We have outlined some steps for rapid triage of a malicious untrusted Docker container running in our environment.

JFrog Security disclosed 5 vulnerabilities in PJSIP, exposing applications to code execution or denial of service attacks. Learn who is impacted and how to fix >

By Avihay Kain & Efrat Tabibi, Security Research at Guardio.

Posted in r/netsec by u/CyberMasterV • 2 points and 0 comments

Posted in r/netsec by u/mufinnnnnnn • 1 point and 0 comments

Google Cloud Armor provides a rule-based policy framework that can be used by customers of the Google Cloud Platform to mitigate various types of common web application attacks. The Cloud Armor service has a documented limitation of 8 KB as the maximum size…

Sheet1

FREE Cybersecurity & Humanitarian Services for the Ukraine War
Est. 24 Feb 2022
⚠ This is a constant work in progress ⚠,<a href="https://ukrainestrong.tech/">ukrainestrong.tech</a>
Please Twitter DM (<a href="https://twitter.com/chrisculling">@c…

In the context of the ongoing war between Russia and Ukraine, we have reviewed the cyberattacks against the Ukrainian organizations that occurred in A Closer Look at the Russian Actors Targeting Organizations in Ukraine

Authors: Alberto Segura, Malware analystRolf Govers, Malware analyst & Forensic IT Expert NCC Group, as well as many other researchers noticed a rise in Android malware last year, especillay An…

Take a look at hard statistics on what the 10 most popular secure email gateways of 2022 are.

Posted in r/netsec by u/mdulin2 • 2 points and 0 comments

CVE-2022-0492 is the third recent kernel vulnerability that allows malicious containers to escape. We offer root cause analysis and mitigations.

Posted in r/netsec by u/wrongbaud • 1 point and 0 comments

Claroty's Biannual ICS Risk and Vulnerability Report provides an analysis of OT, ICS, and IoT vulnerabilities disclosed in the 2H of 2021.

Posted in r/netsec by u/yesyoucantrip • 1 point and 0 comments

Posted in r/netsec by u/addelindh • 93 points and 6 comments

Despite the fact that it is not a 'real' vulnerability, escaping privileged Docker containers is nevertheless pretty funny. And because there will always be people who will come up with reasons or excuses to run a privileged container (even though you really…

PyShell is new tool made for bug bounty, ethical hacking, penetration testers or red-teamers. This tool helps you to obtain a shell-like interface on a web server to be remotely accessed. Unlike other webshells, the main goal of the tool is to use as little…

As we come to the end of the first quarter of 2022, we want to take some time to look back over our cases from 2021, in aggregate, and look at some of the top tactics, techniques and procedures (TT…

SCodeScanner stands for Source Code scanner where the user can scans the source code for finding the Critical Vulnerabilities. - GitHub - agrawalsmart7/scodescanner: SCodeScanner stands for Source...