There are new available articles, click to refresh the page.

Before yesterday/r/netsec - Information Security News & Discussion

/r/netsec - Information Security News & Discussion
Exploiting ASP.NET TemplateParser — Part I: Sitecore (CVE-2023-35813)
September 26^th 2023 at 11:42

Exploiting ASP.NET TemplateParser — Part I: Sitecore (CVE-2023-35813)

By /u/scopedsecurity

submitted by /u/scopedsecurity
[link] [comments]

Related tags
- ❌
- r/netsec
September 26^th 2023 at 11:42

/r/netsec - Information Security News & Discussion
The De Vinci of DirtyPipe Local Privilege Escalation - CVE-2022-0847 - vsociety
September 26^th 2023 at 09:02

The De Vinci of DirtyPipe Local Privilege Escalation - CVE-2022-0847 - vsociety

By /u/vsociety_

submitted by /u/vsociety_
[link] [comments]

Related tags
- ❌
- r/netsec
September 26^th 2023 at 09:02

/r/netsec - Information Security News & Discussion
CVE-2023-36664: Command injection with Ghostscript PoC + exploit - vsociety
September 26^th 2023 at 08:57

CVE-2023-36664: Command injection with Ghostscript PoC + exploit - vsociety

By /u/vsociety_

submitted by /u/vsociety_
[link] [comments]

Related tags
- ❌
- r/netsec
September 26^th 2023 at 08:57

/r/netsec - Information Security News & Discussion
A tale about a Red Team exercise and the Forcepoint Endpoint One DLP client - vsociety
September 26^th 2023 at 08:43

A tale about a Red Team exercise and the Forcepoint Endpoint One DLP client - vsociety

By /u/vsociety_

submitted by /u/vsociety_
[link] [comments]

Related tags
- ❌
- r/netsec
September 26^th 2023 at 08:43

/r/netsec - Information Security News & Discussion
The bogus CVE problem
September 26^th 2023 at 08:05

The bogus CVE problem

By /u/yqopmin

submitted by /u/yqopmin
[link] [comments]

Related tags
- ❌
- r/netsec
September 26^th 2023 at 08:05

/r/netsec - Information Security News & Discussion
Telegram Search Engine for CTI, Data Breach Discovery and Monitoring and More
September 26^th 2023 at 07:10

Telegram Search Engine for CTI, Data Breach Discovery and Monitoring and More

By /u/ari_ben_am

submitted by /u/ari_ben_am
[link] [comments]

Related tags
- ❌
- r/netsec
September 26^th 2023 at 07:10

/r/netsec - Information Security News & Discussion
DNS Debugging: What you need to know
September 26^th 2023 at 06:41

DNS Debugging: What you need to know

By /u/odd950

submitted by /u/odd950
[link] [comments]

Related tags
- ❌
- r/netsec
September 26^th 2023 at 06:41

/r/netsec - Information Security News & Discussion
GDBleed: Binary instrumentation and hooking framework built on top of GDB for pentesters and IoT security researchers
September 25^th 2023 at 21:52

GDBleed: Binary instrumentation and hooking framework built on top of GDB for pentesters and IoT security researchers

By /u/NoPaleontologist7419

submitted by /u/NoPaleontologist7419
[link] [comments]

Related tags
- ❌
- r/netsec
September 25^th 2023 at 21:52

/r/netsec - Information Security News & Discussion
SocketSleuth: Improving security testing for WebSocket applications | The Snyk blog
September 25^th 2023 at 20:42

SocketSleuth: Improving security testing for WebSocket applications | The Snyk blog

By /u/lirantal

submitted by /u/lirantal
[link] [comments]

Related tags
- ❌
- r/netsec
September 25^th 2023 at 20:42

/r/netsec - Information Security News & Discussion
Analysis of CVE-2023-38831 Zero-Day vulnerability in WinRAR
September 25^th 2023 at 20:03

Analysis of CVE-2023-38831 Zero-Day vulnerability in WinRAR

By /u/SL7reach

submitted by /u/SL7reach
[link] [comments]

Related tags
- ❌
- r/netsec
September 25^th 2023 at 20:03

/r/netsec - Information Security News & Discussion
Over 400K Buckets and 10.4B Files Are Public Due to Cloud Misconfigurations
September 25^th 2023 at 12:47

Over 400K Buckets and 10.4B Files Are Public Due to Cloud Misconfigurations

By /u/ziyahanalbeniz

submitted by /u/ziyahanalbeniz
[link] [comments]

Related tags
- ❌
- r/netsec
September 25^th 2023 at 12:47

/r/netsec - Information Security News & Discussion
From ScreenConnect to Hive Ransomware in 61 hours
September 25^th 2023 at 12:24

From ScreenConnect to Hive Ransomware in 61 hours

By /u/TheDFIRReport

submitted by /u/TheDFIRReport
[link] [comments]

Related tags
- ❌
- r/netsec
September 25^th 2023 at 12:24

/r/netsec - Information Security News & Discussion
[P2O Vancouver 2023] SharePoint Pre-Auth RCE chain (CVE-2023–29357 & CVE-2023–24955)
September 25^th 2023 at 11:50

[P2O Vancouver 2023] SharePoint Pre-Auth RCE chain (CVE-2023–29357 & CVE-2023–24955)

By /u/scopedsecurity

submitted by /u/scopedsecurity
[link] [comments]

Related tags
- ❌
- r/netsec
September 25^th 2023 at 11:50

/r/netsec - Information Security News & Discussion
Insecure URL handler (Electron) in iRacing leading to RCE in the client - bug discovery and exploit
September 25^th 2023 at 10:28

Insecure URL handler (Electron) in iRacing leading to RCE in the client - bug discovery and exploit

By /u/ss2342-

submitted by /u/ss2342-
[link] [comments]

Related tags
- ❌
- r/netsec
September 25^th 2023 at 10:28

/r/netsec - Information Security News & Discussion
A Prime on Client-side JavaScript Instrumentation
September 25^th 2023 at 08:28

A Prime on Client-side JavaScript Instrumentation

By /u/nibblesec

submitted by /u/nibblesec
[link] [comments]

Related tags
- ❌
- r/netsec
September 25^th 2023 at 08:28

/r/netsec - Information Security News & Discussion
Defeating Visual Studio Code embedded reverse shell
September 22^nd 2023 at 19:43

Defeating Visual Studio Code embedded reverse shell

By /u/ipfyx

Here is a blogpost that covers some techniques to block vscode tunnel. Any feedback will be greatly apreciated.

submitted by /u/ipfyx
[link] [comments]

Related tags
- ❌
- r/netsec
September 22^nd 2023 at 19:43

/r/netsec - Information Security News & Discussion
Cryptomining malware detected on a Russian thesaurus with 5 Million+ monthly visits
September 22^nd 2023 at 11:35

Cryptomining malware detected on a Russian thesaurus with 5 Million+ monthly visits

By /u/nareksays

submitted by /u/nareksays
[link] [comments]

Related tags
- ❌
- r/netsec
September 22^nd 2023 at 11:35

/r/netsec - Information Security News & Discussion
Critical DICOM Server Misconfigurations Lead to Exposure of 1.6M Medical Records
September 22^nd 2023 at 10:52

Critical DICOM Server Misconfigurations Lead to Exposure of 1.6M Medical Records

By /u/ziyahanalbeniz

submitted by /u/ziyahanalbeniz
[link] [comments]

Related tags
- ❌
- r/netsec
September 22^nd 2023 at 10:52

/r/netsec - Information Security News & Discussion
The WebP 0day
September 21^st 2023 at 19:33

The WebP 0day

By /u/MegaManSec2

submitted by /u/MegaManSec2
[link] [comments]

Related tags
- ❌
- r/netsec
September 21^st 2023 at 19:33

/r/netsec - Information Security News & Discussion
New ways to inject system CA certificates in Android 14
September 21^st 2023 at 12:35

New ways to inject system CA certificates in Android 14

By /u/pimterry

submitted by /u/pimterry
[link] [comments]

Related tags
- ❌
- r/netsec
September 21^st 2023 at 12:35

/r/netsec - Information Security News & Discussion
HDF5 - Multiple Memory Corruption Vulnerabilities
September 20^th 2023 at 22:44

HDF5 - Multiple Memory Corruption Vulnerabilities

By /u/MysteriousHotel3017

submitted by /u/MysteriousHotel3017
[link] [comments]

Related tags
- ❌
- r/netsec
September 20^th 2023 at 22:44

/r/netsec - Information Security News & Discussion
LUCR-3: Scattered Spider Getting SaaS-y in the Cloud
September 20^th 2023 at 16:23

LUCR-3: Scattered Spider Getting SaaS-y in the Cloud

By /u/permis0

submitted by /u/permis0
[link] [comments]

Related tags
- ❌
- r/netsec
September 20^th 2023 at 16:23

/r/netsec - Information Security News & Discussion
RCE in Tutanota Desktop: How a single email could compromise your machine
September 20^th 2023 at 15:54

RCE in Tutanota Desktop: How a single email could compromise your machine

By /u/SonarPaul

submitted by /u/SonarPaul
[link] [comments]

Related tags
- ❌
- r/netsec
September 20^th 2023 at 15:54

/r/netsec - Information Security News & Discussion
Howtorotate.com - Open Source Guides on Key Rotations from the Most Popular Providers
September 19^th 2023 at 18:57

Howtorotate.com - Open Source Guides on Key Rotations from the Most Popular Providers

By /u/Phorcez

submitted by /u/Phorcez
[link] [comments]

Related tags
- ❌
- r/netsec
September 19^th 2023 at 18:57

/r/netsec - Information Security News & Discussion
Crawlector Version 2.0 has been released. This is a milestone release.
September 19^th 2023 at 13:43

Crawlector Version 2.0 has been released. This is a milestone release.

By /u/MFMokbel

submitted by /u/MFMokbel
[link] [comments]

Related tags
- ❌
- r/netsec
September 19^th 2023 at 13:43

/r/netsec - Information Security News & Discussion
#ShortAndMalicious — DarkGate
September 19^th 2023 at 11:45

#ShortAndMalicious — DarkGate

By /u/OwnPreparation3424

submitted by /u/OwnPreparation3424
[link] [comments]

Related tags
- ❌
- r/netsec
September 19^th 2023 at 11:45

/r/netsec - Information Security News & Discussion
DEF CON 31 Main Stage Talks
September 19^th 2023 at 07:10

DEF CON 31 Main Stage Talks

By /u/albinowax

submitted by /u/albinowax
[link] [comments]

Related tags
- ❌
- r/netsec
September 19^th 2023 at 07:10

/r/netsec - Information Security News & Discussion
Wind River VxWorks tarExtract directory traversal vulnerability (CVE-2023-38346)
September 19^th 2023 at 05:35

Wind River VxWorks tarExtract directory traversal vulnerability (CVE-2023-38346)

By /u/fr0r

submitted by /u/fr0r
[link] [comments]

Related tags
- ❌
- r/netsec
September 19^th 2023 at 05:35

/r/netsec - Information Security News & Discussion
Zero-Knowledge Middleboxes
September 18^th 2023 at 18:42

Zero-Knowledge Middleboxes

By /u/arrowflakes

submitted by /u/arrowflakes
[link] [comments]

Related tags
- ❌
- r/netsec
September 18^th 2023 at 18:42

/r/netsec - Information Security News & Discussion
Fileless Remote Code Execution on Juniper Firewalls
September 18^th 2023 at 15:25

Fileless Remote Code Execution on Juniper Firewalls

By /u/chicksdigthelongrun

submitted by /u/chicksdigthelongrun
[link] [comments]

Related tags
- ❌
- r/netsec
September 18^th 2023 at 15:25

/r/netsec - Information Security News & Discussion
AWS's Hidden Threat: AMBERSQUID Cloud-Native Cryptojacking Operation – Sysdig
September 18^th 2023 at 15:08

AWS's Hidden Threat: AMBERSQUID Cloud-Native Cryptojacking Operation – Sysdig

By /u/Hallow_Rose

submitted by /u/Hallow_Rose
[link] [comments]

Related tags
- ❌
- r/netsec
September 18^th 2023 at 15:08

/r/netsec - Information Security News & Discussion
When MFA isn't actually MFA
September 18^th 2023 at 14:36

When MFA isn't actually MFA

By /u/_vavkamil_

submitted by /u/_vavkamil_
[link] [comments]

Related tags
- ❌
- r/netsec
September 18^th 2023 at 14:36

/r/netsec - Information Security News & Discussion
Risks in Liechtenstein's electronic health files and new vulns in the underlying Liferay portal software (article in German)
September 18^th 2023 at 12:50

Risks in Liechtenstein's electronic health files and new vulns in the underlying Liferay portal software (article in German)

By /u/fr0r

submitted by /u/fr0r
[link] [comments]

Related tags
- ❌
- r/netsec
September 18^th 2023 at 12:50

/r/netsec - Information Security News & Discussion
Fuzzing with multiple servers in parallel: AFL++ with Network File Systems
September 18^th 2023 at 09:59

Fuzzing with multiple servers in parallel: AFL++ with Network File Systems

By /u/MegaManSec2

submitted by /u/MegaManSec2
[link] [comments]

Related tags
- ❌
- r/netsec
September 18^th 2023 at 09:59

A Practical Approach to SBOM in CI/CD. Presenting concept of SBOM, its advantages, popular formats and practical implementations for both Java and Python projects.

By /u/theowni

submitted by /u/theowni
[link] [comments]

Related tags
- ❌
- r/netsec
September 17^th 2023 at 16:57

/r/netsec - Information Security News & Discussion
Account Takeover in Canvas Apps served in Comet due to failure in Cross-Window-Message Origin validation
September 17^th 2023 at 13:49

Account Takeover in Canvas Apps served in Comet due to failure in Cross-Window-Message Origin validation

By /u/yqopmin

submitted by /u/yqopmin
[link] [comments]

Related tags
- ❌
- r/netsec
September 17^th 2023 at 13:49

/r/netsec - Information Security News & Discussion
CVE-2022-32947: macOS GPU-launched kernel privilege escalation exploit (walkthrough slides + demo)
September 17^th 2023 at 10:08

CVE-2022-32947: macOS GPU-launched kernel privilege escalation exploit (walkthrough slides + demo)

By /u/AsahiLina

submitted by /u/AsahiLina
[link] [comments]

Related tags
- ❌
- r/netsec
September 17^th 2023 at 10:08

/r/netsec - Information Security News & Discussion
Tickling ksmbd: fuzzing SMB in the Linux kernel
September 17^th 2023 at 08:35

Tickling ksmbd: fuzzing SMB in the Linux kernel

By /u/buherator

submitted by /u/buherator
[link] [comments]

Related tags
- ❌
- r/netsec
September 17^th 2023 at 08:35

/r/netsec - Information Security News & Discussion
CVE-2023-34040 Spring Kafka Deserialization Remote Code Execution
September 17^th 2023 at 08:33

CVE-2023-34040 Spring Kafka Deserialization Remote Code Execution

By /u/buherator

submitted by /u/buherator
[link] [comments]

Related tags
- ❌
- r/netsec
September 17^th 2023 at 08:33

/r/netsec - Information Security News & Discussion
A Big Look at Security in OpenAPI
September 17^th 2023 at 06:45

A Big Look at Security in OpenAPI

By /u/keissiaresa

submitted by /u/keissiaresa
[link] [comments]

Related tags
- ❌
- r/netsec
September 17^th 2023 at 06:45

/r/netsec - Information Security News & Discussion
Similar issues detected in different cryptocurrency exchange backends
September 16^th 2023 at 17:10

Similar issues detected in different cryptocurrency exchange backends

By /u/arrowflakes

submitted by /u/arrowflakes
[link] [comments]

Related tags
- ❌
- r/netsec
September 16^th 2023 at 17:10

/r/netsec - Information Security News & Discussion
The bogus CVE problem
September 16^th 2023 at 16:05

The bogus CVE problem

By /u/keissiaresa

submitted by /u/keissiaresa
[link] [comments]

Related tags
- ❌
- r/netsec
September 16^th 2023 at 16:05

/r/netsec - Information Security News & Discussion
New analysis tool: donut-decryptor: Retrieve inner payloads from Donut samples
September 16^th 2023 at 15:19

New analysis tool: donut-decryptor: Retrieve inner payloads from Donut samples

By /u/transt

submitted by /u/transt
[link] [comments]

Related tags
- ❌
- r/netsec
September 16^th 2023 at 15:19

/r/netsec - Information Security News & Discussion
Correction: the previous CA injection method doesn't work on Android 14, but there is still a way.
September 15^th 2023 at 23:59

Correction: the previous CA injection method doesn't work on Android 14, but there is still a way.

By /u/pi3ch

submitted by /u/pi3ch
[link] [comments]

Related tags
- ❌
- r/netsec
September 15^th 2023 at 23:59

/r/netsec - Information Security News & Discussion
Konni has entered the game: A new, possibly North Korean group exploits WinRAR vulnerability for cyberattacks.
September 15^th 2023 at 16:00

Konni has entered the game: A new, possibly North Korean group exploits WinRAR vulnerability for cyberattacks.

By /u/nareksays

submitted by /u/nareksays
[link] [comments]

Related tags
- ❌
- r/netsec
September 15^th 2023 at 16:00

/r/netsec - Information Security News & Discussion
A detailed analysis of the Money Message Ransomware
September 15^th 2023 at 13:03

A detailed analysis of the Money Message Ransomware

By /u/CyberMasterV

submitted by /u/CyberMasterV
[link] [comments]

Related tags
- ❌
- r/netsec
September 15^th 2023 at 13:03

/r/netsec - Information Security News & Discussion
Meta Quest 2: Defense through offense
September 15^th 2023 at 10:38

Meta Quest 2: Defense through offense

By /u/poltess0

submitted by /u/poltess0
[link] [comments]

Related tags
- ❌
- r/netsec
September 15^th 2023 at 10:38

/r/netsec - Information Security News & Discussion
Bypassing UAC with SSPI Datagram Contexts
September 14^th 2023 at 23:01

Bypassing UAC with SSPI Datagram Contexts

By /u/splinter_code

submitted by /u/splinter_code
[link] [comments]

Related tags
- ❌
- r/netsec
September 14^th 2023 at 23:01

/r/netsec - Information Security News & Discussion
Bypass SSL Pinning on Windows Application
September 14^th 2023 at 20:59

Bypass SSL Pinning on Windows Application

By /u/HermaeusMora0

I have tried using CharlesProxy MITM proxy to obtain SSL traffic from a Windows Application, but Charles simply can't capture any traffic, even though it captures from my browser and other applications.

With that being said, I suspect the application uses SSL pinning, I don't want to go reverse engineer it when there's a simpler way for me to obtain their requests.

I need suggestions on what to do, and if reverse engineering is my only way, what would be recommended.

submitted by /u/HermaeusMora0
[link] [comments]

Related tags
- ❌
- r/netsec
September 14^th 2023 at 20:59

/r/netsec - Information Security News & Discussion
The GitHub Actions Worm: Compromising GitHub Repositories Through the Actions Dependency Tree
September 14^th 2023 at 13:49

The GitHub Actions Worm: Compromising GitHub Repositories Through the Actions Dependency Tree

By /u/TupleType1

submitted by /u/TupleType1
[link] [comments]

Related tags
- ❌
- r/netsec
September 14^th 2023 at 13:49

/r/netsec - Information Security News & Discussion
Uncursing the ncurses: Memory corruption vulnerabilities found in library
September 14^th 2023 at 13:19

Uncursing the ncurses: Memory corruption vulnerabilities found in library

By /u/YogiBerra88888

submitted by /u/YogiBerra88888
[link] [comments]

Related tags
- ❌
- r/netsec
September 14^th 2023 at 13:19

/r/netsec - Information Security News & Discussion
Simple PoC for demonstrating Race Conditions on Websockets
September 14^th 2023 at 09:13

Simple PoC for demonstrating Race Conditions on Websockets

By /u/vah_13

submitted by /u/vah_13
[link] [comments]

Related tags
- ❌
- r/netsec
September 14^th 2023 at 09:13

/r/netsec - Information Security News & Discussion
Column-Level Encryption 101: What is It, implementation & Benefits
September 14^th 2023 at 08:24

Column-Level Encryption 101: What is It, implementation & Benefits

By /u/donofsue

submitted by /u/donofsue
[link] [comments]

Related tags
- ❌
- r/netsec
September 14^th 2023 at 08:24

/r/netsec - Information Security News & Discussion
Split BloodHound input files to prevent import failures
September 14^th 2023 at 08:04

Split BloodHound input files to prevent import failures

By /u/Pleasant-Drawer729

submitted by /u/Pleasant-Drawer729
[link] [comments]

Related tags
- ❌
- r/netsec
September 14^th 2023 at 08:04

/r/netsec - Information Security News & Discussion
CVE-2023-38146: Arbitrary Code Execution via Windows Themes
September 13^th 2023 at 16:55

CVE-2023-38146: Arbitrary Code Execution via Windows Themes

By /u/gabe_k

submitted by /u/gabe_k
[link] [comments]

Related tags
- ❌
- r/netsec
September 13^th 2023 at 16:55

/r/netsec - Information Security News & Discussion
3AM: New Ransomware Family Used As Fallback in Failed LockBit Attack
September 13^th 2023 at 16:06

3AM: New Ransomware Family Used As Fallback in Failed LockBit Attack

By /u/nareksays

submitted by /u/nareksays
[link] [comments]

Related tags
- ❌
- r/netsec
September 13^th 2023 at 16:06

/r/netsec - Information Security News & Discussion
mXSS in Skiff: How browser mutations and Cloudflare helped to steal decrypted emails
September 13^th 2023 at 08:39

mXSS in Skiff: How browser mutations and Cloudflare helped to steal decrypted emails

By /u/SonarPaul

submitted by /u/SonarPaul
[link] [comments]

Related tags
- ❌
- r/netsec
September 13^th 2023 at 08:39

/r/netsec - Information Security News & Discussion
Zimbra Email Users Targeted in Phishing Attack | Deeplab.com
September 12^th 2023 at 19:32

Zimbra Email Users Targeted in Phishing Attack | Deeplab.com

By /u/RemarkableDatas

submitted by /u/RemarkableDatas
[link] [comments]

Related tags
- ❌
- r/netsec
September 12^th 2023 at 19:32

/r/netsec - Information Security News & Discussion
From Terminal Output to Arbitrary Remote Code Execution
September 12^th 2023 at 19:24

From Terminal Output to Arbitrary Remote Code Execution

By /u/_solid_snail

submitted by /u/_solid_snail
[link] [comments]

Related tags
- ❌
- r/netsec
September 12^th 2023 at 19:24

/r/netsec - Information Security News & Discussion
Malware distributor Storm-0324 facilitates ransomware access
September 12^th 2023 at 17:22

Malware distributor Storm-0324 facilitates ransomware access

By /u/SCI_Rusher

submitted by /u/SCI_Rusher
[link] [comments]

Related tags
- ❌
- r/netsec
September 12^th 2023 at 17:22