Skip Navigation
Security News @infosec.pub execveat @infosec.pub
www.bleepingcomputer.com Fake zero-day PoC exploits on GitHub push Windows, Linux malware

Hackers are impersonating cybersecurity researchers on Twitter and GitHub to publish fake proof-of-concept exploits for zero-day vulnerabilities that infect Windows and Linux with malware.

Fake zero-day PoC exploits on GitHub push Windows, Linux malware

Someone created a bunch of github profiles impersonating real researchers alongside fake Twitter accounts. Pretty fascinating, really.

0
Research @infosec.pub execveat @infosec.pub
blog.millerti.me WWDC23: Passkeys

All the passkeys news not fit to print or film or whatever

WWDC23: Passkeys
0
Research @infosec.pub execveat @infosec.pub
BChecks (SDL for defining custom scans) available in Burp 2023.6
portswigger.net BChecks worked examples

BChecks are defined by importing .bcheck files into Burp Suite Professional. This section provides some example definitions that correspond to real-world ...

BChecks worked examples

It's like nuclei templates I guess, but built into Burp. Only available in the Early Adopter release for now.

0
Research @infosec.pub execveat @infosec.pub
Every Signature is Broken: On the Insecurity of Microsoft Office’s OOXML Signatures

OOXML signatures are rendered pretty much useless due to 3 flaws in specification and 2 flaws in implementation.

"The vulnerabilities have been acknowledged by Microsoft. However, Microsoft has decided that the vulnerabilities do not require immediate attention."

0
Security News @infosec.pub execveat @infosec.pub
Fortinet tries to silently patch critical RCE, researches burn it
www.bleepingcomputer.com Fortinet fixes critical RCE flaw in Fortigate SSL-VPN devices, patch now

Fortinet has released new Fortigate firmware updates that fix an undisclosed, critical pre-authentication remote code execution vulnerability in SSL VPN devices, tracked as CVE-2023-27997.

Fortinet fixes critical RCE flaw in Fortigate SSL-VPN devices, patch now

Timely and ongoing communications with our customers is a key component in our efforts to best protect and secure their organization. There are instances where confidential advance customer communications can include early warning on Advisories to enable customers to further strengthen their security posture, prior to the Advisory being publicly released to a broader audience. This process follows best practices for responsible disclosure to ensure our customers have the timely information they need to help them make informed risk-based decisions. For more on Fortinet’s responsible disclosure process, visit the Fortinet Product Security Incident Response Team (PSIRT) page: https://www.fortiguard.com/psirt_policy.

0
Research @infosec.pub execveat @infosec.pub
neodyme.io CS:GO: From Zero to 0-day

We identified three independent remote code execution (RCE) vulnerabilities in the popular Counter-Strike: Global Offensive game. Each vulnerability can be triggered when the game client connects to our malicious python CS:GO server. This post details our journey through the CS:GO binary and conduct...

CS:GO: From Zero to 0-day

They've chained 4 logic bugs to achieve RCE in CS:GO, pretty impressive. Valve sucks at communication and bug bounty payouts though.

0
What's your side project of a month?

cross-posted from: https://infosec.pub/post/48321

> If you're working on a research or side project, this is your platform to share your findings, roadblocks, breakthroughs, and more. Doesn't matter if it's still a work in progress or has been recently published - all stages of research are welcome. > > Maybe you're not actively researching, but you're closely following an interesting development in the industry or a certain researcher's work - feel free to share that here too! > > Or perhaps, you've got an idea for a project or research you wish to undertake, but need resources, collaborators, or simply some guidance - let the community know. > > Here's a simple guideline to kickstart the conversation: > > - What's the research about? (Give a brief overview of the project or topic) > - Current progress/Findings (If applicable) > - Challenges and roadblocks (What issues are you facing or expect to face?) > - Help needed (Are you looking for collaborators, resources, advice, etc.?)

0
Research @infosec.pub execveat @infosec.pub
What's your side project of a month?

If you're working on a research or side project, this is your platform to share your findings, roadblocks, breakthroughs, and more. Doesn't matter if it's still a work in progress or has been recently published - all stages of research are welcome.

Maybe you're not actively researching, but you're closely following an interesting development in the industry or a certain researcher's work - feel free to share that here too!

Or perhaps, you've got an idea for a project or research you wish to undertake, but need resources, collaborators, or simply some guidance - let the community know.

Here's a simple guideline to kickstart the conversation:

  • What's the research about? (Give a brief overview of the project or topic)
  • Current progress/Findings (If applicable)
  • Challenges and roadblocks (What issues are you facing or expect to face?)
  • Help needed (Are you looking for collaborators, resources, advice, etc.?)
0
InitialsDiceBearhttps://github.com/dicebear/dicebearhttps://creativecommons.org/publicdomain/zero/1.0/„Initials” (https://github.com/dicebear/dicebear) by „DiceBear”, licensed under „CC0 1.0” (https://creativecommons.org/publicdomain/zero/1.0/)EX
execveat @infosec.pub
Posts 8
Comments 0