A Novel DoS Vulnerability affecting WebRTC Media Servers
https://ift.tt/3KVJrFW
Submitted June 26, 2024 at 11:14AM by EnableSecurity
via reddit https://ift.tt/7jZoHT0
https://ift.tt/3KVJrFW
Submitted June 26, 2024 at 11:14AM by EnableSecurity
via reddit https://ift.tt/7jZoHT0
Enablesecurity
A Novel DoS Vulnerability affecting WebRTC Media Servers
This blog post details an application denial-of-service (DoS) vulnerability in WebRTC media servers handling DTLS-SRTP. Exploitation, detection and mitigation.
Why nested deserialization is harmful: Magento XXE (CVE-2024-34102)
https://ift.tt/rJguqEk
Submitted June 26, 2024 at 04:07PM by Mempodipper
via reddit https://ift.tt/SOB3Rpu
https://ift.tt/rJguqEk
Submitted June 26, 2024 at 04:07PM by Mempodipper
via reddit https://ift.tt/SOB3Rpu
www.assetnote.io
Why nested deserialization is harmful: Magento XXE (CVE-2024-34102)
A critical, pre-authentication XML entity injection issue in Magento / Adobe Commerce (CVE-2024-34102), which Adobe rated as CVSS 9.8.
Learn how unsafe deserialization vulnerabilities work in Ruby projects (+ working gadget chains)
https://ift.tt/fIJY25x
Submitted June 26, 2024 at 06:32PM by ulldma
via reddit https://ift.tt/3dVYgKy
https://ift.tt/fIJY25x
Submitted June 26, 2024 at 06:32PM by ulldma
via reddit https://ift.tt/3dVYgKy
The GitHub Blog
Execute commands by sending JSON? Learn how unsafe deserialization vulnerabilities work in Ruby projects
Can an attacker execute arbitrary commands on a remote server just by sending JSON? Yes, if the running code contains unsafe deserialization vulnerabilities. But how is that possible? In this blog post, we’ll describe how unsafe deserialization vulnerabilities…
Clone and emulate RFID access card in a second using proxmark3 in standalone mode
https://ift.tt/hdT9rMk
Submitted June 26, 2024 at 06:23PM by barakadua131
via reddit https://ift.tt/LPId2UG
https://ift.tt/hdT9rMk
Submitted June 26, 2024 at 06:23PM by barakadua131
via reddit https://ift.tt/LPId2UG
Mobile Hacker
RFID Hacking with Proxmark3: Cloning, Emulating, and Standalone Mode
Access cards – those little plastic rectangles that grant us entry to buildings, parking lots, and secure areas. But what if I told you that these cards can be cloned, and even emulated? Enter the Proxmark3, a powerful tool that opens doors (literally) to…
Phantom Secrets: Undetected Secrets Expose Major Corporations
https://ift.tt/B2T7hyz
Submitted June 26, 2024 at 06:50PM by Pale_Fly_2673
via reddit https://ift.tt/3EMLgl6
https://ift.tt/B2T7hyz
Submitted June 26, 2024 at 06:50PM by Pale_Fly_2673
via reddit https://ift.tt/3EMLgl6
Aqua
Phantom Secrets: Undetected Secrets Expose Major Corporations
Our research discovers that almost 18% of secrets might be overlooked and some cannot be discovered by current scanning tools.
Fuzzing noscripting languages' interpreters' native functions using AFL++ to find memory corruption and more
https://ift.tt/0BQ4TgO
Submitted June 27, 2024 at 04:21PM by MegaManSec2
via reddit https://ift.tt/7S43acH
https://ift.tt/0BQ4TgO
Submitted June 27, 2024 at 04:21PM by MegaManSec2
via reddit https://ift.tt/7S43acH
Joshua.Hu Joshua Rogers’ Scribbles
Fuzzing noscripting languages’ interpreters’ native functions using AFL++ to find memory corruption and more
Fuzzing applications needs no introduction, and I have written about some interesting problems related to fuzzing in the past [0][1][2][3]. At scale, fuzzing has traditionally focused on compiled binaries and detecting crashes and other memory corruption…
Sustaining Digital Certificate Security - Entrust Certificate Distrust
https://ift.tt/8bZSfOc
Submitted June 28, 2024 at 01:12AM by SlyFuu
via reddit https://ift.tt/AeqmF1Y
https://ift.tt/8bZSfOc
Submitted June 28, 2024 at 01:12AM by SlyFuu
via reddit https://ift.tt/AeqmF1Y
Google Online Security Blog
Sustaining Digital Certificate Security - Entrust Certificate Distrust
Posted by Chrome Root Program, Chrome Security Team Update (09/10/2024): In support of more closely aligning Chrome’s planned compliance ...
17 vulnerabilities in Sharp Multi-Function Printers
https://ift.tt/2cyz8AT
Submitted June 28, 2024 at 02:02AM by PierreKimSec
via reddit https://ift.tt/miTYPIo
https://ift.tt/2cyz8AT
Submitted June 28, 2024 at 02:02AM by PierreKimSec
via reddit https://ift.tt/miTYPIo
South Korean telecom company attacks customers with malware — over 600,000 torrent users report missing files, strange folders, and disabled PCs
https://ift.tt/tR0Amfh
Submitted June 28, 2024 at 02:59AM by Jacko10101010101
via reddit https://ift.tt/0nrgde8
https://ift.tt/tR0Amfh
Submitted June 28, 2024 at 02:59AM by Jacko10101010101
via reddit https://ift.tt/0nrgde8
Tom's Hardware
South Korean telecom company attacks customers with malware — over 600,000 torrent users report missing files, strange folders…
ISP sends malware to hundreds of thousands of customers to stop them from using a file-sharing service.
Understanding Protected Management Frames - Part 2
https://ift.tt/Ricg4lk
Submitted June 28, 2024 at 01:27PM by thexerocouk
via reddit https://ift.tt/pFmI0Ry
https://ift.tt/Ricg4lk
Submitted June 28, 2024 at 01:27PM by thexerocouk
via reddit https://ift.tt/pFmI0Ry
Seeking Feedback on a New Security Tool - Secunetcon
https://ift.tt/4BXCSvy
Submitted June 29, 2024 at 07:57PM by juliusthejules
via reddit https://ift.tt/Xdwng6l
https://ift.tt/4BXCSvy
Submitted June 29, 2024 at 07:57PM by juliusthejules
via reddit https://ift.tt/Xdwng6l
Bytecode Breakdown: Unraveling Factorio's Lua Security Flaws
https://ift.tt/8vMmkID
Submitted June 29, 2024 at 09:59PM by Beginning_Ad_1705
via reddit https://ift.tt/0Zgzcjs
https://ift.tt/8vMmkID
Submitted June 29, 2024 at 09:59PM by Beginning_Ad_1705
via reddit https://ift.tt/0Zgzcjs
memorycorruption.net
Bytecode Breakdown: Unraveling Factorio's Lua Security Flaws
Dynamic languages are safe from memory corruptions bugs, right?
Postviewer V3 - Racing All The Way To Glory (Google CTF)
https://ift.tt/Is7dhbM
Submitted July 01, 2024 at 02:22AM by Caustic66
via reddit https://ift.tt/xVCOWzX
https://ift.tt/Is7dhbM
Submitted July 01, 2024 at 02:22AM by Caustic66
via reddit https://ift.tt/xVCOWzX
Eyald
Postviewer V3 - Racing All The Way To Glory - Eyal D.
CVE-2024-27292: docAssembling exploits for RCE
https://ift.tt/Xp2Qkgz
Submitted July 01, 2024 at 12:50PM by _pimps
via reddit https://ift.tt/MXrhvOW
https://ift.tt/Xp2Qkgz
Submitted July 01, 2024 at 12:50PM by _pimps
via reddit https://ift.tt/MXrhvOW
Tanto Security
CVE-2024-27292: docAssembling exploits for RCE
Chaining vulnerabilities to execute code in Docassemble
regreSSHion: RCE in OpenSSH's server, on glibc-based Linux systems(CVE-2024-6387)
https://ift.tt/CvFV02o
Submitted July 01, 2024 at 02:33PM by poltess0
via reddit https://ift.tt/8mkENQZ
https://ift.tt/CvFV02o
Submitted July 01, 2024 at 02:33PM by poltess0
via reddit https://ift.tt/8mkENQZ
LaZagne: Open-source password recovery tool
https://ift.tt/pyIGSXf
Submitted July 01, 2024 at 05:33PM by Justin_coco
via reddit https://ift.tt/g9Q4oi1
https://ift.tt/pyIGSXf
Submitted July 01, 2024 at 05:33PM by Justin_coco
via reddit https://ift.tt/g9Q4oi1
Medium
LaZagne: Uncovering Passwords Like a Pro
In the realm of cybersecurity, the ability to recover passwords can be both a powerful tool and a significant threat. LaZagne, an…
regreSSHion: RCE Vulnerability in OpenSSH (CVE-2024-6387)
https://ift.tt/zvZ7ODI
Submitted July 02, 2024 at 10:14AM by oshratn
via reddit https://ift.tt/q9rOy4V
https://ift.tt/zvZ7ODI
Submitted July 02, 2024 at 10:14AM by oshratn
via reddit https://ift.tt/q9rOy4V
ARMO
regreSSHion: RCE Vulnerability in OpenSSH (CVE-2024-6387)
Learn about regreSSHion, the high severity RCE vulnerability (CVE-2024-6387) in OpenSSH, its impact, and protection measures
Evolution of Wi-Fi Security - From WEP to WPA3
https://ift.tt/N2iJR7g
Submitted July 02, 2024 at 12:58PM by thexerocouk
via reddit https://ift.tt/QdmKkgw
https://ift.tt/N2iJR7g
Submitted July 02, 2024 at 12:58PM by thexerocouk
via reddit https://ift.tt/QdmKkgw
BlueToolkit - automated and portable Bluetooth vulnerability testing framework against 43 exploits
https://ift.tt/IvnSNiC
Submitted July 02, 2024 at 02:30PM by barakadua131
via reddit https://ift.tt/1FoQpw3
https://ift.tt/IvnSNiC
Submitted July 02, 2024 at 02:30PM by barakadua131
via reddit https://ift.tt/1FoQpw3
Mobile Hacker
Uncover Bluetooth Vulnerabilities with BlueToolkit
BlueToolkit is designed to uncover both new and old vulnerabilities in Bluetooth-enabled devices. This makes it a capable tool for vulnerability research, penetration testing, and Bluetooth hacking
Race Conditions Found in Open-source IAM Solution Keycloak
https://ift.tt/4IZvtYj
Submitted July 02, 2024 at 06:44PM by jat0369
via reddit https://ift.tt/FZn6HMD
https://ift.tt/4IZvtYj
Submitted July 02, 2024 at 06:44PM by jat0369
via reddit https://ift.tt/FZn6HMD
Cyberark
You Can’t Always Win Racing the (Key)cloak
Web Race Conditions – Success and Failure – a Keycloak Case Study In today’s connected world, many organizations’ “keys to the kingdom” are held in identity and access management (IAM) solutions;...
Kirin: Hitting the Internet with Distributed BGP Announcements
https://ift.tt/FEIDX8n
Submitted July 02, 2024 at 11:05PM by 0x414141
via reddit https://ift.tt/3cpPWSg
https://ift.tt/FEIDX8n
Submitted July 02, 2024 at 11:05PM by 0x414141
via reddit https://ift.tt/3cpPWSg