Vulnerability

Remote code execution

SmartRG Remote Code Execution: SR510n 2.6.13

Connect
Hello! I'm Steve, an independent security researcher, and analyst from Scotland, UK.

I've had an avid interest in Computers, Technology and Security since my early teens. 20 years on, and, it's a whole lot more complicated...

I've assisted Governments, Individuals and Organizations throughout the world. Including; US DOJ, NHS UK, GOV UK.

I'll often reblog infosec-related articles that I find interesting. On the RiSec website, You'll also find a variety of write-ups, tutorials and much more!
RiSec.n0tst3
Connect

A Vulnerability was discovered in SmartRG Router, by Security Researcher Yerodin Richards,the vulnerability, an RCE (Remote code execution) affects versions 2.5.15 / 2.6.13. Suggest an edit to this article Cybersecurity Knowledge Base Latest Cybersecurity News Cybersecurity Academy Homepage Stay informed of the latest Cybersecurity trends, threats and developments. Sign up for our Weekly Cybersecurity Newsletter …

SmartRG Remote Code Execution: SR510n 2.6.13 Read More »

vulnerability

What You Should Know about the New OpenSSL Vulnerability

Just your average information security researcher from Delaware US.

TL;DR: If you use OpenSSL 3.0 or higher, prepare to upgrade to version 3.0.7 as soon as possible. The fix is available from Tuesday, 1 November 2022, between 1300-1700 UTC. On Tuesday, the OpenSSL team announced the release of a new version to address a critical vulnerability in versions 3.0.0 and higher. The new version will be available …

What You Should Know about the New OpenSSL Vulnerability Read More »

github

High-severity vulnerability in GitHub was susceptible to Repo Jacking

Just your average information security researcher from Delaware US.

Researchers on Wednesday reported they found a “high-severity” vulnerability in GitHub that could have let an attacker take control over a GitHub repository and potentially infect all applications and other code relying on it with malicious code. In a blog post, researchers from the Checkmarx Supply Chain Security team said using a technique known as …

High-severity vulnerability in GitHub was susceptible to Repo Jacking Read More »

Cisa adds new exploits

CISA Tells Organizations to Patch Linux Kernel Vulnerability Exploited by Malware

Just your average information security researcher from Delaware US.

The US Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a Linux kernel flaw to its Known Exploited Vulnerabilities Catalog and instructed federal agencies to address it within three weeks. The vulnerability is tracked as CVE-2021-3493 and it’s related to the OverlayFS file system implementation in the Linux kernel. It allows an unprivileged local …

CISA Tells Organizations to Patch Linux Kernel Vulnerability Exploited by Malware Read More »

Vulnerability

The Evolution of Vulnerability Scanning and Pentesting

Just your average information security researcher from Delaware US.

An awareness of unprotected vulnerabilities and risks is the starting point for determining the best way to align resources with cybersecurity. By conducting regular real-world attack testing, security operations can illuminate weaknesses while gaining control over risks. Cybersecurity testing is deployed to eliminate risk, improve business continuity and meet compliance requirements. At a minimum, cybersecurity …

The Evolution of Vulnerability Scanning and Pentesting Read More »

How to request a CVE

How to request a CVE: From vulnerability discovery to disclosure

Connect
Hello! I'm Steve, an independent security researcher, and analyst from Scotland, UK.

I've had an avid interest in Computers, Technology and Security since my early teens. 20 years on, and, it's a whole lot more complicated...

I've assisted Governments, Individuals and Organizations throughout the world. Including; US DOJ, NHS UK, GOV UK.

I'll often reblog infosec-related articles that I find interesting. On the RiSec website, You'll also find a variety of write-ups, tutorials and much more!
RiSec.n0tst3
Connect

What is a CVE? A CVE, meaning Common Vulnerabilities and Exposure, is a publicly reported vulnerability in software products. Vulnerabilities are assigned CVE IDs to ensure clarity when discussing vulnerabilities in software products. Otherwise, it can be difficult to correlate reports of a single vulnerability since different organizations will assign them different names, and the …

How to request a CVE: From vulnerability discovery to disclosure Read More »

google

VULN: Urgent Chrome Update Patche’s New Zero-Day Vulnerability

Just your average information security researcher from Delaware US.

Google on Friday, Sept 2nd, shipped emergency fixes to address a security vulnerability in the Chrome web browser that it said is being actively exploited in the wild. The issue, assigned the identifier CVE-2022-3075, concerns a case of insufficient data validating in Mojo, which refers to a collection of runtime libraries that provide a platform-agnostic mechanism for …

VULN: Urgent Chrome Update Patche’s New Zero-Day Vulnerability Read More »

Fixing indirect vulnerabilities without breaking your dependency tree

Patch critical flaw in Atlassian Bitbucket Server and Data Center! (CVE-2022-36804)

Just your average information security researcher from Delaware US.

A critical vulnerability in Atlassian Bitbucket Server and Data Center (CVE-2022-36804) could be exploited by unauthorized attackers to execute malicious code on vulnerable instances.3 About CVE-2022-36804 Bitbucket Server and Data Center are used by software developers around the world for source code revision control, management and hosting. CVE-2022-36804 is a command injection vulnerability in multiple API endpoints of …

Patch critical flaw in Atlassian Bitbucket Server and Data Center! (CVE-2022-36804) Read More »

vulnerability

PAN-OS 10.0 RCE (Remote Code Execution) Vulnerability

Connect
Hello! I'm Steve, an independent security researcher, and analyst from Scotland, UK.

I've had an avid interest in Computers, Technology and Security since my early teens. 20 years on, and, it's a whole lot more complicated...

I've assisted Governments, Individuals and Organizations throughout the world. Including; US DOJ, NHS UK, GOV UK.

I'll often reblog infosec-related articles that I find interesting. On the RiSec website, You'll also find a variety of write-ups, tutorials and much more!
RiSec.n0tst3
Connect

A Remote Code Execution vulnerability (Authenticated) was discovered in PAN-OS 10.0 by security researcher UND3SC0N0C1D0 Suggest an edit to this article Go to Cybersecurity Knowledge Base Got to the Latest Cybersecurity News Go to Cybersecurity Academy Go to Homepage Stay informed of the latest Cybersecurity trends, threats and developments. Sign up for our Weekly Cybersecurity …

PAN-OS 10.0 RCE (Remote Code Execution) Vulnerability Read More »

Exploit

ThingsBoard 3.3.1 XSS – Stored Cross-Site Scripting (XSS)

Connect
Hello! I'm Steve, an independent security researcher, and analyst from Scotland, UK.

I've had an avid interest in Computers, Technology and Security since my early teens. 20 years on, and, it's a whole lot more complicated...

I've assisted Governments, Individuals and Organizations throughout the world. Including; US DOJ, NHS UK, GOV UK.

I'll often reblog infosec-related articles that I find interesting. On the RiSec website, You'll also find a variety of write-ups, tutorials and much more!
RiSec.n0tst3
Connect

A Stored XSS (Cross-Site Scripting) vulnerability was discovered in ThingsBoard 3.3.1 by security researchers Steffen Langenfeld & Sebastian Biehler. Suggest an edit to this article Go to Cybersecurity Knowledge Base Got to the Latest Cybersecurity News Go to Cybersecurity Academy Go to Homepage Stay informed of the latest Cybersecurity trends, threats and developments. Sign up …

ThingsBoard 3.3.1 XSS – Stored Cross-Site Scripting (XSS) Read More »