Recherche : [Injection]

Facial Recognition Injection Attacks - An Overview https://www.scip.ch/en/?labs.20250318

19/03/2025 09:35:35

Facial Recognition Injection Attacks involve injecting tampered video feeds or deepfakes into facial recognition systems to bypass security. Current attack types include Virtual Video Injections, Hardware-based Video Injections, Device Emulation and Function Hooking.

Malware Redirects WordPress Traffic to Harmful Sites https://blog.sucuri.net/2025/01/malware-redirects-wordpress-traffic-to-harmful-sites.html

24/01/2025 08:25:40

Learn about the steps we took to uncover and neutralize a malware infection redirecting WordPress traffic to dangerous URLs.

CVE-2024-1212: Unauthenticated Command Injection In Progress Kemp LoadMaster - Rhino Security Labs https://rhinosecuritylabs.com/research/cve-2024-1212unauthenticated-command-injection-in-progress-kemp-loadmaster/

03/12/2024 15:37:41

CVE-2024-1212 is an unauthenticated command injection found in Progress Kemp LoadMaster load balancer's administrator web interface by Rhino Security Labs.

Ivanti warns of three more CSA zero-days exploited in attacks https://www.bleepingcomputer.com/news/security/ivanti-warns-of-three-more-csa-zero-days-exploited-in-attacks/

08/10/2024 18:24:32

American IT software company Ivanti has released security updates to fix three new Cloud Services Appliance (CSA) zero-days tagged as actively exploited in attacks.

Data Exfiltration from Slack AI via indirect prompt injection https://promptarmor.substack.com/p/data-exfiltration-from-slack-ai-via

20/08/2024 21:40:04

This vulnerability can allow attackers to steal anything a user puts in a private Slack channel by manipulating the language model used for content generation. This was responsibly disclosed to Slack (more details in Responsible Disclosure section at the end).

Cisco NX-OS Command Injection Vulnerability CVE-2024-20399: Insights and Defense Strategies https://www.sygnia.co/threat-reports-and-advisories/china-nexus-threat-group-velvet-ant-exploits-cisco-0-day/

02/07/2024 18:59:25

Discover key insights into the recently disclosed Cisco NX-OS software CLI vulnerability (CVE-2024-20399) affecting numerous Cisco Nexus devices.

CVE-2024-29824 Deep Dive: Ivanti EPM SQL Injection Remote Code Execution Vulnerability – Horizon3.ai https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/

12/06/2024 16:55:47

CVE-2024-29824 Ivanti EPM SQL Injection Remote Code Execution Vulnerability. This blog details the internals of a SQLi RCE vulnerability.

Security Flaw in WP-Members Plugin Leads to Script Injection https://www.securityweek.com/security-flaw-in-wp-members-plugin-leads-to-script-injection/

04/04/2024 19:04:25

Attackers could exploit a high-severity cross-site Scripting (XSS) vulnerability in the WP-Members Membership WordPress plugin to inject arbitrary scripts into web pages, according to an advisory from security firm Defiant.

Thinking about the security of AI systems https://www.ncsc.gov.uk/blog-post/thinking-about-security-ai-systems

06/09/2023 15:03:02

Why established cyber security principles are still important when developing or implementing machine learning models.

CVE-2023-34362: MOVEit Transfer SQL Injection Vulnerability Threat Brief https://unit42.paloaltonetworks.com/threat-brief-moveit-cve-2023-34362/

07/06/2023 20:25:16

On May 31, Progress Software posted a notification alerting customers of a critical Structured Query Language injection (SQLi) vulnerability (CVE-2023-34362) in their MOVEit Transfer product. MOVEit Transfer is a managed file transfer (MFT) application intended to provide secure collaboration and automated file transfers of sensitive data.

Analysis of Pre-Auth RCE in Sophos Web Appliance (CVE-2023-1671) https://vulncheck.com/blog/cve-2023-1671-analysis

22/04/2023 20:04:20

CVE-2023-1671 is a pre-authenticated command injection in Sophos Web Appliance. In this blog post, VulnCheck researchers analyze the vulnerability and develop a proof of concept (PoC) for it.

‘InTheBox’ Web Injects Targeting Android Banking Applications Worldwide https://blog.cyble.com/2023/01/31/inthebox-web-injects-targeting-android-banking-applications-worldwide/?hss_channel=tw-1141929006603866117

31/01/2023 23:02:11

Cyble analyzes 'InTheBox' as part of its thorough research on Web Injects and their role in targeting Android Banking applications worldwide,

Resolved RCE in Sophos Firewall (CVE-2022-3236) https://www.sophos.com/en-us/security-advisories/sophos-sa-20220923-sfos-rce

26/09/2022 10:02:12

A code injection vulnerability allowing remote code execution was discovered in the User Portal and Webadmin of Sophos Firewall. The vulnerability has been fixed.

Azure Cloud Shell Command Injection Stealing User’s Access Tokens https://blog.lightspin.io/azure-cloud-shell-command-injection-stealing-users-access-tokens

21/09/2022 23:44:32

This post describes how I took over an Azure Cloud Shell trusted domain and leveraged it to inject and execute commands in other users’ terminals.

Process injection: breaking all macOS security layers with a single vulnerability &middot https://sector7.computest.nl/post/2022-08-process-injection-breaking-all-macos-security-layers-with-a-single-vulnerability/

15/08/2022 10:13:36

In macOS 12.0.1 Monterey, Apple fixed CVE-2021-30873. This was a process injection vulnerability affecting (essentially) all macOS AppKit-based applications. We reported this vulnerability to Apple, along with methods to use this vulnerability to escape the sandbox, elevate privileges to root and bypass the filesystem restrictions of SIP.

Liens par page

Filtres