Collaborate Disseminate
I am working with a system that allows users to upload CSV files, that are downloaded by other users.
The system validates (amongst other things) that all CSV files can be parsed by an RFC 4180 compliant parser, and are vali… Continue reading Can a CSV contain malicious code?
Cisco patched three vulnerabilities in three products this week that if exploited, could have resulted in a denial of service, crash and in some instances, arbitrary and remote code execution. Continue reading Cisco Patches XXE, DOS, Code Execution Vulnerabilities
Router manufacturer TP-Link recently fixed a vulnerability in a discontinued line of routers that if exploited could have been used to execute code on the device.
Continue reading TP-Link Fixes Code Execution Vulnerability in End-of-Life Routers
Apple fixed 66 vulnerabilities – many found at March’s Pwn2Own competition – across seven product lines, including Safari, iTunes, macOS, and iOS, on Monday. Continue reading Apple Patches Pwn2Own Vulnerabilities in Safari, macOS, iOS
To be honest, I’m not really sure the best title for this question, or the full scope of it, but the motivation behind it is:
Assume your server was hacked, you open up your UTF-8 encoded php script and you find a block or lines of characters that mean nothing to you mostly mapping in the UTF-8 char set to “????????????? hacker.ru”
I’m trying to get a grasp on what this could be and do:
Assumption: if I or anyone opens a UTF-8 encoded file and type into it, in any language or chars it will properly map them and display properly.
Can anyone shine some light on this subject?
Continue reading Hacked: Can a UTF-8 encoded script execute non-UTF-8 characters?
This question already has an answer here:
So I’ve just downloaded torrent with one file in it – the formal name of file should be “123.avi.exe” (which is typical for viruses and trojans). Now, interesting thing is that name is encoded in UTF16-LE as following bytes:
FFFE3100320033002E002D202E202D202E206900760061002E00650078006500
which gives us strange, partially reversed over “.exe” text (try to move cursor left-to-right and you will be surprised):
123.iva.exe
But the bad part of all – is that utorrent showing non-suspicious “.avi” extension while when you double click it in GUI – it goes as as “.exe” and program runs.
You can test it yourself by creating dummy file with the name I wrote above. One more interesting thing – Total Commander prevents executing such file if it’s name contains these special characters.
P.S. I’ve started similar thread on uTorrent tracker (not yet approved by moderator)
Continue reading Special characters in filename leads to starting virus executable [duplicate]
Flaw in remote management feature gives attackers a way to breach networks. Continue reading Intel patches remote code-execution bug that lurked in chips for 10 years
So I was looking at some firewall logs and saw some strange activity on a remote IP address. I checked out the address via browser since https was open, the certificate was for *.twilio.com and twilio.com. It’s an AWS address… Continue reading Malicious Twilio XML response object
So I was looking at some firewall logs and saw some strange activity on a remote IP address. I checked out the address via browser since https was open, the certificate was for *.twilio.com and twilio.com. It’s an AWS address… Continue reading Malicious Twilio XML response object
Existing mitigations and limitations around a newly disclosed Linux kernel vulnerability in the DCCP module mute the potential impact of local attacks. Continue reading Impact of New Linux Kernel DCCP Vulnerability Limited