Cyberveilleby Decio
Nuage de tags
Mur d'images
Quotidien
Flux RSS
  • Flux RSS
  • Daily Feed
  • Weekly Feed
  • Monthly Feed
Filtres

Liens par page

  • 20 links
  • 50 links
  • 100 links

Filtres

Untagged links
9 résultats taggé Code  ✕
CVE-2023-38146: Arbitrary Code Execution via Windows Themes https://exploits.forsale/themebleed/
14/09/2023 12:31:15
QRCode
archive.org

This is a fun bug I found while poking around at weird Windows file formats. It's a kind of classic Windows style vulnerability featuring broken signing, sketchy DLL loads, file races, cab files, and Mark-of-the-Web silliness. It was also my first experience submitting to the MSRC Windows bug bounty since leaving Microsoft in April of 2022.

exploits.forsale EN 2023 CVE-2023-38146 Arbitrary Code Execution themebleed Windows Themes
Code Vulnerabilities Put Proton Mails at Risk https://www.sonarsource.com/blog/code-vulnerabilities-leak-emails-in-proton-mail/
07/09/2023 23:42:58
QRCode
archive.org
thumbnail

The Sonar Research team discovered critical code vulnerabilities in Proton Mail, Skiff and Tutanota. This post covers the technical details of the XSS vulnerability in Proton Mail.

sonarsource EN 2023 Code Vulnerabilities ProtonMail XSS Tutanota
CVE-2023-38408: Remote Code Execution in OpenSSH’s forwarded ssh-agent https://blog.qualys.com/vulnerabilities-threat-research/2023/07/19/cve-2023-38408-remote-code-execution-in-opensshs-forwarded-ssh-agent
20/07/2023 11:18:06
QRCode
archive.org
thumbnail

The Qualys Threat Research Unit (TRU) has discovered a remote code execution vulnerability in OpenSSH's forwarded ssh-agent. This vulnerability allows a remote…

qualys EN 2023 OpenSSH remote code execution vulnerability ssh-agent
BlackLotus UEFI Bootkit Source Code Leaked on GitHub https://www.securityweek.com/blacklotus-uefi-bootkit-source-code-leaked-on-github/?utm_source=substack&utm_medium=email
15/07/2023 13:56:38
QRCode
archive.org
thumbnail

The source code for the BlackLotus UEFI bootkit has been shared publicly on GitHub, albeit with several modifications compared to the original malware.

Designed specifically for Windows, the bootkit emerged on hacker forums in October last year, being advertised with APT-level capabilities such as secure boot and user access control (UAC) bypass and the ability to disable security applications and defense mechanisms on victim systems.

securityweek EN 2023 BlackLotus UEFI Bootkit Source Code Leaked GitHub
Process Mockingjay: Echoing RWX In Userland To Achieve Code Execution https://www.securityjoes.com/post/process-mockingjay-echoing-rwx-in-userland-to-achieve-code-execution
27/06/2023 15:04:59
QRCode
archive.org
thumbnail

Our research team is committed to continuously identifying potential security vulnerabilities and techniques that threat actors may exploit to bypass existing security controls. In this blog post, our team is detailing on a comprehensive research specifically focused on process injection techniques utilized by attackers to deceive robust security products integrated into the security stack, such as EDRs and XDRs. Throughout the blog post, we will delve into various process injection techniques e

securityjoes EN 2023 Mockingjay EDR bypass technique RWX Code Execution
Malicious App Developer Remains on Google Play https://gizmodo.com/google-play-phishing-malicious-apps-1849731818
03/11/2022 07:11:03
QRCode
archive.org
thumbnail

A report shows four Bluetooth-centered apps by the same developer have been downloaded 1 million times combined while containing malicious code.

gizmodo EN google-play malicious code app Bluetooth-centered
Intel Confirms Alder Lake BIOS Source Code Leak https://www.tomshardware.com/news/intel-confirms-6gb-alder-lake-bios-source-code-leak-new-details-emerge
10/10/2022 08:31:57
QRCode
archive.org
thumbnail

Intel confirms that 6GB of proprietary BIOS source code for its Alder Lake processors was leaked to the public.

tomshardware EN 202 Alder Lake BIOS Source Code Leak Intel
Cybercriminals who breached Nvidia issue one of the most unusual demands ever https://arstechnica.com/information-technology/2022/03/cybercriminals-who-breached-nvidia-issue-one-of-the-most-unusual-demands-ever/
06/03/2022 18:43:49
QRCode
archive.org
thumbnail

Chipmaker has until Friday to comply or see its crown-jewel source code released.

Nvidia 2022 EN ransom demands code arstechnica
Malware now using stolen NVIDIA code signing certificates https://www.bleepingcomputer.com/news/security/malware-now-using-stolen-nvidia-code-signing-certificates/
06/03/2022 10:28:17
QRCode
archive.org
thumbnail

Threat actors are using stolen NVIDIA code signing certificates to sign malware to appear trustworthy and allow malicious drivers to be loaded in Windows.

This week, NVIDIA confirmed that they suffered a cyberattack that allowed threat actors to steal employee credentials and proprietary data.

bleepingcomputer Nvidia certificates malware EN 2022 code signing
1765 links
Shaarli - Le gestionnaire de marque-pages personnel, minimaliste, et sans base de données par la communauté Shaarli - Theme by kalvn - Curated by Decio