Archives

Genel, İşletim Sistemleri, MS Server 2012 R2

  Merhaba arkadaşlar uzun bir aradan sonra güzel bir bilgiye değinmek istedim. SNI daha önce duymuş olabilirsiniz açılımı Server Name İndicaiton dır. Dibine kadar açıkla lan diyenler için LİNK ekledim VPN açıp bakabilirsiniz J     Kısaca özetlemek gerekirse yıllardır süre gelen IIS ...

Read more

Genel, Güvenlik, İşletim Sistemleri, MS Server 2012 R2

   Herkese Merhaba,     Bugün sizlere IIS 6.5 ve sonraki versiyonlarda tam olarak güvenlik açığı diyemeyeceğimiz ama aynı zamanda saldırıların yoğun olduğu ülkemizde bundan bir şey olmaz da diyemeyeceğimiz bir konuyu anlatacağım. Şimdi gelelim konumuza; bir saldırganın ilk bilmek ...

Read more

The Hacker News

  • 2-Factor Authentication Bypass Flaw Reported in cPanel and WHM Software
    by [email protected] (Ravie Lakshmanan) on 25 Kasım 2020 at 07:14

    cPanel, a provider of popular administrative tools to manage web hosting, has patched a security vulnerability that could have allowed remote attackers with access to valid credentials to bypass two-factor authentication (2FA) protection on an account. The issue, tracked as "SEC-575" and discovered by researchers from Digital Defense, has been remedied by the company in versions 11.92.0.2, […]

  • Baidu's Android Apps Caught Collecting and Leaking Sensitive User Data
    by [email protected] (Ravie Lakshmanan) on 25 Kasım 2020 at 06:50

    Two popular Android apps from Chinese tech giant Baidu have been removed from the Google Play Store in October after they were caught collecting sensitive user details. The two apps in question—Baidu Maps and Baidu Search Box—were found to collect device identifiers, such as the International Mobile Subscriber Identity (IMSI) number or MAC address, without users' knowledge, thus making them&nbs […]

  • Stantinko Botnet Now Targeting Linux Servers to Hide Behind Proxies
    by [email protected] (Ravie Lakshmanan) on 24 Kasım 2020 at 14:56

    An adware and coin-miner botnet targeting Russia, Ukraine, Belarus, and Kazakhstan at least since 2012 has now set its sights on Linux servers to fly under the radar. According to a new analysis published by Intezer today and shared with The Hacker News, the trojan masquerades as HTTPd, a commonly used program on Linux servers, and is a new version of the malware belonging to a threat actor […]

  • Critical Unpatched VMware Flaw Affects Multiple Corporates Products
    by [email protected] (Ravie Lakshmanan) on 24 Kasım 2020 at 07:08

    VMware has released temporary workarounds to address a critical vulnerability in its products that could be exploited by an attacker to take control of an affected system. "A malicious actor with network access to the administrative configurator on port 8443 and a valid password for the configurator admin account can execute commands with unrestricted privileges on the underlying operating […]

  • Facebook Messenger Bug Lets Hackers Listen to You Before You Pick Up the Call
    by [email protected] (Ravie Lakshmanan) on 24 Kasım 2020 at 05:53

    Facebook has patched a bug in its widely installed Messenger app for Android that could have allowed a remote attacker to call unsuspecting targets and listen to them before even they picked up the audio call. The flaw was discovered and reported to Facebook by Natalie Silvanovich of Google's Project Zero bug-hunting team last month on October 6 with a 90-day deadline, and impacts version […]