RESEARCH // TLSTORM TLStorm Three critical vulnerabilities discovered in APC Smart-UPS devices can allow attackers to remotely manipulate the power of

DomainProactive helps businesses stay on top of Internet security and best practices.

A new reflection/amplification distributed denial-of-service (DDoS) vector with a record-breaking potential amplification ratio of 4,294,967,296:1 has been abused by attackers in the wild to launch multiple high-impact DDoS attacks

In the course of these two articles, we will share an analysis of some aspects of reversing a low-level binary.

Posted in r/netsec by u/eberkut • 1 point and 0 comments

Core module for Forgiva Enterprise connecting Forgiva Server to Forgiva Webclient. - GitHub - Sceptive/forgiva-integrator: Core module for Forgiva Enterprise connecting Forgiva Server to Forgiva We...

Yarn, Pip, Composer & friends: Learn about 3 types of vulnerabilities we found in popular package managers that can be used by attackers to target developers.

Contribute to Accenture/VulFi development by creating an account on GitHub.

BHI (or Spectre-BHB) is a revival of cross-privilege Spectre-v2 attacks on modern systems deploying in-hardware defenses. And we have a very neat end-to-end exploit leaking arbitrary kernel memory on modern Intel CPUs to prove it

Local privilege escalation flaw in the Linux Kernel was disclosed on Monday, nicknamed “Dirty Pipe” ID CVE-2022-0847.

Based on the CrowdSec data shared by the community, this first edition of the report provides an overview of the main cyber threats identified worldwide.

Posted in r/netsec by u/albinowax • 101 points and 0 comments

------ Update 03/12/2022 Reuters has published new information on this incident, which initially matches the proposed scenario. You can find...

Casper-fs is a Custom Hidden Linux Kernel Module generator. Each module works in the file system to protect and hide secret files. - GitHub - CoolerVoid/casper-fs: Casper-fs is a Custom Hidden Linu...

Multiple vulnerabilities (CVE-2022-26500, CVE-2022-26501) in Veeam Backup & Replication allow executing malicious code remotely without authentication. This may lead to gaining control over the target system.

An automated setup for fuzzing Redis w/ AFL++. Contribute to 0xbigshaq/redis-afl development by creating an account on GitHub.

An automated setup for compiling & fuzzing Apache httpd server - 0xbigshaq/apache-afl

CVE-ID: CVE-2021-34979 ZDI Identifier: ZDI-CAN-13512

FirmWire is a full-system baseband firmware emulation platform for fuzzing, debugging, and root-cause analysis of smartphone baseband firmwares - GitHub - FirmWire/FirmWire: FirmWire is a full-syst...

CVE-2022-0847 or "Dirty Pipe", is a Linux kernel flaw that allows attackers to escalate privileges. We analyze the vulnerability in-depth in this blog.

Posted in r/netsec by u/D4r1 • 208 points and 7 comments