Security News

Google shares Spectre PoC targeting browser JavaScript engines
2021-03-12 19:30

Google has published JavaScript proof-of-concept code to demonstrate the practicality of using Spectre exploits targeting web browsers to access information from a browser's memory. According to the Google Security Team, the PoC shared today works across a wide range of processor architectures, operating systems, and hardware generations.

Windows DNS SIGRed bug gets first public RCE PoC exploit
2021-03-04 14:44

A working proof-of-concept exploit is now publicly available for the critical SIGRed Windows DNS Server remote code execution vulnerability. SIGRed has existed in Microsoft's code for over 17 years, it impacts all Windows Server versions 2003 through 2019, and it has received a maximum severity rating of 10 out of 10.

Google shares PoC exploit for critical Windows 10 Graphics RCE bug
2021-02-27 14:12

Project Zero, Google's 0day bug-hunting team, shared technical details and proof-of-concept exploit code for a critical remote code execution bug affecting a Windows graphics component. The Project Zero researchers discovered the vulnerability, tracked as CVE-2021-24093, in a high-quality text rendering Windows API named Microsoft DirectWrite.

Attackers scan for vulnerable VMware servers after PoC exploit release
2021-02-25 12:56

After security researchers have developed and published proof-of-concept exploit code targeting a critical vCenter remote code execution vulnerability, attackers are now actively scanning for vulnerable Internet-exposed VMware servers. We've detected mass scanning activity targeting vulnerable VMware vCenter servers.

PoC Released for Unpatched Windows Vulnerability Present Since 2006
2020-12-11 11:45

Details and a proof-of-concept exploit have been released for an unpatched privilege escalation vulnerability in Windows related to the PsExec administration tool. According to Wells, the vulnerability is a local privilege escalation issue that can be exploited by a non-admin process to elevate privileges to SYSTEM when PsExec is executed remotely or locally on the targeted computer.

Cisco Patches Critical Flaw After PoC Exploit Code Release
2020-11-17 15:17

A day after proof-of-concept exploit code was published for a critical flaw in Cisco Security Manager, Cisco has hurried out a patch. PoC exploits for the flaw - as well as 11 other issues in Cisco Security Manager - were published online Monday by security researcher Florian Hauser.

Critical vulnerabilities in Cisco Security Manager fixed, researcher discloses PoCs
2020-11-17 11:49

Cisco has patched two vulnerabilities in its Cisco Security Manager solution, both of which could allow unauthenticated, remote attackers to gain access to sensitive information on an affected system. Those are part of a batch of twelve vulnerabilities flagged in July 2020 by Florian Hauser, a security researcher and red teamer at Code White.

Week in review: Zerologon PoCs released, five steps to recover from ransomware, CISOs’ golden opportunity
2020-09-20 07:55

Attacked by ransomware? Five steps to recoveryWhile there is a lot of discussion about preventing ransomware from affecting your business, the best practices for recovering from an attack are a little harder to pin down. Justifying your 2021 cybersecurity budgetSitting in the midst of an unstable economy, a continued public health emergency, and facing an uptick in successful cyber attacks, CISOs find themselves needing to enhance their cybersecurity posture while remaining within increasingly scrutinized budgets.

Potential Apache Struts 2 RCE flaw fixed, PoCs released
2020-08-17 10:03

Have you already updated your Apache Struts 2 to version 2.5.22, released in November 2019? You might want to, and quickly, as information about a potential RCE vulnerability and PoC exploits for it have been published. "We continue to urge developers building upon Struts 2 to not use % syntax referencing unvalidated user modifiable input in tag attributes, since this is the ultimate fix for this class of vulnerabilities," René Gielen, Struts Project Management Committee chair, added.

PoC Exploit Targeting Apache Struts Surfaces on GitHub
2020-08-14 21:20

Proof-of-concept exploit code surfaced on GitHub on Friday, raising the stakes on two existing Apache Struts 2 bugs that allow for remote code-execution and denial-of-service attacks on vulnerable installations. Remediation includes upgrading to Struts 2.5.22, according to the Apache Struts Security Team.