LocalStack zero-day vulnerabilities chained to achieve remote takeover of local instances

"Critical vulnerabilities in LocalStack, a popular framework for building cloud applications, can be chained to remotely take over locally-run LocalStack instances, security researchers claim. Researchers from Sonarsource have documented how they combined cross-site scripting (XSS) and server-side request forgery (SSRF) vulnerabilities to achieve OS command injection against the open source Python application." The rest of the article: https://portswigger.net/daily-swig/localstack-zero-day-vulnerabilities-chained-to-achieve-remote-takeover-of-local-instances

March 16, 2021 0

National Security Commission on Artificial Intelligence – March 2021 Report

From the report's Executive Summary: "The rapidly improving ability of computer systems to solve problems and to perform tasks that would otherwise require human intelligence—and in some instances exceed human performance—is world altering. AI technologies are the most powerful tools in generations for expanding knowledge, increasing prosperity, and enriching the human experience. AI is also... Continue Reading →

March 13, 2021 0

Regexploit tool unveiled with a raft of ReDoS bugs already on its resume

"A newly launched regex-scanning tool has been used by its architects to unearth multiple regular expression denial-of-service (ReDoS) vulnerabilities in popular NPM, Python, and Ruby dependencies. Released yesterday (March 11), Regexploit extracts regular expressions and scans them for widespread security weaknesses that, if exploited, can “bring a server to its knees”, said Doyensec researcher Ben Caller in... Continue Reading →

March 13, 2021 0

Cicada 3301: An Internet Mystery

https://youtu.be/I2O7blSSzpI

November 10, 2020 0

How the FBI Caught the Most Wanted Hacker in History

https://youtu.be/IgTvsqEsevk

November 4, 2020 0

Watch This Russian Hacker Break into a Computer in Minutes

https://youtu.be/CV39QzFpJx4

November 4, 2020 0

Hackers Find Missing People for Fun

https://youtu.be/2puBmXfi9Z0

November 3, 2020 0

How to Summon Demons this Halloween

https://i.pinimg.com/564x/0a/db/67/0adb675fa6fc8444ded88ce64e23ceac.jpg

October 31, 2020 0

Ransomware Gangs Publish Data Stolen from Victims who Refuse to Pay Up

As if the scourge of ransomware wasn’t bad enough already: Several prominent purveyors of ransomware have signaled they plan to start publishing data stolen from victims who refuse to pay up. To make matters worse, one ransomware gang has now created a public Web site identifying recent victim companies that have chosen to rebuild their... Continue Reading →

October 8, 2020 0

HBO Hacker was Part of Iran’s “Charming Kitten” Elite Cyber-Espionage Unit

Behzad Mesri, the Iranian national the US has accused of hacking HBO this year (2017), was part of an elite Iranian cyber-espionage unit known in infosec circles as Charming Kitten, according to a report released yesterday (Dec. 5, 2017) by Israeli firm ClearSky Cybersecurity. "(Also) Known as an APT (Advanced Persistent Threat) 35, this group... Continue Reading →

April 7, 2020 0

Blog at WordPress.com.

Up ↑

Design a site like this with WordPress.com

Get started