144 matches found
PT-2022-2173 · Sap · Sap Solution Manager
Name of the Vulnerable Software and Affected Versions: SAP Solution Manager version 720 Description: The issue is related to insufficient access control in the SAP Solution Manager Diagnostics Root Cause Analysis tool, allowing a remote attacker to elevate their privileges. This can enable an...
What To Do When Your Business Is Hacked
As businesses move to a remote workforce, hackers have increased their activity to capitalize on new security holes. Cybercriminals often use unsophisticated methods that continue to be extremely successful. These include phishing emails to harvest credentials and gain easy access to...
MDR Must-Haves, Part 6: Threat Validation and Detailed Reporting
This blog post is part of an ongoing series about evaluating Managed Detection and Response MDR providers. For more insights, check out our guide, “10 Things Your MDR Service Must Do.” Engaging a managed security service provider—either a traditional MSSP or MDR provider—should never involve...
Exploit for CVE-2021-24086
CVE-2021-24086 This is a proof of concept for CVE-2021-24086...
Code Injection in storybookjs/telejson
✍️ Description telejson is a library for teleporting rich data to another place. The telejson.reviver which is used to parse string data back to json structure can be abused to execute arbitrary code when the lazyEval option is set to false i.e., disabled. The root cause is the attackers can...
Exploit for Code Injection in Microfocus Arcsight_Logger
CVE-2020-11851 Remote Code Execution vulnerability on ArcSig...
SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2020:2879-1)
The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2020-26088: Fixed an improper CAPNETRAW check in NFC socket creation could have been used by local attackers to create raw sockets, bypassing security...
Root Cause Analyses for 0-day In-the-Wild Exploits
Posted by Maddie Stone, Project Zero When a 0-day is exploited in the wild AND it is detected, we need to use that as an opportunity to learn as much as possible about the vulnerability and the exploit if we hope to make 0-day hard. One of the main methods to do that is to perform a root cause...
Zomato: Availing Zomato gold by using a random third-party `wallet_id`
We received a report from @pandaaaa wherein he demonstrated a way to avail Zomato Gold membership using random Zomato User's wallet. The report was triaged and rewarded with critical severity with a CVSS score of 9.3. It was considered critical since a random user's wallet could have been used fo...
[Guide] Finding Best Security Outsourcing Alternative for Your Organization
As cyberattacks continue to proliferate in volume and increase in sophistication, many organizations acknowledge that some part of their breach protection must be outsourced, introducing a million-dollar question of what type of service to choose form. Today, Cynet releases the Security Outsourci...
TFW you-get-really-excited-you-patch-diffed-a-0day-used-in-the-wild-but-then-find-out-it-is-the-wrong-vuln
Posted by Maddie Stone, Project Zero INTRODUCTION I’m really interested in 0-days exploited in the wild and what we, the security community, can learn about them to make 0-day hard. I explained some of Project Zero’s ideas and goals around in-the-wild 0-days in a November blog post. On December’s...
Report to Your Management with the Definitive ‘IR Management and Reporting’ presentation Template
The realistic approach to security is that incidents occur. While ideally, the CISO would want to prevent all of them, in practice some will succeed to a certain degree—making the ability to efficiently manage an incident response process a mandatory skill for any CISO. Moreover, apart from the...
Information disclosure
In the Screen Lock, there is a possible information disclosure due to an unusual root cause. In certain circumstances, the setting to hide the unlock pattern can be ignored. Product: AndroidVersions: Android-10Android ID: A-110941092...
Trend Micro Named A Leader in 2019 Gartner Magic Quadrant for Endpoint Protection Platforms
Leadership. It’s a weighty term, although frequently it is used too lightly and all too often it’s a self-declared position. We believe, leaders can come and go, and leadership can be fleeting depending on the factors for long term success. It is for all these reasons, that we are proud, not only...
HackerOne: Custom Field Attributes may be created and updated for customers with Custom Field Trial enabled
The Custom Field feature is currently only available for customers on the Enterprise product edition. A trial period can be given by enabling the custom-fields-trial feature for programs who are not on that product edition yet. However, when enabling this feature, the incorrect ordering of an ACL...
The Curious Case of Convexity Confusion
Posted by Ivan Fratric, Google Project Zero Intro Some time ago, I noticed a tweet about an externally reported vulnerability in Skia graphics library used by Chrome, Firefox and Android, among others. The vulnerability caught my attention for several reasons: Firstly, I looked at Skia before...
Congressional Report on the 2017 Equifax Data Breach
The US House of Representatives Committee on Oversight and Government Reform has just released a comprehensive report on the 2017 Equifax hack. It's a great piece of writing, with a detailed timeline, root cause analysis, and lessons learned. Lance Spitzner also commented on this. Here is my...
HackerOne: Corrupted Authorization header can cause logs not to be ingested properly in ████████
HackerOne ingests different logs in ██████, one of them being nginx access logs from our load balancers. The default log format of our load balancer configuration is shown below. As can be seen in the format, the HTTP user specified in the Authorization header $remoteuser is placed between the...
Mass WordPress compromises redirect to tech support scams
Content Management Systems CMSes such as WordPress, Drupal, or Joomla are under a constant barrage of fire. Earlier this year, we detailed several waves of attacks against Drupal, also known as Drupalgeddon, pushing browser-based miners and various social engineering threats. During the past few...
Vulnerability hunting with Semmle QL, part 1
Previously on this blog, we’ve talked about how MSRC automates the root cause analysis of vulnerabilities reported and found. After doing this, our next step is variant analysis: finding and investigating any variants of the vulnerability. It’s important that we find all such variants and patch...