rce
Instagram photo flaw could have helped malicious hackers spy via users’ cameras and microphones
A critical vulnerability in Instagram’s Android and iOS apps could have allowed remote attackers to run malicious code, snoop on unsuspecting users, and hijack control of smartphone cameras and microphones. The security ...
Zeek in it’s sweet spot: Detecting F5’s Big-IP CVE10 (CVE-2020-5902)
By Ben Reardon, Corelight Security Researcher Having a CVE 10 unauthenticated Remote Code Execution vulnerability on a central load balancing device? That’s bad… Not being able to detect when a threat actor ...
F5 BIG-IP Exploit, WiFi Router Security Updates, Password Reuse
In episode 129 for July 13th 2020: Impact of the F5-BIG-IP critical vulnerability, security updates and your WiFi router, and details about new research that shows how billions of compromised credentials are ...
Zero-Day Flaw Allowed Attackers to Achieve RCE on Firewalls
British security firm Sophos determined that malicious actors had abused a zero-day vulnerability to achieve remote code execution (RCE) on some of its firewall products. According to Sophos, the attack chain began ...
Untitled Goose Game security hole could have allowed hackers to wreak havoc
Is nothing sacred? The highly popular “Untitled Goose Game” has been found to be vulnerable to an attack that could allow hackers to run malicious code on your computer. “Untitled Goose Game”, ...
Dell Hell Gets Hotter via Bad Bug in Every PC, Laptop
Every Dell endpoint running Windows has a nasty remote-code execution vulnerability. The security hole is in the SupportAssist module ...
Hundreds of Vulnerable Docker Hosts Exploited by Cryptocurrency Miners
Docker is a technology that allows you to perform operating system level virtualization. An incredible number of companies and production hosts are running Docker to develop, deploy and run applications inside containers ...
Latest Drupal RCE Flaw Used by Cryptocurrency Miners and Other Attackers
Another remote code execution vulnerability has been revealed in Drupal, the popular open-source Web content management system. One exploit — still working at time of this writing — has been used in ...
The Importance of the Content-Type Header in HTTP Requests
Dawid Czagan, Founder and CEO at Silesia Security Labs and author of Bug Hunting Millionaire, is listed in HackerOne’s Top 10 Hackers. In a recent article on his website, Czagan disclosed the ...
Critical RCE Vulnerability in Facebook Server Patched, Researcher Nabs $5,000 Bounty
A critical remote code execution vulnerability in a Facebook server was recently patched after security researcher Daniel ‘Blaklis’ Le Gall reported it using a proof-of-concept. The vulnerability was found in an unstable ...
