~lobsters | Bookmarks (158)

clear filters

CVE-2024-20356: Jailbreaking a Cisco appliance to run DOOM - LRQA Nettitude Labs

nettitude.com

The Cisco C195 is a Cisco Email Security Appliance device. Its role is to act as...
The Cisco C195 is a Cisco Email Security Appliance device. Its role is to act as an SMTP gateway on your network perimeter. This device (and the full range of appliance devices) is heavily locked down and prevents unauthorised code from running. Source: https://www.melbourneglobal.com.au/cisco-esa-c195-k9-esa-c195-e...

hardware security
1
oss-security - Make your own backdoor: CFLAGS code injection, Makefile injection, pkg-config

openwall.com

security unix
1
Palo Alto Networks zero-day exploited since March to backdoor firewalls

bleepingcomputer.com

Suspected state-sponsored hackers have been exploiting a zero-day vulnerability in Palo Alto Networks firewalls tracked as...
Suspected state-sponsored hackers have been exploiting a zero-day vulnerability in Palo Alto Networks firewalls tracked as CVE-2024-3400 since March 26, using the compromised devices to breach internal networks, steal data and credentials. Palo Alto Networks warned yesterday that hackers were actively exploiting an ...

backdoor firewall palo alto networks pan-os security
1
Expanding Trusted Publisher Support - The Python Package Index Blog

pypi.org

python security
1
PuTTY vulnerability vuln-p521-bias

greenend.org.uk

security
2
XZ Utils review notes

tukaani.org

Trivial commits like updates to THANKS or typo fixes in comments aren’t mentioned here. The months...
Trivial commits like updates to THANKS or typo fixes in comments aren’t mentioned here. The months refer to commit date, not author date. CMake: Fix unconditionally defining HAVE_CLOCK_MONOTONIC. CMake: Fix time.h checks not running on second CMake run. These are OK, including getopt.m4 which was simplified a lot. x...

security
2
Root Cause vs. Contributing Factors

felipe.rs

In multiplication, to get a non-zero product, all factors must be greater than 0. If one...
In multiplication, to get a non-zero product, all factors must be greater than 0. If one factor is 0, nothing else matters. \[\begin{align} 5 \times 2 \times 229 \times 0.2 &= 458.0\\ 5 \times 2 \times 229 \times 0.0 &= 0.0 \end{align}\] This xz/liblzma incident and the public post-morten discussion is a great illus...

culture security
1
Sandboxing All The Things with Flatpak and BubbleBox

ralfj.de

linux security
2
GitHub - gearnode/privatebin: A powerful CLI for creating and managing PrivateBin pastes with ease

github.com

go security
1
Kaspersky analysis of the backdoor in XZ

securelist.com

backdoor cyber espionage linux malware malware descriptions
2
Home

cipherleaks.com

Docs Read more details about CIPHERLEAKs. Q&A Who is affected by CIPHERLEAKs?All SEV, SEV-ES and SEV-SNP...
Docs Read more details about CIPHERLEAKs. Q&A Who is affected by CIPHERLEAKs?All SEV, SEV-ES and SEV-SNP are affected by CIPHERLEAKs, which are supported by AMD EPYC server processors. What is SEV?AMD’s Secure Encrypted Virtualization (SEV) is an extension of the AMD Virtualization (AMD-V) technology. It provides se...

cryptography security
2
Browser Security Bugs that Aren’t: JavaScript in PDF

textslashplain.com

A fairly common security bug report is of the form: “I can put JavaScript inside a...
A fairly common security bug report is of the form: “I can put JavaScript inside a PDF file and it runs!” For example, open this PDF file with Chrome, and you can see the alert(1) message displayed: Support for JavaScript within PDFs is by-design and expected by the developers of PDF rendering software, including co...

browsers security
2
A Real-World Law-Enforcement Breach of End-to-End Encrypted Messaging: The Case of... (RWC 2024)

youtube.com

science & technology security video
1
Security advisory for the standard library (CVE-2024-24576) | Rust Blog

rust-lang.org

Apr. 9, 2024 · The Rust Security Response WG The Rust Security Response WG was notified...
Apr. 9, 2024 · The Rust Security Response WG The Rust Security Response WG was notified that the Rust standard library did not properly escape arguments when invoking batch files (with the bat and cmd extensions) on Windows using the Command API. An attacker able to control the arguments passed to the spawned proces...

rust security windows
2
BatBadBut: You can't securely execute commands on Windows

flatt.tech

security windows
2
The Distribution Problem

anchor.dev

security
1
Release 0.4.0 of the seL4 Device Driver Framework - Devel - lists.sel4.systems

sel4.systems

formalmethods osdev performance security
2
GitHub - PretendoNetwork/SSSL

github.com

games security
2
Brane Dump: How I Tripped Over the Debian Weak Keys Vulnerability

hezmatt.org

historical security
3
GitHub - charmbracelet/melt: 🧊 Backup and restore Ed25519 SSH keys with seed words.

github.com

security
1
WASI 0.2 Launched

sunfishcode.online

osdev security wasm
1
CloudABI: Cloud computing meets fine-grained capabilities : Ed Schouten : Free Download, Borrow, and Streaming : Internet Archive

archive.org

osdev security
1
GitHub - kanidm/kanidm: Kanidm: A simple, secure and fast identity management platform

github.com

security
1
Design choices for post-quantum TLS

educatedguesswork.org

security
1