CVE-2025-32367

The Oz Forensics face recognition application before 4.0.8 late 2023 allows PII retrieval via /statistic/list Insecure Direct Object Reference. NOTE: the number 4.0.8 was used for both the unpatched and patched versions...

PT-2025-16145 · Unknown · Oz Forensics

Name of the Vulnerable Software and Affected Versions: Oz Forensics face recognition application versions prior to 4.0.8 Description: The issue allows PII retrieval via /statistic/list Insecure Direct Object Reference. Recommendations: For versions prior to 4.0.8, consider disabling access to the...

CVE-2025-32367

CVE-2025-32367 affects the Oz Forensics face recognition application prior to version 4.0.8 (late 2023). The root cause is an Insecure Direct Object Reference flaw in the /statistic/list endpoint, which could allow retrieval of PII. Public references from NVD/Red Hat describe the vulnerability, w...

CISA Partners with ASD’s ACSC, CCCS, NCSC-UK, and Other International and US Organizations to Release Guidance on Edge Devices

CISA—in partnership with international and U.S. organizations—released guidance to help organizations protect their network edge devices and appliances, such as firewalls, routers, virtual private networks VPN gateways, Internet of Things IoT devices, internet-facing servers, and internet-facing...

Tackling AI threats. Advanced DFIR methods and tools for deepfake detection

TL; DR AI-generated documents, videos and more pose significant challenges for DFIR DFIR teams can harness innovative detection strategies and tooling Digital fingerprinting and watermarking, AI-powered and behavioural analyses Hardware-based forensics and image-specific forensic techniques...

What Graykey Can and Can’t Unlock

This is from 404 Media: The Graykey, a phone unlocking and forensics tool that is used by law enforcement around the world, is only able to retrieve partial data from all modern iPhones that run iOS 18 or iOS 18.0.1, which are two recently released versions of Apple's mobile operating system,...

Kubernetes Audit Log “Gotchas”

How to overcome challenges and security gaps when using K8s audit logs for forensics and attack detection...

Mounting memory with MemProcFS for advanced memory forensics

Mounting memory? This changes everything! TL;DR Memory forensics is crucial for investigations, providing access to volatile data, like running processes and network connections. MemProcFS is a game-changer tool in memory forensics, allowing memory dumps to be mounted and browsed like file system...

Using Volatility for advanced memory forensics

TL;DR Memory forensics enhances investigations by analysing volatile data in RAM unavailable in disk forensics. Key insights from memory include running processes , network connections , encryption keys , and user activity , vital for real-time investigations. Smaller memory images 4-32 GB offer...

CVE-2024-45412

Yeti bridges the gap between CTI and DFIR practitioners by providing a Forensics Intelligence platform and pipeline. Remote user-controlled data tags can reach a Unicode normalization with a compatibility form NFKD. Under Windows, such normalization is costly in resources and may lead to denial o...

CVE-2024-45412

The CVE-2024-45412 entry affects Yeti Platform versions prior to 2.1.11. The vulnerability arises from remote user-controlled data tags undergoing Unicode normalization with the NFKD form, which on Windows can be resource-intensive and lead to denial of service, potentially exacerbated by large p...

CVE-2024-45412 Yeti affected by a Potential Denial of Service due to the One Milion Unicode characters attack

Yeti bridges the gap between CTI and DFIR practitioners by providing a Forensics Intelligence platform and pipeline. Remote user-controlled data tags can reach a Unicode normalization with a compatibility form NFKD. Under Windows, such normalization is costly in resources and may lead to denial o...

A deep dive into the most interesting incident response cases of last year

In 2023, Kasperskys Global Emergency Response Team GERT participated in services around the world that allowed our experts to gain insight into various threats and techniques used by APT groups, common crimeware and, in some cases, internal adversaries. As we highlighted in our annual report, the...

CVE-2024-7448 Magnet Forensics AXIOM Command Injection Remote Code Execution Vulnerability

Magnet Forensics AXIOM Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Magnet Forensics AXIOM. User interaction is required to exploit this vulnerability in that the target must...

CVE-2024-7448

CVE-2024-7448 affects Magnet Forensics AXIOM’s Android device image acquisition component. The flaw arises from improper validation of a user-supplied string prior to using it in a system call, enabling a network-adjacent attacker to execute arbitrary code with the current user’s privileges. Expl...

CVE-2024-7448 Magnet Forensics AXIOM Command Injection Remote Code Execution Vulnerability

Magnet Forensics AXIOM Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Magnet Forensics AXIOM. User interaction is required to exploit this vulnerability in that the target must...

Managing Risk During the CrowdStrike Global Tech Outage

Managing Risk During the CrowdStrike Global Tech Outage By Mo Cashman & Trellix Advanced Research Center · July 19, 2024 Updated: July 25, 2024 How it Happened A defective content update provided by cybersecurity firm CrowdStrike caused Microsoft Windows systems to crash, disrupting airline trave...

TotalCloud Container Security Best Practices

Qualys Container Security CS, an integral part of TotalCloud 2.0, provides a comprehensive view of the security posture of containerized applications. Operationalizing a new technology tool in an enterprise often presents its own challenges. This blog seeks to help the operations team familiarize...

BlueRiSC WindowsSCOPE Cyber Forensics 安全漏洞

BlueRiSC WindowsSCOPE Cyber Forensics is a GUI-based memory forensic capture and analysis toolkit from BlueRiSC. A security vulnerability exists in BlueRiSC WindowsSCOPE Cyber Forensics versions prior to 3.3 that originates from a vulnerability that could allow a local attacker to execute arbitra...

CVE-2024-29513

An issue in briscKernelDriver.sys in BlueRiSC WindowsSCOPE Cyber Forensics before 3.3 allows a local attacker to execute arbitrary code within the driver and create a local denial-of-service condition due to an improper DACL being applied to the device the driver creates...