Real-life OIDC Security (IV): Server-Side-Request-Forgery https://security.lauritz-holtmann.de/post/sso-security-ssrf/
(Web-)Insecurity Blog
Real-life OIDC Security (IV): Server-Side-Request-Forgery
This is the fourth post of a series on Single Sign-On and OpenID Connect 1.0 security. In this post, SSRF vulnerabilities that were discovered in popular OIDC implementations (Keycloak (CVE-2020-10770) and Amazon Cognito) are explained in detail.
Tricard - Malware sandboxes fingerprinting https://therealunicornsecurity.github.io/Tricard/
therealunicornsecurity.github.io
Tricard - Malware sandboxes fingerprinting
Introduction to malware sandboxes fingerprinting
AeroBlade on the Hunt Targeting the U.S. Aerospace Industry https://blogs.blackberry.com/en/2023/11/aeroblade-on-the-hunt-targeting-us-aerospace-industry
BlackBerry
AeroBlade on the Hunt Targeting the U.S. Aerospace Industry
A new threat actor BlackBerry is tracking as AeroBlade has been targeting an aerospace organization in the United States, with the goal of conducting commercial cyber espionage.
LogoFAIL: UEFI Vulnerabilities Expose Devices to Stealth Malware Attacks https://thehackernews.com/2023/12/logofail-uefi-vulnerabilities-expose.html
CVE-2021-4102: Chrome incorrect node elision in Turbofan leads to unexpected WriteBarrier elision https://googleprojectzero.github.io/0days-in-the-wild//0day-RCAs/2021/CVE-2021-4102.html
Argument injection vulnerability in multiple Atos Unify OpenScape products https://sec-consult.com/vulnerability-lab/advisory/argument-injection-vulnerability-in-multiple-atos-unify-openscape-products/
SEC Consult
Argument injection vulnerability in multiple Atos Unify OpenScape products
A critical argument injection vulnerability has been identified in the administrative web interface of the Atos Unify OpenScape products Session Border Controller, Branch, and BCF. This allows an unauthenticated attacker to gain root access to the appliance…
It's not a Feature, It's a Vulnerability https://blog.solidsnail.com/posts/vscode-shell-integ-rce
solid-snail blog
It’s not a Feature, It’s a Vulnerability
It takes a special kind of person to name a company after their own body part. Fortunately the Microsoft Security Response Center doesn’t seem to have inherited that kind of mentality, because when I have reported not a bug but a feature as a vulnerability…
Multiple Vulnerabilities In Extreme Networks ExtremeXOS https://rhinosecuritylabs.com/research/extreme-networks-extremexos-vulnerabilities/
Rhino Security Labs
Multiple Vulnerabilities In Extreme Networks ExtremeXOS
Multiple vulnerabilities found in ExtremeNetworks ExtremeXOS by Rhino Security Labs.
Ghost In The Wire, Sonic In The Wall - Adventures With SonicWall https://labs.watchtowr.com/ghost-in-the-wire-sonic-in-the-wall/
watchTowr Labs
Ghost In The Wire, Sonic In The Wall - Adventures With SonicWall
Here at watchTowr, we just love attacking high-privilege devices (and spending hours thinking of awful titles [see above]).
A good example of these is the device class of ‘next generation’ firewalls, which usually include VPN termination functionality (meaning…
A good example of these is the device class of ‘next generation’ firewalls, which usually include VPN termination functionality (meaning…
CVE-2023-4473 & CVE-2023-4474 - Authentication bypass and multiple blind OS command injection vulnerabilities in Zyxel’s NAS326 devices https://bugprove.com/knowledge-hub/cve-2023-4473-and-cve-2023-4474-authentication-bypass-and-multiple-blind-os-command-injection-vulnerabilities-in-zyxel-s-nas-326-devices/
Getting RCE in Chrome with incomplete object initialization in the Maglev compiler https://github.blog/2023-10-17-getting-rce-in-chrome-with-incomplete-object-initialization-in-the-maglev-compiler/?ref=0xor0ne.xyz
The GitHub Blog
Getting RCE in Chrome with incomplete object initialization in the Maglev compiler
In this post, I'll exploit CVE-2023-4069, a type confusion in Chrome that allows remote code execution (RCE) in the renderer sandbox of Chrome by a single visit to a malicious site.
CVE-2023-22523: Critical RCE Vulnerability in Assets Discovery https://securityonline.info/cve-2023-22523-critical-rce-vulnerability-in-assets-discovery/
Cybersecurity News
CVE-2023-22523: Critical RCE Vulnerability in Assets Discovery
A critical Remote Code Execution (RCE) vulnerability, tracked as CVE-2023-22523 (CVSS score of 9.8), has been discovered in Assets Discovery
🔥1
Encrypted npm Packages Found Targeting Major Financial Institution https://blog.phylum.io/encrypted-npm-packages-found-targeting-major-financial-institution/
Phylum Research | Software Supply Chain Security
Encrypted npm Packages Found Targeting Major Financial Institution
Determining the intent behind a package publication is notoriously difficult. Is it a legitimate threat actor or a security researcher? We can rarely make this determination, so Phylum generally errs on the side of caution and annotates packages that exhibit…
Qilin Ransomware: Soaring to new heights https://www.shadowstackre.com/analysis/qilin
ISPConfig <= 3.2.11 (language_edit.php) PHP Code Injection Vulnerability https://karmainsecurity.com/KIS-2023-13
Karmainsecurity
ISPConfig <= 3.2.11 (language_edit.php) PHP Code Injection Vulnerability | Karma(In)Security
This is the personal website of Egidio Romano, a very curious guy from Sicily, Italy. He's a computer security enthusiast, particularly addicted to webapp security.
Remote code execution and elevation of local privileges in Mitel Unify OpenStage and OpenScape VoIP phones https://www.pentagrid.ch/en/blog/rce-and-local-root-in-openstage-and-openscape-phones/
Pentagrid AG
Remote code execution and elevation of local privileges in Mitel Unify
Multiple vulnerabilities in Mitel Unify OpenStage and OpenScape phones allow a remote compromise in the unhardened default configuration and an elevation of privileges to become the root user.
👍1
Spoofing DNS Records by Abusing DHCP DNS Dynamic Updates https://www.akamai.com/blog/security-research/spoofing-dns-by-abusing-dhcp
Akamai
Spoofing DNS Records by Abusing DHCP DNS Dynamic Updates | Akamai
Akamai researchers discovered a new set of attacks against Active Directory (AD) using Microsoft DHCP servers that can lead to full AD takeover.
👍2
CVE-2023-45866: Unauthenticated Bluetooth keystroke-injection in Android, Linux, macOS and iOS https://github.com/skysafe/reblog/tree/main/cve-2023-45866
GitHub
reblog/cve-2023-45866 at main · skysafe/reblog
SkySafe Miscellaneous Reverse Engineering Blog. Contribute to skysafe/reblog development by creating an account on GitHub.
Hacking Brightway scooters: A case study https://robocoffee.de/?p=436