All posts tagged cyber

■■■□□ Undocumented authentication bypass issue in AEM Package Manager. https://labs.detectify.com/2021/06/28/aem-crx-bypass-0day-control-over-some-enterprise-aem-crx-package-manager/ https://t.me/cKure/9068

■■■□□ Interesting thread. https://twitter.com/josephfcox/status/1430943998319923201 https://t.me/cKure/9067

■■■□□ Vulnerability in Bumble dating app reveals any user’s exact location. https://robertheaton.com/bumble-vulnerability/ https://t.me/cKure/9066

■■■■■ Offensive API Hooking. https://ilankalendarov.github.io/posts/offensive-hooking/ https://t.me/cKure/9065

■■□□□ Interesting Thread. https://twitter.com/ptracesecurity/status/1430769918048415747 https://t.me/cKure/9064

■■■■■ Cross-Site WebSocket Hijacking (CSWSH). https://infosecwriteups.com/cross-site-websocket-hijacking-cswsh-ce2a6b0747fc https://t.me/cKure/9062

■■□□□ Interesting thread: Babuk / RAMP Ransomware. https://twitter.com/vxunderground/status/1430618609684992013 https://t.me/cKure/9061

■■■□□ BIG-IP application services company F5 has fixed more than a dozen high-severity vulnerabilities in its networking device, one of them being elevated to critical severity under specific conditions. https://www.bleepingcomputer.com/news/security/critical-f5-big-ip-bug-impacts-customers-in-sensitive-sectors/ https://t.me/cKure/9058

■■□□□ Mirai-style IoT botnet is now scanning for router-pwning critical vuln in Realtek kit. https://go.theregister.com/feed/www.theregister.com/2021/08/25/mirai_botnet_critical_vuln_realtek_radware/ https://t.me/cKure/9056

■■■■■ Msynth; a code deobfuscation framework to simplify Mixed Boolean-Arithmetic (MBA) expressions. Given a pre-computed simplification oracle, it walks over a complex expression represented as an abstract syntax tree (AST) and tries to simplify subtrees based on oracle lookups. Alternatively, it tries to simplify expressions via stochastic program synthesis. https://github.com/mrphrazer/msynth https://t.me/cKure/9054