In this blog post we are going to discuss the details of a vulnerability in Windows Remote Desktop Services, which we recently uncovered. We reported the vulnerability to Microsoft in a...

hardwear.io USA 2022 - Hardware Security Conference & Training is seeking innovative research on attacks or mitigation on any hardware. Submit your research paper.

Posted in r/netsec by u/Acrobatic-Pen-9949 • 1 point and 0 comments

In our previous blogpost we have introduced a pre-auth RCE in Moodles Shibboleth plugin. This RCE could be triggered when Moodle was configured to store sessions in individual files which is the default configuration for new installations. However, Moodle…

Two extremely popular JavaScript open source packages, colors.js, and faker.js, were maliciously modified to the point of being unusable.

Chromium Exploits Fail to Gain Traction

ThePhish: an automated phishing email analysis tool - GitHub - emalderson/ThePhish: ThePhish: an automated phishing email analysis tool

Discover how inconsistencies in different libraries parse URLs can be abused by attackers with Team82 and Claroty.

Nmap's XML result parse and NVD's CPE correlation to search CVE. - GitHub - CoolerVoid/Vision2: Nmap's XML result parse and NVD's CPE correlation to search CVE.

Post describing my experiment of finding out how commonly nameservers are misconfigured to allow zone transfers

Learn best practices to build and deploy a security-hardened SSH bastion host based on OpenSSH server.

Orca Security’s vulnerability researcher, Tzah Pahima, discovered a zero day AWS CloudFormation vulnerability, which AWS quickly mitigated within 6 days.

NSO’s Group Pegasus spyware was mentioned multiple times during 2021 in the media. It has been heavily analyzed by organizations such as Amnesty Forensics Analysis of the NSO Group’s Pegasus Spyware

“Are slack webhooks a secret or not?”

Cutting-edge cyber security research from NCC Group. Find public reports, technical advisories, analyses, & other novel insights from our global experts.

PinataHub is the most wide and comprehensive database of publicly leaked secrets from careless developers.

Posted in r/netsec by u/YashitM • 7 points and 2 comments

In this article we discuss a software bug introduced in Safari 15’s implementation of the IndexedDB API that lets any website track your internet activity and even reveal your identity.