Hot Topics

Remote Code Execution

Samsung Chipset Zero-Day Vulnerabilities, AI-Assisted Social Engineering, ATM Fraud with a Twist

Samsung Chipset Zero-Day Vulnerabilities, AI-Assisted Social Engineering, ATM Fraud with a Twist

| | AI Tools, ATM fraud, Chase Bank, Contactless Payment, Convenience vs Security, Cyber Security, Cybersecurity, Data Privacy, Digital Privacy, Episodes, Exynos Chipsets, Hidden Cameras, Information Security, Infosec, mobile device security, PIN Security, Podcast, Podcasts, Privacy, Remote Code Execution, ReSpeacher, Samsung Chipsets, security, Skimmer Technology, social engineering attacks, Tap-Enabled Debit Cards, Tavora, technology, Voice Cloning, Voice over LTE, Weekly Edition, WiFi Calling, zero-day vulnerabilities
In this episode we discuss Google’s discovery of 18 zero-day vulnerabilities in Samsung’s Exynos chipsets. We examine an AI-assisted social engineering campaign that combines emerging technologies with classic techniques. Finally, we look ...
The Shared Security Show
What You Need to Know About the Apache Commons Text Flaw (CVE-2022-42889)

What You Need to Know About the Apache Commons Text Flaw (CVE-2022-42889)

| | cyber threat intelligence, DevSecOps, Remote Code Execution, Threat Intelligence, Vulnerabilities, vulnerability intelligence, Vulnerability Management, vulnerability prioritization, Vulnerability Remediation
Vulnerability researchers and media sources are paying a lot of attention to CVE-2022-42889, a vulnerability affecting the open source library Apache Commons Text, which could potentially allow a malicious actor to execute ...
Threat Intelligence Blog | Flashpoint
What We Know About the Zero-Day Vulnerability Affecting Zimbra Collaboration and cpio

What We Know About the Zero-Day Vulnerability Affecting Zimbra Collaboration and cpio

| | current-events, cyber threat intelligence, Remote Code Execution, Vulnerabilities, vulnerability intelligence, Vulnerability Management, zero-day
On September 10, an attack was reported in the Zimbra forums where a malicious actor was able to upload a JSP web shell into the /public directory to execute a command, generating ...
Threat Intelligence Blog | Flashpoint
What We Know About the Vulnerabilities Keeping ‘Dark Souls’ Offline

What We Know About the Vulnerabilities Keeping ‘Dark Souls’ Offline

| | cisa, Exploit, Remote Code Execution, video games, Vulnerabilities, Vulnerability Management
A RCE vulnerability has forced FromSoftware to take down 'Dark Souls' servers. However, there are more issues that haven't been publicly addressed. The post What We Know About the Vulnerabilities Keeping ‘Dark ...
Threat Intelligence Blog | Flashpoint
TLStorm CCPA

TLStorm 2.0 Flaws Leave Aruba, Avaya Switches Vulnerable

| | mTLS, Network Security, Remote Code Execution, TLSTorm
A handful of vulnerabilities in the implementation of TLS communications in Aruba and Avaya switches extend TLStorm flaws first discovered in March to millions of enterprise-grade network infrastructure devices. By exploiting these ...
Security Boulevard
CISA’s Joint Cybersecurity Advisory: Protecting Your Organization From Vulnerabilities – and 29,000 Other Known Exploits

CISA’s Joint Cybersecurity Advisory: Protecting Your Organization From Vulnerabilities – and 29,000 Other Known Exploits

| | cisa, Remote Code Execution, Risk Based Security, Vulnerability Management, vulns, zero-day
Some of the world’s leading cybersecurity authorities banded together to co-author the Joint Cybersecurity Advisory: 2021 Top Routinely Exploited Vulnerabilities, where they provided details on CVE vulnerabilities that have been routinely exploited ...
Threat Intelligence Blog | Flashpoint
Oxeye toxic workplace ask chloé

Oxeye Tool Can Counter Log4j Obfuscation Attacks

| | Apache Log4j, deobfuscation, open source, Oxeye, Remote Code Execution
Oxeye today announced an open source deobfuscation tool, dubbed Ox4Shell, that makes it simpler for cybersecurity teams to uncover hidden payloads that attempt to exploit Log4Shell vulnerabilities. Many enterprise IT organizations have ...
Security Boulevard
Log4Shell log4j Remote Code Execution – The COVID of the Internet

Log4Shell log4j Remote Code Execution – The COVID of the Internet

| | Application Security, CVE-2021-44228, Digest, Log4j, Remote Code Execution, runtime application self-protection, Web Application Firewall
The Log4Shell zero day vulnerability is truly one of the most significant security threats of the past decade and its effects will be felt far into 2022 and beyond. Imperva has observed ...
Blog
OpenText OCSF WhiteSource Log4j window Proofpoint Open Source Security

WhiteSource Automates Remediation of Log4j Vulnerabilities

| | Apache Log4j, open source, Remote Code Execution, WhiteSource Software
WhiteSource this week made good on a promise to add Log4j vulnerability remediation capabilities to both its free and commercial tools for updating open source software components. Susan St. Clair, director of ...
Security Boulevard
UPDATED: Cybereason Log4Shell Vaccine Offers Permanent Mitigation Option for Log4j Vulnerabilities (CVE-2021-44228 and CVE-2021-45046)

UPDATED: Cybereason Log4Shell Vaccine Offers Permanent Mitigation Option for Log4j Vulnerabilities (CVE-2021-44228 and CVE-2021-45046)

| | Apache Log4j Vulnerability, Apache Servers, CVE-2021-44228, Cybereason Defense Platform, enterprise security, Exploits, GitHub, Log4Shell, Logout4Shell Vaccine, mitigation, Network Security, patch management, patching, rce, remediation, Remote Code Execution, Vulnerabilities, vulnerability, zero-day
UPDATE 12/17/21: The Logout4Shell Vaccine has been updated to add a persistent option in addition to the existing one which reverted upon server restart. The previous version of the Vaccine used the ...
Blog
Load more