China-linked Cybercriminals Bypass Barracuda’s Security Patch https://deform.co/china-linked-cybercriminals-bypass-barracudas-security-patch/
👍1
How attackers fingerprint your WordPress website https://blog.sicuranext.com/how-attackers-fingerprint-your-wordpress-website/
Sicuranext Blog
How attackers fingerprint your WordPress website
Attackers have quite a few sneaky ways to gather information from your WordPress website. They can get their hands on details like the WordPress version you're using, the active plugins and their versions, and even info about your active users. In this article…
👍2
Arbitrary Configuration Injection https://sim4n6.beehiiv.com/p/arbitrary-configuration-injection
Query Chronicles
Arbitrary Configuration Injection
ASN Lookup Tool and Traceroute Server https://github.com/nitefood/asn
GitHub
GitHub - nitefood/asn: ASN / RPKI validity / BGP stats / IPv4v6 / Prefix / URL / ASPath / Organization / IP reputation / IP geolocation…
ASN / RPKI validity / BGP stats / IPv4v6 / Prefix / URL / ASPath / Organization / IP reputation / IP geolocation / IP fingerprinting / Network recon / lookup API server / Web traceroute server - ni...
👍1
When URL parsers disagree (CVE-2023-38633) https://www.canva.dev/blog/engineering/when-url-parsers-disagree-cve-2023-38633/
canva.dev
When URL parsers disagree (CVE-2023-38633) - Canva Engineering Blog
Discovery and walkthrough of CVE-2023-38633 in librsvg, when two URL parser implementations (Rust and Glib) disagree on file scheme parsing leading to path traversal.
Apache Superset Part II: RCE, Credential Harvesting and More https://www.horizon3.ai/apache-superset-part-ii-rce-credential-harvesting-and-more/
Horizon3.ai
Apache Superset Part II: RCE, Credential Harvesting and More
Apache Superset is a popular open source data exploration and visualization tool. In a previous post, we disclosed a vulnerability, CVE-2023-27524, affecting thousands of Superset servers on the Internet, that enables unauthorized attackers to gain admin…
DogeRAT Malware Strikes India: Tracks Locations, Makes Unauthorized Payments https://deform.co/dogerat-malware-strikes-india/
Deform
DogeRAT Malware Strikes India: Tracks Locations, Makes Unauthorized Payments - Deform
Indian Android users are under threat from DogeRAT, a malicious software that illicitly accesses critical data, including banking information, contacts, and
CVE-2023-3959, CVE-2023-4249 - Multiple critical vulnerabilities in Zavio IP cameras https://bugprove.com/knowledge-hub/cve-2023-3959-cve-2023-4249-multiple-critical-vulnerabilities-in-zavio-ip-cameras/
Bugprove
CVE-2023-3959, CVE-2023-4249 - Multiple critical vulnerabilities in Zavio IP cameras
BugProve uncovers seven pre-authentication remote code execution flaws and 26 post-authentication code execution vectors in Zavio IP cameras. Despite repeated warnings, Zavio remained unresponsive, necessitating intervention from CISA.
Nagios Plugins: Hacking Monitored Servers with check_by_ssh and Argument Injection: CVE-2023-37154 https://joshua.hu/nagios-hacking-cve-2023-37154
Joshua.Hu Joshua Rogers’ Scribbles
Nagios Plugins: Hacking Monitored Servers with check_by_ssh and Argument Injection: CVE-2023-37154
Nagios-compatible systems are some of the most widely used infrastructure monitoring solutions. They use “plugins” to monitor server performance, with “Nagios Core” interpreting results. However, there’s a potentially significant security issue with Nagios…
Reverse Engineering Yaesu FT-70D Firmware Encryption https://landaire.net/reversing-yaesu-firmware-encryption/
landaire.net
Reverse Engineering Yaesu FT-70D Firmware Encryption
nothing interesting
HTTP Request Splitting
vulnerabilities exploitation https://offzone.moscow/upload/iblock/11a/sagouc86idiapdb8f29w41yaupqv6fwv.pdf
vulnerabilities exploitation https://offzone.moscow/upload/iblock/11a/sagouc86idiapdb8f29w41yaupqv6fwv.pdf
❤1
Active North Korean campaign targeting security researchers https://blog.google/threat-analysis-group/active-north-korean-campaign-targeting-security-researchers/
Google
Active North Korean campaign targeting security researchers
Threat Analysis Group shares findings on a new campaign by North Korean actors targeting security researchers.
P2PInfect: The Rusty Peer-to-Peer Self-Replicating Worm https://unit42.paloaltonetworks.com/peer-to-peer-worm-p2pinfect/
Unit 42
P2PInfect: The Rusty Peer-to-Peer Self-Replicating Worm
A novel peer-to-peer worm written in Rust is uniquely scalable. It targets open-source database Redis and can infect multiple platforms.
Dissecting and Exploiting TCP/IP RCE Vulnerability “EvilESP” https://securityintelligence.com/x-force/dissecting-exploiting-tcp-ip-rce-vulnerability-evilesp/
Security Intelligence
Dissecting and Exploiting TCP/IP RCE Vulnerability “EvilESP”
See how one IBM X-Force researcher reverse engineered the patch for CVE-2022-34718, and unpack the affected protocols, how the bug was identified, and how it was reproduced.
PoC Exploit for CVE-2023-27524 in Apache Superset Leads to RCE Released https://securityonline.info/poc-exploit-for-cve-2023-27524-in-apache-superset-leads-to-rce-released/
Cybersecurity News
PoC Exploit for CVE-2023-27524 in Apache Superset Leads to RCE Released
Jakabakos has shed light on the specifics of the CVE-2023-27524 flaw and provided a PoC, accentuating its potential for remote code execution
Unseen Predators: The Growing Threat of Insider Attacks in Cybersecurity https://www.vcyberconsult.com/post/unseen-predators-the-growing-threat-of-insider-attacks-in-cybersecurity-1
Virtual Cybersecurit
Unseen Predators: The Growing Threat of Insider Attacks in Cybersecurity
Explore the growing threat of insider attacks in the realm of cybersecurity. From defining what constitutes an insider threat, its various types, to strategies for mitigating such risks, this comprehensive guide covers all aspects of this pressing issue.…
Malware distributor Storm-0324 facilitates ransomware access https://www.microsoft.com/en-us/security/blog/2023/09/12/malware-distributor-storm-0324-facilitates-ransomware-access/
Microsoft News
Malware distributor Storm-0324 facilitates ransomware access
Storm-0324 is a financially motivated group known to gain initial access using email vectors and then hand off access to other threat actors.
From Terminal Output to Arbitrary Remote Code Execution https://blog.solidsnail.com/posts/2023-08-28-iterm2-rce
solid-snail blog
From Terminal Output to Arbitrary Remote Code Execution
It was the year of the Linux desktop 1978. Old yellowed computers were not yet old, nor yellowed. Digital Equipment Corporation released the first popular terminal to support a standardized in-band encoding for control functions, the VT100.
Large-Scale Phishing Attack Targets Zimbra Email Users https://deeplab.com/security/4472-zimbra-email-users-targeted-in-phishing-attack
Deeplab
Zimbra Email Users Targeted in Phishing Attack | Deeplab.com
A global phishing campaign targeting Zimbra email users is raising concerns about cybersecurity vulnerabilities and data breaches
A Guide to Reversing Shared Objects with Ghidra https://medium.com/@cy1337/a-guide-to-reversing-shared-objects-with-ghidra-cec83d5031e6
Medium
A Guide to Reversing Shared Objects with Ghidra
I’m excited to announce that I will be returning this year to the Black Hat USA 2023 conference in Las Vegas. As with previous years’…
❤1