Exploiting File Read Vulnerabilities in Gradio to Steal Secrets from Hugging Face Spaces: CVE-2023-51449 and CVE-2023-1561
https://ift.tt/miHq0Nu
Submitted June 14, 2024 at 06:59PM by scopedsecurity
via reddit https://ift.tt/Tf0kFwH
https://ift.tt/miHq0Nu
Submitted June 14, 2024 at 06:59PM by scopedsecurity
via reddit https://ift.tt/Tf0kFwH
Horizon3.ai
Exploiting File Read Vulnerabilities in Gradio to Steal Secrets from Hugging Face Spaces
Exploiting file read vulnerabilities in Gradio to steal secrets from Hugging Face Spaces.
Type Juggling and Dangers of Loose Comparisons
https://ift.tt/PEIwNYW
Submitted June 14, 2024 at 10:46PM by HayMiz
via reddit https://ift.tt/BeELQlc
https://ift.tt/PEIwNYW
Submitted June 14, 2024 at 10:46PM by HayMiz
via reddit https://ift.tt/BeELQlc
haymiz@kali:~/blog$
Type Juggling and Dangers of Loose Comparisons
Exploring how type juggling leverages loose comparisons to breach web application security.
Encrypt/decrypt with SSH keys
https://ift.tt/PA8MDvF
Submitted June 15, 2024 at 05:32PM by yurichev
via reddit https://ift.tt/gxCR3MX
https://ift.tt/PA8MDvF
Submitted June 15, 2024 at 05:32PM by yurichev
via reddit https://ift.tt/gxCR3MX
In-Depth Cyberdefense Guide: Protecting Against Modern Threats
https://ift.tt/zTYRLMe
Submitted June 16, 2024 at 11:44PM by Dependent-Fishing630
via reddit https://ift.tt/mME6K9Q
https://ift.tt/zTYRLMe
Submitted June 16, 2024 at 11:44PM by Dependent-Fishing630
via reddit https://ift.tt/mME6K9Q
Iconv, set the charset to RCE (part 2): Remote code execution on Roundcube (CVE-2024-2961)
https://ift.tt/0JFrHsK
Submitted June 17, 2024 at 01:55PM by cfambionics
via reddit https://ift.tt/MBblDNK
https://ift.tt/0JFrHsK
Submitted June 17, 2024 at 01:55PM by cfambionics
via reddit https://ift.tt/MBblDNK
Ambionics
Iconv, set the charset to RCE: Exploiting the glibc to hack the PHP engine (part 2)
In this blog post, we will explore a new way of exploiting the vulnerability on PHP, using direct calls to iconv(), and illustrate the vulnerability by targeting Roundcube, a popular PHP webmail.
Evaluating Security of banking apps against mobile theft: a Monzo case study
https://ift.tt/duU8J7f
Submitted June 17, 2024 at 03:23PM by adrian_rt
via reddit https://ift.tt/jiwVep3
https://ift.tt/duU8J7f
Submitted June 17, 2024 at 03:23PM by adrian_rt
via reddit https://ift.tt/jiwVep3
Cyber Security Services - London
The Best Security Features for Securing Phone and Banking Apps
Discover the risks of mobile phone theft and how to secure your device. Learn about the attack scenario targeting the Monzo banking app.
Abusing noscript reporting and tmux integration in iTerm2 for code execution (CVE-2024-38396)
https://ift.tt/TKV2uDP
Submitted June 17, 2024 at 03:02PM by nex25519
via reddit https://ift.tt/TQu0fzP
https://ift.tt/TKV2uDP
Submitted June 17, 2024 at 03:02PM by nex25519
via reddit https://ift.tt/TQu0fzP
Vin01’s Blog
Abusing noscript reporting and tmux integration in iTerm2 for code execution
Regression turned into RCE
ScriptBlock Smuggling: Spoofing PowerShell Security Logs and Bypassing AMSI Without Reflection or Patching
https://ift.tt/7QET4K0
Submitted June 17, 2024 at 06:31PM by Hubble_BC_Security
via reddit https://ift.tt/GF26Hzd
https://ift.tt/7QET4K0
Submitted June 17, 2024 at 06:31PM by Hubble_BC_Security
via reddit https://ift.tt/GF26Hzd
Bypassing Okta’s Passwordless MFA: Technical Analysis and Detection
https://ift.tt/FMvi3kI
Submitted June 17, 2024 at 05:52PM by Or1rez
via reddit https://ift.tt/dsIq6CX
https://ift.tt/FMvi3kI
Submitted June 17, 2024 at 05:52PM by Or1rez
via reddit https://ift.tt/dsIq6CX
DERO cryptojacking takes a new shape
https://ift.tt/46Aitsp
Submitted June 16, 2024 at 03:19AM by apalasec
via reddit https://ift.tt/SuO6JjN
https://ift.tt/46Aitsp
Submitted June 16, 2024 at 03:19AM by apalasec
via reddit https://ift.tt/SuO6JjN
wiz.io
DERO cryptojacking adopts new techniques to evade detection | Wiz Blog
Wiz research shares how threat actors behind the 2023 DERO cryptojacking campaign have adapted their techniques, and how to mitigate your risk.
Microsoft Windows Endpoint Forensics Readiness Booster
https://ift.tt/7cbNLGH
Submitted June 17, 2024 at 06:55PM by GelosSnake
via reddit https://ift.tt/Nry1AUw
https://ift.tt/7cbNLGH
Submitted June 17, 2024 at 06:55PM by GelosSnake
via reddit https://ift.tt/Nry1AUw
profero.io
Microsoft Windows Endpoint Forensics Readiness Booster
Enhance Windows forensics with our guide. Configure built-in logs for better incident response and breach detection using built-in tools, no extra software need
Exfiltrate WhatsApp chat, or internal data of any Android app, running on Android 12 or 13 by exploiting CVE-2024-0044 vulnerability
https://ift.tt/azyc1OH
Submitted June 17, 2024 at 10:02PM by barakadua131
via reddit https://ift.tt/CtyZSbg
https://ift.tt/azyc1OH
Submitted June 17, 2024 at 10:02PM by barakadua131
via reddit https://ift.tt/CtyZSbg
Mobile Hacker
Exfiltrate sensitive user data from apps on Android 12 and 13 using CVE-2024-0044 vulnerability Mobile Hacker
With physical access to Android device with enabled ADB debugging running Android 12 or 13 before receiving March 2024 security patch, it is possible to access internal data of any user installed app by misusing CVE-2024-0044 vulnerability. Internal data…
School question.
https://ift.tt/Fnicmae
Submitted June 18, 2024 at 05:19AM by Horror_Command8068
via reddit https://ift.tt/SHXsmpf
https://ift.tt/Fnicmae
Submitted June 18, 2024 at 05:19AM by Horror_Command8068
via reddit https://ift.tt/SHXsmpf
Mobile OAuth Attacks - iOS URL Scheme Hijacking Revamped
https://ift.tt/GjCWwRA
Submitted June 19, 2024 at 12:38AM by techdash
via reddit https://ift.tt/UXbVxLv
https://ift.tt/GjCWwRA
Submitted June 19, 2024 at 12:38AM by techdash
via reddit https://ift.tt/UXbVxLv
Evan Connelly
Mobile OAuth Attacks - iOS URL Scheme Hijacking Revamped
Summary
We (Julien Ahrens @MrTuxracer and myself @Evan_Connelly) identified nearly 30 popular apps, as well as a feature within iOS itself, vulnerable to an attack in which any installed iOS app from the Apple App Store could perform an account takeover of…
We (Julien Ahrens @MrTuxracer and myself @Evan_Connelly) identified nearly 30 popular apps, as well as a feature within iOS itself, vulnerable to an attack in which any installed iOS app from the Apple App Store could perform an account takeover of…
Physical security management help
https://ift.tt/mGFh91L
Submitted June 19, 2024 at 12:31AM by discreetdawg8991
via reddit https://ift.tt/utNTro4
https://ift.tt/mGFh91L
Submitted June 19, 2024 at 12:31AM by discreetdawg8991
via reddit https://ift.tt/utNTro4
Everbridge
What is PSIM? Guide to what PSIM means and its benefits
PSIM software integrates security apps, automates workflows, and unifies device control for a seamless user experience.
Active Directory Methodology in Pentesting: A Comprehensive Guide
https://ift.tt/dtSiaFX
Submitted June 19, 2024 at 01:41PM by Justin_coco
via reddit https://ift.tt/F0Hd7hf
https://ift.tt/dtSiaFX
Submitted June 19, 2024 at 01:41PM by Justin_coco
via reddit https://ift.tt/F0Hd7hf
Medium
Active Directory Methodology in Pentesting: A Comprehensive Guide
In today’s digital landscape, Active Directory (AD) serves as the backbone for managing network resources in most enterprise environments…
Extending Burp Suite for fun and profit - The Montoya way - Part 5
https://ift.tt/r7w68p9
Submitted June 19, 2024 at 05:28PM by 0xdea
via reddit https://ift.tt/5EuY3i0
https://ift.tt/r7w68p9
Submitted June 19, 2024 at 05:28PM by 0xdea
via reddit https://ift.tt/5EuY3i0
HN Security
Extending Burp Suite for fun and profit - The Montoya way - Part 5 - HN Security
Setting up the environment + Hello World Inspecting and tampering HTTP requests and responses Inspecting and tampering WebSocket messages Creating […]
A Case Study About Exploiting the Flexibility of Email Addresses For OS Command Injection
https://ift.tt/P8bMXsi
Submitted June 20, 2024 at 01:33PM by parzel
via reddit https://ift.tt/2WYOhxF
https://ift.tt/P8bMXsi
Submitted June 20, 2024 at 01:33PM by parzel
via reddit https://ift.tt/2WYOhxF
Threat modeling an IdP compromise, and hardening (Teleport specific). Full tech paper.
https://ift.tt/mu3c8hk
Submitted June 21, 2024 at 01:58PM by nibblesec
via reddit https://ift.tt/jmn530D
https://ift.tt/mu3c8hk
Submitted June 21, 2024 at 01:58PM by nibblesec
via reddit https://ift.tt/jmn530D
Analysis of CVE-2024-25065: Apache OFBiz Security bypass
https://ift.tt/k1eKZHn
Submitted June 21, 2024 at 05:14PM by SL7reach
via reddit https://ift.tt/xwaWDpL
https://ift.tt/k1eKZHn
Submitted June 21, 2024 at 05:14PM by SL7reach
via reddit https://ift.tt/xwaWDpL
SecureLayer7 - Offensive Security, API Scanner & Attack Surface Management
Analysis of CVE-2024-25065: Apache OFBiz Security bypass
Introduction CVE-2024-25065 is a vulnerability that exists in Apache OFBiz before version 18.12.12. It is a path traversal vulnerability that allows authentication bypass through the contextPath...
Reverse Engineering and Exploiting Augentix System on Chip Unicorn Binary
https://ift.tt/PEKnOCs
Submitted June 22, 2024 at 03:56AM by somersetrecon
via reddit https://ift.tt/vdXrQ3A
https://ift.tt/PEKnOCs
Submitted June 22, 2024 at 03:56AM by somersetrecon
via reddit https://ift.tt/vdXrQ3A
Somerset Recon
Reverse Engineering The Unicorn — Somerset Recon
While reversing a device, we stumbled across an interesting binary named unicorn . The binary appeared to be a developer utility potentially related to the Augentix SoC SDK. The unicorn binary is only executed when the device is set to developer mode. Fortunately…