Collaborate Disseminate
The Apache HTTP Server version 2.4.49 has a blistering vulnerability, and it’s already being leveraged in attacks. CVE-2021-41773 is a simple path traversal flaw, where the %2e encoding is used …read more Continue reading This Week in Security: Apache Nightmare, REvil Arrests? And the Ultimate RickRoll
We start this week with a good write-up by [Eugene Lim] on getting started on vulnerability hunting, and news of a problem in OpenOffice’s handling of DBase files. [Lim] decided …read more Continue reading This Week in Security: OpenOffice Vulnerable, iOS Vulnerable, Outlook… You Get The Idea
In case you needed yet another example of why your IoT devices shouldn’t be exposed to the internet, a large swath of Hikvision IP Cameras have a serious RCE vulnerability. …read more Continue reading This Week in Security: Somebody’s Watching, Microsoft + Linux, DDoS
A particularly nasty 0-day was discovered in the wild, CVE-2021-40444, a flaw in how Microsoft’s MSHTML engine handled Office documents. Not all of the details are clear yet, but the …read more Continue reading This Week in Security: Office 0-day, ForcedEntry, ProtonMail, and OMIGOD
A PoC was just published for a potentially serious flaw in the Ghostscript interpreter. Ghostscript can load Postscript, PDF, and SVG, and it has a feature from Postscript that has …read more Continue reading This Week in Security: Ghoscript in Imagemagick, Solarwinds, and DHCP Shenanigans
We’ve covered a lot of ransomware here, but we haven’t spent a lot of time looking at the decryptor tools available to victims. When ransomware gangs give up, or change …read more Continue reading This Week in Security: Ransomware Decryption, OpenSSL, and USBGadget Spoofing
Windows security problems due to insecure drivers is nothing new, but this one is kinda special. Plug in a Razer mouse, tell the install dialog you want to install to …read more Continue reading This Week in Security: Through The Mouse Hole, Zoom RCE, and Defeating Defender
Have you ever thought about all the complexities of a Single Sign On (SSO) implementation? A lot of engineering effort has gone into hardened against cross-site attacks — you wouldn’t …read more Continue reading This Week in Security: Breaking Apple ID, Political Hacktivism, and Airtag Tracking
We’ve covered the right-to-repair saga, and one of the companies that have become rather notorious is John Deere. The other side to the poorly managed interconnected mess is security issues. …read more Continue reading This Week in Security: John Deere, ProxyLogin Detailed, And Pneumatic Tubes
The folks at Pen Test Partners decided to take a look at electric vehicle chargers. Many of these chargers are WiFi-connected, and let you check your vehicle’s charge state via …read more Continue reading This Week in Security: Insecure Chargers, Request Forgeries, and Kernel Security