God and to Me
MZ @ctrl_alt_webmz
238 Followers 3K Following Digital PM. Dobie Mom URI.FullSail.SNHU Science | Tech | Cybersec | AI | Psych| Astronomy | History | True Crime The Strange Archive™
Martti Sutinen @martti_sutinen
0 Followers 158 Following
Sonjoy Paul @sonjoy_k_paul
55 Followers 2K Following Computer Science Ph.D. Student @TAMU | Bangladeshi 🇧🇩
Lvis Alberto @LvisAlbert
52 Followers 343 Following Administrador de Seguridad Informática en Banred
Kai | Cyber Threat In... @KaiCyberIntel
0 Followers 70 Following CTI specialist. Former in-house security practitioner. 脅威・脆弱性・検知を、現場の優先順位付けとリスク判断に変換します。相談はDMへ。
WitnessOps @WitnessOps
0 Followers 20 Following Evidence verifier for cyber defense. Portable proof. Offline verification.
Carnota @carnotaesp
35 Followers 2K Following
TigerNDR | Detection ... @tigerndr
2 Followers 85 Following 🛡️ On-prem AI-powered NDR for K-12, churches, and communities. Anthropic CVP-Approved | Built by @dixiereformanda 🤖
bas @bassenget
1 Followers 105 Following
Just For IA @News_Sev14
0 Followers 34 Following
0x6A616D657A @jamezrr
14 Followers 310 Following
Gökhan Yazıcıoğlu @c_oglu28091
1 Followers 26 Following
0x41 @b1n0x41
142 Followers 265 Following
KRD-CERT @KRDCERT
0 Followers 5 Following KRD-CERT | Official Computer Emergency Response Team | Kurdistan Region of iraq | [email protected]
Titiprout @titiproutt
2 Followers 563 Following
xalque @que_retirement
0 Followers 18 Following
z3rolog1n @z3rolog1n
0 Followers 26 Following
tabee191 @tabee191
0 Followers 5 Following
Abatis ABTU @Abatis_ABTU
1K Followers 496 Following ABTU is Web3’s first sovereign cybersecurity utility token, giving you access to military-tested, autonomous, immutable, pre-foundational defence.
asyura @GsEQmn9vFy78004
0 Followers 28 Following
Kunegunda @Kuneguna
2 Followers 534 Following
QuantZen™ @quant_zen
819 Followers 366 Following Quantum-Proof Cryptographic layer to protect applications from today's Phishing attempts and future Quantum attacks without touching base-layer consensus.
Allele Security Intel... @alleleintel
1K Followers 2K Following Allele Security Intelligence is an independent company specializing in Information Security research.
Gyanendra P. Joshi @joshigyanu
159 Followers 505 Following
pasindu hunters @HuntersPas37781
0 Followers 13 Following
白呵呵 @Loadbug
0 Followers 641 Following
BugFinder @BugFind2Defend
0 Followers 8 Following
AirHack9 @AirHack9
0 Followers 25 Following
Crypto pump @Cryptopump2233
11 Followers 27 Following https://t.co/fwg6yDImUp - Group of 20 whales - A huge community that - PUMP Meme Coins - 400k + members - Average of 75x gains
lamon Wisetkaew @LamonWisetkaew
59 Followers 305 Following 🔑 I never forget passwords but sometimes forget which brilliant one I set
ねたふり @pretend_2_sleep
0 Followers 81 Following
︎ @0xocdsec
4K Followers 7K Following ︎ 🏴☠️ 🇪🇺 💚 🇺🇦 | computers & features | 💚 🏴☠️ party | 603,628 km² https://t.co/F5dgX7AEoL
Andrea Minigozzi LDO @Lddea42443
0 Followers 43 Following
You might like
