The Wordfence Threat Intelligence team has released their 2022 State of WordPress Security report. In the report, they look at changes in the threat landscape, analyze impactful trends, and provide recommendations based on their findings.
833a6664e11b54321c4268553ac08e81c3b99e65165b4e44d62207f09cc2fb5cThe t2'23 Call For Papers has been announced. It will take place May 4th through the 5th, 2023 in Helsinki, Finland.
2235f9a9ede909195456aaef9036e5789bbe845b4ac330ad569f0d005760ac7eWhitepaper called DensePose From WiFi. It discusses how scientists from Carnegie Mellon University have figured out how to map a human's 3D form by using two wifi routers.
79e410d611cf1fce59906fb6029e819c60c9ad628363ca5b29efc9728ff69195In this paper, the author subjects the vulnerable web application vulnweb.com, developed by Acunetix, to security tests. Acunetix is a web application where we can perform legal penetration tests. The author discusses how to infiltrate the target system by acting as a real hacker through this application. Written in Turkish.
9452d8ba127e646598688770379f1d68ad85c10e81be8c7238597d9d656014c1This is a brief whitepaper that discusses some basic fundamentals for approaching secure design of an application.
c962e90a506a04f9658f44421b9bf8e4b0339a1755b66c5c193c109f722ea574EuskalHack Security Congress sixth edition is a new proposal from the EuskalHack Computer Security Association, with the aim to promote the community growth and the culture in the digital security field. As usual, in this new edition proximity to our public and technical quality will be our hallmarks. This exclusive conference is shaping up as the most relevant in Basque Country, with an estimated 200 attendees for this sixth edition. The participants include specialized companies, public organisms, state security organizations, professionals, hobbyists and students in the area of security and Information Technology. The date for the conference is the 23th and 24th of June 2023 in the lovely city of Donostia San Sebastian.
eb3ffa1da9807b837a3317ded516298ccef5fca21861e6fdeb5eed21bc5c6eedBSidesSF is soliciting presentations, workshops, and villages for the 2023 annual BSidesSF conference. It will be located at City View at the Metreon in downtown San Francisco April 22nd through the 23rd, 2023.
155076340b81d26d3d2bd8aa8310d074feff7f8a583b03a687abd01754152f90This is a whitepaper along with a proof of concept eml file discussing CVE-2020-16947 where a remote code execution vulnerability exists in Microsoft Outlook 2019 version 16.0.13231.20262 when it fails to properly handle objects in memory.
e10886839475e813dff9362bc048392f047b424255b849ca304a468b0daa17a3This is a whitepaper along with a proof of concept eml file that demonstrates an out-of-bounds read on Outlook 2019 version 16.0.12624.20424. NIST references this issue as simply an information disclosure.
d7cbdf78b8d88b5ef4f17ae322717c6adec1d335f3eddae9fc75f883c66bbc76This is a whitepaper discussing CVE-2020-1349 where a remote code execution vulnerability exists in Microsoft Outlook 2019 version 16.0.12624.20424 when it fails to properly handle objects in memory.
0cbeab94a42718d9dc0fbddcb25e670799fb9171ff9f4aa0d640945941711759PatrIoT provides a four-stage IoT vulnerability research methodology built on top of four key elements: logical attack surface decomposition, compilation of top 100 weaknesses, lightweight risk scoring, and step-by-step penetration testing guidelines. The proposed methodology is evaluated with multiple IoT products. The results indicate that PatrIoT allows cyber security practitioners without much experience to advance vulnerability research activities quickly and reduces the risk of critical IoT penetration testing steps being overlooked.
7ef04fa8b69b383da473db2f732cbb05957268406e540aab12aa566dc3408119The Nullcon Berlin 2023 Call For Papers is open. It will take place March 9th through the 10th, 2023 in Berlin, Germany.
fe1cb7a63d18537e4b4b907db517cecd2187c370eebe4852d306e3dc81a202d3FreeBSD versions 11.0 through 13.0 suffers from a local privilege escalation vulnerability via an aio_aqueue kernel refcount bug. This research post goes into great depth on how the researcher traversed the logic flow and achieved exploitability.
326b5e8f7907c92be98ab7e3ac35bb7766ebdf09bf20a0f1659fef3debf9aa56This paper is an in-depth blog post on hacking Zyxel IP cameras to obtain a root shell.
b1c1d5af6bd2b118ab3a1c720fe41a27cfec41885c4cf555570f4e8a14d7f78bWhitepaper called Race Against the Sandbox - Root Cause Analysis of a Tianfu Cup bug that used a Ntoskrnl bug to escape the Google Chrome sandbox.
0f616b5cf39ba9d918c5536f81ef8913f0d5085d06313e728467400d30c01737Whitepaper called Abusing Microsoft System Center Configuration Manager (SCCM). Written in Arabic.
5b72b4426c74f72b869bca4e8c0638cb710f8a84b85dbb67be5d85a25110f951The 2nd International Workshop on Cyber Forensics and Threat Investigations Challenges will take place October 10th through the 11th, 2022.
a7c38095ed781f48c0c6ba286dca77cedb7ed92dc2f3f33ab055eb407d1baa10The Call For Papers has been announced for the Workshop on CPS and IoT Security and Privacy (CPSIoTSec 2022). It will be held in Los Angeles, CA, USA on November 7th through the 11th, 2022.
210cc314daa5b40530b4eb6824f2e2f763e9b2b7e7db997ee26df88975e8880bThe call for papers for Hardwear.io NL 2022 is now open. It will take place October 27th through the 28th, 2021 in the Netherlands.
2297c70faeb7fd538fb02f2327a806bcbe1a2e1e9ae61e3f2ae62b36eb68bfd2The No cON Name 2022 call for papers has been announced. It will be held in Barcelona, Spain, from November 24th through the 26th, 2022.
d8182cfe16d9ccbd8e7da1be7700730af253ceafe0069e08c13e7dd297ae1bfcOver the past year, Trail of Bits was engaged by the Defense Advanced Research Projects Agency (DARPA) to investigate the extent to which blockchains are truly decentralized. They focused primarily on the two most popular blockchains: Bitcoin and Ethereum. They also investigated proof-of-stake (PoS) blockchains and Byzantine fault tolerant consensus protocols in general. This report provides a high-level summary of results from the academic literature, as well as their novel research on software centrality and the topology of the Bitcoin consensus network.
7539c81d4b8e441403714a6c53dc14d36bda7acb1b5c0dadb8762f8d53177dd5This whitepaper demonstrates leveraging cross site scripting and polyglot exploitation in an exploit called COOLHANDLUKE to violate network segmentation / layer 2 VLAN policies while routing and sending a file between isolated, air gapped networks without a router. This issue affects HPE Procurve, Aruba Networks, Cisco, Dell, and Netgear products.
1ec58f30e8a0a21c51d095c930eb3fc00827e2d07118a62f2dd3d6f7154a73ceIn this whitepaper, the author demonstrates abusing persistent cross site scripting and polyglot payloads can allow for robust protocol creation similar to COOLHANDLUKE and allows an attacker to exfiltrate, encapsulate, and tunnel their malicious traffic between IPv4 and IPv6 networks without a router. The author calls the technique and protocol "DIRECTIVEFOUR". This issue affects Cisco SMB and Sx Series switches.
4b5d4d8cfa4b802b87cad15d22893764dd635937e23e58bc76e7fa4673c00370Scripting languages like JavaScript are being integrated into commercial software to support easy file modification. For example, Adobe Acrobat accepts JavaScript to dynamically manipulate PDF files. To bridge the gap between the high-level scripts and the low-level languages (like C/C++) used to implement the software, a binding layer is necessary to transfer data and transform representations. However, due to the complexity of two sides, the binding code is prone to inconsistent semantics and security holes, which lead to severe vulnerabilities. Existing efforts for testing binding code merely focus on the script side, and thus miss bugs that require special program native inputs. In this paper, the researchers propose cooperative mutation, which modifies both the script code and the program native input to trigger bugs in binding code.
5f9d0ad09e9e62d12e246894db4172788cd3662fb32d618c99f88dda19d6b911Whitepaper discussing how to crack Notezilla passwords.
db3961e08ef61a0d202ba7ab4184a19ba1f3ed41a5461a43cca0d7b0d4c10807
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Subscribe to an RSS Feed