180 matches found
CVE-2021-23639
The package md-to-pdf before 5.0.0 are vulnerable to Remote Code Execution RCE due to utilizing the library gray-matter to parse front matter content, without disabling the JS engine...
Remote code execution
The package md-to-pdf before 5.0.0 are vulnerable to Remote Code Execution RCE due to utilizing the library gray-matter to parse front matter content, without disabling the JS engine...
CVE-2021-23639
md-to-pdf before 5.0.0 is vulnerable to Remote Code Execution via gray-matter parsing of front matter without disabling the JS engine. Affected tool is the CLI md-to-pdf (Simonhaenisch) with PoC demonstrations and Snyk/Snyk-like advisories confirming RCE risk. The root cause is executing embedded...
Markdown To Pdf 输入验证错误漏洞
Markdown To Pdf is a simple and crackable Cli tool from the individual developer Simon Hanisch in Germany. It is used to convert Markdown to pdf. An input validation error vulnerability exists in Markdown To Pdf, which stems from the product's use of gray-matter to parse front-end content when th...
Google’s Threat Horizons report: Will the straightforward approach get results?
Google’s Cybersecurity Action Team has released a Threat Horizons report focusing on cloud security. It’s taken some criticism for being surprisingly straightforward and less complex than you may expect. On the other hand, many businesses simply don’t understand many of the threats at large...
Finding My Way as an Akamai Intern
It’s an exciting time to be starting a career in digital – but even more so when it’s at a company like Akamai. An organization driven by a commitment to developing talent within the industry, Akamai is an intellectually rigorous, demanding, and rewarding environment to be in at any level. But fo...
Remote Code Execution (RCE)
Overview md-to-pdf is a CLI tool for converting Markdown files to PDF. Affected versions of this package are vulnerable to Remote Code Execution RCE due to utilizing the library gray-matter to parse front matter content, without disabling the JS engine. PoC: bash //Before running poc.js: $ cat...
CVE-2021-29440
Grav is a file based Web-platform. Twig processing of static pages can be enabled in the front matter by any administrative user allowed to create or edit pages. As the Twig processor runs unsandboxed, this behavior can be used to gain arbitrary code execution and elevate privileges on the...
drawingmatter.org Cross Site Scripting vulnerability OBB-1384549
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
Experts Denounce Racial Bias of Crime-Predictive Facial-Recognition AI
More than 1,000 technology experts and academics from organizations such as MIT, Microsoft, Harvard and Google have signed an open letter denouncing a forthcoming paper describing artificial intelligence AI algorithms that can predict crime based only on a person’s face, calling it out for...
Black Lives Matter Emails Deliver TrickBot Malware
Cyberattackers are seizing upon the 24-hour news cycle again in order to capitalize on the current zeitgeist – this time with a fake Black Lives Matter malspam campaign that distributes the TrickBot malware. According to Swiss security firm Abuse.ch, threat actors are posing as government...
Black Lives Matter movement exploited to spread Trickbot malware
By Deeba Ahmed This shows there’s certainly no limit to the meanness and notoriety of cybercriminals. This is a post from HackRead.com Read the original post: Black Lives Matter movement exploited to spread Trickbot malware...
Broadcast Operations Control Center (BOCC): Enabling OTT Broadcast Operations
So, what is the BOCC? Simply put, Akamai runs a state-of-the-art Broadcast Operations Control Centre, the BOCC, to help ensure smooth and seamless end-user play-back experience for live OTT Over the Top and linear video delivered through Akamai Media Delivery Solutions. To phrase it more...
TAU Threat Intelligence Notification – WindTail (OSX)
Summary Dark Matter researcher Taha Karim recently presented his research on the APT group WindShift at Hack in the Box Singapore. This group primarily focuses on highly targeted campaigns directed toward Middle Eastern government and commercial entities. One of the custom macOS backdoors employe...
NCCIC Webinar Series on Russian Government Cyber Activity
NCCIC is holding a webinar on Russian government cyber activity against critical infrastructure as detailed in NCCIC Alert TA18-074A today from 1–2:30 p.m. ET. The webinar will feature NCCIC subject matter experts discussing recent cybersecurity incidents, mitigation techniques, and resources tha...
Wikileaks Unveils CIA's Man-in-the-Middle Attack Tool
Wikileaks has published a new batch of the Vault 7 leak, detailing a man-in-the-middle MitM attack tool allegedly created by the United States Central Intelligence Agency CIA to target local networks. Since March, WikiLeaks has published thousands of documents and other secret tools that the...
WikiLeaks Dark Matter Release Shows CIA Interdiction of iPhone Supply Chain
From the early days of the iPhone, the CIA has had an interest in compromising the flagship Apple mobile device, according to the latest WikiLeaks release of CIA documents. Today’s Vault 7 Dark Matter release shows an unsurprising interest from the intelligence agency in tracking iPhone users, as...
Wikileaks Reveals How CIA Was Hacking Your iPhones And MacBooks
As part of its "Vault 7" series, Wikileaks — the popular whistle-blowing platform — has just released another batch of classified documents focused on exploits and hacking techniques the Central Intelligence Agency CIA designed to target Apple MacOS and iOS devices. Dubbed "Dark Matter," the leak...
Reporting LIVE from the HIMSS 2015 Cybersecurity Command Center
Well, its not exactly live anymore but it certainly was worth tweeting live from the brand new Cybersecurity Command Center CCC at HIMSS 2015 in Chicago a couple weeks ago given all the excitement. The CCC was the place to be at HIMSS this year with standing room only at the educational sessions...
Sony Pictures HACKED; Studio-Staff Computers Seized by Hackers
It’s a bad day for Sony yesterday!! Sony appears to be hacked once again by hackers, but this time not its PlayStation, instead its Sony Pictures Entertainment – the company’s motion picture, television production and distribution unit. According to multiple reports, the corporate computers of So...