Reversing and Tooling a Signed Request Hash in Obfuscated JavaScript
I was hacking on a bug bounty program recently and discovered that the website is signing every request, preventing you from modifying the URL, including…
Month: January 2024
Citrix warns of new Netscaler zero-days exploited in attacks
Citrix urged customers on Tuesday to immediately patch Netscaler ADC and Gateway appliances exposed online against two actively exploited zero-day vulnerabilities. The two zero-days (tracked…
Medion fined for SIM-swap code breaches – Telco/ISP
Medion Australia has paid a penalty of nearly $260,000 for not complying with customer identification rules. Announcing the $259,440 penalty, the Australian Communications and Media…
Google fixes first actively exploited Chrome zero-day of 2024
Google has released security updates to fix the first Chrome zero-day vulnerability exploited in the wild since the start of the year. “Google is aware…
Inferno Drainer Phishing Nets Scammers $80M from Crypto Wallets
Group-IB Global Pvt. Ltd. has revealed shocking details on Inferno Drainer, a phishing operation targeting cryptocurrency wallet providers. The scam, involving the deployment of a…
VMware fixed a critical flaw in Aria Automation. Patch it now!
VMware fixed a critical flaw in Aria Automation. Patch it now! Pierluigi Paganini January 16, 2024 VMware warns customers of a critical vulnerability impacting its…
Androxgh0st malware botnet steals AWS, Microsoft credentials
CISA and the FBI warned today that threat actors using Androxgh0st malware are building a botnet focused on cloud credential theft and using the stolen…
Ivanti VPN Zero-Day Flaws Fuel Widespread Cyber Attacks
The vulnerabilities in Ivanti VPN devices enable remote, unauthenticated hackers to compromise targeted devices, execute arbitrary commands, infiltrate internal networks, and steal sensitive data. Threat…
PixieFail flaws impact PXE network boot in enterprise systems
A set of nine vulnerabilities, collectively called ‘PixieFail,’ impact the IPv6 network protocol stack of Tianocore’s EDK II, the open-source reference implementation of the UEFI…
A Flaw in Millions of Apple, AMD, and Qualcomm GPUs Could Expose AI Data
As more companies ramp up development of artificial intelligence systems, they are increasingly turning to graphics processing unit (GPU) chips for the computing power they…
A true tale of virtual kidnapping: Lock and Code S05E02
This week on the Lock and Code podcast… On Thursday, December 28, at 8:30 pm in the Utah town of Riverdale, the city police began…
Google’s data egress offer – no such thing as a free migration?
Google Cloud Platform (GCP) has announced it will annul data egress charges for customers that say they want to leave the cloud provider. However, the…