13°C
ciel dégagé
CrushFTP is a Java-based open source file transfer system. It is offered for multiple operating systems. If you run a CrushFTP instance, you may remember that the software has had some serious vulnerabilities: CVE-2024-4040 (the...
The MIT Technology Review has a good article on Moltbook, the supposed AI-only social network: Many people have pointed out that a lot of the viral comments were in fact posted by people posing as bots. But even the bot-written posts are...
Barrier is a Linux box with GitLab, Authentik, and Apache Guacamole. Iâll exploit a SAML signature bypass vulnerability in GitLabâs Ruby SAML library to forge a SAML assertion and log in as admin. From GitLabâs CI/CD variables, Iâll recover an...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Introduction Avira Internet Security ships with a handful of modules that quietly handle privileged operations in the background: software updates, performance monitoring and system cleanup. Each one runs parts of its workflow as SYSTEM. Three of...
Turns out that LLMs are good at de-anonymization: We show that LLM agents can figure out who you are from your anonymous online posts. Across Hacker News, Reddit, LinkedIn, and anonymized interview transcripts, our method identifies users with...
In diary entry "Quick Howto: Extract URLs from RTF files" I mentioned ZIP files. There are OLE objects inside this RTF file: They can be analyzed with oledump.py like this: Options --storages and -E %CLSID% are used to show the abused CLSID....
Wireshark release 4.6.4 fixes 3 vulnerabilities and 15 bugs. Didier Stevens Senior handler blog.DidierStevens.com (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Here is an overview of content I published in February: Blog posts: Update: rtfdump.py Version 0.0.14 Update: rtfdump.py Version 0.0.15 SANS ISC Diary entries: YARA-X 1.13.0 Release Quick Howto: Extract URLs from RTF files
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Guardian is a Linux box hosting a university portal built with PHP. Iâll exploit an IDOR in the chat feature to find Gitea credentials, then use the source code to identify a vulnerability in PhpSpreadsheet that allows XSS through a malicious...
Peru has increased its squid catch limit. The article says âgiant squid,â but they canât possibly mean that. As usual, you can also use this squid post to talk about the security stories in the news that I havenât covered. Blog moderation policy.
Itâs Friday, letâs have a look at another simple piece of malware to close a busy week! I received a Fedex notification about a delivery. Usually, such emails are simple phishing attacks that redirect you to a fake login page to collect your...
Iran is slowly emerging from the most severe communications blackout in its history and one of the longest in the world. Triggered as part of Januaryâs government crackdown against citizen protests nationwide, the regime implemented an internet...
This is new. North Korean hackers are posing as company recruiters, enticing job candidates to participate in coding challenges. When they run the code they are supposed to work on, it installs malware on their system. News article.
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
LLMs are bad at generating passwords: There are strong noticeable patterns among these 50 passwords that can be seen easily: All of the passwords start with a letter, usually uppercase G, almost always followed by the digit 7. Character choices...
[This is a Guest Diary by Austin Bodolay, an ISC intern as part of the SANS.edu BACS program] Over the past several months, I have gained practical insight into the challenges of deploying and operating a honeypot, even within a relatively simple...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Introduction Today's post dives into a practical reverse engineering exercise focused on Intego (for macOS). We will first use static analysis with Ghidra to inspect how a privileged process exposes Mach services via XPC, so we know where to look...
Aucun article de sécurité disponible