COM – WindowsTechs.com

This Week in Security: Git, Patch Tuesday, Anti-Cheat, and Vulnerable Documentation

Posted on April 17, 2020 by Jonathan Bennett

Git released an update on Tuesday, fixing an issue that could result in leaking credentials. The vulnerability was in how Git handles an HTTP URL containing a newline. Looking at the commits in 2.26.1, we can find an example of an attack:
url = "https://one.example.com?%0ahost=two.example.com/foo.git"

So doing a git pull …read more

Continue reading This Week in Security: Git, Patch Tuesday, Anti-Cheat, and Vulnerable Documentation→

VPNFilter EXIF to C2 mechanism analysed

Posted on May 24, 2018 by GReAT

Our colleagues from Cisco Talos published their excellent analysis of VPNFilter, an IoT / router malware which exhibits some worrying characteristics. We’ve decided to look a bit into the C&C mechanism for the persistent malware payload. Continue reading VPNFilter EXIF to C2 mechanism analysed→

VU#421280: Microsoft Office Equation Editor stack buffer overflow

Posted on November 15, 2017 by CERT

Microsoft Equation Editor contains a stack buffer overflow,which can allow a remote,unauthenticated attacker to execute arbitrary code on a vulnerable system. Continue reading VU#421280: Microsoft Office Equation Editor stack buffer overflow→

VU#421280: Microsoft Office Equation Editor stack buffer overflow

Posted on November 15, 2017 by CERT