med-mastodon.com is one of the many independent Mastodon servers you can use to participate in the fediverse.
Medical community on Mastodon

Administered by:

Server stats:

361
active users

#exploit

8 posts6 participants0 posts today
heise online<p>Drei chinesische Gruppen als Angreifer auf Sharepoint-Server identifiziert</p><p>Eine Analyse von Microsoft nennt drei verschiedene Gruppen aus China als Angreifer auf die jüngste Sharepoint-Lücke. Dabei dürfte es aber nicht bleiben.</p><p><a href="https://www.heise.de/news/Drei-chinesische-Gruppen-als-Angreifer-auf-Sharepoint-Server-identifiziert-10496598.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&amp;utm_source=mastodon" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">heise.de/news/Drei-chinesische</span><span class="invisible">-Gruppen-als-Angreifer-auf-Sharepoint-Server-identifiziert-10496598.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&amp;utm_source=mastodon</span></a></p><p><a href="https://social.heise.de/tags/Backdoor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Backdoor</span></a> <a href="https://social.heise.de/tags/Exploit" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Exploit</span></a> <a href="https://social.heise.de/tags/IT" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>IT</span></a> <a href="https://social.heise.de/tags/Microsoft" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Microsoft</span></a> <a href="https://social.heise.de/tags/Security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Security</span></a> <a href="https://social.heise.de/tags/SharePoint" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SharePoint</span></a> <a href="https://social.heise.de/tags/Sicherheitsl%C3%BCcken" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Sicherheitslücken</span></a> <a href="https://social.heise.de/tags/news" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>news</span></a></p>
heise Security<p>Angriffe auf Microsoft Sharepoint: Das müssen Admins nach dem Patchen tun</p><p>Das Schließen der Lücken genügt gegen die aktuellen Toolshell-Attacken nicht. Schließlich könnten Angreifer längst drin sein. Wir zeigen, wie man sie entdeckt.</p><p><a href="https://www.heise.de/hintergrund/Angriffe-auf-Microsoft-Sharepoint-Das-muessen-Admins-nach-dem-Patchen-tun-10496148.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&amp;utm_source=mastodon" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">heise.de/hintergrund/Angriffe-</span><span class="invisible">auf-Microsoft-Sharepoint-Das-muessen-Admins-nach-dem-Patchen-tun-10496148.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&amp;utm_source=mastodon</span></a></p><p><a href="https://social.heise.de/tags/IT" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>IT</span></a> <a href="https://social.heise.de/tags/Security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Security</span></a> <a href="https://social.heise.de/tags/SharePoint" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SharePoint</span></a> <a href="https://social.heise.de/tags/Exploit" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Exploit</span></a> <a href="https://social.heise.de/tags/news" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>news</span></a></p>
heise Security<p>Update: Neue Version von Sharepoint 2016 behebt Toolshell-Lücke</p><p>Microsoft legt nach und veröffentlicht auch für die 2016er-Ausgabe von Sharepoint einen Flicken. Admins sollten diesen unverzüglich einspielen.</p><p><a href="https://www.heise.de/news/Update-Neue-Version-von-Sharepoint-2016-behebt-Toolshell-Luecke-10495573.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&amp;utm_source=mastodon" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">heise.de/news/Update-Neue-Vers</span><span class="invisible">ion-von-Sharepoint-2016-behebt-Toolshell-Luecke-10495573.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&amp;utm_source=mastodon</span></a></p><p><a href="https://social.heise.de/tags/IT" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>IT</span></a> <a href="https://social.heise.de/tags/Microsoft" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Microsoft</span></a> <a href="https://social.heise.de/tags/Malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Malware</span></a> <a href="https://social.heise.de/tags/Security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Security</span></a> <a href="https://social.heise.de/tags/SharePoint" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SharePoint</span></a> <a href="https://social.heise.de/tags/Exploit" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Exploit</span></a> <a href="https://social.heise.de/tags/news" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>news</span></a></p>
Marcel SIneM(S)US<p><a href="https://social.tchncs.de/tags/Exploit" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Exploit</span></a> für <a href="https://social.tchncs.de/tags/CrushFTP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CrushFTP</span></a>: Ältere Versionen können Admin-Zugriff gewähren | Security <a href="https://www.heise.de/news/CrushFTP-Aeltere-Versionen-koennen-unbefugten-Admin-Zugriff-gewaehren-10495005.html" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">heise.de/news/CrushFTP-Aeltere</span><span class="invisible">-Versionen-koennen-unbefugten-Admin-Zugriff-gewaehren-10495005.html</span></a> <a href="https://social.tchncs.de/tags/Patchday" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Patchday</span></a></p>
Marcel SIneM(S)US<p><a href="https://social.tchncs.de/tags/Microsoft" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Microsoft</span></a>: Angriffe auf neue <a href="https://social.tchncs.de/tags/Sharepoint" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Sharepoint</span></a>-Lücke – bislang kein Patch verfügbar | Security <a href="https://www.heise.de/news/Microsoft-Angriffe-auf-neue-Sharepoint-Luecke-bislang-kein-Patch-verfuegbar-10493705.html" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">heise.de/news/Microsoft-Angrif</span><span class="invisible">fe-auf-neue-Sharepoint-Luecke-bislang-kein-Patch-verfuegbar-10493705.html</span></a> <a href="https://social.tchncs.de/tags/Patchday" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Patchday</span></a> <a href="https://social.tchncs.de/tags/Exploit" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Exploit</span></a></p>
heise online English<p>Critical Sharepoint security vulnerability: First patches are available</p><p>Microsoft has now released a patch, but attackers were not idle over the weekend. Dozens of SharePoint installations fell victim of "ToolShell"</p><p><a href="https://www.heise.de/en/news/Critical-Sharepoint-security-vulnerability-First-patches-are-available-10494099.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&amp;utm_source=mastodon" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">heise.de/en/news/Critical-Shar</span><span class="invisible">epoint-security-vulnerability-First-patches-are-available-10494099.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&amp;utm_source=mastodon</span></a></p><p><a href="https://social.heise.de/tags/Backdoor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Backdoor</span></a> <a href="https://social.heise.de/tags/IT" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>IT</span></a> <a href="https://social.heise.de/tags/Security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Security</span></a> <a href="https://social.heise.de/tags/SharePoint" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SharePoint</span></a> <a href="https://social.heise.de/tags/Exploit" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Exploit</span></a> <a href="https://social.heise.de/tags/news" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>news</span></a></p>

Critical #CitrixBleed 2 #vulnerability has been under active #exploit for weeks

A critical vulnerability allowing #hackers to bypass #multifactor #authentication in network management devices made by #Citrix has been actively #exploited for more than a month, researchers said. The finding is at odds with advisories from the vendor saying there is no evidence of in-the-wild #exploitation.
#security #privacy

arstechnica.com/security/2025/

Ars Technica · Critical CitrixBleed 2 vulnerability has been under active exploit for weeksBy Dan Goodin

Just published a proof-of-concept exploit for CVE-2025-32463, a new Linux privilege escalation vulnerability affecting sudo discovered and disclosed by Stratascale about 2 weeks ago.

The PoC is available on GitHub. A full technical writeup will be published on my blog soon.

GitHub: github.com/morgenm/sudo-chroot

Rust PoC for CVE-2025-32463 (sudo chroot "chwoot" Local PrivEsc) - morgenm/sudo-chroot-CVE-2025-32463
GitHubGitHub - morgenm/sudo-chroot-CVE-2025-32463: Rust PoC for CVE-2025-32463 (sudo chroot "chwoot" Local PrivEsc)Rust PoC for CVE-2025-32463 (sudo chroot "chwoot" Local PrivEsc) - morgenm/sudo-chroot-CVE-2025-32463

#AMD warns of new #Meltdown, #Spectre-like bugs affecting #CPU
Four bugs do not appear too venomous – two have medium-severity ratings other two are rated "low." However, low-level nature of #exploit's impact has nonetheless led Trend Micro and CrowdStrike to assess them as "critical."
Rasons for low severity scores are high degree of complexity involved in successful attack – AMD said it could only be carried out by attacker able to run arbitrary code on a target machine
theregister.com/2025/07/09/amd

The Register · AMD warns of new Meltdown, Spectre-like bugs affecting CPUsBy Connor Jones

A critical Linux vulnerability (CVE-2025-32463) in Sudo lets any local unprivileged user gain root via the --chroot (-R) option

🔒 Affects default configs on Ubuntu, Fedora & others — no Sudo rules needed
🛠️ Fix: Update to Sudo 1.9.17p1+ (no workarounds)
👀 CVSS: 9.8 (Critical)

Highlights persistent risks in open-source privilege handling 🧩

cybersecuritynews.com/linux-su

#Linux #Sudo #FOSS #CyberSecurity #InfoSec #OpenSource #Vulnerability #Root #Exploit #SysAdmin #DevSecOps #Tech @TechNews