Solving the systemic problem of recurring vulnerabilities

In this Help Net Security video, Dr. Pedram Hayati, CEO at SecDim, and Fil Filiposki, founder of AttackForge, discuss how the two companies have formed a strategic collaboration to tackle the major challenge of resurfacing vulnerabilities. By integrati… Continue reading Solving the systemic problem of recurring vulnerabilities

How immersive AI transforms skill development

Organizations are becoming more laser-focused on extracting the value of AI, moving from the experimentation phase toward adoption. While the potential for AI is limitless, AI expertise sadly is not. In this Help Net Security video, David Harris, Princ… Continue reading How immersive AI transforms skill development

Can I use SELinux to add an extra layer of protection against 0-day VM escape exploits in KVM/QEMU?

My host is Fedora, and I want to add an extra layer of protection against 0day KVM/QEMU exploits that execute code on the host. For example there have been CVEs where if we run a specially crafted malicious windows executable on the window… Continue reading Can I use SELinux to add an extra layer of protection against 0-day VM escape exploits in KVM/QEMU?

VMware patches critical flaws in ESXi, Workstation, Fusion and Cloud Foundation

VMware has fixed four vulnerabilities (CVE-2024-22252, CVE-2024-22253, CVE-2024-22254, CVE-2024-22255) in ESXi, Workstation, Fusion and Cloud Foundation, some of which could allow attackers to escape the sandbox and execute code on the host machine. Ab… Continue reading VMware patches critical flaws in ESXi, Workstation, Fusion and Cloud Foundation

How does a hacker get access to the root user when disabling the sandbox in puppeteer, and what does it look like?

You’ll see stuff like the first comment here that adding the –no-sandbox flag when launching puppeteer "is a giant security hole" (upvoted many times). Puppeteer troubleshooting docs say "running without a sandbox is strong… Continue reading How does a hacker get access to the root user when disabling the sandbox in puppeteer, and what does it look like?

How does a hacker get access to the root user when disabling the sandbox in puppeteer, and what does it look like?

You’ll see stuff like the first comment here that adding the –no-sandbox flag when launching puppeteer "is a giant security hole" (upvoted many times). Puppeteer troubleshooting docs say "running without a sandbox is strong… Continue reading How does a hacker get access to the root user when disabling the sandbox in puppeteer, and what does it look like?