This is what your #software should never ever under any circumstances do:

1. Overflow a buffer
2. Allow XSS
3. Allow SQL injection
4. Allocate, then free memory, without erasing its content
5. Allow command injection

https://cwe.mitre.org/top25/archive/2023/2023_top25_list.html

#cybersecurity #security #vulns

Only 1337 #APT #Cybersecurity m@st0r #h4x0r setup in cafe like this to #hack and #pwn wit #zeroday #vulns

A cool video from one of our security researchers Carlos Fernandez at Sonatype

Mutating remote access Trojans, or RAT mutants, are being found within our Nexus IQ and Lifecycle products, and Carlos pulls them apart.

https://www.helpnetsecurity.com/2023/01/24/malicious-packages-targeting-python-developers-video/

#PyPi #malware #vulns #python #RAT

What are some good recent CVEs that I could try writing exploits for in order to stress test the API of ronin-exploits?
https://github.com/ronin-rb/ronin-exploits#examples
#exdev #infosec #vulns

Loving this collaboration with my colleagues Hernán Ortiz and Lex Vorona.

Think my favourite is the low bass on the audio rendering of Text4Shell!

Nice to see Log4Shell giving something positive over the holidays this year! Enjoy!

https://blog.sonatype.com/caroling-through-the-season-the-sounds-of-the-4shells

#vulns #music #cybersecurity #vulnerabilities

via: @campuscodi

QiAnXin published a report on the recent attacks of #OceanLotus (#APT32) that targeted Chinese organizations throughout 2021.

The group allegedly used 3 zero-day #vulns:

+1 in an unnamed antivirus product
+2 in an unnamed workstation management system. More here (in Chinese): https://mp.weixin.qq.com/s/pd6fUs5TLdBtwUHauclDOQ | #infosec #espionage #malware

Yeah, I see this, and the #ZeroTrust world is gonna have an issue. How many devices are going to be missed?
Also since it seems to affect version 3.0 and higher, how many people are going to start spouting anti-patch and anti-update sentiment?
#infosec #vulns #vulnspotlight

I've lost track, am I still supposed to be disabling #hyperthreading if I care about #infosec and the #vulns? I don't want to find myself on the wrong end of the #lulz.

"The root cause of the Spectre and Meltdown vulnerabilities was that processor architects were trying to build not just fast processors, but fast processors that expose the same abstract machine as a PDP-11. This is essential because it allows C programmers to continue in the belief that their language is close to the underlying hardware." #security #malware #vulns #compsci https://queue.acm.org/detail.cfm?id=3212479