Remote Code Execution
Technical Advisory: Vulnerabilities Identified within ListServ
Overview In an effort to safeguard our customers, we perform proactive vulnerability research with the goal of identifying zero-day vulnerabilities that are likely to impact the security of leading organizations. Our ultimate ...
DoubleQlik: Bypassing the Fix for CVE-2023-41265 to Achieve Unauthenticated Remote Code Execution
Overview On August 29th, 2023, Qlik issued a patch for two vulnerabilities we identified in Qlik Sense Enterprise, CVE-2023-41265 and CVE-2023-41266. These vulnerabilities allowed for unauthenticated remote code execution via path traversal ...
Samsung Chipset Zero-Day Vulnerabilities, AI-Assisted Social Engineering, ATM Fraud with a Twist
Tom Eston | | AI Tools, ATM fraud, Chase Bank, Contactless Payment, Convenience vs Security, Cyber Security, Cybersecurity, Data Privacy, Digital Privacy, Episodes, Exynos Chipsets, Hidden Cameras, Information Security, Infosec, mobile device security, PIN Security, Podcast, Podcasts, Privacy, Remote Code Execution, ReSpeacher, Samsung Chipsets, security, Skimmer Technology, social engineering attacks, Tap-Enabled Debit Cards, Tavora, technology, Voice Cloning, Voice over LTE, Weekly Edition, WiFi Calling, zero-day vulnerabilities
In this episode we discuss Google’s discovery of 18 zero-day vulnerabilities in Samsung’s Exynos chipsets. We examine an AI-assisted social engineering campaign that combines emerging technologies with classic techniques. Finally, we look ...
What You Need to Know About the Apache Commons Text Flaw (CVE-2022-42889)
Curtis Kang | | cyber threat intelligence, DevSecOps, Remote Code Execution, Threat Intelligence, Vulnerabilities, vulnerability intelligence, Vulnerability Management, vulnerability prioritization, Vulnerability Remediation
Vulnerability researchers and media sources are paying a lot of attention to CVE-2022-42889, a vulnerability affecting the open source library Apache Commons Text, which could potentially allow a malicious actor to execute ...
What We Know About the Zero-Day Vulnerability Affecting Zimbra Collaboration and cpio
Flashpoint Team | | current-events, cyber threat intelligence, Remote Code Execution, Vulnerabilities, vulnerability intelligence, Vulnerability Management, zero-day
On September 10, an attack was reported in the Zimbra forums where a malicious actor was able to upload a JSP web shell into the /public directory to execute a command, generating ...
What We Know About the Vulnerabilities Keeping ‘Dark Souls’ Offline
Curtis Kang | | cisa, Exploit, Remote Code Execution, video games, Vulnerabilities, Vulnerability Management
A RCE vulnerability has forced FromSoftware to take down 'Dark Souls' servers. However, there are more issues that haven't been publicly addressed. The post What We Know About the Vulnerabilities Keeping ‘Dark ...
TLStorm 2.0 Flaws Leave Aruba, Avaya Switches Vulnerable
A handful of vulnerabilities in the implementation of TLS communications in Aruba and Avaya switches extend TLStorm flaws first discovered in March to millions of enterprise-grade network infrastructure devices. By exploiting these ...
Security Boulevard
CISA’s Joint Cybersecurity Advisory: Protecting Your Organization From Vulnerabilities – and 29,000 Other Known Exploits
Curtis Kang | | cisa, Remote Code Execution, Risk Based Security, Vulnerability Management, vulns, zero-day
Some of the world’s leading cybersecurity authorities banded together to co-author the Joint Cybersecurity Advisory: 2021 Top Routinely Exploited Vulnerabilities, where they provided details on CVE vulnerabilities that have been routinely exploited ...
Oxeye Tool Can Counter Log4j Obfuscation Attacks
Oxeye today announced an open source deobfuscation tool, dubbed Ox4Shell, that makes it simpler for cybersecurity teams to uncover hidden payloads that attempt to exploit Log4Shell vulnerabilities. Many enterprise IT organizations have ...
Security Boulevard
Log4Shell log4j Remote Code Execution – The COVID of the Internet
Vitaly Simonovich | | Application Security, CVE-2021-44228, Digest, Log4j, Remote Code Execution, runtime application self-protection, Web Application Firewall
The Log4Shell zero day vulnerability is truly one of the most significant security threats of the past decade and its effects will be felt far into 2022 and beyond. Imperva has observed ...