Collaborate Disseminate
While it initially seemed that protecting Palo Alto Network firewalls from attacks leveraging CVE-2024-3400 would be possible by disabling the devices’ telemetry, it has now been confirmed that this mitigation is ineffectual. “Device teleme… Continue reading Palo Alto firewalls: Public exploits, rising attacks, ineffective mitigation
Earlier today, Palo Alto Networks revealed that a critical command injection vulnerability (CVE-2024-3400) in the company’s firewalls has been exploited in limited attacks and has urged customers with vulnerable devices to quickly implement mitig… Continue reading CVE-2024-3400 exploited: Unit 42, Volexity share more details about the attacks
Attackers are exploiting a command injection vulnerability (CVE-2024-3400) affecting Palo Alto Networks’ firewalls, the company has warned, and urged customers to implement temporary mitigations and get in touch to check whether their devices have been… Continue reading Palo Alto Networks firewalls under attack, hotfixes incoming! (CVE-2024-3400)
Crowdfense has announced a $30 million exploit acquisition program covering Android, iOS, Chrome, and Safari zero-days.
The post Company Offering $30 Million for Android, iOS, Browser Zero-Day Exploits appeared first on SecurityWeek.
Continue reading Company Offering $30 Million for Android, iOS, Browser Zero-Day Exploits
In this Help Net Security video, Josh Bartolomie, VP of Global Threat Services at Cofense, discusses how email will remain a target as long as it remains the predominant form of communication within a business. Cofense researchers have found that malic… Continue reading How malicious email campaigns continue to slip through the cracks
I am working on a Web API that needs to call a 3rd party Web API to achieve some features. That 3rd party’s API’s design is sort of a "God API" such that it takes a generic object type to allow that single API to be used for MANY… Continue reading Insecure Deserialization in C# (.NET) using NewtonsoftJson
I am trying to understand the vulnerability in Rebuild in chromium which is identified as CVE-2023-1613.
I found this poc online: https://github.com/getrebuild/rebuild/issues/596
What I understood so far, that the vulnerability can let you… Continue reading how to exploit CVE-2023-1613
2023 saw attackers increasingly focusing on the discovery and exploitation of zero-day vulnerabilities in third-party libraries (libvpx, ImagelO) and drivers (Mali GPU, Qualcomm Adreno GPU), as they can affect multiple products and effectively offer mo… Continue reading Zero-day exploitation surged in 2023, Google finds
i’m doing a research & working around Math.random() like a month ago.
Math.random() uses XORSHIFT128+, so, if we can get the state of the PRNG, it’ll be easy to predict future outputs.
It is public knowledge that Math.random() isn’t a … Continue reading Predicting V8’s Math.random() truncated outputs
Recently I’ve been looking into PDF files security, specifically about malware exploiting vulnerabilities in PDF readers. I thought about one thing – does compressing PDF file (for example, by using qpdf) create as to speak "new"… Continue reading Does PDF level compression implicitly cleans file of malware?