Introduction
Kraken is a cryptocurrency exchange similar to Coinbase. Recently, CertiK found and exploited a vulnerability on Kraken to create arbitrary funds within their account. This is the drama that...
Learn about Infostealers with actual real life breaches caused by Infostealer infections with Leonid Rozenberg, Hudson Rock’s Head of Partnerships & Integrations. To discover how your organization...
Quantitative and qualitative insights inform our roadmap and best practices to achieve success in CTI networking.
We are excited to be ‘in-process’ for DoD IL4, continuing our commitment to helping public sector secure everything they build and run in the cloud
Going from unicode to ASCII is required for some applications. How is this done though? This is a document that explains how this is done in the many different forms. Canonical equivalence is when...
The author was playing around with some functionality on a website. While doing this, they realized that part of the URL was being copied into an open graph tag. Given that open graph tags are...
On June 5, 2024, SolarWinds published an advisory detailing CVE-2024-28995 - a path-traversal vulnerability in Serv-U, discovered by Hussein Daher. The affected versions are: SolarWinds Serv-U...
Sei Network is a layer 1 blockchain built on Cosmos with some pretty crazy functionality. In particular, there are two execution runtimes for smart contracts in both EVM and CosmWasm. The EVM can...
Orange Tsai (of course) found a vulnerability within PHP. In particular, they found an issue that affects XAMPP (a popular way for admins to deploy PHP apps) to get RCE. The original post did not...
HTTP Smuggling is just a difference in understanding of HTML parsers. What about differences in parsers for other things? The Bishop Fox article dives into differences between JSON...
Constant time cryptography is a method of preventing side channel leaks via timing differences on various operations. Without this, it'd be possible to learn about the cryptographic operations...
While testing, Sam Curry noticed that his modem was compromised. All requests being sent through it were being forwarded to a different domain. Years later, he decided to investigate the Cox ISP...
SinSinology saw an advisory for an RCE bug via deserialization in Telerik, a report management solution. Although it was authenticated, it was interesting to the author of the post. Hence, they...
Veeam published a CVSS 9.8 score for a complete authentication bypass vulnerability on their product. The author decided to take the time to understand the issue and write it up. Since they only...
UNC3944, a financially motivated threat group linked to "0ktapus," "Octo Tempest," "Scatter Swine," and "Scattered Spider," has evolved its tactics to include data theft from SaaS applications,...
Note: Volexity has reported the activity described in this blog and details of the impacted systems to CERT at the National Informatics Centre (NIC) in India. In 2024, Volexity identified a...
See what’s new with Wiz at Re:Inforce 2024 with this year’s recap
In the course of the modem security analysis, we found seven locally exploited vulnerabilities and one remotely exploited vulnerability. The combination of these vulnerabilities could allow an...
Introduction It’s been almost a week since DEVCORE published the technical details of CVE-2024-4577, a remote code execution vulnerability in PHP, closely followed by watchTowr’s PoC. Rest...
On 2024-06-13, an incident was reported, involving , gaining initial access via Insider threat, to achieve Data destruction.
Wiz's custom runtime rules and runtime response policies add new layers to your defense-in-depth strategy.
Powerful new remediation and response capabilities enable the real-time enforcement of organizational security policies and streamline incident management.
This blog is part of my Tracking Adversaries blog series, whereby I perform a summary analysis of a particular adversary that has caught my attention and made me feel like they deserve special...
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: MicroDicom Equipment: DICOM Viewer Vulnerabilities: Improper Authorization in Handler for...
And publicly reviewable server code means experts can "verify this privacy promise."
Detect and mitigate CVE-2024-4577, a critical remote code execution vulnerability in PHP CGI. Organizations are advised to patch urgently.
This summary provides an overview of the reports of APT and financial attacks on industrial enterprises, as well as the related activities of groups that have been observed attacking industrial...
Key Takeaways The DFIR Report Services → Click here to access the DFIR Lab related to this report ← Five new sigma rules were created from this report and added … Read More
The TellYouThePass ransomware gang has been exploiting the recently patched vulnerability (CVE-2024-4577) in PHP to deploy webshells and execute their encryptor payload on target systems. Attacks...