In this post, we cover the technical details of CVE-2021-28091, the vulnerability impacting Akamai's Enterprise Application Access (EAA) platform.

Posted in r/netsec by u/hardenedvault • 11 points and 1 comment

A comprehensive analysis revealing two new critical vulnerabilities discovered in a popular Realtek Wi Fi module by Vdoo’s automated product security platform, including a demonstration of the exploitation.

Contribute to CriticalSecurity/welock development by creating an account on GitHub.

When we were developing the ghidra nodejs module for Ghidra, we realized that it was not always possible to correctly implement V8 (JavaScript engine that is used by Node.js) opcodes in SLEIGH. In such runtime environments as V8 and JVM, a single opcode might…

In this post we will examine a vulnerability in the WebAssembly subsystem of JavaScriptCore, the JavaScript engine used in WebKit and Apple Safari. The issue...

On 13th May 2021, WordPress released WordPress 5.7.2, which was a security release fixing one vulnerability that affected versions 3.7 to 5.7. This vulnerability is a PHP Object Injection vulnerability in PHPMailer (CVE-2020-36326, CVE-2018-19296) that occurs…

Job Opening: Us Courts Penetration Tester at Security Innovation in Seattle .

Learn about password hashing, salting, and key derivation functions in Python.

Introduction

Unexpected “Expected” Behavior

This report will review an intrusion where the threat actor took advantage of a WebLogic remote code execution vulnerability (CVE-2020–14882) to gain initial access to the system before installing a coin miner (XMRig).

At @ConfiantIntel we had some “luck” finding a new malware targeting the new Apple flagship M1 computers. I put “luck” between quotes, as…

Run individual configuration, compliance and security controls or full compliance benchmarks for CIS for Zoom. - GitHub - turbot/steampipe-mod-zoom-compliance: Run individual configuration, complia...

Posted in r/netsec by u/lacraig2 • 16 points and 0 comments

Writeup for a cross-site noscripting bug I found in the AWS Console.

If you are coming back, and just here for the cheatsheet, you can find that here. If it’s your first time, hopefully you’ll read through the whole thing. Note: For my own sanity, I have inten…

One high risk XSS vulnerability was identified within the Froala application.

This is a write-up of the recent trends in credential stuffing attacks that the CUJO AI Labs detected in our honeypots. Find out what password brute-force techniques and tools attackers are using in 2021.