🐛 COMMON VULNERABILITIES AND EXPOSURES 2[−]
14 JunMAR-10443863-1.v1 CVE-2017-9248 Exploitation in U.S. Government IIS ServerSummary Description CISA received three files for analysis. The files included three webshells written in PHP: Hypertext Preprocessor (PHP), Active Server Pages Extended (ASPX), and .NET Dynamic-Link Library (DLL). The sample “sd.php” is highly obfuscated and uses rot13 algorithm…CISA.GOV
14 JunCVE-2023-33141 Yet Another Reverse Proxy (YARP) Denial of Service VulnerabilityFAQ added to explain that the YARP 2.0 is not immediately available. The update will be released as soon as possible, and when it is available, customers will be notified via a revision to this CVE information.MSRC.MICROSOFT.COM
⚠️ VULNERABILITY DISCLOSURE 3[−]
14 JunCritical Patches Issued for Microsoft Products, June 13, 2023Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could allow for remote code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, o…CISECURITY.ORG
14 JunLearnings from kCTF VRP's 42 Linux kernel exploits submissionsTamás Koczka, Security Engineer In 2020 , we integrated kCTF into Google's Vulnerability Rewards Program (VRP) to support researchers evaluating the security of Google Kubernetes Engine (GKE) and the underlying Linux kernel. As the Linux kernel is a key component not just for Goo…SECURITY.GOOGLEBLOG.COM
14 JunMicrosoft mitigates set of cross-site scripting (XSS) vulnerabilities in Azure Bastion and Azure Container RegistrySummary Summary Microsoft recently mitigated a set of cross-site scripting vulnerabilities affecting Azure Bastion and Azure Container Registry (ACR). Exploitation of these vulnerabilities could have potentially allowed for an unauthorized user to gain access to a target user&rsq…MSRC.MICROSOFT.COM
📢 SECURITY ADVISORIES 2[−]
14 JunCyber Security Today, June 14, 2023 - A warning for users of Microsoft's digital signature tool, an alert to VMware administrators, and moreThis episode reports on crime and punishment, civil fines for Microsoft and Spotify and moreCYBERSECURITYTODAY.LIBSYN.COM