In this entry we look into how Log4j vulnerabilities affect devices or properties embedded in or used for connected cars, specifically chargers, in-vehicle infotainment systems, and digital remotes for opening cars.

A Log4j PoC written in PowerShell. Contribute to aalex954/Log4PowerShell development by creating an account on GitHub.

A new malicious campaign was discovered by security researchers that disguises malicious code as legitimate exe files. The researchers have figured out that there is a payload that is considered a novel threat and being distributed to Windows systems with…

In this post, we look back on the 2021 cloud security data breaches and vulnerabilities in AWS, and showcase best practices to avoid them.

Money-free make your home more secure just using your pc

Web interface vs mobile app router management, which is better? Find the answers here and tricks to get the former work fully in Linksys Wi-Fi 6/E routers.

A Watering Hole attack is an attack method in which the attacker seeks to compromise a specific group of end-users by infecting websites.

Live streaming from the Remote Chaos Experience

Earlier this year, Check Point Research published the story of “Jian” — an exploit used by Chinese threat actor APT31 which was “heavily inspired by” an almost-identical exploit used by the Equation Group, made publicly known by the Shadow Brokers leak. The…

Unintended hxp CTF solution leading to wildcard exploit for PHP LFI with Nginx

Encoding tools is a graphical utility for performing common encoding, decoding, and hashing procedures on text or binary data.

Posted in r/netsec by u/DavidBuchanan • 17 points and 0 comments

New method to exploit PHP local file inclusion (LFI) vulnerabilities with Nginx assistance.

Falco with plugin support is aiming to become the standard way to secure your infrastructure, the cloud one, and even the physical one.

I recently came across a really fascinating video - https://www.youtube.com/watch?v=tYFLze9VwB0 where they make use of a micro laser projector to generate a speckle pattern on a surface and then photograph it with a DSLR. They then simply touch a surface…

Posted in r/netsec by u/m_rothe • 1 point and 0 comments

Posted in r/netsec by u/Maijin • 12 points and 1 comment

CVE® is a list of records — each containing an identification number, a denoscription, and at least one public reference — for publicly known cybersecurity vulnerabilities. The mission of the CVE Program is to identify, define, and catalog publicly disclosed…

Insights on first few hours of Log4Shell zero-day, creating and sharing PoC with the community.

Japanese companies are being targeted by a novel malware called Flagpro developed by BlackTech cyber-espionage APT group.