Hacking Kerio Control via CVE-2024-52875: from CRLF Injection to 1-click RCE
https://ift.tt/bQ7aKcV
Submitted December 16, 2024 at 09:34PM by eg1x
via reddit https://ift.tt/zX2ipG3
https://ift.tt/bQ7aKcV
Submitted December 16, 2024 at 09:34PM by eg1x
via reddit https://ift.tt/zX2ipG3
Karmainsecurity
Hacking Kerio Control via CVE-2024-52875: from CRLF Injection to 1-click RCE | Karma(In)Security
This is the personal website of Egidio Romano, a very curious guy from Sicily, Italy. He's a computer security enthusiast, particularly addicted to webapp security.
Unsafe Archive Unpacking: Labs and Semgrep Rules
https://ift.tt/rdYgBk2
Submitted December 17, 2024 at 01:52AM by nibblesec
via reddit https://ift.tt/RPvx01S
https://ift.tt/rdYgBk2
Submitted December 17, 2024 at 01:52AM by nibblesec
via reddit https://ift.tt/RPvx01S
The Full Story of CVE-2024-6386: Remote Code Execution in WPML
https://ift.tt/OVe1Nnj
Submitted December 17, 2024 at 01:21PM by jonas02
via reddit https://ift.tt/FAbZ1l4
https://ift.tt/OVe1Nnj
Submitted December 17, 2024 at 01:21PM by jonas02
via reddit https://ift.tt/FAbZ1l4
WPSec
The Full Story of CVE-2024-6386: Remote Code Execution in WPML - WPSec
The WordPress Multilingual Plugin (WPML), with over 1,000,000 active installations, was vulnerable to Remote Code Execution (RCE) via a Server-Side Template Injection (SSTI) vulnerability in the Twig template engine. WPML is a premium plugin that provides…
LLM for ABAP Code Scanner
https://ift.tt/ncHrpmE
Submitted December 17, 2024 at 01:47PM by vah_13
via reddit https://ift.tt/ApCta92
https://ift.tt/ncHrpmE
Submitted December 17, 2024 at 01:47PM by vah_13
via reddit https://ift.tt/ApCta92
owasp.org
RedRays ABAP Code Scanner | OWASP Foundation
A Python tool for scanning offline SAP ABAP source code to detect security vulnerabilities
Attackers Exploit Microsoft Teams and AnyDesk to Deploy DarkGate Malware
https://ift.tt/MZ8R0f1
Submitted December 18, 2024 at 04:13AM by Glad_Ad534
via reddit https://ift.tt/jDsKR9b
https://ift.tt/MZ8R0f1
Submitted December 18, 2024 at 04:13AM by Glad_Ad534
via reddit https://ift.tt/jDsKR9b
Authentication Bypass Vulnerability in Philips IntelliSpace Cardiovascular
https://ift.tt/OUtD0QH
Submitted December 18, 2024 at 08:37AM by panicnot42
via reddit https://ift.tt/rCPZtlD
https://ift.tt/OUtD0QH
Submitted December 18, 2024 at 08:37AM by panicnot42
via reddit https://ift.tt/rCPZtlD
Understanding Logits And Their Possible Impacts On Large Language Model Output Safety
https://ift.tt/qs59VTv
Submitted December 19, 2024 at 01:24AM by 0xRaindrop
via reddit https://ift.tt/t9GvjlI
https://ift.tt/qs59VTv
Submitted December 19, 2024 at 01:24AM by 0xRaindrop
via reddit https://ift.tt/t9GvjlI
HubPhish Exploits HubSpot Tools to Target 20,000 European Users for Credential Theft
https://ift.tt/1U5XDyF
Submitted December 19, 2024 at 02:36AM by Glad_Ad534
via reddit https://ift.tt/DIbXK61
https://ift.tt/1U5XDyF
Submitted December 19, 2024 at 02:36AM by Glad_Ad534
via reddit https://ift.tt/DIbXK61
APT29 Hackers Target High-Value Victims Using Rogue RDP Servers and PyRDP
https://ift.tt/q1pL3se
Submitted December 19, 2024 at 03:30AM by Glad_Ad534
via reddit https://ift.tt/7Ifsodn
https://ift.tt/q1pL3se
Submitted December 19, 2024 at 03:30AM by Glad_Ad534
via reddit https://ift.tt/7Ifsodn
How an obscure PHP footgun led to RCE in Craft CMS
https://ift.tt/H1R64CV
Submitted December 19, 2024 at 07:53AM by Mempodipper
via reddit https://ift.tt/PwATV6t
https://ift.tt/H1R64CV
Submitted December 19, 2024 at 07:53AM by Mempodipper
via reddit https://ift.tt/PwATV6t
www.assetnote.io
How an obscure PHP footgun led to RCE in Craft CMS
Craft CMS is one of the most popular PHP-based CMSes globally, boasting over 150,000 sites worldwide. This blog post details a pre-authentication RCE vulnerability affecting Craft CMS versions below 4.13.1 and 5.5.1.
Exploiting reflected input via the Range header
https://ift.tt/fTMAu97
Submitted December 19, 2024 at 03:12PM by 6W99ocQnb8Zy17
via reddit https://ift.tt/zW3hJxN
https://ift.tt/fTMAu97
Submitted December 19, 2024 at 03:12PM by 6W99ocQnb8Zy17
via reddit https://ift.tt/zW3hJxN
attackshipsonfi.re
Exploiting Reflected Input Via the Range Header
TL;DR Reflected input is often unexploitable because the attack ends up in a place which stops it working, such as inside a quoted attribute.
I'm Lovin' It: Exploiting McDonald's APIs to hijack deliveries and order food for a penny
https://ift.tt/ncFhMLJ
Submitted December 19, 2024 at 06:42PM by EatonZ
via reddit https://ift.tt/BdJjEUC
https://ift.tt/ncFhMLJ
Submitted December 19, 2024 at 06:42PM by EatonZ
via reddit https://ift.tt/BdJjEUC
Eaton-Works
I’m Lovin’ It: Exploiting McDonald’s APIs to hijack deliveries and order food for a penny
A series of API flaws in McDelivery India made it possible to order food for a penny, hijack other people’s delivery orders, view user information, and more.
New Windows Privilege Escalation Vulnerability!
https://ift.tt/Mv8Xho7
Submitted December 19, 2024 at 10:02PM by SSDisclosure
via reddit https://ift.tt/K0PA2W3
https://ift.tt/Mv8Xho7
Submitted December 19, 2024 at 10:02PM by SSDisclosure
via reddit https://ift.tt/K0PA2W3
SSD Secure Disclosure
SSD Advisory - cldflt Heap-based Overflow (PE) - SSD Secure Disclosure
Summary A vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. To exploit this vulnerability, an attacker must first obtain the ability to execute low-privileged code on the target system. The specific…
CISA Mandates Cloud Security for Federal Agencies by 2025 Under Binding Directive 25-01
https://ift.tt/z0HhKk1
Submitted December 20, 2024 at 03:19AM by Glad_Ad534
via reddit https://ift.tt/Vc0Y87n
https://ift.tt/z0HhKk1
Submitted December 20, 2024 at 03:19AM by Glad_Ad534
via reddit https://ift.tt/Vc0Y87n
techacademy.online
CISA Mandates Cloud Security for Federal Agencies by 2025 Under Binding Directive 25-01
CISA's new directive mandates federal agencies secure cloud environments by 2025, introducing SCuBA tools for monitoring and reducing cyberattack surf
Fortinet Warns of Critical FortiWLM Flaw That Could Lead to Admin Access Exploits
https://ift.tt/kgKLXiC
Submitted December 20, 2024 at 02:58AM by Glad_Ad534
via reddit https://ift.tt/5YOurn7
https://ift.tt/kgKLXiC
Submitted December 20, 2024 at 02:58AM by Glad_Ad534
via reddit https://ift.tt/5YOurn7
techacademy.online
Fortinet Warns of Critical FortiWLM Flaw That Could Lead to Admin Access Exploits
Fortinet patches critical flaws in FortiWLM and FortiManager. CVE-2023-34990 risks sensitive data, while CVE-2024-48889 enables command injection.
CVE-2024-44825 - Invesalius Arbitrary File Write and Directory Traversal
https://ift.tt/71fMsRc
Submitted December 20, 2024 at 03:17PM by AlbatrossMaximum4489
via reddit https://ift.tt/Qu7Hfxa
https://ift.tt/71fMsRc
Submitted December 20, 2024 at 03:17PM by AlbatrossMaximum4489
via reddit https://ift.tt/Qu7Hfxa
🌟 TOP 5 AI and Security Predictions for 2025
https://ift.tt/P2lb4Vt
Submitted December 20, 2024 at 10:33PM by mymalema
via reddit https://ift.tt/rsOwnQh
https://ift.tt/P2lb4Vt
Submitted December 20, 2024 at 10:33PM by mymalema
via reddit https://ift.tt/rsOwnQh
Medium
🚀 TOP 5 AI and Cybersecurity Predictions for 2025
Join the AI Security group at https://www.linkedin.com/groups/14545517 for more similar content.
Another JWT Algorithm Confusion Vulnerability: CVE-2024-54150
https://ift.tt/5IxoX7T
Submitted December 21, 2024 at 01:21PM by ffyns
via reddit https://ift.tt/qcd0Xv1
https://ift.tt/5IxoX7T
Submitted December 21, 2024 at 01:21PM by ffyns
via reddit https://ift.tt/qcd0Xv1
Pentesterlab
Another JWT Algorithm Confusion Vulnerability: CVE-2024-54150
Discover how a code review uncovered a JWT algorithm confusion vulnerability (CVE-2024-54150). Learn key insights to enhance your security skills and spot vulnerabilities effectively.
Security Implications of Catastrophic AI Risks
https://ift.tt/vpcouxw
Submitted December 22, 2024 at 03:34AM by mymalema
via reddit https://ift.tt/VTpwfxu
https://ift.tt/vpcouxw
Submitted December 22, 2024 at 03:34AM by mymalema
via reddit https://ift.tt/VTpwfxu
Medium
🔍 Cybersecurity Implications of Catastrophic AI Risks
The paper “An Overview of Catastrophic AI Risks” by the Center for AI Safety delves into how advanced AI systems introduce critical cybersecurity challenges. (Join the AI Security group at…
Incident Response for Generative AI Workloads: A Structured Approach by AWS
https://ift.tt/Ie6QVCk
Submitted December 22, 2024 at 08:35AM by mymalema
via reddit https://ift.tt/ST4Z6px
https://ift.tt/Ie6QVCk
Submitted December 22, 2024 at 08:35AM by mymalema
via reddit https://ift.tt/ST4Z6px
Medium
🔐 Incident Response for Generative AI Workloads: A Structured Approach by AWS
Amazon Web Services (AWS) outlines a structured approach for incident response in Generative AI workloads, emphasizing both response…
Modular Linux Backdoor IOCONTROL Hits OT, SCADA, IoT
https://ift.tt/DBxFq8y
Submitted December 23, 2024 at 07:52PM by derp6996
via reddit https://ift.tt/0VqvI8h
https://ift.tt/DBxFq8y
Submitted December 23, 2024 at 07:52PM by derp6996
via reddit https://ift.tt/0VqvI8h
Claroty
Inside a New OT/IoT Cyberweapon: IOCONTROL
Team82 has researched a malware sample called IOCONTROL linked to an Iran-based attack group used to target IoT and OT civilian infrastructure in the U.S. and Israel.