Technical Information Security Content & Discussion

Original Title: EUCLEAK is a side-channel vulnerability that requires physical access to a YubiKey 5 Series prior to version 5.7 and (other Infineon based microcontrollers) allowing private key extraction. YSA-2024-03

205

1

From a GLPI patch bypass to RCE. (sensepost.com)

submitted 2 months ago by [email protected] to c/[email protected]

0 comments fedilink

The original post: /r/netsec by /u/AlmondOffSec on 2024-09-03 14:47:43.

206

1

Exploiting Misconfigured GitLab OIDC AWS IAM Roles (hackingthe.cloud)

submitted 2 months ago by [email protected] to c/[email protected]

0 comments fedilink

The original post: /r/netsec by /u/RedTermSession on 2024-09-03 14:20:35.

207

1

Why bother with argv[0]? It can deceive, break and corrupt your defences (www.wietzebeukema.nl)

submitted 2 months ago by [email protected] to c/[email protected]

0 comments fedilink

The original post: /r/netsec by /u/Wietze- on 2024-09-03 12:30:04.

208

1

Analysis of CVE-2024-37084: Spring Cloud Remote Code Execution (blog.securelayer7.net)

submitted 2 months ago by [email protected] to c/[email protected]

0 comments fedilink

The original post: /r/netsec by /u/SL7reach on 2024-09-03 11:26:22.

209

1

Learning Rust for fun and backdoo-rs (security.humanativaspa.it)

submitted 2 months ago by [email protected] to c/[email protected]

0 comments fedilink

The original post: /r/netsec by /u/0xdea on 2024-09-03 07:51:12.

210

1

Traceeshark: Deep Linux runtime visibility meets Wireshark (github.com)

submitted 2 months ago by [email protected] to c/[email protected]

0 comments fedilink

The original post: /r/netsec by /u/Pale_Fly_2673 on 2024-09-02 20:58:03.

Traceeshark: integrates Linux runtime security monitoring and system tracing with Wireshark, allowing users to load Tracee captures in JSON format into Wireshark for analysis. It enables the examination of system events alongside network packets, offering rich context about processes and containers. Additionally, Traceeshark allows for real-time event capture from Tracee directly within Wireshark, whether on a local machine, a semi-local setup using Docker on Windows/Mac, or remotely via SSH.

211

1

Compromising ByteDance’s Rspack using GitHub Actions Vulnerabilities (www.praetorian.com)

submitted 2 months ago by [email protected] to c/[email protected]

0 comments fedilink

The original post: /r/netsec by /u/whiskyhacks on 2024-08-30 14:39:31.

212

1

The state of sandbox evasion techniques in 2024 (fudgedotdotdot.github.io)

submitted 2 months ago by [email protected] to c/[email protected]

0 comments fedilink

The original post: /r/netsec by /u/Fudgedotdotdot on 2024-09-02 19:49:47.

213

1

WiFi auth with OsmoHLR/SIM cards (kittenlabs.de)

submitted 2 months ago by [email protected] to c/[email protected]

0 comments fedilink

The original post: /r/netsec by /u/parski841 on 2024-09-01 17:34:09.

214

1

Realtime UAC spearphishing idea (bitplane.net)

submitted 2 months ago by [email protected] to c/[email protected]

0 comments fedilink

The original post: /r/netsec by /u/david-song on 2024-08-31 01:24:16.

215

1

Reverse Engineering Set Top Boxes (Blog Series) (www.cc-sw.com)

submitted 2 months ago by [email protected] to c/[email protected]

0 comments fedilink

The original post: /r/netsec by /u/cc-sw on 2024-08-30 22:38:33.

216

1

Careful Where You Code: Multiple Vulnerabilities in AI-Powered PR-Agent (research.kudelskisecurity.com)

submitted 2 months ago by [email protected] to c/[email protected]

0 comments fedilink

The original post: /r/netsec by /u/tmlxs on 2024-08-29 19:02:57.

217

1

Analysis of CVE-2024-43044 — From file read to RCE in Jenkins through agents (blog.convisoappsec.com)

submitted 2 months ago by [email protected] to c/[email protected]

0 comments fedilink

The original post: /r/netsec by /u/thewatcher_ on 2024-08-29 16:47:39.

218

1

Bypassing airport security via SQL injection (ian.sh)

submitted 2 months ago by [email protected] to c/[email protected]

0 comments fedilink

The original post: /r/netsec by /u/pimterry on 2024-08-29 15:59:36.

219

1

CVE-2024-38063 - Remotely Exploiting The Kernel Via IPv6 (malwaretech.com)

submitted 2 months ago by [email protected] to c/[email protected]

0 comments fedilink

The original post: /r/netsec by /u/sanitybit on 2024-08-29 08:10:38.

220

1

Vtiger CRM (<= 8.1.0) SQL Injection in MailManager module - Shielder (www.shielder.com)

submitted 2 months ago by [email protected] to c/[email protected]

0 comments fedilink

The original post: /r/netsec by /u/smaury on 2024-08-28 10:17:34.

221

1

Vtiger CRM (<= 8.1.0) Broken Access Control in Migration module - Shielder (www.shielder.com)

submitted 2 months ago by [email protected] to c/[email protected]

0 comments fedilink

The original post: /r/netsec by /u/smaury on 2024-08-28 10:16:54.

222

1

Microsoft Copilot: From Prompt Injection to Exfiltration of Personal Information (embracethered.com)

submitted 2 months ago by [email protected] to c/[email protected]

0 comments fedilink

The original post: /r/netsec by /u/albinowax on 2024-08-28 08:13:49.

223

1

Exploring inner workings of a random free android VPN (lecromee.github.io)

submitted 3 months ago by [email protected] to c/[email protected]

0 comments fedilink

The original post: /r/netsec by /u/tootac on 2024-08-27 22:29:03.

224

1

I found 14 CVEs by downloading every Wordpress plugin and scanning all of it with Semgrep - full dataset published if you want to do some sifting yourself, there's plenty of output I haven't looke... (projectblack.io)

submitted 3 months ago by [email protected] to c/[email protected]

0 comments fedilink

The original post: /r/netsec by /u/ezzzzz on 2024-08-27 20:39:06.

Original Title: I found 14 CVEs by downloading every Wordpress plugin and scanning all of it with Semgrep - full dataset published if you want to do some sifting yourself, there's plenty of output I haven't looked at.

225

1

Taking the Crossroads: The Versa Director Zero-Day Exploitation (blog.lumen.com)

submitted 3 months ago by [email protected] to c/[email protected]

0 comments fedilink

Technical Information Security Content & Discussion

The original post: /r/netsec by /u/Void_Sec on 2024-09-05 16:11:53.

The original post: /r/netsec by /u/coinspect on 2024-09-04 16:38:27.

The original post: /r/netsec by /u/SRMish3 on 2024-09-04 13:55:03.

The original post: /r/netsec by /u/lawrencesystems on 2024-09-03 18:03:56.

The original post: /r/netsec by /u/AlmondOffSec on 2024-09-03 14:47:43.

The original post: /r/netsec by /u/RedTermSession on 2024-09-03 14:20:35.

The original post: /r/netsec by /u/Wietze- on 2024-09-03 12:30:04.

The original post: /r/netsec by /u/SL7reach on 2024-09-03 11:26:22.

The original post: /r/netsec by /u/0xdea on 2024-09-03 07:51:12.

The original post: /r/netsec by /u/Pale_Fly_2673 on 2024-09-02 20:58:03.

The original post: /r/netsec by /u/whiskyhacks on 2024-08-30 14:39:31.

The original post: /r/netsec by /u/Fudgedotdotdot on 2024-09-02 19:49:47.

The original post: /r/netsec by /u/parski841 on 2024-09-01 17:34:09.

The original post: /r/netsec by /u/david-song on 2024-08-31 01:24:16.

The original post: /r/netsec by /u/cc-sw on 2024-08-30 22:38:33.

The original post: /r/netsec by /u/tmlxs on 2024-08-29 19:02:57.

The original post: /r/netsec by /u/thewatcher_ on 2024-08-29 16:47:39.

The original post: /r/netsec by /u/pimterry on 2024-08-29 15:59:36.

The original post: /r/netsec by /u/sanitybit on 2024-08-29 08:10:38.

The original post: /r/netsec by /u/smaury on 2024-08-28 10:17:34.

The original post: /r/netsec by /u/smaury on 2024-08-28 10:16:54.

The original post: /r/netsec by /u/albinowax on 2024-08-28 08:13:49.

The original post: /r/netsec by /u/tootac on 2024-08-27 22:29:03.

The original post: /r/netsec by /u/ezzzzz on 2024-08-27 20:39:06.

The original post: /r/netsec by /u/YogiBerra88888 on 2024-08-27 14:54:39.