mastodonien.de

nerdculture.de

Zeitpunkt              Nutzer    Delta   Tröts        TNR     Titel                     Version  maxTL
Fr 09.08.2024 00:00:08     7.221      +1      614.708    85,1 NerdCulture               4.2.10   1.000
Do 08.08.2024 00:00:07     7.220       0      614.036    85,0 NerdCulture               4.2.10   1.000
Mi 07.08.2024 00:00:02     7.220      +1      613.632    85,0 NerdCulture               4.2.10   1.000
Di 06.08.2024 00:00:00     7.219      +1      613.101    84,9 NerdCulture               4.2.10   1.000
Mo 05.08.2024 00:00:07     7.218      +1      612.605    84,9 NerdCulture               4.2.10   1.000
So 04.08.2024 00:01:08     7.217       0      612.238    84,8 NerdCulture               4.2.10   1.000
Sa 03.08.2024 00:01:10     7.217       0      611.946    84,8 NerdCulture               4.2.10   1.000
Fr 02.08.2024 00:01:14     7.217      -1      611.448    84,7 NerdCulture               4.2.10   1.000
Do 01.08.2024 00:01:37     7.218      +1      610.940    84,6 NerdCulture               4.2.10   1.000
Mi 31.07.2024 00:00:30     7.217       0      610.506    84,6 NerdCulture               4.2.10   1.000

Fr 09.08.2024 13:55

[0.0.0.0 Day] 18-Year-Old Browser Vulnerability impacts MacOS and Linux Devices. :apple_inc: :linux:

0.0.0.0 Day impacts Google Chrome/Chromium, Mozilla Firefox and Apple Safari that enables external websites to communicate with software that runs locally on MacOS and Linux.

oligo.security/blog/0-0-0-0-da

Public websites using domains ending in

Public websites using domains ending in ".com" are able to communicate with services running on the local network and execute arbitrary code on the visitor's host by using the address 0.0.0.0 as opposed to localhost/127.0.0.1. It does not affect Windows devices as Microsoft blocks the IP address at the operating system level.

[ImageSource: Oligo Security] Number of public sites communicating with 0.0.0.0 Google Chrome, the world's most popular web browser, has decided to take action and block access to 0.0.0.0 via a gradual rollout lasting from version 128 (upcoming) until version 133. <https://chromestatus.com/feature/5106143060033536> Apple has implemented additional IP checks on Safari via changes on WebKit and blocks access to 0.0.0.0 on version 18 (upcoming), which will be introduced with macOS Sequoia. <https://github.com/WebKit/WebKit/pull/29592/files> Mozilla Firefox does not implement PNA, but it's a high development priority. Until PNA is implemented, a temporary fix has been set in motion, but no rollout dates were provided. <https://github.com/whatwg/fetch/pull/1763>

[ImageSource: Oligo Security] Number of public sites communicating with 0.0.0.0 Google Chrome, the world's most popular web browser, has decided to take action and block access to 0.0.0.0 via a gradual rollout lasting from version 128 (upcoming) until version 133. Apple has implemented additional IP checks on Safari via changes on WebKit and blocks access to 0.0.0.0 on version 18 (upcoming), which will be introduced with macOS Sequoia. Mozilla Firefox does not implement PNA, but it's a high development priority. Until PNA is implemented, a temporary fix has been set in motion, but no rollout dates were provided.

[ImageSource: Oligo Security] Malicious request seen in the Selenium attacks. Another case is a campaign targeting Selenium Grid, discovered by Wiz last month. In this campaign, attackers use JavaScript on a public domain to send requests to 'http://0[.]0[.]0[.]0:4444.' Those requests are routed to the Selenium Grid servers, enabling the attackers to execute code or conduct network reconnaissance.

[ImageSource: Oligo Security] Malicious request seen in the Selenium attacks. Another case is a campaign targeting Selenium Grid, discovered by Wiz last month. In this campaign, attackers use JavaScript on a public domain to send requests to 'http://0[.]0[.]0[.]0:4444.' Those requests are routed to the Selenium Grid servers, enabling the attackers to execute code or conduct network reconnaissance.

[Öffentlich] Antw.: 0 Wtrl.: 0 Fav.: 0 · via Metatext

Antw. · Weiterl. · Fav. · Lesez. · Pin · Stumm · Löschen