Authentication bypass vulnerability in Western Digital My Cloud allows escalation to admin privileges Security News & Discussion

---

• Authentication bypass vulnerability in Western Digital My Cloud allows escalation to admin privileges
• BYOB (Build Your Own Botnet)
• SSD Advisory – VirtualBox VRDP Guest-to-Host Escape
• A cache invalidation bug in Linux memory management
• SQLi Without Quotes
• Linux kernel universal heap spray userfaultfd+setxattr
• Executing Meterpreter in Memory on Windows 10 and Bypassing AntiVirus
• SQL injection, Oracle and full-width characters – Tomas Lažauninkas – Medium
• Effortless security feature detection with Winchecksec
• Android Banker found on Google Play with 10K+ installs stole over 10,000 Euros [infection video included]
• Bypassing NGFW/WAFs using data format obfuscations – Ivan Novikov – Medium
• Using “magic” DNS-resolutions to track suspicious domains
• cspparse: A tool to evaluate Content Security Policies.
• Siaberry’s Command Injection Vulnerability
• Bypassing Duo Two-Factor Authentication (Fail Open)
• Gaining Shell using Server Side Template Injection (SSTI)

Authentication bypass vulnerability in Western Digital My Cloud allows escalation to admin privileges Posted: 26 Sep 2018 02:10 AM PDT submitted by /u/CyberBullets [link] [comments]

BYOB (Build Your Own Botnet) Posted: 26 Sep 2018 09:05 AM PDT submitted by /u/PoonSafari [link] [comments]

SSD Advisory – VirtualBox VRDP Guest-to-Host Escape Posted: 26 Sep 2018 09:49 AM PDT submitted by /u/ericnyamu [link] [comments]

A cache invalidation bug in Linux memory management Posted: 26 Sep 2018 11:08 AM PDT submitted by /u/ga-vu [link] [comments]

SQLi Without Quotes Posted: 26 Sep 2018 09:50 AM PDT submitted by /u/ericnyamu [link] [comments]

Linux kernel universal heap spray userfaultfd+setxattr Posted: 26 Sep 2018 03:36 AM PDT submitted by /u/vnik5287 [link] [comments]

Executing Meterpreter in Memory on Windows 10 and Bypassing AntiVirus Posted: 26 Sep 2018 09:53 AM PDT submitted by /u/ericnyamu [link] [comments]

SQL injection, Oracle and full-width characters – Tomas Lažauninkas – Medium Posted: 26 Sep 2018 09:54 AM PDT submitted by /u/ericnyamu [link] [comments]

Effortless security feature detection with Winchecksec Posted: 26 Sep 2018 05:18 AM PDT submitted by /u/yossarian_flew_away [link] [comments]

Android Banker found on Google Play with 10K+ installs stole over 10,000 Euros [infection video included] Posted: 26 Sep 2018 02:07 PM PDT submitted by /u/lukasstefanko [link] [comments]

Bypassing NGFW/WAFs using data format obfuscations – Ivan Novikov – Medium Posted: 26 Sep 2018 09:53 AM PDT submitted by /u/ericnyamu [link] [comments]

Using “magic” DNS-resolutions to track suspicious domains Posted: 26 Sep 2018 09:48 AM PDT submitted by /u/ericnyamu [link] [comments]

cspparse: A tool to evaluate Content Security Policies. Posted: 26 Sep 2018 09:28 AM PDT submitted by /u/sxcurity [link] [comments]

Siaberry’s Command Injection Vulnerability Posted: 26 Sep 2018 09:55 AM PDT submitted by /u/ericnyamu [link] [comments]

Bypassing Duo Two-Factor Authentication (Fail Open) Posted: 26 Sep 2018 09:48 AM PDT submitted by /u/ericnyamu [link] [comments]

Gaining Shell using Server Side Template Injection (SSTI) Posted: 26 Sep 2018 09:46 AM PDT submitted by /u/ericnyamu [link] [comments]

You are subscribed to email updates from /r/netsec - Information Security News & Discussion. To stop receiving these emails, you may unsubscribe now.	Email delivery powered by Google
Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States