Code – OWASP Jakarta

Critical RCE Flaw in GFI KerioControl Allows Remote Code Execution via CRLF Injection

Critical RCE Flaw in GFI KerioControl Allows Remote Code Execution via CRLF Injection Threat actors are attempting to take advantage of a recently disclosed security flaw impacting GFI KerioControl firewalls that, if successfully exploited, could allow malicious actors to achieve remote code execution (RCE). The vulnerability in question, CVE-2024-52875, refers Read more

By adminowasp, 7 months ago

News

Researchers Uncover Nuclei Vulnerability Enabling Signature Bypass and Code Execution

Researchers Uncover Nuclei Vulnerability Enabling Signature Bypass and Code Execution A high-severity security flaw has been disclosed in ProjectDiscovery’s Nuclei, a widely-used open-source vulnerability scanner that, if successfully exploited, could allow attackers to bypass signature checks and potentially execute malicious code. Tracked as CVE-2024-43405, it carries a CVSS score of Read more

By adminowasp, 7 months ago

News

Hackers Weaponize Visual Studio Code Remote Tunnels for Cyber Espionage

Hackers Weaponize Visual Studio Code Remote Tunnels for Cyber Espionage A suspected China-nexus cyber espionage group has been attributed to an attacks targeting large business-to-business IT service providers in Southern Europe as part of a campaign codenamed Operation Digital Eye. The intrusions took place from late June to mid-July 2024, Read more

By adminowasp, 8 months ago

News

Code found online exploits LogoFAIL to install Bootkitty Linux backdoor

Code found online exploits LogoFAIL to install Bootkitty Linux backdoor Normally, Secure Boot prevents the UEFI from running all subsequent files unless they bear a digital signature certifying those files are trusted by the device maker. The exploit bypasses this protection by injecting shell code stashed in a malicious bitmap Read more

By adminowasp, 8 monthsDecember 3, 2024 ago

News

OvrC Platform Vulnerabilities Expose IoT Devices to Remote Attacks and Code Execution

OvrC Platform Vulnerabilities Expose IoT Devices to Remote Attacks and Code Execution A security analysis of the OvrC cloud platform has uncovered 10 vulnerabilities that could be chained to allow potential attackers to execute code remotely on connected devices. “Attackers successfully exploiting these vulnerabilities can access, control, and disrupt devices Read more

By adminowasp, 8 months ago

News

Hack Nintendo’s Alarmo to run code (cat pics)? Let’s-a go! • The Register

Hack Nintendo’s Alarmo to run code (cat pics)? Let’s-a go! • The Register A hacker who uses the handle GaryOderNichts has found a way to break into Nintendo’s recently launched Alarmo clock, and run code on the device. Nintendo bills Alarmo as a way to “make waking up fun” – Read more

By adminowasp, 9 monthsNovember 2, 2024 ago

News

Researchers Uncover Python Package Targeting Crypto Wallets with Malicious Code

Researchers Uncover Python Package Targeting Crypto Wallets with Malicious Code Oct 30, 2024Ravie LakshmananCybercrim / Cryptocurrency Cybersecurity researchers have discovered a new malicious Python package that masquerades as a cryptocurrency trading tool but harbors functionality designed to steal sensitive data and drain assets from victims’ crypto wallets. The package, named Read more

By adminowasp, 9 months ago

News

Apple Opens PCC Source Code for Researchers to Identify Bugs in Cloud AI Security

Apple Opens PCC Source Code for Researchers to Identify Bugs in Cloud AI Security Oct 25, 2024Ravie LakshmananCloud Security / Artificial Intelligence Apple has publicly made available its Private Cloud Compute (PCC) Virtual Research Environment (VRE), allowing the research community to inspect and verify the privacy and security guarantees of Read more

By adminowasp, 9 months ago

News

Grafana critical vulnerability risks remote code execution

Grafana critical vulnerability risks remote code execution Grafana, an open-source data analytics and visualization platform, was found to have a critical vulnerability that could lead to remote code execution. The flaw, tracked as CVE-2024-9264, which has a CVSS v4 score of 9.4, was introduced in Grafana version 11 released in Read more

By adminowasp, 9 monthsOctober 21, 2024 ago

News

Critical Apache Avro SDK Flaw Allows Remote Code Execution in Java Applications

Critical Apache Avro SDK Flaw Allows Remote Code Execution in Java Applications Oct 07, 2024Ravie LakshmananOpen Source / Software Security A critical security flaw has been disclosed in the Apache Avro Java Software Development Kit (SDK) that, if successfully exploited, could allow the execution of arbitrary code on susceptible instances. Read more

By adminowasp, 10 months ago