CVE-2020-10148 SolarWinds Orion API authentication bypass allows remote comand execution Security News & Discussion

---

• CVE-2020-10148 SolarWinds Orion API authentication bypass allows remote comand execution
• Pentest - Everything SMTP
• Modifying AMSI Bypass to use Reflection
• Customisable and automated HTTP header injection
• Faking a JARM signature by replaying TLS Server Hello's
• FIREEYE has published Additional Technical Details for SUNBURST
• CVE-2020-8554 is a vulnerability that particularly affects multi-tenant Kubernetes clusters. If a potential attacker can create or edit services and pods, then they may be able to intercept traffic. Learn how to detect CVE-2020-8554 using open source Falco
• Cool attack vector using BGINFO
• Advanced XXE Exploitation Workshop
• Extending Android Device Compatibility for Let's Encrypt Certificates - Let's Encrypt
• What's the deal with openportstats.com?
• Undocumented user account in Zyxel products (CVE-2020-29583)

CVE-2020-10148 SolarWinds Orion API authentication bypass allows remote comand execution Posted: 26 Dec 2020 12:41 PM PST submitted by /u/malware_bender [link] [comments]

Pentest - Everything SMTP Posted: 26 Dec 2020 07:22 AM PST submitted by /u/The-Luemmel [link] [comments]

Modifying AMSI Bypass to use Reflection Posted: 26 Dec 2020 02:43 AM PST submitted by /u/intruderK [link] [comments]

Customisable and automated HTTP header injection Posted: 26 Dec 2020 07:50 AM PST submitted by /u/InfamousTumbleweed5 [link] [comments]

Faking a JARM signature by replaying TLS Server Hello's Posted: 25 Dec 2020 01:10 PM PST submitted by /u/Robbedoes_ [link] [comments]

FIREEYE has published Additional Technical Details for SUNBURST Posted: 24 Dec 2020 04:53 PM PST submitted by /u/NaderZaveri [link] [comments]

CVE-2020-8554 is a vulnerability that particularly affects multi-tenant Kubernetes clusters. If a potential attacker can create or edit services and pods, then they may be able to intercept traffic. Learn how to detect CVE-2020-8554 using open source Falco Posted: 23 Dec 2020 11:10 AM PST submitted by /u/RoutineConversation4 [link] [comments]

Cool attack vector using BGINFO Posted: 24 Dec 2020 04:31 AM PST submitted by /u/lohacker0 [link] [comments]

Advanced XXE Exploitation Workshop Posted: 24 Dec 2020 01:50 AM PST submitted by /u/Single_Diamond [link] [comments]

Extending Android Device Compatibility for Let's Encrypt Certificates - Let's Encrypt Posted: 23 Dec 2020 05:41 AM PST submitted by /u/c0r0n3r [link] [comments]

What's the deal with openportstats.com? Posted: 23 Dec 2020 04:19 AM PST submitted by /u/hikopok840 [link] [comments]

Undocumented user account in Zyxel products (CVE-2020-29583) Posted: 23 Dec 2020 01:03 AM PST submitted by /u/bertv44 [link] [comments]

You are subscribed to email updates from /r/netsec - Information Security News & Discussion. To stop receiving these emails, you may unsubscribe now.	Email delivery powered by Google
Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States