/r/netsec - Information Security News & Discussion

Exploring the STSAFE-A110

By /u/thinkV — October 4^th 2023 at 05:58

submitted by /u/thinkV
[link] [comments]

/r/netsec - Information Security News & Discussion

Remote Code Execution In PyTorch Model Server TorchServe

By /u/BigBother59 — October 3^rd 2023 at 19:12

Remote Code Execution In PyTorch Model Server TorchServe

Oligo's research team has uncovered a chain of critical vulnerabilities, named ShellTorch, including CVE-2023-43654 (CVSS: 9.8) in the PyTorch model server TorchServe.

This flaw allows unauthorized access to #AI models and enables Remote Code Execution (RCE) leaving countless services and end-users at risk.

submitted by /u/BigBother59
[link] [comments]

/r/netsec - Information Security News & Discussion

PETEP: Open source tool for Penetration Testing of non-HTTP protocols (TCP, UDP) through graphical UI or code, also supports using Burp/Zaproxy by wrapping the binary traffic into HTTP.

By /u/vutmajk — October 3^rd 2023 at 18:10

submitted by /u/vutmajk
[link] [comments]

/r/netsec - Information Security News & Discussion

Defending new vectors: Threat actors attempt SQL Server to cloud lateral movement

By /u/SCI_Rusher — October 3^rd 2023 at 17:05

submitted by /u/SCI_Rusher
[link] [comments]

/r/netsec - Information Security News & Discussion

[QubesOS] Disarm BusKill Dead Man Switch with Keyboard Shortcut (Guide)

By /u/maltfield — October 3^rd 2023 at 16:21

submitted by /u/maltfield
[link] [comments]

/r/netsec - Information Security News & Discussion

Let’s Go into the rabbit hole (part 1) — the challenges of dynamically hooking Golang programs

By /u/guedou — October 3^rd 2023 at 15:35

submitted by /u/guedou
[link] [comments]

/r/netsec - Information Security News & Discussion

Exploiting Edge Routers Acting as IoT Gateways

By /u/derp6996 — October 3^rd 2023 at 13:13

submitted by /u/derp6996
[link] [comments]

/r/netsec - Information Security News & Discussion

Retired Server called Home — A server decommissioning failure

By /u/oherrala — October 3^rd 2023 at 13:06

submitted by /u/oherrala
[link] [comments]

/r/netsec - Information Security News & Discussion

Cloudflare Protection Bypass Vulnerability on Threat Actors' Radar

By /u/ziyahanalbeniz — October 3^rd 2023 at 12:55

submitted by /u/ziyahanalbeniz
[link] [comments]

/r/netsec - Information Security News & Discussion

root with a single command: sudo logrotate

By /u/MegaManSec2 — October 3^rd 2023 at 10:46

submitted by /u/MegaManSec2
[link] [comments]

/r/netsec - Information Security News & Discussion

Decrypting the Shadows: Revealing the Secrets of Ransomware Operators - An Interview with @htmalgae

By /u/ziyahanalbeniz — October 2^nd 2023 at 14:14

submitted by /u/ziyahanalbeniz
[link] [comments]

/r/netsec - Information Security News & Discussion

cloudgrep: cloudgrep is grep for cloud storage

By /u/0x636f6f6c — October 2^nd 2023 at 13:11

submitted by /u/0x636f6f6c
[link] [comments]

/r/netsec - Information Security News & Discussion

Survive Access Key Deletion with sts:GetFederationToken - Hacking The Cloud

By /u/RedTermSession — September 26^th 2023 at 17:16

submitted by /u/RedTermSession
[link] [comments]

/r/netsec - Information Security News & Discussion

Guide to hacking htmx applications

By /u/4lreadytekken — September 26^th 2023 at 16:49

submitted by /u/4lreadytekken
[link] [comments]

/r/netsec - Information Security News & Discussion

Malicious npm Packages Strike Again: Exfiltrating Kubernetes Configurations and SSH Keys

By /u/Professional-Ad6429 — September 26^th 2023 at 15:36

submitted by /u/Professional-Ad6429
[link] [comments]

/r/netsec - Information Security News & Discussion

Exploiting ASP.NET TemplateParser — Part I: Sitecore (CVE-2023-35813)

By /u/scopedsecurity — September 26^th 2023 at 11:42

submitted by /u/scopedsecurity
[link] [comments]

/r/netsec - Information Security News & Discussion

The De Vinci of DirtyPipe Local Privilege Escalation - CVE-2022-0847 - vsociety

By /u/vsociety_ — September 26^th 2023 at 09:02

submitted by /u/vsociety_
[link] [comments]

/r/netsec - Information Security News & Discussion

CVE-2023-36664: Command injection with Ghostscript PoC + exploit - vsociety

By /u/vsociety_ — September 26^th 2023 at 08:57

submitted by /u/vsociety_
[link] [comments]

/r/netsec - Information Security News & Discussion

A tale about a Red Team exercise and the Forcepoint Endpoint One DLP client - vsociety

By /u/vsociety_ — September 26^th 2023 at 08:43

submitted by /u/vsociety_
[link] [comments]

/r/netsec - Information Security News & Discussion

The bogus CVE problem

By /u/yqopmin — September 26^th 2023 at 08:05

submitted by /u/yqopmin
[link] [comments]

/r/netsec - Information Security News & Discussion

Telegram Search Engine for CTI, Data Breach Discovery and Monitoring and More

By /u/ari_ben_am — September 26^th 2023 at 07:10

submitted by /u/ari_ben_am
[link] [comments]

/r/netsec - Information Security News & Discussion

DNS Debugging: What you need to know

By /u/odd950 — September 26^th 2023 at 06:41

submitted by /u/odd950
[link] [comments]

/r/netsec - Information Security News & Discussion

GDBleed: Binary instrumentation and hooking framework built on top of GDB for pentesters and IoT security researchers

By /u/NoPaleontologist7419 — September 25^th 2023 at 21:52

submitted by /u/NoPaleontologist7419
[link] [comments]

/r/netsec - Information Security News & Discussion

SocketSleuth: Improving security testing for WebSocket applications | The Snyk blog

By /u/lirantal — September 25^th 2023 at 20:42

submitted by /u/lirantal
[link] [comments]

/r/netsec - Information Security News & Discussion

Analysis of CVE-2023-38831 Zero-Day vulnerability in WinRAR

By /u/SL7reach — September 25^th 2023 at 20:03

submitted by /u/SL7reach
[link] [comments]

/r/netsec - Information Security News & Discussion

Over 400K Buckets and 10.4B Files Are Public Due to Cloud Misconfigurations

By /u/ziyahanalbeniz — September 25^th 2023 at 12:47

submitted by /u/ziyahanalbeniz
[link] [comments]

/r/netsec - Information Security News & Discussion

From ScreenConnect to Hive Ransomware in 61 hours

By /u/TheDFIRReport — September 25^th 2023 at 12:24

submitted by /u/TheDFIRReport
[link] [comments]

/r/netsec - Information Security News & Discussion

[P2O Vancouver 2023] SharePoint Pre-Auth RCE chain (CVE-2023–29357 & CVE-2023–24955)

By /u/scopedsecurity — September 25^th 2023 at 11:50

submitted by /u/scopedsecurity
[link] [comments]

/r/netsec - Information Security News & Discussion

Insecure URL handler (Electron) in iRacing leading to RCE in the client - bug discovery and exploit

By /u/ss2342- — September 25^th 2023 at 10:28

submitted by /u/ss2342-
[link] [comments]

/r/netsec - Information Security News & Discussion

A Prime on Client-side JavaScript Instrumentation

By /u/nibblesec — September 25^th 2023 at 08:28

submitted by /u/nibblesec
[link] [comments]

/r/netsec - Information Security News & Discussion

Defeating Visual Studio Code embedded reverse shell

By /u/ipfyx — September 22^nd 2023 at 19:43

Here is a blogpost that covers some techniques to block vscode tunnel. Any feedback will be greatly apreciated.

submitted by /u/ipfyx
[link] [comments]

/r/netsec - Information Security News & Discussion

Cryptomining malware detected on a Russian thesaurus with 5 Million+ monthly visits

By /u/nareksays — September 22^nd 2023 at 11:35

submitted by /u/nareksays
[link] [comments]

/r/netsec - Information Security News & Discussion

Critical DICOM Server Misconfigurations Lead to Exposure of 1.6M Medical Records

By /u/ziyahanalbeniz — September 22^nd 2023 at 10:52

submitted by /u/ziyahanalbeniz
[link] [comments]

/r/netsec - Information Security News & Discussion

The WebP 0day

By /u/MegaManSec2 — September 21^st 2023 at 19:33

submitted by /u/MegaManSec2
[link] [comments]

/r/netsec - Information Security News & Discussion

New ways to inject system CA certificates in Android 14

By /u/pimterry — September 21^st 2023 at 12:35

submitted by /u/pimterry
[link] [comments]

/r/netsec - Information Security News & Discussion

HDF5 - Multiple Memory Corruption Vulnerabilities

By /u/MysteriousHotel3017 — September 20^th 2023 at 22:44

submitted by /u/MysteriousHotel3017
[link] [comments]

/r/netsec - Information Security News & Discussion

LUCR-3: Scattered Spider Getting SaaS-y in the Cloud

By /u/permis0 — September 20^th 2023 at 16:23

submitted by /u/permis0
[link] [comments]

/r/netsec - Information Security News & Discussion

RCE in Tutanota Desktop: How a single email could compromise your machine

By /u/SonarPaul — September 20^th 2023 at 15:54

submitted by /u/SonarPaul
[link] [comments]

/r/netsec - Information Security News & Discussion

Howtorotate.com - Open Source Guides on Key Rotations from the Most Popular Providers

By /u/Phorcez — September 19^th 2023 at 18:57

submitted by /u/Phorcez
[link] [comments]

/r/netsec - Information Security News & Discussion

Crawlector Version 2.0 has been released. This is a milestone release.

By /u/MFMokbel — September 19^th 2023 at 13:43

submitted by /u/MFMokbel
[link] [comments]

/r/netsec - Information Security News & Discussion

#ShortAndMalicious — DarkGate

By /u/OwnPreparation3424 — September 19^th 2023 at 11:45

submitted by /u/OwnPreparation3424
[link] [comments]

/r/netsec - Information Security News & Discussion

DEF CON 31 Main Stage Talks

By /u/albinowax — September 19^th 2023 at 07:10

submitted by /u/albinowax
[link] [comments]

/r/netsec - Information Security News & Discussion

Wind River VxWorks tarExtract directory traversal vulnerability (CVE-2023-38346)

By /u/fr0r — September 19^th 2023 at 05:35

submitted by /u/fr0r
[link] [comments]

/r/netsec - Information Security News & Discussion

Zero-Knowledge Middleboxes

By /u/arrowflakes — September 18^th 2023 at 18:42

submitted by /u/arrowflakes
[link] [comments]

/r/netsec - Information Security News & Discussion

Fileless Remote Code Execution on Juniper Firewalls

By /u/chicksdigthelongrun — September 18^th 2023 at 15:25

submitted by /u/chicksdigthelongrun
[link] [comments]

/r/netsec - Information Security News & Discussion

AWS's Hidden Threat: AMBERSQUID Cloud-Native Cryptojacking Operation – Sysdig

By /u/Hallow_Rose — September 18^th 2023 at 15:08

submitted by /u/Hallow_Rose
[link] [comments]

/r/netsec - Information Security News & Discussion

When MFA isn't actually MFA

By /u/_vavkamil_ — September 18^th 2023 at 14:36

submitted by /u/_vavkamil_
[link] [comments]

/r/netsec - Information Security News & Discussion

Risks in Liechtenstein's electronic health files and new vulns in the underlying Liferay portal software (article in German)

By /u/fr0r — September 18^th 2023 at 12:50

submitted by /u/fr0r
[link] [comments]

/r/netsec - Information Security News & Discussion

Fuzzing with multiple servers in parallel: AFL++ with Network File Systems

By /u/MegaManSec2 — September 18^th 2023 at 09:59

submitted by /u/MegaManSec2
[link] [comments]

/r/netsec - Information Security News & Discussion

A Practical Approach to SBOM in CI/CD. Presenting concept of SBOM, its advantages, popular formats and practical implementations for both Java and Python projects.

By /u/theowni — September 17^th 2023 at 16:57

submitted by /u/theowni
[link] [comments]

/r/netsec - Information Security News & Discussion

Account Takeover in Canvas Apps served in Comet due to failure in Cross-Window-Message Origin validation

By /u/yqopmin — September 17^th 2023 at 13:49

submitted by /u/yqopmin
[link] [comments]

/r/netsec - Information Security News & Discussion

CVE-2022-32947: macOS GPU-launched kernel privilege escalation exploit (walkthrough slides + demo)

By /u/AsahiLina — September 17^th 2023 at 10:08

submitted by /u/AsahiLina
[link] [comments]

/r/netsec - Information Security News & Discussion

Tickling ksmbd: fuzzing SMB in the Linux kernel

By /u/buherator — September 17^th 2023 at 08:35

submitted by /u/buherator
[link] [comments]

/r/netsec - Information Security News & Discussion

CVE-2023-34040 Spring Kafka Deserialization Remote Code Execution

By /u/buherator — September 17^th 2023 at 08:33

submitted by /u/buherator
[link] [comments]

/r/netsec - Information Security News & Discussion

A Big Look at Security in OpenAPI

By /u/keissiaresa — September 17^th 2023 at 06:45

submitted by /u/keissiaresa
[link] [comments]

/r/netsec - Information Security News & Discussion

Similar issues detected in different cryptocurrency exchange backends

By /u/arrowflakes — September 16^th 2023 at 17:10

submitted by /u/arrowflakes
[link] [comments]

/r/netsec - Information Security News & Discussion

The bogus CVE problem

By /u/keissiaresa — September 16^th 2023 at 16:05

submitted by /u/keissiaresa
[link] [comments]

/r/netsec - Information Security News & Discussion

New analysis tool: donut-decryptor: Retrieve inner payloads from Donut samples

By /u/transt — September 16^th 2023 at 15:19

submitted by /u/transt
[link] [comments]

/r/netsec - Information Security News & Discussion

Correction: the previous CA injection method doesn't work on Android 14, but there is still a way.

By /u/pi3ch — September 15^th 2023 at 23:59

submitted by /u/pi3ch
[link] [comments]

/r/netsec - Information Security News & Discussion

Konni has entered the game: A new, possibly North Korean group exploits WinRAR vulnerability for cyberattacks.

By /u/nareksays — September 15^th 2023 at 16:00

submitted by /u/nareksays
[link] [comments]