https://samcurry.net/hacking-millions-of-modems
Please open Telegram to view this post
VIEW IN TELEGRAM
samcurry.net
Hacking Millions of Modems (and Investigating Who Hacked My Modem)
Two years ago, something very strange happened to me while working from my home network. I was exploiting a blind XXE vulnerability that required an external HTTP server to smuggle out files, so I spun up an AWS box and ran a simple Python webserver to receive…
CVE-2024-4577: Make PHP-CGI Argument Injection Great Again!
https://blog.orange.tw/2024/06/cve-2024-4577-yet-another-php-rce.html
Please open Telegram to view this post
VIEW IN TELEGRAM
Orange Tsai
CVE-2024-4577 - Yet Another PHP RCE: Make PHP-CGI Argument Injection Great Again!
📌 [ 繁體中文 | English ] This is a side story/extra bug while I’m preparing for my Black Hat USA presentation. I believe most of the details have already been covered in the official advisory (sh
https://cybersecuritynews.com/poc-exploit-xxe-injection-vulnerability/
Please open Telegram to view this post
VIEW IN TELEGRAM
Cyber Security News
PoC Exploit Published For SharePoint XML eXternal Entity (XXE) Injection Vulnerability
A new XXE (XML eXternal Entity) Injection has been discovered to affect SharePoint on both on-prem and cloud instances.
https://www.assetnote.io/resources/research/two-bytes-is-plenty-fortigate-rce-with-cve-2024-21762
Please open Telegram to view this post
VIEW IN TELEGRAM
www.assetnote.io
Two Bytes is Plenty: FortiGate RCE with CVE-2024-21762
Early this February, Fortinet released an advisory for an "out-of-bounds write vulnerability" that could lead to remote code execution. The issue affected the SSL VPN component of their FortiGate network appliance and was potentially already being exploited…
This media is not supported in your browser
VIEW IN TELEGRAM
Source: https://www.linkedin.com/posts/lukasstefanko_whatsapp-vulnerability-activity-7208453738829598720-5Px4
Please open Telegram to view this post
VIEW IN TELEGRAM
https://google.github.io/security-research/pocs/linux/bleedingtooth/writeup.html
Please open Telegram to view this post
VIEW IN TELEGRAM
security-research
BleedingTooth: Linux Bluetooth Zero-Click Remote Code Execution
This project hosts security advisories and their accompanying proof-of-concepts related to research conducted at Google which impact non-Google owned code.
https://shazzer.co.uk/vectors/667b4120d631543fa1c420a5
Please open Telegram to view this post
VIEW IN TELEGRAM
shazzer.co.uk
HTML entities that create ASCII characters inside a JavaScript URL - Shazzer
This vector loops through all entities and assigns them to a JavaScript URL and checks if they decode to ASCII characters.
https://x.com/ThePollLady/status/1805912910687793244
Please open Telegram to view this post
VIEW IN TELEGRAM
X (formerly Twitter)
The Poll Lady (@ThePollLady) on X
10 most controversial exposé by WikiLeaks founded by Julian Assange.
Thread🧵
Thread🧵
cKure Red
This media is not supported in your browser
VIEW IN TELEGRAM
Statement on disinformation and lies by Mr. Julian Assange
This media is not supported in your browser
VIEW IN TELEGRAM
Please open Telegram to view this post
VIEW IN TELEGRAM
Previous Rockyou-2021 had 8.4 billion passwords, and the new version has 1.5 billion (added by hacker 'ObamaCare'), making it a 10 billion word-list.
Please open Telegram to view this post
VIEW IN TELEGRAM
BlastRADIUS
Critical vulnerability in the RADIUS protocol leaves networking equipment open to attack.
https://www.helpnetsecurity.com/2024/07/09/blastradius-radius-protocol-vulnerability/
Help Net Security
Critical vulnerability in the RADIUS protocol leaves networking equipment open to attack
A critical vulnerability in the RADIUS protocol, dubbed BlastRADIUS, leaves most networking equipment open to Man-in-the-Middle attacks.
p25.pdf
593.2 KB
It can be used to trace users and target them for ads by the ISP or their associated vendors. And if the API key 🔑 is leaked through a vendor or ISP itself.
Scenarios:
1. The token can be used by anyone in a get request to fetch the end-user's phone number. This request can be posted via QR-codes of restaurant menus where there will be HTTP-302 (redirection) to the actual menu or by injecting 💉.js in a vulnerable website (viz. XSS); which is famous (like some blog or forum).
2. A user sharing hotspot from their phone, the hotspot client can acquire the phone number. In addition to this, if the HE enables authentication. This would lead to 0-click account takeover.
● I had tested systems for this implementation for a telco. The telco without informing users (IMHO) was sharing data to third parties.
-Admin cKure
Source: https://conferences.sigcomm.org/sigcomm/2015/pdf/papers/hotmiddlebox/p25.pdf
Please open Telegram to view this post
VIEW IN TELEGRAM
DYK most VPN services can actually make you less secure? Today x.com/PET_Symposium, Benjamin Mixon-Baca will present research done in collaboration with the Citizen Lab about how VPNs can enable an attacker to act as an in-path router between you and the VPN server. The study identifies a new vulnerability called a “port shadow”.https://petsymposium.org/popets/2024/popets-2024-0070.pdf
Please open Telegram to view this post
VIEW IN TELEGRAM
X (formerly Twitter)
PETS (@PET_Symposium) on X
Official account of the Privacy Enhancing Technologies Symposium. Next event: PETS 2025, July 14-19, Washington, DC and Online.
mastodon: @PET_Symposium@infosec
mastodon: @PET_Symposium@infosec
This media is not supported in your browser
VIEW IN TELEGRAM
https://www.mobile-hacker.com/2024/07/23/whatsapp-trick-android-malware-can-impersonate-pdf-file/
Please open Telegram to view this post
VIEW IN TELEGRAM
Includes credentials, registrant IP, and last login IP, among other details.
https://bf.based.re/
Please open Telegram to view this post
VIEW IN TELEGRAM
https://anatomic.rip/abusing_rcu_callbacks_to_defeat_kaslr/
Please open Telegram to view this post
VIEW IN TELEGRAM
a place of anatomical precision
Abusing RCU callbacks with a Use-After-Free read to defeat KASLR
Introduction In this article, I will be walking you through a clever technique that can be used to leak addresses and defeat KASLR in the Linux Kernel when you have a certain type of Use-After-Free by abusing RCU callbacks. It is by no means a novel technique…