Hot Topics

Remote Code Execution

Technical Advisory: Vulnerabilities Identified within ListServ

Technical Advisory: Vulnerabilities Identified within ListServ

| | Labs, ListServ, Remote Code Execution, Vulnerability Research
Overview In an effort to safeguard our customers, we perform proactive vulnerability research with the goal of identifying zero-day vulnerabilities that are likely to impact the security of leading organizations. Our ultimate ...
Blog - Praetorian
DoubleQlik: Bypassing the Fix for CVE-2023-41265 to Achieve Unauthenticated Remote Code Execution

DoubleQlik: Bypassing the Fix for CVE-2023-41265 to Achieve Unauthenticated Remote Code Execution

| | Labs, Qlik Sense, Remote Code Execution, Vulnerability Research
Overview On August 29th, 2023, Qlik issued a patch for two vulnerabilities we identified in Qlik Sense Enterprise, CVE-2023-41265 and CVE-2023-41266. These vulnerabilities allowed for unauthenticated remote code execution via path traversal ...
Blog - Praetorian
Samsung Chipset Zero-Day Vulnerabilities, AI-Assisted Social Engineering, ATM Fraud with a Twist

Samsung Chipset Zero-Day Vulnerabilities, AI-Assisted Social Engineering, ATM Fraud with a Twist

| | AI Tools, ATM fraud, Chase Bank, Contactless Payment, Convenience vs Security, Cyber Security, Cybersecurity, Data Privacy, Digital Privacy, Episodes, Exynos Chipsets, Hidden Cameras, Information Security, Infosec, mobile device security, PIN Security, Podcast, Podcasts, Privacy, Remote Code Execution, ReSpeacher, Samsung Chipsets, security, Skimmer Technology, social engineering attacks, Tap-Enabled Debit Cards, Tavora, technology, Voice Cloning, Voice over LTE, Weekly Edition, WiFi Calling, zero-day vulnerabilities
In this episode we discuss Google’s discovery of 18 zero-day vulnerabilities in Samsung’s Exynos chipsets. We examine an AI-assisted social engineering campaign that combines emerging technologies with classic techniques. Finally, we look ...
The Shared Security Show
What You Need to Know About the Apache Commons Text Flaw (CVE-2022-42889)

What You Need to Know About the Apache Commons Text Flaw (CVE-2022-42889)

| | cyber threat intelligence, DevSecOps, Remote Code Execution, Threat Intelligence, Vulnerabilities, vulnerability intelligence, Vulnerability Management, vulnerability prioritization, Vulnerability Remediation
Vulnerability researchers and media sources are paying a lot of attention to CVE-2022-42889, a vulnerability affecting the open source library Apache Commons Text, which could potentially allow a malicious actor to execute ...
Threat Intelligence Blog | Flashpoint
What We Know About the Zero-Day Vulnerability Affecting Zimbra Collaboration and cpio

What We Know About the Zero-Day Vulnerability Affecting Zimbra Collaboration and cpio

| | current-events, cyber threat intelligence, Remote Code Execution, Vulnerabilities, vulnerability intelligence, Vulnerability Management, zero-day
On September 10, an attack was reported in the Zimbra forums where a malicious actor was able to upload a JSP web shell into the /public directory to execute a command, generating ...
Threat Intelligence Blog | Flashpoint
What We Know About the Vulnerabilities Keeping ‘Dark Souls’ Offline

What We Know About the Vulnerabilities Keeping ‘Dark Souls’ Offline

| | cisa, Exploit, Remote Code Execution, video games, Vulnerabilities, Vulnerability Management
A RCE vulnerability has forced FromSoftware to take down 'Dark Souls' servers. However, there are more issues that haven't been publicly addressed. The post What We Know About the Vulnerabilities Keeping ‘Dark ...
Threat Intelligence Blog | Flashpoint
TLStorm CCPA

TLStorm 2.0 Flaws Leave Aruba, Avaya Switches Vulnerable

| | mTLS, Network Security, Remote Code Execution, TLSTorm
A handful of vulnerabilities in the implementation of TLS communications in Aruba and Avaya switches extend TLStorm flaws first discovered in March to millions of enterprise-grade network infrastructure devices. By exploiting these ...
Security Boulevard
CISA’s Joint Cybersecurity Advisory: Protecting Your Organization From Vulnerabilities – and 29,000 Other Known Exploits

CISA’s Joint Cybersecurity Advisory: Protecting Your Organization From Vulnerabilities – and 29,000 Other Known Exploits

| | cisa, Remote Code Execution, Risk Based Security, Vulnerability Management, vulns, zero-day
Some of the world’s leading cybersecurity authorities banded together to co-author the Joint Cybersecurity Advisory: 2021 Top Routinely Exploited Vulnerabilities, where they provided details on CVE vulnerabilities that have been routinely exploited ...
Threat Intelligence Blog | Flashpoint
Cyclops Oxeye toxic workplace ask chloé

Oxeye Tool Can Counter Log4j Obfuscation Attacks

| | Apache Log4j, deobfuscation, open source, Oxeye, Remote Code Execution
Oxeye today announced an open source deobfuscation tool, dubbed Ox4Shell, that makes it simpler for cybersecurity teams to uncover hidden payloads that attempt to exploit Log4Shell vulnerabilities. Many enterprise IT organizations have ...
Security Boulevard
Log4Shell log4j Remote Code Execution – The COVID of the Internet

Log4Shell log4j Remote Code Execution – The COVID of the Internet

| | Application Security, CVE-2021-44228, Digest, Log4j, Remote Code Execution, runtime application self-protection, Web Application Firewall
The Log4Shell zero day vulnerability is truly one of the most significant security threats of the past decade and its effects will be felt far into 2022 and beyond. Imperva has observed ...
Blog
Load more