Account takeover due to blind MongoDB injection Security News & Discussion

---

• Account takeover due to blind MongoDB injection
• L1 Terminal Fault / CVE-2018-3615 , CVE-2018-3620,CVE-2018-3646 / INTEL-SA-00161
• Analysing CVE-2018-13417 for files, hashes and shells
• Are Summons Just Get Tweeted Now? Analyzing the Legal Issues With Serving Formal Papers on Social Media
• Playback - a TLS 1.3 story
• Linux kernel: CVE-2017-18344: arbitrary-read vulnerability in the timer subsystem
• Decided to write a proper guide for WP malware removal. Hopefully it can be helpful if someone comes to you with such issue.
• Phone Call to XXE via Interactive Voice Response
• CVE-2018-8302: Getting code execution on Microsoft Exchange through a .NET BinaryFormatter Deserialization vulnerability.
• Announcing Gopherus: Generate Gopher payload for exploiting SSRF and lead to RCE, on SSRF vulnerable sites
• Password and Credential Management in 2018 - State of the art security for the most valuable secrets

Account takeover due to blind MongoDB injection Posted: 15 Aug 2018 07:28 AM PDT submitted by /u/albinowax [link] [comments]

L1 Terminal Fault / CVE-2018-3615 , CVE-2018-3620,CVE-2018-3646 / INTEL-SA-00161 Posted: 14 Aug 2018 04:56 PM PDT submitted by /u/jdrch [link] [comments]

Analysing CVE-2018-13417 for files, hashes and shells Posted: 15 Aug 2018 09:22 AM PDT submitted by /u/r3b00tu53r [link] [comments]

Are Summons Just Get Tweeted Now? Analyzing the Legal Issues With Serving Formal Papers on Social Media Posted: 15 Aug 2018 02:29 PM PDT submitted by /u/ExcellentVacation12 [link] [comments]

Playback - a TLS 1.3 story Posted: 14 Aug 2018 04:24 PM PDT submitted by /u/vamediah [link] [comments]

Linux kernel: CVE-2017-18344: arbitrary-read vulnerability in the timer subsystem Posted: 14 Aug 2018 04:11 PM PDT submitted by /u/thebrachy [link] [comments]

Decided to write a proper guide for WP malware removal. Hopefully it can be helpful if someone comes to you with such issue. Posted: 15 Aug 2018 01:48 PM PDT submitted by /u/ded1cated [link] [comments]

Phone Call to XXE via Interactive Voice Response Posted: 14 Aug 2018 06:39 PM PDT submitted by /u/sxcurity [link] [comments]

CVE-2018-8302: Getting code execution on Microsoft Exchange through a .NET BinaryFormatter Deserialization vulnerability. Posted: 14 Aug 2018 06:42 PM PDT submitted by /u/RedmondSecGnome [link] [comments]

Announcing Gopherus: Generate Gopher payload for exploiting SSRF and lead to RCE, on SSRF vulnerable sites Posted: 15 Aug 2018 08:40 AM PDT I've written this tool for MySQL, FastCGI, Memcached, Redis, Zabbix, SMTP servers. A detailed description can be found here: https://github.com/tarunkant/Gopherus blog post on the same: https://spyclub.tech/2018/blog-on-gopherus/ submitted by /u/tarunkant [link] [comments]

Password and Credential Management in 2018 - State of the art security for the most valuable secrets Posted: 15 Aug 2018 01:18 AM PDT submitted by /u/fharw [link] [comments]

You are subscribed to email updates from /r/netsec - Information Security News & Discussion. To stop receiving these emails, you may unsubscribe now.	Email delivery powered by Google
Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States