Vicarius

08/16/2024

Think I might never turn off my vacation responder

07/12/2024

Well, he did it again. Might as well start calling Nahuel Benitez Dr. Cyber 👨‍⚕️ (get it?....because he's writing scripts ℞... 😜)

🚨 CVE-2024-6409 found in OpenSSH on Red Hat Enterprise Linux 9 🚨

This vulnerability impacts OpenSSH versions 8.7p1 and 8.8p1, leading to a signal handler race condition that could allow remote code ex*****on (RCE) through unsafe signal handling similar to CVE-2024-6387 (regreSSHion). Authenticated attackers can exploit this flaw by triggering a SIGALRM signal handler in sshd, leading to potential RCE within the unprivileged user running the sshd server.

What you can do:

• Update RHEL: Update your RHEL system to the latest security patches available.
• Monitor and audit: Continuously monitor your systems for unusual activities and perform regular security audits.
• Restrict SSH access: Limit SSH access to trusted IP addresses and use firewall rules to minimize exposure.

Scripts from vsociety that will help you detect and remediate:

💊 Detection Script: https://bit.ly/4f0iOtG

💊 Remediation Script: https://bit.ly/3Wls7gk

Stay safe! 🐺

07/03/2024

Sometimes our vsociety researchers shoot for the moon and then somehow go intergalactic 🌌🤯

Such is the case for cyber astronaut Ákos Jakab, who bravely dissected the CosmicSting (CVE-2024-34102) to determine the root cause and subsequently demonstrated a potential exploit.

Thanks to Assetnote, Shubham Shah, and Adam Kues for the initial research into this peculiar XXE vulnerability 🤝

CVE-2024-34102 affects Adobe Commerce / Magento versions 2.4.6 and earlier. Discovered in June 2024, this vulnerability allows remote attackers to execute arbitrary code via nested deserialization, leading to potential data breaches and system compromises.

06/24/2024

I'm not sure about you, but generally from my experience, starting off the week with a fresh CVE analysis (and one in particular that highlights XSS and path traversal attacks) is akin to going for a morning run. And if you happened to miss it, well, we have you covered.

So, roll up your sleeves, do some stretches, and learn how to mitigate potential exploits in Mailcow with this analysis by Pathik Gohil.

Here's a treat when you're done 🍦😉

hashtag hashtag hashtag hashtag hashtag

Mailcow's XSS and file overwrite vulnerabilities allow attackers to inject code, hijack sessions, and execute commands, highlighting critical security risks.

06/04/2024

cURL, one of the most used tools on the Internet for transferring data, had a high-risk vulnerability that resulted in a DoS.

Understand how this was possible with a proof of concept in this CVE analysis 👇

cURL's unrestricted header storage lets malicious servers overwhelm memory, leading to CVE-2023-38039, fixed in version 8.4.0.

05/06/2024

I'd imagine this is what networking is like at cybercrime conferences 😅🏴‍☠️🎣

05/02/2024

A rusty nail could lead to many problems, but none as severe as this command injection vulnerability in the eponymous programming language.

Luckily we have one of the most carefully astute cyber mechanics 👨‍🔧 💻 Ákos Jakab to safely test CVE-2024-24576.

CVE-2024-24576 represents a critical vulnerability within the Rust programming language's standard library, specifically affecting the Command API used for executing Windows batch files. This vulnerability arises from insufficient escaping of command-line arguments that could lead to command injecti...

04/17/2024

Well it was only a matter of time before one brave vsociety researcher (Shivam Bathla) went down the AI rabbit hole... 🕳🐇

This one happens to be a Server-Side Request Forgery (SSRF) vulnerability in Jordy Meow's AI Engine. Journey deep into the depths of this vulnerability presenting you with the complete exploit, root cause analysis, bonus trick to fetch the responses to the SSRF requests, as well as the mitigations done to prevent the issue.

If you like puzzles 🧩 in all their glorious forms, this post is for you! 😚

AI Engine by Jordy Meow versions up to 2.1.4 is vulnerable to an authenticated Server-Side Request Forgery (SSRF) vulnerability. This post drills down into the depths of this vulnerability presenting you the complete exploit, root cause analysis, bonus trick to fetch the responses to the SSRF reques...

04/16/2024

Who knew they have social engineering in the ocean 😧

04/11/2024

We all need a Rapid Reset once in a while, whether that means a trip to the spa, a hike in the woods, or taking out a mortgage and putting it all on some obscure sports bet.

But in this particular scenario for the HTTP/2 protocol, a rapid reset does the opposite. Our poor sever is brought to the point of exhaustion and, well, the rest is history, as they say.

If you're curious how that all goes down, sharpen your pencils and pour some coffee as we discover the root cause of CVE-2023-44487, dissect the exploit, and journey into the minds of project maintainers.

Please be responsible and happy learning 🙂📚

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. This post is meant to be a one-stop guide for you to learn all about this vulnerability and perform the h...