Posted in r/netsec by u/ma-ni • 485 points and 25 comments

Background Embedded devices with limited memory and storage resources are likely to leverage a tool such as BusyBox, which is marketed as the Swiss Army Knife of embedded Linux. BusyBox is a software suite of many useful Unix utilities, known as applets,…

The Mosque-Cathedral of Córdoba is a chronicle of

Cutting-edge cyber security research from NCC Group. Find public reports, technical advisories, analyses, & other novel insights from our global experts.

Modern web applications typically rely on chains of multiple servers, which forward HTTP requests to one another. The attack surface created by this forwarding is increasingly receiving more attention, including the recent popularisation of cache poisoning...

FullHunt is releasing a public API to find all attack surfaces, exposed services, DNS records, subdomains, and public assets for FREE!FullHunt API ReleaseAft...

Advisory for CVE-2021-41765, a critical SQL injection vulnerability leading to remote code execution, by the Horizon3.ai red team.

November 2021 release of PcapPlusPlus (v21.11)
This package contains

Binaries compiled for Ubuntu 20.04 LTS, 18.04 LTS,16.04 LTS
Binaries compiled for CentOS 7
Binaries compiled for Fedora 34
Bina...

This is the full story of the Azure ChaosDB Vulnerability that was discovered and disclosed by the Wiz Research Team, where we were able to gain complete unrestricted access to the databases of several thousand Microsoft Azure customers. In August 2021, we…

Lookup for interesting stuff in SMB shares. Contribute to oldboy21/SMBSR development by creating an account on GitHub.

On November 10, 2021 Palo Alto Networks (PAN) provided an update that patched CVE-2021-3064 which was discovered and disclosed by Randori.

Threat intel on LinuxFilecoder.Polaris.sample (MD5 c601a9e2b98b8e0146ca4b435bb42a0e)

New World, Amazon’s latest entry into the gaming world, is a plagued by bots that are ruining player experiences.

SharkBot: a new generation of Android Trojans is targeting European banks. It has been discovered by the threat intelligence team of Cleafy: here's the technical analysis.

In this blog, we’ll explore a new way to exploit reentrancy that can be used to evade the behavioral analysis of EDR and legacy antivirus products.

Some time ago Microsoft released a very cool feature that caught our attention. That was a passwordless authentication functionality that provides seamless single sign-on (SSO) to on-premises resources, using security keys such as the famous FIDO2 keys.  …

To protect our users, TAG routinely hunts for 0-day vulnerabilities exploited in-the-wild. In late August 2021, TAG discovered watering hole attacks targeting visitors to Hong Kong websites for a media outlet and a prominent pro-democracy labor and political…

A community for technical news and discussion of information security and closely related topics.