Collaborate Disseminate
Many large companies have IT policies where even low-level IT employees have privileges such as remote access to any company computer (often automatic, able to override user denial, or even silent), or administrative access to any company … Continue reading Do common centralized IT access policies create any security risks, and are there alternatives?
WordPress’s emperor, Matt Mullenweg, demands a hefty tribute from WP Engine, and a battle erupts, leaving millions of websites hanging in the balance. Meanwhile, the Internet Archive, a digital library preserving our online history, is under siege fro… Continue reading Smashing Security podcast #389: WordPress vs WP Engine, and the Internet Archive is down
The “severe” flaw could allow attackers full access to instances.
The post GitHub patches critical vulnerability in its Enterprise Servers appeared first on CyberScoop.
Continue reading GitHub patches critical vulnerability in its Enterprise Servers
Last week, CISA added CVE-2024-23113 – a critical vulnerability that allows unauthenticated remote code/command execution on unpatched Fortinet FortiGate firewalls – to its Known Exploited Vulnerabilities catalog, thus confirming that it… Continue reading 87,000+ Fortinet devices still open to attack, are yours among them? (CVE-2024-23113)
I am trying to exploit a vulnerability in tomcat based on CVE-2020-13935.
I found online this interesting poc https://blog.redteam-pentesting.de/2020/websocket-vulnerability-tomcat/
In my case, the tomcat server is exposed through a revers… Continue reading can a tomcat application sitting behind a reverse proxy be exploited
NCC Group experts share details of how they exploited critical zero-day vulnerabilities in Phoenix Contact EV chargers (electric… Continue reading Zero-day Flaws Exposed EV Chargers to Shutdowns and Data Theft
The open-source ecosystem is being overrun by malicious packages, a new report from Sonatype finds.
The post Malicious packages in open-source repositories are surging appeared first on CyberScoop.
Continue reading Malicious packages in open-source repositories are surging
Mozilla has pushed out an emergency update for its Firefox and Firefox ESR browsers to fix a vulnerability (CVE-2024-9680) that is being exploited in the wild. About CVE-2024-9680 Reported by ESET malware researcher Damien Schaeffer, CVE-2024-9680 is a… Continue reading Actively exploited Firefox zero-day fixed, update ASAP! (CVE-2024-9680)
Join us as we delve into the world of unexpected security breaches and legal loopholes, where your robot vacuum cleaner might be spying on you, and ordering a pizza could cost you your right to sue.
All this and more is discussed in the latest editi… Continue reading Smashing Security podcast #388: Vacuum cleaner voyeur, and pepperoni pact blocks payout
If you run a self-managed GitLab installation with configured SAML-based authentication and you haven’t upgraded it since mid-September, do it now, because security researchers have published an analysis of CVE-2024-45409 and an exploit script th… Continue reading Exploit code for critical GitLab auth bypass flaw released (CVE-2024-45409)