Lucene search
K

867 matches found

GoogleProjectZero
GoogleProjectZero
added 2020/07/28 12:0 a.m.41 views

MMS Exploit Part 3: Constructing the Memory Corruption Primitives

Posted by Mateusz Jurczyk, Project Zero This post is the third of a multi-part series capturing my journey from discovering a vulnerable little-known Samsung image codec, to completing a remote zero-click MMS attack that worked on the latest Samsung flagship devices. New posts will be published a...

9.8CVSS9.6AI score0.17444EPSS
Exploits2
GoogleProjectZero
GoogleProjectZero
added 2020/07/23 12:0 a.m.19 views

MMS Exploit Part 2: Effective Fuzzing of the Qmage Codec

Posted by Mateusz Jurczyk, Project Zero This post is the second of a multi-part series capturing my journey from discovering a vulnerable little-known Samsung image codec, to completing a remote zero-click MMS attack that worked on the latest Samsung flagship devices. New posts will be published ...

8.3AI score
Exploits0
Prion
Prion
added 2020/07/20 6:15 p.m.22 views

Command injection

In codecov npm package before version 3.7.1 the upload method has a command injection vulnerability. Clients of the codecov-node library are unlikely to be aware of this, so they might unwittingly write code that contains a vulnerability. A similar CVE CVE-2020-7597 for GHSA-5q88-cjfq-g2mh was...

6.8CVSS9.2AI score0.03805EPSS
Exploits2References5Affected Software1
GoogleProjectZero
GoogleProjectZero
added 2020/07/16 12:0 a.m.57 views

MMS Exploit Part 1: Introduction to the Samsung Qmage Codec and Remote Attack Surface

Posted by Mateusz Jurczyk, Project Zero This post is the first of a multi-part series capturing my journey from discovering a vulnerable little-known Samsung image codec, to completing a remote zero-click MMS attack that worked on the latest Samsung flagship devices. New posts will be published a...

10CVSS9.4AI score0.05711EPSS
Exploits2
Schneier on Security
Schneier on Security
added 2020/07/15 2:29 p.m.21 views

NSA on Securing VPNs

The NSA's Central Security Service -- that's the part that's supposed to work on defense -- has released two documents a full and an abridged version on securing virtual private networks. Some of it is basic, but it contains good information. Maintaining a secure VPN tunnel can be complex and...

2.4AI score
Exploits0
ICS
ICS
added 2020/07/13 12:0 p.m.72 views

Critical Vulnerability in SAP NetWeaver AS Java

Summary On July 13, 2020 EST, SAP released a security update to address a critical vulnerability, CVE-2020-6287, affecting the SAP NetWeaver Application Server AS Java component LM Configuration Wizard. An unauthenticated attacker can exploit this vulnerability through the Hypertext Transfer...

10CVSS10AI score0.94719EPSS
Exploits6References29
Wallarm Lab
Wallarm Lab
added 2020/07/01 10:7 p.m.35 views

How To Protect Your Kubernetes Cluster with Wallarm – part 1 of 3

Kubernetes clusters enable an organization to easily take advantage of containerization. While this is a huge asset, it also creates security issues. Many organizations lack visibility into the applications within their Kubernetes cluster and their attack surface. Within a Kubernetes cluster, an...

2.8AI score
Exploits0
Trend Micro Simply Security
Trend Micro Simply Security
added 2020/06/23 12:0 a.m.8 views

Reduce the Attack Surface of Your Container Images

Follow along as Chuck Losh, Solutions Architect, walks through a new way of thinking in how to construct distroless images from Google, using an example of a multi-stage Dockerfile method...

2.8AI score
Exploits0
ThreatPost
ThreatPost
added 2020/05/21 7:1 p.m.57 views

Long Tail Analysis: A New Hope in the Cybercrime Battle

Our hyper-connected world and its ever-faster network speeds have resulted in mountains of diverse data that needs to be processed. It has also resulted in an ever-expanding attack surface, requiring cybersecurity solutions to scale like never before. These days, scale is about more than traffic...

7.3AI score
Exploits0References3
ThreatPost
ThreatPost
added 2020/05/19 8:37 p.m.49 views

The Windows 7 Postmortem: What’s at Stake

In January 2020, Microsoft officially ended its extended support and discontinued patching of Windows 7. Despite the long lead time and repeated reminders, numbers since the COVID-19 pandemic have shown a slight uptick in Windows 7 deployments. The recent estimates show that more than 26 percent ...

0.4AI score
Exploits0References4
Trend Micro Simply Security
Trend Micro Simply Security
added 2020/05/11 12:30 p.m.25 views

Securing Smart Manufacturing

“Alexa, turn on the TV.” ”Get it yourself.” This nightmare scenario could play out millions of times unless people take steps to protect their IoT devices. The situation is even worse in industrial settings. Smart manufacturing, that is, Industry 4.0, relies on tight integration between IT system...

Exploits0
CNVD
CNVD
added 2020/04/15 12:0 a.m.1 views

Buffer overflow vulnerability in GE control system ACTIVEX control (CNVD-2020-26342)

General Electric GE is a global digital industrial company that creates software-defined machines that are connected, responsive and predictive to transform traditional industries. A buffer overflow vulnerability exists in the ACTIVEX control of the GE control system, which can be exploited by an...

7.3AI score
Exploits0
Packet Storm
Packet Storm
added 2020/04/06 12:0 a.m.190 views

Microsoft Windows Net Use Insufficent Authentication

Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-WINDOWS-NET-USE-INSUFFICIENT-PASSWORD-PROMPT.txt + twitter.com/hyp3rlinx + ISR: ApparitionSec Vendor www.microsoft.com Product Windows "net use" Command Connects a...

0.3AI score
Exploits0
0day.today
0day.today
added 2020/04/06 12:0 a.m.41 views

Microsoft NET USE win10 - Insufficient Authentication Logic Exploit

Title: Microsoft NET USE win10 - Insufficient Authentication Logic Date: 2020-04-04 Author: hyp3rlinx Vendor: www.microsoft.com CVE: N/A + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source:...

0.2AI score
Exploits0
Carbon Black Blog
Carbon Black Blog
added 2020/03/25 9:32 p.m.59 views

How VMware Carbon Black Helps Agencies Meet CDM Requirements

When a crime is committed, one of the first things the police do is collect evidence from any security cameras nearby, and these days, cameras are everywhere. That’s a model that federal agencies want to apply to cybersecurity. This constant monitoring of systems to catch bad actors provides the...

0.2AI score
Exploits0
Akamai Blog
Akamai Blog
added 2020/03/23 11:30 a.m.37 views

Akamai's Prolexic Platform Completes Fifth Generation Upgrade

Akamai introduces new enhancements today to its Prolexic Routed purpose-built DDoS scrubbing service that reflect the changing nature of the threat landscape and capitalize on cloud functionality to enable maximum customer flexibility using newer deployment models. For anyone worried about DDoS...

7.7AI score
Exploits0
Kitploit
Kitploit
added 2020/03/11 11:33 a.m.77 views

Sifter - A OSINT, Recon And Vulnerability Scanner

Sifter is a osint, recon & vulnerability scanner. It combines a plethara of tools within different module sets in order to quickly perform recon tasks, check network firewalling, enumerate remote and local hosts, and scan for the 'blue' vulnerabilities within microsft and if unpatched, exploit...

7.2AI score
Exploits0References2
Akamai Blog
Akamai Blog
added 2020/02/19 12:9 p.m.18 views

Introducing Guardicore Threat Intelligence Firewall

Guardicore’s Threat Intelligence Firewall blocks connections to malicious IPs, limiting security attack surface before reaching critical assets...

7AI score
Exploits0
Qualys Blog
Qualys Blog
added 2020/02/12 3:0 p.m.31 views

Intuitive and Ready-to-Use Monitoring Profiles for Compliance Regulations

Detecting changes from a baseline established for files and file paths and receiving instant alerts about them is crucial to ensure security within a monitored environment. File tampering is an indicator of illicit activity, and authorized users must be alerted whenever changes in a critical file...

0.1AI score
Exploits0
GoogleProjectZero
GoogleProjectZero
added 2020/02/12 12:0 a.m.38 views

Mitigations are attack surface, too

Posted by Jann Horn, Project Zero Introduction This blog post discusses a bug leading to memory corruption in Samsung's Android kernel specifically the kernel of the Galaxy A50, A505FN - I haven't looked at Samsung's kernels for other devices. I will describe the bug and how I wrote a very...

5.5CVSS7.1AI score0.0035EPSS
Exploits0
Rows per page
Query Builder