Home
Recommended
Other Links
This website is using a security service to protect itself from online attacks. The action you just performed triggered the security solution. There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.
You can email the...
URL validation bypasses are the root cause of numerous vulnerabilities including many instances of SSRF, CORS misconfiguration, and open redirection. These work by using ambiguous URLs to trigger URL
GrapheneOS 2024083100 came with an interesting change:
> kernel (6.1, 6.6): enable struct randomization in the full mode with a deterministic seed based on kernel commit timestamp (we plan to also incorporate the device family and eventually make the seed specific to each device model, but it will...
## Summary:
A vulnerability in the web interface of the Cisco Adaptive Security Appliance (ASA) could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. It is also possible on certain software releases that...
## Summary:
Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 allows remote attackers to obtain sensitive information about "deployed web contexts" via a request to the status servlet, as demonstrated by a full=true query string....
In May of this year, we noticed that Chrome fixed a V8 vulnerability that was being exploited in the wild in this update. We quickly pinpointed the fix for this vulnerability and discovered that it was a rare bug in the Parser module, which piqued our interest greatly. This led to the following research.
From Patch to PoC First, let’s take a look at the patch for this vulnerability:
diff --git a/src/ast/scopes.
# Using Veeam metadata for efficient extraction of Backup artefacts (2/3)
In a previous blogpost, we explored Veeam Backup and Replication's "backup chain metadata" files and how to parse them in a comprehensive Velociraptor artifact. In this article, we complement our findings with metadata...
### Summary
Server-Side Request Forgery (“SSRF”) in the export dashboard functionality of Lightdash version 0.1024.6 allows remote authenticated threat actors to obtain the session cookie of any u...
### Summary
Multiple stored cross-site scripting (“XSS”) vulnerabilities in the markdown dashboard and dashboard comment functionality of Lightdash version 0.1024.6 allows remote authenticated thr...
Cisco Talos Intelligence Group - Comprehensive Threat Intelligence
Aug 28 2024 @ 9:00 AM
Kelly Patterson
This website is using a security service to protect itself from online attacks. The action you just performed triggered the security solution. There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.
You can email the...
Cisco Talos Intelligence Group - Comprehensive Threat Intelligence
Aug 28 2024 @ 9:00 AM
Kelly Patterson
This website is using a security service to protect itself from online attacks. The action you just performed triggered the security solution. There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.
You can email the...
Cisco Talos Intelligence Group - Comprehensive Threat Intelligence
Aug 28 2024 @ 9:00 AM
Kelly Patterson
This website is using a security service to protect itself from online attacks. The action you just performed triggered the security solution. There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.
You can email the...
Cisco Talos Intelligence Group - Comprehensive Threat Intelligence
Aug 28 2024 @ 9:00 AM
Kelly Patterson
This website is using a security service to protect itself from online attacks. The action you just performed triggered the security solution. There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.
You can email the...
In this excerpt of a Trend Micro Vulnerability Research Service vulnerability report, Grigory Dorodnov and Guy Lederfein of the Trend Micro Research Team detail a recently patched code execution vulnerability in the VMware vCenter Server. This bug was originally discovered by Hao Zheng and Zibo Li f
## Summary
Hi team,
It seems that the machine is affected by the latest CVE-2021-44228 which grants any authenticated user command execution. The vulnerability affects the remote asset forum.acronis.com and this issue allows to remote attackers to perfom Remote Code Execution via JNDI...
### Description
The application is using a vulnerable version of Log4j which allows arbitrary remote command execution. The vulnerability is also known as Log4Shell and is assigned [CVE-2021-44228](https://www.randori.com/blog/cve-2021-44228/).
### Reproduction Steps
For easier reproduction,...
I have discovered a SQL injection in https://demor.adr.acronis.com/ using the POST request via the username parameter.
Using the Repearter in Burpsuite I have submitted the following POST request:
POST /ng/api/auth/login HTTP/2
Host: demor.adr.acronis.com
Content-Type:...
Qualcomm KGSL: reclaimed / in-reclaim objects can still be mapped into...
In the grand scheme of cybersecurity, the design issue in Foxit PDF Reader was really very minor. But it revealed a much larger and more impactful phenomenon that we’ll probably have to deal with for as long as there are computers around: the instinct to click ‘Ok’.
Microsoft Copilot: From Prompt Injection to Data Exfiltration of Your Emails
PowerVR: DevmemIntChangeSparse2() UAF on PMRGetUID()...
Linux: LSM can prevent POSIX lock removal in fcntl/close race cleanup...
# Quantum readiness: Hash-based signatures
Building robust digital signature algorithms is one of the main challenges in post-quantum cryptography, as classical signatures such as ECDSA and RSA are broken by quantum computers. Thankfully, in the past decades, the academic field has come up with...
I’m a little late (one whole month passed in a blink of an eye!). Let’s catch up.
Imagine this: an OpenSSH backdoor is discovered, maintainers rush to push out a fixed release package, security researchers trade technical details on mailing lists to analyze the backdoor code. Speculation abounds on the attribution and motives of the attacker, and the tech media pounces on the story. A near miss of epic proportions, a blow to the fabric of trust underlying open source development, a stark reminder of the risks of supply-chain attacks. Equal measures brilliant and devious.
If
Google AI Studio faced another regression allowing data exfiltration via image tag rendering, quickly addressed!
I found a logic bug that makes it possible for a process to get rid of all Landlock restrictions applied to it:
When a process' cred struct is replaced, this _almost_ always invokes the cred_prepare LSM hook; but in one special case (when KEYCTL_SESSION_TO_PARENT updates the parent's credentials),...
We’ve all been asked at some point in our lives – “Are you ready?”. That usually strikes me as a somewhat loaded question, “ready for what?”. Chances are that if you’re being asked “are you ready”, it’s because it’s something you haven’t done before, or because that thing that you are supposed to be
Cisco Talos Intelligence Group - Comprehensive Threat Intelligence
Aug 19 2024 @ 3:01 AM
Francesco Benvenuto
This website is using a security service to protect itself from online attacks. The action you just performed triggered the security solution. There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.
You can email the...
### Summary
OBS (Open Broadcaster Software) is a well-known open source and cross platform software for screen recording and streaming. Unfortunately, a crafted GIF file with malicious LZW compres...
This website is using a security service to protect itself from online attacks. The action you just performed triggered the security solution. There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.
You can email the...
This website is using a security service to protect itself from online attacks. The action you just performed triggered the security solution. There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.
You can email the...
This website is using a security service to protect itself from online attacks. The action you just performed triggered the security solution. There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.
You can email the...
# LAPSUS$ is dead, long live HexaLocker?
The LAPSUS$ threat group has been known since 2021 for spear phishing, data theft, and extortion against large companies (e.g., Microsoft, Nvidia, Uber). Although evidence of destruction methods was reported, there was no known use of ransomware. In June...
**Summary:**
The given application has a form to fill in the details of the candidates in order to seek admission to various courses. The application has the functionality to submit the given form and provide a registration confirmation to the candidate with their name on the page. By cycling the...
**Description:**
There appears to be a workstation belonging to ███████ (███) that is completely exposed to the internet via IP web interface by way of a TinyPilot KVM device.
TinyPilot KVMs are hardware devices that enable you to remotely access computers via IP address. This...
##Description
Hello. I often use mine `xp.ht` host as a beacon for SSRF/XSS payloads, and today one was triggered from the `https://███████████████/NSSI/controlcenterV2/index.htm?directlink&courses/classes/findstudent&&&&&&&&` endpoint (it was found in the Referer...
##Description
I was able to identify unsafe upload endpoint on the https://█████/upload.php
##POC
1) Go to the https://█████████/upload.php
2) Upload some test file.
You will see success message:
████
3) Visit `https://███/delete.me` and you will see your...
Key takeaways Introduction In the shadowy world of cybercrime, even the most cunning hackers can make blunders that expose their operations. In this article CPR describes the discovery of Styx Stealer, a new malware variant derived from the notorious Phemedrone Stealer. Our investigation revealed critical missteps by the developer of Styx Stealer, including a significant […]
In the previous part, I showed how a technique called “Bring Your Own Vulnerable DLL” (BYOVDLL) could be used to reintroduce known vulnerabilities in LSASS, even when it’s protected. In this second part, I’m going to discuss the strategies I considered and explored to improve my proof-of-concept, and hopefully achieve arbitrary code execution.
Zero Day Initiative threat researchers discovered CVE-2024-38213, a simple and effective way to bypass Windows mark-of-the-web protections leading to remote code execution. In March 2024, Trend Micro’s Zero Day Initiative Threat Hunting team started analyzing samples connected to the activity carr
While reviewing a preview patch for https://bugs.chromium.org/p/project-zero/issues/detail?id=2540 , I noticed some issues - most of them minor, but the following two seem like they probably have bigger security impact:
** F.5 **
After _PmrZombieCleanup() has picked an item from the...
Cisco Talos Intelligence Group - Comprehensive Threat Intelligence
Aug 14 2024 @ 9:02 AM
Jonathan Munshaw
This website is using a security service to protect itself from online attacks. The action you just performed triggered the security solution. There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.
You can email the...
Previous research Some time ago, my colleague discovered an interesting vulnerability in the Jetpack Navigation library, which allows someone to open any screen of the application, bypassing existing restrictions for components that are not exported and therefore inaccessible to other applications. The issue lies with an implicit deep link processing mechanism, which any application on […]
Executive Summary Server-Side Template Injection (SSTI) vulnerabilities refer to weaknesses in web applications which attackers can exploit to inject malicious code into server-side templates. This allows them to execute arbitrary commands on the server, potentially leading to unauthorized data access, server compromise, or exploitation of additional vulnerabilities. Recently, SSTI vulnerabilities are becoming increasingly prevalent and […]
# SCCMSecrets.py: exploiting SCCM policies distribution for credentials harvesting, initial access and lateral movement
SCCM policies are a prime target for attackers in Active Directory environments as they may expose – intentionally or otherwise – sensitive technical information such as...
### Summary
Memory corruption can be achieved by parsing a SR2 file containing a Image File Directory (IFD) with more than 64 TIFFs of specific types.
### Severity
Moderate - The values writte...
In this post, I'll exploit CVE-2024-5830, a type confusion in Chrome that allows remote code execution (RCE) in the renderer sandbox of Chrome by a single visit to a malicious site.
Summary WASM isorecursive canonical type id <-> wasm::HeapType / wasm::ValueType confusion in JS-to-WASM conversion functions and their wrappers (FromJS(), (Wasm)JSToWasmObject(), etc.), resulting in type confusion between arbitrary WASM types. This can be considered a variant bug of CVE-2024-2887 discovered by Manfred Paul and presented in Vancouver 2024. Credit An independent security researcher, Seunghyun Lee (@0x10n), … SSD Advisory – Google Chrome RCE Read More »
This website is using a security service to protect itself from online attacks. The action you just performed triggered the security solution. There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.
You can email the...