$0.99 Kindle Books Security Vulnerabilities

Project Naptime: Evaluating Offensive Security Capabilities of Large Language Models

Posted by Sergei Glazunov and Mark Brand, Google Project Zero Introduction At Project Zero, we constantly seek to expand the scope and effectiveness of our vulnerability research. Though much of our work still relies on traditional methods like manual source code audits and reverse engineering,...

Exploit for Authentication Bypass by Spoofing in Telerik Report Server 2024

Telerik Report Server Authentication Bypass - CVE-2024-4358...

Sttr - Cross-Platform, Cli App To Perform Various Operations On String

sttr is command line software that allows you to quickly run various transformation operations on the string. // With input prompt sttr // Direct input sttr md5 "Hello World" // File input sttr md5 file.text sttr base64-encode image.jpg // Reading from different processor like cat,...

Seeing Like a Data Structure

Technology was once simply a tool--and a small one at that--used to amplify human intent and capacity. That was the story of the industrial revolution: we could control nature and build large, complex human societies, and the more we employed and mastered technology, the better things got. We...

IT threat evolution in Q1 2024. Non-mobile statistics

IT threat evolution Q1 2024 IT threat evolution Q1 2024. Mobile statistics IT threat evolution Q1 2024. Non-mobile statistics The statistics presented here are based on detection verdicts by Kaspersky products and services received from users who consented to providing statistical data. Quarterly.....

How AI Will Change Democracy

I don't think it's an exaggeration to predict that artificial intelligence will affect every aspect of our society. Not by doing new things. But mostly by doing things that are already being done by humans, perfectly competently. Replacing humans with AIs isn't necessarily interesting. But when an....

The Take Command Summit: A Day of Resilience and Preparation

The Take Command Summit is officially in the books. It was a day-long virtual powerhouse of major voices and ultra-relevant topics from across the entire cybersecurity spectrum. We are super proud of the event and grateful for all who joined us for these important discussions. At Rapid7 we are...

CVE-2024-32465

Git is a revision control system. The Git project recommends to avoid working in untrusted repositories, and instead to clone it first with git clone --no-local to obtain a clean copy. Git has specific protections to make that a safe operation even with an untrusted source repository, but...

CVE-2024-32020

Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, local clones may end up hardlinking files into the target repository's object database when source and target repository reside on the same disk. If the source repository is owned by a...

CVE-2024-32004

Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, an attacker can prepare a local repository in such a way that, when cloned, will execute arbitrary code during the operation. The problem has been patched in versions 2.45.1, 2.44.1,...

CVE-2024-32002

Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be crafted in a way that exploits a bug in Git whereby it can be fooled into writing files not into the submodule's worktree but into a .git/ directory......

“No social media ’til 16,” and other fixes for a teen mental health crisis, with Dr. Jean Twenge: Lock and Code S04E10

_This week on the Lock and Code podcast… _ You’ve likely felt it: The dull pull downwards of a smartphone scroll. The “five more minutes” just before bed. The sleep still there after waking. The edges of your calm slowly fraying. After more than a decade of our most recent technological...

Millions of Malicious 'Imageless' Containers Planted on Docker Hub Over 5 Years

Cybersecurity researchers have discovered multiple campaigns targeting Docker Hub by planting millions of malicious "imageless" containers over the past five years, once again underscoring how open-source registries could pave the way for supply chain attacks. "Over four million of the...

Fedora 40 : libcaca (2023-19b796e348)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-19b796e348 advisory. libcaca is affected by a Divide By Zero issue via img2txt, which allows a remote malicious user to cause a Denial of Service (CVE-2022-0856) Note that...

RHEL 6 / 7 : rh-perl524-perl (RHSA-2018:1192)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:1192 advisory. perl: heap write overflow in regcomp.c (CVE-2018-6797) perl: heap read overflow in regexec.c (CVE-2018-6798) Note that Nessus has...

RHEL 7 : rh-perl526-perl (RHSA-2019:0001)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:0001 advisory. perl: Integer overflow leading to buffer overflow in Perl_my_setenv() (CVE-2018-18311) perl: Heap-based buffer overflow in...

RHEL 6 / 7 : rh-perl524-perl (RHSA-2019:0010)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:0010 advisory. perl: Integer overflow leading to buffer overflow in Perl_my_setenv() (CVE-2018-18311) perl: Heap-based buffer overflow in...

Debian dla-3784 : caca-utils - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3784 advisory. A flaw was found in libcaca. A heap buffer overflow in export.c in function export_tga might lead to memory corruption and other potential consequences....

Using AI-Generated Legislative Amendments as a Delaying Technique

Canadian legislators proposed 19,600 amendments--almost certainly AI-generated--to a bill in an attempt to delay its adoption. I wrote about many different legislative delaying tactics in A Hacker's Mind, but this is a new...

Debian: Security Advisory (DLA-3784-1)

The remote host is missing an update for the...

[SECURITY] [DLA 3784-1] libcaca security update

Debian LTS Advisory DLA-3784-1 [email protected] https://www.debian.org/lts/security/ Thorsten Alteholz April 07, 2024 https://wiki.debian.org/LTS Package : libcaca Version : 0.99.beta19-2.1+deb10u1 CVE...

libcaca - security update

Bulletin has no...

CVE-2024-3364

A vulnerability was found in SourceCodester Online Library System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file admin/books/index.php. The manipulation of the argument id leads to cross site scripting. The attack can be initiated remotely. The...

CVE-2024-3364

A vulnerability was found in SourceCodester Online Library System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file admin/books/index.php. The manipulation of the argument id leads to cross site scripting. The attack can be initiated remotely. The...

CVE-2024-3364 SourceCodester Online Library System index.php cross site scripting

A vulnerability was found in SourceCodester Online Library System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file admin/books/index.php. The manipulation of the argument id leads to cross site scripting. The attack can be initiated remotely. The...

CVE-2024-3362

A vulnerability was found in SourceCodester Online Library System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file admin/books/controller.php. The manipulation of the argument IBSN leads to sql injection. The attack may be launched remotely. The...

CVE-2024-3362

A vulnerability was found in SourceCodester Online Library System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file admin/books/controller.php. The manipulation of the argument IBSN leads to sql injection. The attack may be launched remotely. The...

CVE-2024-3362 SourceCodester Online Library System controller.php sql injection

A vulnerability was found in SourceCodester Online Library System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file admin/books/controller.php. The manipulation of the argument IBSN leads to sql injection. The attack may be launched remotely. The...

CVE-2024-3361

A vulnerability has been found in SourceCodester Online Library System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file admin/books/deweydecimal.php. The manipulation of the argument category leads to sql injection. The attack can be launched...

CVE-2024-3361

A vulnerability has been found in SourceCodester Online Library System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file admin/books/deweydecimal.php. The manipulation of the argument category leads to sql injection. The attack can be launched...

CVE-2024-3361 SourceCodester Online Library System deweydecimal.php sql injection

A vulnerability has been found in SourceCodester Online Library System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file admin/books/deweydecimal.php. The manipulation of the argument category leads to sql injection. The attack can be launched...

CVE-2024-3360

A vulnerability, which was classified as critical, was found in SourceCodester Online Library System 1.0. Affected is an unknown function of the file admin/books/index.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has...

CVE-2024-3360

A vulnerability, which was classified as critical, was found in SourceCodester Online Library System 1.0. Affected is an unknown function of the file admin/books/index.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has...

CVE-2024-3360 SourceCodester Online Library System index.php sql injection

A vulnerability, which was classified as critical, was found in SourceCodester Online Library System 1.0. Affected is an unknown function of the file admin/books/index.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has...

CVE-2024-3360 SourceCodester Online Library System index.php sql injection

A vulnerability, which was classified as critical, was found in SourceCodester Online Library System 1.0. Affected is an unknown function of the file admin/books/index.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has...

Ross Anderson

Ross Anderson unexpectedly passed away Thursday night in, I believe, his home in Cambridge. I can't remember when I first met Ross. Of course it was before 2008, when we created the Security and Human Behavior workshop. It was well before 2001, when we created the Workshop on Economics and...

Making Sense of Operational Technology Attacks: The Past, Present, and Future

When you read reports about cyber-attacks affecting operational technology (OT), it's easy to get caught up in the hype and assume every single one is sophisticated. But are OT environments all over the world really besieged by a constant barrage of complex cyber-attacks? Answering that would...

Bootiful Spring Boot in 2024 (part 1)

NB: the code is here on my Github account: github.com/joshlong/bootiful-spring-boot-2024-blog. Hi, Spring fans! I'm Josh Long, and I work on the Spring team. I'm excited to be keynoting and giving a talk at Microsoft's JDConf this year. I'm a Kotlin GDE and a Java Champion, and I'm of the opinion.....

How Public AI Can Strengthen Democracy

With the world's focus turning to misinformation, manipulation, and outright propaganda ahead of the 2024 U.S. presidential election, we know that democracy has an AI problem. But we're learning that AI has a democracy problem, too. Both challenges must be addressed for the sake of democratic...

books-express.ro Cross Site Scripting vulnerability OBB-3859539

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

A Hacker’s Mind is Out in Paperback

The paperback version of A Hacker's Mind has just been published. It's the same book, only a cheaper format. But--and this is the real reason I am posting this--Amazon has significantly discounted the hardcover to $15 to get rid of its stock. This is much cheaper than I am selling it for, and...

U.S. DoJ Dismantles Warzone RAT Infrastructure, Arrests Key Operators

The U.S. Justice Department (DoJ) on Friday announced the seizure of online infrastructure that was used to sell a remote access trojan (RAT) called Warzone RAT. The domains – www.warzone[.]ws and three others – were "used to sell computer malware used by cybercriminals to secretly access and...

November 2023 – January 2024: New Vulristics Features, 3 Months of Microsoft Patch Tuesdays and Linux Patch Wednesdays, Year 2023 in Review

Hello everyone! It has been 3 months since the last episode. I spent most of this time improving my Vulristics project. So in this episode, let's take a look at what's been done. Alternative video link (for Russia): https://vk.com/video-149273431_456239139 Also, let's take a look at the Microsoft.....

Cybersecurity Must De-Risk the Business

The Catalyst for My Return to Qualys “Necessity is the mother of all invention.” – Plato Introduction Cybersecurity as a problem and practice is evolving. This evolution is driven by business risk. Does this sound obvious? For far too long, we in security have put the technology cart way ahead of.....

CVE-2023-43998

An issue in Books-futaba mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access...

CVE-2023-43998

An issue in Books-futaba mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access...

Design/Logic Flaw

An issue in Books-futaba mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access...

CVE-2023-43998

An issue in Books-futaba mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access...

What to do with that fancy new internet-connected device you got as a holiday gift

Welcome to 2024! The Threat Source newsletter is back after our winter break. When I wasn't spending my downtime chasing around my toddler, one of my main projects was to upgrade the internet connection at my house. My ISP started offering Gigabit speeds and a 60 GHz connection, which was...

Exploring malicious Windows drivers (Part 1): Introduction to the kernel and drivers

Drivers have long been of interest to threat actors, whether they are exploiting vulnerable drivers or creating malicious ones. Malicious drivers are difficult to detect and successfully leveraging one can give an attacker full access to a system. Real-world examples can be found in our previous...