Vulnerability Spotlight: Code execution vulnerability in Nitro Pro PDF https://blog.talosintelligence.com/2021/09/nitro-pro-code-execution.html
Cisco Talos Blog
Vulnerability Spotlight: Code execution vulnerability in Nitro Pro PDF
A Cisco Talos team member discovered these vulnerabilities.
Cisco Talos recently discovered a vulnerability in the Nitro Pro PDF reader that could allow an attacker to execute code in the context of the application.
Nitro Pro PDF is part of Nitro Software’s…
Cisco Talos recently discovered a vulnerability in the Nitro Pro PDF reader that could allow an attacker to execute code in the context of the application.
Nitro Pro PDF is part of Nitro Software’s…
VaultFuzzer: A state-based approach for Linux kernel https://hardenedvault.net/2021/09/13/vaultfuzzer.html
Remote Code Execution 0-Day (CVE-2021-40444) Hits Windows, Triggered Via Office Docs https://www.trendmicro.com/en_us/research/21/i/remote-code-execution-zero-day--cve-2021-40444--hits-windows--tr.html
Trend Micro
Remote Code Execution Zero-Day (CVE-2021-40444) Hits Windows, Triggered Via Office Docs
Vulnerability Spotlight: Heap buffer overflow vulnerability in Ribbonsoft dxflib library https://blog.talosintelligence.com/2021/09/vuln-spotlight-ribbonsoft.html
Cisco Talos Blog
Vulnerability Spotlight: Heap buffer overflow vulnerability in Ribbonsoft dxflib library
Lilith >_> of Cisco Talos discovered this vulnerability.
Cisco Talos recently discovered an exploitable heap-based buffer overflow vulnerability in Ribbonsoft’s dxflib library that could lead to code execution.
The dxflib library is a C++ library utilized…
Cisco Talos recently discovered an exploitable heap-based buffer overflow vulnerability in Ribbonsoft’s dxflib library that could lead to code execution.
The dxflib library is a C++ library utilized…
Interested in disabling DEP in Windows using ROP? Our new post is ready! We explain how to use the new version of our ROP3 tool at https://reversea.me/index.php/disabling-dep-in-windows-7-using-rop3/, do not miss it! Thanks to @ricardojrdez for the contribution ❤️
SharpSpray: Active Directory password spraying tool https://securityonline.info/sharpspray-active-directory-password-spraying-tool/
Cybersecurity News
SharpSpray v1.1 releases: Active Directory password spraying tool
SharpSpray is a Windows domain password spraying tool written in .NET C#. This tool uses LDAP Protocol to communicate with the Domain AD services
macOS XPC Exploitation - Sandbox Share case study https://www.synacktiv.com/en/publications/macos-xpc-exploitation-sandbox-share-case-study.html
Synacktiv
macOS XPC Exploitation - Sandbox Share case study
Cybersecurity Advisory: Hackers Are Exploiting CVE-2021-40444 https://www.huntress.com/blog/cybersecurity-advisory-hackers-are-exploiting-cve-2021-40444
Huntress
Threat Advisory: Hackers Are Exploiting CVE-2021-40444 | Huntress
Huntress is monitoring a new threat against Windows OS and Microsoft Office products (CVE-2021-40444). The MSHTML engine is vulnerable to arbitrary code execution.
ZDI-21-1053: Bypassing Windows Lock Screen https://halove23.blogspot.com/2021/09/zdi-21-1053-bypassing-windows-lock.html
SSRF in PDF export with PhantomJs() https://xhzeem.me/posts/SSRF-in-PDF-export-with-PhantomJs/read/
xhzeem.me
Hi there, I'm Anas Roubi ... A hacker.
Multiple threat actors, including a ransomware gang, exploiting Exchange ProxyShell vulnerabilities https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c
Medium
Multiple threat actors, including a ransomware gang, exploiting Exchange ProxyShell vulnerabilities
These vulnerabilities are worse than ProxyLogon, the Exchange vulnerabilities revealed in March.
Muhstik Takes Aim at Confluence CVE 2021-26084 https://www.lacework.com/blog/muhstik-takes-aim-at-confluence-cve-2021-26084/
Phishing Android Malware Targets Taxpayers in India https://www.mcafee.com/blogs/other-blogs/mcafee-labs/phishing-android-malware-targets-taxpayers-in-india/
McAfee Blog
Phishing Android Malware Targets Taxpayers in India | McAfee Blog
Authored by ChanUng Pak McAfee’s Mobile Research team recently found a new Android malware, Elibomi, targeting taxpayers in India. The
Apache Dubbo: All roads lead to RCE https://securitylab.github.com/research/apache-dubbo/
RCE in Citrix ShareFile Storage Zones Controller (CVE-2021-22941) – A Walk-Through https://codewhitesec.blogspot.com/2021/09/citrix-sharefile-rce-cve-2021-22941.html
Blogspot
CODE WHITE | Blog: RCE in Citrix ShareFile Storage Zones Controller (CVE-2021-22941) – A Walk-Through
Citrix ShareFile Storage Zones Controller uses a fork of the third party library NeatUpload. Versions before 5.11.20 are affected by a rela...
Beginners Guide to 0day/CVE AppSec Research https://0xboku.com/2021/09/14/0dayappsecBeginnerGuide.html
Boku
Beginners Guide to 0day/CVE AppSec Research
Mama Always Told Me Not to Trust Strangers without Certificates https://blog.grimm-co.com/2021/09/mama-always-told-me-not-to-trust.html
Bughound: open-source static code analysis tool https://securityonline.info/bughound-open-source-static-code-analysis-tool/
Cybersecurity News
Bughound: open-source static code analysis tool
Bughound is an open-source static code analysis tool that analyzes your code and sends the results to Elasticsearch and Kibana