EUVD-2021-24584

Malware in sbrugna...

Metasploit Weekly Wrap-Up 08/15/2025

Don’t forget to take the Metasploit User Engagement Survey! We had an awesome time at DEF CON and Black Hat with our very own zeroSteiner and jheysel-r7 presenting on five different occasions! We announced our user engagement survey there, and would love for all of you to participate until the en...

The Booker Prize Longlist and Hacker Summer Camp

Welcome to this week's edition of the Threat Source newsletter. This week the Booker Prize Longlist was released and it featured several books I've read this year a couple that are on my TBR To Be Read, a couple that I had not heard of, and a couple that make me scratch my head and question why...

CVE-2021-38111

The DEF CON 27 badge allows remote attackers to exploit a buffer overflow by sending an oversized packet via the NFMI Near Field Magnetic Induction protocol...

Cybersecurity communities. Small hacker groups, big impact

TL;DR Cybersecurity communities and groups are an excellent opportunity to network and learn There are OWASP, DEF CON, 2600, university hacking societies, Meetup communities and more to choose from They provide workshops, talks, and practical learning opportunities benefiting both newcomers and...

Root Access for Data Control: A DEF CON IoT Village Story

Every year, Rapid7 is a presenter at DEF CON’s IoT Village, sharing in-depth insight and expertise into the hacking of all things Internet of Things. This year, our perennial IoT hacking presenter, Principal Security Researcher, IoT, Deral Heiland, along with Rapid7 pentest team members, showed...

GHSA-WQ9X-QWCQ-MMGF Diesel vulnerable to Binary Protocol Misinterpretation caused by Truncating or Overflowing Casts

The following presentation at this year's DEF CON was brought to our attention on the Diesel Gitter Channel: SQL Injection isn't Dead: Smuggling Queries at the Protocol Level Archive link for posterity. Essentially, encoding a value larger than 4GiB can cause the length prefix in the protocol to...

Researchers Uncover 10 Flaws in Google's File Transfer Tool Quick Share

As many as 10 security flaws have been uncovered in Google's Quick Share data transfer utility for Android and Windows that could be assembled to trigger remote code execution RCE chain on systems that have the software installed. "The Quick Share application implements its own specific...

Metasploit Weekly Wrap-Up 08/09/2024

Black Hat & DEF CON Hopefully folks were able to catch our Rapid7 researchers @zeroSteiner & Jack Heysel show off the Metasploit 6.4's features, focusing on combinations that allow for new, streamlined attack workflows at Black Hat. If not they will also be demoing at DEF CON tomorrow in room W30...

The top stories coming out of the Black Hat cybersecurity conference

Over the next two weeks, two of the largest cybersecurity conferences in the world will take place in Las Vegas: Black Hat and DEF CON. That means product announcements, buzzwords and stories about "X smart appliance could burn your house down!" or something like that. Over the next two weeks, Il...

Windows Downgrade Attack Risks Exposing Patched Systems to Old Vulnerabilities

Microsoft said it is developing security updates to address two loopholes that it said could be abused to stage downgrade attacks against the Windows update architecture and replace current versions of the operating system files with older versions. The vulnerabilities are listed below -...

Metasploit Weekly Wrap-Up 08/02/2024

Metasploit goes to Hacker Summer Camp Next week, Metasploit will have demos at both Black Hat and DEF CON where the latest functionality from this year will be presented. The Black Hat demo will be on Thursday the 8th from 10:10 to 11:25 and the DEF CON demo will be on Saturday the 10th from 12:0...

Recapping the top stories from Black Hat and DEF CON

Welcome to this weeks edition of the Threat Source newsletter. I had a significant amount of FOMO last week seeing everyone out in Vegas. I was happy to not get conference crud sickness, but it seems like I missed a great time otherwise. But, as anyone who works with me could guess, I was followi...

NoFilter Attack: Sneaky Privilege Escalation Method Bypasses Windows Security

A previously undetected attack method called NoFilter has been found to abuse the Windows Filtering Platform WFP to achieve privilege escalation in the Windows operating system. "If an attacker has the ability to execute code with admin privilege and the target is to perform LSASS Shtinkering,...

Multiple Flaws in CyberPower and Dataprobe Products Put Data Centers at Risk

Multiple security vulnerabilities impacting CyberPower's PowerPanel Enterprise Data Center Infrastructure Management DCIM platform and Dataprobe's iBoot Power Distribution Unit PDU could be potentially exploited to gain unauthenticated access to these systems and inflict catastrophic damage in...

Metasploit Weekly Wrap-Up

Fly High in the Sky With This New Cloud Exploit! This week, a new module was added that takes advantage of both authentication bypass and command injection in certain versions of Western Digital's MyCloud hardware. Submitted by community member Erik Wynter, this module gains access to the target,...

Previewing Talos at BlackHat 2023

Welcome to this weeks edition of the Threat Source newsletter. The time has come once again for all of us well, not me specifically but lots of other Talos people to descend on Las Vegas for Hacker Summer Camp. Cisco Talos will be well-represented at BlackHat and DEF CON over the course of the ne...

PTP at DEF CON 31 2023

Come and see us at the Aerospace Village, at Caesars Forum. Aerospace Village Fri 11th to Sun 13th Activity Take off in an A320 with hacked engine performance calculator. Then try to land it again. Fri 11th August 5:00 PM Pen Test Partners Power Hour We’ll be talking about: Hacking Electronic...

n00b’s guide to DEF CON. Surviving the Matrix of the underground

Ah, DEF CON. The worlds largest hacker convention. A beacon for the diverse spectrum of cyber security enthusiasts. From code-cracking challenges to the infamous Wall of Sheep, the event is a hive of activities and opportunities. But before we dive into the world of hackerdom, lets get one thing...

AI Hacking Village at DEF CON This Year

At DEF CON this year, Anthropic, Google, Hugging Face, Microsoft, NVIDIA, OpenAI and Stability AI will all open up their models for attack. The DEF CON event will rely on an evaluation platform developed by Scale AI, a California company that produces training for AI applications. Participants wi...