Security Bulletin #104
Google's PHP API client has XSS vulnerability
Fake diplomas and certifications on sale in the dark web
It is quite easy to buy in dark web marketplaces any kind of illegal product and service, including fake certifications and diplomas. According to Israeli threat intelligence firm Sixgill, certifications and degrees are very cheap and it is possible to hire hackers to break into the university computer systems and alter grades. Sixgill identified several hackers that could be hired to compromise systems at the University in order to change grades and remove academic admonishments. According to the experts, this is a profitable business for hackers and the market of fake diplomas is booming. Crooks also offer many other types of counterfeit documents, including drivers licenses and passports, and fake professional certifications.
Patch available for vulnerable Asus RT wireless routers
Security experts at Nightwatch Cybersecurity serious flaws in the Asus RT wireless routers. Dozens of models don’t implement an adequate protection against cross-site request forgery attacks. The vulnerability, tracked as CVE-2017-5891, affects the Asus RT wireless RT-AC and RT-N models running firmware older than version 188.8.131.52.380.7378. Poorly configured devices left with default credentials could be easily accessed by an attacker that can take the control of the devices. CSRF on the login page could be exploited by attackers to submit a login request to the router without the user’s knowledge. Once the attacker has accessed the admin interface of the router he can change the settings, and hijack the DNS, and perform other malicious activity.
CERTFR-2017-ALE-009 : Vulnérabilité dans Microsoft Malware Protection Engine (09 mai 2017)
CERTFR-2017-ALE-008 : Vulnérabilité dans RDP pour Microsoft Windows XP et Windows Server 2003 (14 avril 2017)
CERTFR-2017-AVI-152 : Multiples vulnérabilités dans Cisco WebEx Meetings Server (11 mai 2017)