/r/netsec - Information Security News & Discussion
Exploring the STSAFE-A110
October 4^th 2023 at 05:58

Exploring the STSAFE-A110

By /u/thinkV

submitted by /u/thinkV
[link] [comments]

Related tags
- ❌
- r/netsec
October 4^th 2023 at 05:58

/r/netsec - Information Security News & Discussion
Remote Code Execution In PyTorch Model Server TorchServe
October 3^rd 2023 at 19:12

Remote Code Execution In PyTorch Model Server TorchServe

By /u/BigBother59

Remote Code Execution In PyTorch Model Server TorchServe

Oligo's research team has uncovered a chain of critical vulnerabilities, named ShellTorch, including CVE-2023-43654 (CVSS: 9.8) in the PyTorch model server TorchServe.

This flaw allows unauthorized access to #AI models and enables Remote Code Execution (RCE) leaving countless services and end-users at risk.

submitted by /u/BigBother59
[link] [comments]

Related tags
- ❌
- r/netsec
October 3^rd 2023 at 19:12

PETEP: Open source tool for Penetration Testing of non-HTTP protocols (TCP, UDP) through graphical UI or code, also supports using Burp/Zaproxy by wrapping the binary traffic into HTTP.

By /u/vutmajk

submitted by /u/vutmajk
[link] [comments]

Related tags
- ❌
- r/netsec
October 3^rd 2023 at 18:10

/r/netsec - Information Security News & Discussion
Defending new vectors: Threat actors attempt SQL Server to cloud lateral movement
October 3^rd 2023 at 17:05

Defending new vectors: Threat actors attempt SQL Server to cloud lateral movement

By /u/SCI_Rusher

submitted by /u/SCI_Rusher
[link] [comments]

Related tags
- ❌
- r/netsec
October 3^rd 2023 at 17:05

/r/netsec - Information Security News & Discussion
[QubesOS] Disarm BusKill Dead Man Switch with Keyboard Shortcut (Guide)
October 3^rd 2023 at 16:21

[QubesOS] Disarm BusKill Dead Man Switch with Keyboard Shortcut (Guide)

By /u/maltfield

submitted by /u/maltfield
[link] [comments]

Related tags
- ❌
- r/netsec
October 3^rd 2023 at 16:21

/r/netsec - Information Security News & Discussion
Let’s Go into the rabbit hole (part 1) — the challenges of dynamically hooking Golang programs
October 3^rd 2023 at 15:35

Let’s Go into the rabbit hole (part 1) — the challenges of dynamically hooking Golang programs

By /u/guedou

submitted by /u/guedou
[link] [comments]

Related tags
- ❌
- r/netsec
October 3^rd 2023 at 15:35

/r/netsec - Information Security News & Discussion
Exploiting Edge Routers Acting as IoT Gateways
October 3^rd 2023 at 13:13

Exploiting Edge Routers Acting as IoT Gateways

By /u/derp6996

submitted by /u/derp6996
[link] [comments]

Related tags
- ❌
- r/netsec
October 3^rd 2023 at 13:13

/r/netsec - Information Security News & Discussion
Retired Server called Home — A server decommissioning failure
October 3^rd 2023 at 13:06

Retired Server called Home — A server decommissioning failure

By /u/oherrala

submitted by /u/oherrala
[link] [comments]

Related tags
- ❌
- r/netsec
October 3^rd 2023 at 13:06

/r/netsec - Information Security News & Discussion
Cloudflare Protection Bypass Vulnerability on Threat Actors' Radar
October 3^rd 2023 at 12:55

Cloudflare Protection Bypass Vulnerability on Threat Actors' Radar

By /u/ziyahanalbeniz

submitted by /u/ziyahanalbeniz
[link] [comments]

Related tags
- ❌
- r/netsec
October 3^rd 2023 at 12:55

/r/netsec - Information Security News & Discussion
root with a single command: sudo logrotate
October 3^rd 2023 at 10:46

root with a single command: sudo logrotate

By /u/MegaManSec2

submitted by /u/MegaManSec2
[link] [comments]

Related tags
- ❌
- r/netsec
October 3^rd 2023 at 10:46

/r/netsec - Information Security News & Discussion
Decrypting the Shadows: Revealing the Secrets of Ransomware Operators - An Interview with @htmalgae
October 2^nd 2023 at 14:14

Decrypting the Shadows: Revealing the Secrets of Ransomware Operators - An Interview with @htmalgae

By /u/ziyahanalbeniz

submitted by /u/ziyahanalbeniz
[link] [comments]

Related tags
- ❌
- r/netsec
October 2^nd 2023 at 14:14

/r/netsec - Information Security News & Discussion
cloudgrep: cloudgrep is grep for cloud storage
October 2^nd 2023 at 13:11

cloudgrep: cloudgrep is grep for cloud storage

By /u/0x636f6f6c

submitted by /u/0x636f6f6c
[link] [comments]

Related tags
- ❌
- r/netsec
October 2^nd 2023 at 13:11

/r/netsec - Information Security News & Discussion
Survive Access Key Deletion with sts:GetFederationToken - Hacking The Cloud
September 26^th 2023 at 17:16

Survive Access Key Deletion with sts:GetFederationToken - Hacking The Cloud

By /u/RedTermSession

submitted by /u/RedTermSession
[link] [comments]

Related tags
- ❌
- r/netsec
September 26^th 2023 at 17:16

/r/netsec - Information Security News & Discussion
Guide to hacking htmx applications
September 26^th 2023 at 16:49

Guide to hacking htmx applications

By /u/4lreadytekken

submitted by /u/4lreadytekken
[link] [comments]

Related tags
- ❌
- r/netsec
September 26^th 2023 at 16:49

/r/netsec - Information Security News & Discussion
Malicious npm Packages Strike Again: Exfiltrating Kubernetes Configurations and SSH Keys
September 26^th 2023 at 15:36

Malicious npm Packages Strike Again: Exfiltrating Kubernetes Configurations and SSH Keys

By /u/Professional-Ad6429

submitted by /u/Professional-Ad6429
[link] [comments]

Related tags
- ❌
- r/netsec
September 26^th 2023 at 15:36

/r/netsec - Information Security News & Discussion
Exploiting ASP.NET TemplateParser — Part I: Sitecore (CVE-2023-35813)
September 26^th 2023 at 11:42

Exploiting ASP.NET TemplateParser — Part I: Sitecore (CVE-2023-35813)

By /u/scopedsecurity

submitted by /u/scopedsecurity
[link] [comments]

Related tags
- ❌
- r/netsec
September 26^th 2023 at 11:42

/r/netsec - Information Security News & Discussion
The De Vinci of DirtyPipe Local Privilege Escalation - CVE-2022-0847 - vsociety
September 26^th 2023 at 09:02

The De Vinci of DirtyPipe Local Privilege Escalation - CVE-2022-0847 - vsociety

By /u/vsociety_

submitted by /u/vsociety_
[link] [comments]

Related tags
- ❌
- r/netsec
September 26^th 2023 at 09:02

/r/netsec - Information Security News & Discussion
CVE-2023-36664: Command injection with Ghostscript PoC + exploit - vsociety
September 26^th 2023 at 08:57

CVE-2023-36664: Command injection with Ghostscript PoC + exploit - vsociety

By /u/vsociety_

submitted by /u/vsociety_
[link] [comments]

Related tags
- ❌
- r/netsec
September 26^th 2023 at 08:57

/r/netsec - Information Security News & Discussion
A tale about a Red Team exercise and the Forcepoint Endpoint One DLP client - vsociety
September 26^th 2023 at 08:43

A tale about a Red Team exercise and the Forcepoint Endpoint One DLP client - vsociety

By /u/vsociety_

submitted by /u/vsociety_
[link] [comments]

Related tags
- ❌
- r/netsec
September 26^th 2023 at 08:43

/r/netsec - Information Security News & Discussion
The bogus CVE problem
September 26^th 2023 at 08:05

The bogus CVE problem

By /u/yqopmin

submitted by /u/yqopmin
[link] [comments]

Related tags
- ❌
- r/netsec
September 26^th 2023 at 08:05

/r/netsec - Information Security News & Discussion
Telegram Search Engine for CTI, Data Breach Discovery and Monitoring and More
September 26^th 2023 at 07:10

Telegram Search Engine for CTI, Data Breach Discovery and Monitoring and More

By /u/ari_ben_am

submitted by /u/ari_ben_am
[link] [comments]

Related tags
- ❌
- r/netsec
September 26^th 2023 at 07:10

/r/netsec - Information Security News & Discussion
DNS Debugging: What you need to know
September 26^th 2023 at 06:41

DNS Debugging: What you need to know

By /u/odd950

submitted by /u/odd950
[link] [comments]

Related tags
- ❌
- r/netsec
September 26^th 2023 at 06:41

/r/netsec - Information Security News & Discussion
GDBleed: Binary instrumentation and hooking framework built on top of GDB for pentesters and IoT security researchers
September 25^th 2023 at 21:52

GDBleed: Binary instrumentation and hooking framework built on top of GDB for pentesters and IoT security researchers

By /u/NoPaleontologist7419

submitted by /u/NoPaleontologist7419
[link] [comments]

Related tags
- ❌
- r/netsec
September 25^th 2023 at 21:52

/r/netsec - Information Security News & Discussion
SocketSleuth: Improving security testing for WebSocket applications | The Snyk blog
September 25^th 2023 at 20:42

SocketSleuth: Improving security testing for WebSocket applications | The Snyk blog

By /u/lirantal

submitted by /u/lirantal
[link] [comments]

Related tags
- ❌
- r/netsec
September 25^th 2023 at 20:42

/r/netsec - Information Security News & Discussion
Analysis of CVE-2023-38831 Zero-Day vulnerability in WinRAR
September 25^th 2023 at 20:03

Analysis of CVE-2023-38831 Zero-Day vulnerability in WinRAR

By /u/SL7reach

submitted by /u/SL7reach
[link] [comments]

Related tags
- ❌
- r/netsec
September 25^th 2023 at 20:03

/r/netsec - Information Security News & Discussion
Over 400K Buckets and 10.4B Files Are Public Due to Cloud Misconfigurations
September 25^th 2023 at 12:47

Over 400K Buckets and 10.4B Files Are Public Due to Cloud Misconfigurations

By /u/ziyahanalbeniz

submitted by /u/ziyahanalbeniz
[link] [comments]

Related tags
- ❌
- r/netsec
September 25^th 2023 at 12:47

/r/netsec - Information Security News & Discussion
From ScreenConnect to Hive Ransomware in 61 hours
September 25^th 2023 at 12:24

From ScreenConnect to Hive Ransomware in 61 hours

By /u/TheDFIRReport

submitted by /u/TheDFIRReport
[link] [comments]

Related tags
- ❌
- r/netsec
September 25^th 2023 at 12:24

/r/netsec - Information Security News & Discussion
[P2O Vancouver 2023] SharePoint Pre-Auth RCE chain (CVE-2023–29357 & CVE-2023–24955)
September 25^th 2023 at 11:50

[P2O Vancouver 2023] SharePoint Pre-Auth RCE chain (CVE-2023–29357 & CVE-2023–24955)

By /u/scopedsecurity

submitted by /u/scopedsecurity
[link] [comments]

Related tags
- ❌
- r/netsec
September 25^th 2023 at 11:50

/r/netsec - Information Security News & Discussion
Insecure URL handler (Electron) in iRacing leading to RCE in the client - bug discovery and exploit
September 25^th 2023 at 10:28

Insecure URL handler (Electron) in iRacing leading to RCE in the client - bug discovery and exploit

By /u/ss2342-

submitted by /u/ss2342-
[link] [comments]

Related tags
- ❌
- r/netsec
September 25^th 2023 at 10:28

/r/netsec - Information Security News & Discussion
A Prime on Client-side JavaScript Instrumentation
September 25^th 2023 at 08:28

A Prime on Client-side JavaScript Instrumentation

By /u/nibblesec

submitted by /u/nibblesec
[link] [comments]

Related tags
- ❌
- r/netsec
September 25^th 2023 at 08:28

/r/netsec - Information Security News & Discussion
Defeating Visual Studio Code embedded reverse shell
September 22^nd 2023 at 19:43

Defeating Visual Studio Code embedded reverse shell

By /u/ipfyx

Here is a blogpost that covers some techniques to block vscode tunnel. Any feedback will be greatly apreciated.

submitted by /u/ipfyx
[link] [comments]

Related tags
- ❌
- r/netsec
September 22^nd 2023 at 19:43

/r/netsec - Information Security News & Discussion
Cryptomining malware detected on a Russian thesaurus with 5 Million+ monthly visits
September 22^nd 2023 at 11:35

Cryptomining malware detected on a Russian thesaurus with 5 Million+ monthly visits

By /u/nareksays

submitted by /u/nareksays
[link] [comments]

Related tags
- ❌
- r/netsec
September 22^nd 2023 at 11:35

/r/netsec - Information Security News & Discussion
Critical DICOM Server Misconfigurations Lead to Exposure of 1.6M Medical Records
September 22^nd 2023 at 10:52

Critical DICOM Server Misconfigurations Lead to Exposure of 1.6M Medical Records

By /u/ziyahanalbeniz

submitted by /u/ziyahanalbeniz
[link] [comments]

Related tags
- ❌
- r/netsec
September 22^nd 2023 at 10:52

/r/netsec - Information Security News & Discussion
The WebP 0day
September 21^st 2023 at 19:33

The WebP 0day

By /u/MegaManSec2

submitted by /u/MegaManSec2
[link] [comments]

Related tags
- ❌
- r/netsec
September 21^st 2023 at 19:33

/r/netsec - Information Security News & Discussion
New ways to inject system CA certificates in Android 14
September 21^st 2023 at 12:35

New ways to inject system CA certificates in Android 14

By /u/pimterry

submitted by /u/pimterry
[link] [comments]

Related tags
- ❌
- r/netsec
September 21^st 2023 at 12:35

/r/netsec - Information Security News & Discussion
HDF5 - Multiple Memory Corruption Vulnerabilities
September 20^th 2023 at 22:44

HDF5 - Multiple Memory Corruption Vulnerabilities

By /u/MysteriousHotel3017

submitted by /u/MysteriousHotel3017
[link] [comments]

Related tags
- ❌
- r/netsec
September 20^th 2023 at 22:44

/r/netsec - Information Security News & Discussion
LUCR-3: Scattered Spider Getting SaaS-y in the Cloud
September 20^th 2023 at 16:23

LUCR-3: Scattered Spider Getting SaaS-y in the Cloud

By /u/permis0

submitted by /u/permis0
[link] [comments]

Related tags
- ❌
- r/netsec
September 20^th 2023 at 16:23

/r/netsec - Information Security News & Discussion
RCE in Tutanota Desktop: How a single email could compromise your machine
September 20^th 2023 at 15:54

RCE in Tutanota Desktop: How a single email could compromise your machine

By /u/SonarPaul

submitted by /u/SonarPaul
[link] [comments]

Related tags
- ❌
- r/netsec
September 20^th 2023 at 15:54

/r/netsec - Information Security News & Discussion
Howtorotate.com - Open Source Guides on Key Rotations from the Most Popular Providers
September 19^th 2023 at 18:57

Howtorotate.com - Open Source Guides on Key Rotations from the Most Popular Providers

By /u/Phorcez

submitted by /u/Phorcez
[link] [comments]

Related tags
- ❌
- r/netsec
September 19^th 2023 at 18:57

/r/netsec - Information Security News & Discussion
Crawlector Version 2.0 has been released. This is a milestone release.
September 19^th 2023 at 13:43

Crawlector Version 2.0 has been released. This is a milestone release.

By /u/MFMokbel

submitted by /u/MFMokbel
[link] [comments]

Related tags
- ❌
- r/netsec
September 19^th 2023 at 13:43

/r/netsec - Information Security News & Discussion
#ShortAndMalicious — DarkGate
September 19^th 2023 at 11:45

#ShortAndMalicious — DarkGate

By /u/OwnPreparation3424

submitted by /u/OwnPreparation3424
[link] [comments]

Related tags
- ❌
- r/netsec
September 19^th 2023 at 11:45

/r/netsec - Information Security News & Discussion
DEF CON 31 Main Stage Talks
September 19^th 2023 at 07:10

DEF CON 31 Main Stage Talks

By /u/albinowax

submitted by /u/albinowax
[link] [comments]

Related tags
- ❌
- r/netsec
September 19^th 2023 at 07:10

/r/netsec - Information Security News & Discussion
Wind River VxWorks tarExtract directory traversal vulnerability (CVE-2023-38346)
September 19^th 2023 at 05:35

Wind River VxWorks tarExtract directory traversal vulnerability (CVE-2023-38346)

By /u/fr0r

submitted by /u/fr0r
[link] [comments]

Related tags
- ❌
- r/netsec
September 19^th 2023 at 05:35

/r/netsec - Information Security News & Discussion
Zero-Knowledge Middleboxes
September 18^th 2023 at 18:42

Zero-Knowledge Middleboxes

By /u/arrowflakes

submitted by /u/arrowflakes
[link] [comments]

Related tags
- ❌
- r/netsec
September 18^th 2023 at 18:42

/r/netsec - Information Security News & Discussion
Fileless Remote Code Execution on Juniper Firewalls
September 18^th 2023 at 15:25

Fileless Remote Code Execution on Juniper Firewalls

By /u/chicksdigthelongrun

submitted by /u/chicksdigthelongrun
[link] [comments]

Related tags
- ❌
- r/netsec
September 18^th 2023 at 15:25

/r/netsec - Information Security News & Discussion
AWS's Hidden Threat: AMBERSQUID Cloud-Native Cryptojacking Operation – Sysdig
September 18^th 2023 at 15:08

AWS's Hidden Threat: AMBERSQUID Cloud-Native Cryptojacking Operation – Sysdig

By /u/Hallow_Rose

submitted by /u/Hallow_Rose
[link] [comments]

Related tags
- ❌
- r/netsec
September 18^th 2023 at 15:08

/r/netsec - Information Security News & Discussion
When MFA isn't actually MFA
September 18^th 2023 at 14:36

When MFA isn't actually MFA

By /u/_vavkamil_

submitted by /u/_vavkamil_
[link] [comments]

Related tags
- ❌
- r/netsec
September 18^th 2023 at 14:36

/r/netsec - Information Security News & Discussion
Risks in Liechtenstein's electronic health files and new vulns in the underlying Liferay portal software (article in German)
September 18^th 2023 at 12:50

Risks in Liechtenstein's electronic health files and new vulns in the underlying Liferay portal software (article in German)

By /u/fr0r

submitted by /u/fr0r
[link] [comments]

Related tags
- ❌
- r/netsec
September 18^th 2023 at 12:50

/r/netsec - Information Security News & Discussion
Fuzzing with multiple servers in parallel: AFL++ with Network File Systems
September 18^th 2023 at 09:59

Fuzzing with multiple servers in parallel: AFL++ with Network File Systems

By /u/MegaManSec2

submitted by /u/MegaManSec2
[link] [comments]

Related tags
- ❌
- r/netsec
September 18^th 2023 at 09:59

A Practical Approach to SBOM in CI/CD. Presenting concept of SBOM, its advantages, popular formats and practical implementations for both Java and Python projects.

By /u/theowni

submitted by /u/theowni
[link] [comments]

Related tags
- ❌
- r/netsec
September 17^th 2023 at 16:57

/r/netsec - Information Security News & Discussion
Account Takeover in Canvas Apps served in Comet due to failure in Cross-Window-Message Origin validation
September 17^th 2023 at 13:49

Account Takeover in Canvas Apps served in Comet due to failure in Cross-Window-Message Origin validation

By /u/yqopmin

submitted by /u/yqopmin
[link] [comments]

Related tags
- ❌
- r/netsec
September 17^th 2023 at 13:49

/r/netsec - Information Security News & Discussion
CVE-2022-32947: macOS GPU-launched kernel privilege escalation exploit (walkthrough slides + demo)
September 17^th 2023 at 10:08

CVE-2022-32947: macOS GPU-launched kernel privilege escalation exploit (walkthrough slides + demo)

By /u/AsahiLina

submitted by /u/AsahiLina
[link] [comments]

Related tags
- ❌
- r/netsec
September 17^th 2023 at 10:08

/r/netsec - Information Security News & Discussion
Tickling ksmbd: fuzzing SMB in the Linux kernel
September 17^th 2023 at 08:35

Tickling ksmbd: fuzzing SMB in the Linux kernel

By /u/buherator

submitted by /u/buherator
[link] [comments]

Related tags
- ❌
- r/netsec
September 17^th 2023 at 08:35

/r/netsec - Information Security News & Discussion
CVE-2023-34040 Spring Kafka Deserialization Remote Code Execution
September 17^th 2023 at 08:33

CVE-2023-34040 Spring Kafka Deserialization Remote Code Execution

By /u/buherator

submitted by /u/buherator
[link] [comments]

Related tags
- ❌
- r/netsec
September 17^th 2023 at 08:33

/r/netsec - Information Security News & Discussion
A Big Look at Security in OpenAPI
September 17^th 2023 at 06:45

A Big Look at Security in OpenAPI

By /u/keissiaresa

submitted by /u/keissiaresa
[link] [comments]

Related tags
- ❌
- r/netsec
September 17^th 2023 at 06:45

/r/netsec - Information Security News & Discussion
Similar issues detected in different cryptocurrency exchange backends
September 16^th 2023 at 17:10

Similar issues detected in different cryptocurrency exchange backends

By /u/arrowflakes

submitted by /u/arrowflakes
[link] [comments]

Related tags
- ❌
- r/netsec
September 16^th 2023 at 17:10

/r/netsec - Information Security News & Discussion
The bogus CVE problem
September 16^th 2023 at 16:05

The bogus CVE problem

By /u/keissiaresa

submitted by /u/keissiaresa
[link] [comments]

Related tags
- ❌
- r/netsec
September 16^th 2023 at 16:05

/r/netsec - Information Security News & Discussion
New analysis tool: donut-decryptor: Retrieve inner payloads from Donut samples
September 16^th 2023 at 15:19

New analysis tool: donut-decryptor: Retrieve inner payloads from Donut samples

By /u/transt

submitted by /u/transt
[link] [comments]

Related tags
- ❌
- r/netsec
September 16^th 2023 at 15:19

/r/netsec - Information Security News & Discussion
Correction: the previous CA injection method doesn't work on Android 14, but there is still a way.
September 15^th 2023 at 23:59

Correction: the previous CA injection method doesn't work on Android 14, but there is still a way.

By /u/pi3ch

submitted by /u/pi3ch
[link] [comments]

Related tags
- ❌
- r/netsec
September 15^th 2023 at 23:59

/r/netsec - Information Security News & Discussion
Konni has entered the game: A new, possibly North Korean group exploits WinRAR vulnerability for cyberattacks.
September 15^th 2023 at 16:00

Konni has entered the game: A new, possibly North Korean group exploits WinRAR vulnerability for cyberattacks.

By /u/nareksays

submitted by /u/nareksays
[link] [comments]

Related tags
- ❌
- r/netsec
September 15^th 2023 at 16:00