Cloud Security Alliance News Clipping Site

Tag: exploit development

  • Hacker News: Ancient Monkey: Pwning a 17-Year-Old Version of SpiderMonkey

    by

    system automation
    in

    Source URL: https://blog.pspaul.de/posts/ancient-monkey-pwning-a-17-year-old-version-of-spidermonkey/ Source: Hacker News Title: Ancient Monkey: Pwning a 17-Year-Old Version of SpiderMonkey Feedly Summary: Comments AI Summary and Description: Yes Summary: The text discusses a significant vulnerability found in the Zscaler enterprise VPN solution, particularly linked to the pacparser library and its use of an outdated version of the SpiderMonkey JavaScript engine.…

  • Hacker News: SELinux Bypasses

    by

    system automation
    in

    Source URL: https://klecko.github.io/posts/selinux-bypasses/ Source: Hacker News Title: SELinux Bypasses Feedly Summary: Comments AI Summary and Description: Yes **Summary:** The text provides an in-depth technical exploration of SELinux, specifically relating to its implementation, security mechanisms, and potential bypass methods on Android devices. This is significant for professionals in security and compliance who are focused on kernel-level…

  • The Register: macOS HM Surf vuln might already be under exploit by major malware family

    by

    system automation
    in

    Source URL: https://www.theregister.com/2024/10/21/microsoft_macos_hm_surf/ Source: The Register Title: macOS HM Surf vuln might already be under exploit by major malware family Feedly Summary: Like keeping your camera and microphone private? Patch up In revealing details about a vulnerability that threatens the privacy of Apple fans, Microsoft urges all macOS users to update their systems.… AI Summary…

  • Cloud Blog: How Low Can You Go? An Analysis of 2023 Time-to-Exploit Trends

    by

    system automation
    in

    Source URL: https://cloud.google.com/blog/topics/threat-intelligence/time-to-exploit-trends-2023/ Source: Cloud Blog Title: How Low Can You Go? An Analysis of 2023 Time-to-Exploit Trends Feedly Summary: Written by: Casey Charrier, Robert Weiner Mandiant analyzed 138 vulnerabilities that were disclosed in 2023 and that we tracked as exploited in the wild. Consistent with past analyses, the majority (97) of these vulnerabilities were…

  • Hacker News: 4 Exploits, 1 bug: exploiting cve-2024-20017 4 different ways

    by

    system automation
    in

    Source URL: https://blog.coffinsec.com/0day/2024/08/30/exploiting-CVE-2024-20017-four-different-ways.html Source: Hacker News Title: 4 Exploits, 1 bug: exploiting cve-2024-20017 4 different ways Feedly Summary: Comments AI Summary and Description: Yes **Summary:** The text presents a detailed analysis of a recently discovered vulnerability (CVE-2024-20017) in the wappd service related to MediaTek’s SDK, particularly affecting various embedded devices. It explains how a stack…

  • The Register: Proof-of-concept code released for zero-click critical Windows vuln

    by

    system automation
    in

    Source URL: https://www.theregister.com/2024/08/28/proofofconcept_code_released_for_zeroclick/ Source: The Register Title: Proof-of-concept code released for zero-click critical Windows vuln Feedly Summary: If you haven’t deployed August’s patches, get busy before others do Windows users who haven’t yet installed the latest fixes to their operating systems will need to get a move on, as code now exists to exploit a…