Mastouille

2 messages2 participants0 message aujourd’hui

Marco Ivaldi<a href="https://infosec.exchange/tags/FortiWeb" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#FortiWeb</a> Pre-Auth <a href="https://infosec.exchange/tags/RCE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#RCE</a> (CVE-2025-25257)<a href="https://pwner.gg/blog/2025-07-10-fortiweb-fabric-rce" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://pwner.gg/blog/2025-07-10-fortiweb-fabric-rce</a>

David LeadbeaterI found a vulnerability in git. CVE-2025-48384: Breaking git with a carriage return and cloning RCE - <a href="https://dgl.cx/2025/07/git-clone-submodule-cve-2025-48384" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://dgl.cx/2025/07/git-clone-submodule-cve-2025-48384</a>As the post explains this is one of my favourite classes of vulnerability, using characters that are old and sometimes forgotten. <a href="https://infosec.exchange/tags/git" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#git</a> <a href="https://infosec.exchange/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#security</a> <a href="https://infosec.exchange/tags/rce" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#rce</a> <a href="https://infosec.exchange/tags/ascii" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ascii</a>

Alexandre BorgesPwning Solana for Fun and Profit - Exploiting a Subtle Rust Bug for Validator RCE and Money-Printing:<a href="https://anatomi.st/blog/2025_06_27_pwning_solana_for_fun_and_profit" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://anatomi.st/blog/2025_06_27_pwning_solana_for_fun_and_profit</a><a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a> <a href="https://infosec.exchange/tags/exploiting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#exploiting</a> <a href="https://infosec.exchange/tags/exploitation" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#exploitation</a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infosec</a> <a href="https://infosec.exchange/tags/informationsecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#informationsecurity</a> <a href="https://infosec.exchange/tags/rce" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#rce</a> <a href="https://infosec.exchange/tags/web3" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#web3</a> <a href="https://infosec.exchange/tags/rust" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#rust</a>

CybervVeille.ch📢 Vulnérabilité critique dans WinRAR expose les utilisateurs à des attaques RCE 📝 Selon un article de GBHackers Security, une **vulnérabilité récemment dévoilée** dans l'utilitaire de compression de fichiers **WinRAR** met en danger des millions d'uti... 📖 cyberveille : <a href="https://cyberveille.ch/posts/2025-06-25-vulnerabilite-critique-dans-winrar-expose-les-utilisateurs-a-des-attaques-rce/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://cyberveille.ch/posts/2025-06-25-vulnerabilite-critique-dans-winrar-expose-les-utilisateurs-a-des-attaques-rce/</a> 🌐 source : <a href="https://gbhackers.com/winrar-vulnerability-exploited/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://gbhackers.com/winrar-vulnerability-exploited/</a> <a href="https://mastobot.ping.moi/tags/RCE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#RCE</a> <a href="https://mastobot.ping.moi/tags/WinRAR" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#WinRAR</a> <a href="https://mastobot.ping.moi/tags/Cyberveille" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Cyberveille</a>

Anonymous 🐈️🐾☕🍵🏴🇵🇸 :af:⚠️ Androxgh0st botnet is back and evolving 🎯 Targets US universities including UC San Diego 💥 Uses RCE, JNDI, OGNL, web shells 🛡️ Patch devices now!🔗 <a href="https://hackread.com/androxgh0st-botnet-expand-exploit-us-university-servers/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://hackread.com/androxgh0st-botnet-expand-exploit-us-university-servers/</a><a href="https://kolektiva.social/tags/Androxgh0st" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Androxgh0st</a> <a href="https://kolektiva.social/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CyberSecurity</a> <a href="https://kolektiva.social/tags/RCE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#RCE</a> <a href="https://kolektiva.social/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#InfoSec</a> <a href="https://kolektiva.social/tags/JavaSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#JavaSecurity</a>

OTX BotStealthy GitHub Malware Campaign Targets DevsA new campaign exploiting GitHub to distribute malicious Python code disguised as legitimate hacking tools has been uncovered. The operation, attributed to the group known as Banana Squad, used 67 repositories hosting trojanized files that mimicked benign open-source projects. The attackers exploited GitHub's interface to conceal backdoor code using long space strings, making the malicious content invisible in normal view. Each GitHub account typically hosted one repository, likely fake and created solely to deliver malicious content. Hidden code within the Python files used encoding methods to obscure payload delivery functions. The campaign reflects a shift in open-source software supply chain attacks, with attackers now leveraging more covert tactics to target platforms like GitHub. Developers are advised to verify repositories, avoid reliance on single-repository accounts, and monitor for suspicious domains.Pulse ID: 68548f8be824569a83f26ef4 Pulse Link: <a href="https://otx.alienvault.com/pulse/68548f8be824569a83f26ef4" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://otx.alienvault.com/pulse/68548f8be824569a83f26ef4</a> Pulse Author: AlienVault Created: 2025-06-19 22:30:35Be advised, this data is unverified and should be considered preliminary. Always do further verification.<a href="https://social.raytec.co/tags/BackDoor" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#BackDoor</a> <a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CyberSecurity</a> <a href="https://social.raytec.co/tags/GitHub" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#GitHub</a> <a href="https://social.raytec.co/tags/ICS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ICS</a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#InfoSec</a> <a href="https://social.raytec.co/tags/Malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Malware</a> <a href="https://social.raytec.co/tags/Mimic" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Mimic</a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OTX</a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OpenThreatExchange</a> <a href="https://social.raytec.co/tags/Python" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Python</a> <a href="https://social.raytec.co/tags/RAT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#RAT</a> <a href="https://social.raytec.co/tags/RCE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#RCE</a> <a href="https://social.raytec.co/tags/SupplyChain" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SupplyChain</a> <a href="https://social.raytec.co/tags/Trojan" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Trojan</a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#bot</a> <a href="https://social.raytec.co/tags/developers" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#developers</a> <a href="https://social.raytec.co/tags/AlienVault" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#AlienVault</a>

securityaffairsAttackers target <a href="https://infosec.exchange/tags/Zyxel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Zyxel</a> <a href="https://infosec.exchange/tags/RCE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#RCE</a> vulnerability CVE-2023-28771 <a href="https://securityaffairs.com/179073/hacking/attackers-target-zyxel-rce-vulnerability-cve-2023-28771.html" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://securityaffairs.com/179073/hacking/attackers-target-zyxel-rce-vulnerability-cve-2023-28771.html</a> <a href="https://infosec.exchange/tags/securityaffairs" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#securityaffairs</a> <a href="https://infosec.exchange/tags/hacking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#hacking</a>

indyradioRemote execution of code is absolutely allowed by <a href="https://kafeneio.social/tags/Mozilla" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Mozilla</a> in the <a href="https://kafeneio.social/tags/Firefox" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Firefox</a> browser and will never be reported as a vulnerability. <a href="https://kafeneio.social/tags/RCE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#RCE</a>

securityaffairsResearchers found one-click <a href="https://infosec.exchange/tags/RCE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#RCE</a> in <a href="https://infosec.exchange/tags/ASUS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ASUS</a>’s pre-installed software <a href="https://infosec.exchange/tags/DriverHub" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DriverHub</a> <a href="https://securityaffairs.com/177731/hacking/researchers-found-one-click-rce-in-asus-s-pre-installed-software-driverhub.html" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://securityaffairs.com/177731/hacking/researchers-found-one-click-rce-in-asus-s-pre-installed-software-driverhub.html</a> <a href="https://infosec.exchange/tags/securityaffairs" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#securityaffairs</a> <a href="https://infosec.exchange/tags/hacking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#hacking</a>

Harry SintonenI always recommend everyone to turn off any kind of motherboard manufacturers' driver auto-installers. They have a history of containing significant vulnerabilities leading to arbitrary code execution.The vulnerabilities discovered by MrBruh in ASUS Driver Hub again confirm this recommendation. There were several vulnerabilities that, when combined, lead to a devastating end result.<a href="https://mrbruh.com/asusdriverhub/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://mrbruh.com/asusdriverhub/</a> <a href="https://infosec.exchange/tags/CVE_2025_3462" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CVE_2025_3462</a> <a href="https://infosec.exchange/tags/CVE_2025_3463" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CVE_2025_3463</a> <a href="https://infosec.exchange/tags/RCE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#RCE</a>

Pen Test PartnersWe found unauthenticated remote code execution on an industrial PLC without ever touching the hardware.   By unpacking publicly available firmware for the KUNBUS Revolution Pi, our Adam Bromiley discovered four vulnerabilities. Two of them allowed RCE with no authentication required.   We dug into a misconfigured Node-RED instance, bypassed authentication in PiCtory, and chained bugs together to gain full control. This could affect safety-critical systems in the real world.   The upside? Disclosure was handled properly. KUNBUS and CISA coordinated the response well, and advisories and fixes for all four CVEs are now live.   📌Get the full breakdown and links to the advisories here: <a href="https://www.pentestpartners.com/security-blog/rces-and-more-in-the-kunbus-gmbh-revolution-pi-plc/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.pentestpartners.com/security-blog/rces-and-more-in-the-kunbus-gmbh-revolution-pi-plc/</a> <a href="https://infosec.exchange/tags/ICS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ICS</a> <a href="https://infosec.exchange/tags/PLC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#PLC</a> <a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CyberSecurity</a> <a href="https://infosec.exchange/tags/RCE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#RCE</a> <a href="https://infosec.exchange/tags/OTSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OTSecurity</a>

OTX BotTheWizards APT group uses SLAAC spoofing to perform adversary-in-the-middle attacksTheWizards, a China-aligned APT group, employs Spellbinder, a lateral movement tool for adversary-in-the-middle attacks through IPv6 SLAAC spoofing. This technique allows them to intercept network traffic and redirect legitimate Chinese software updates to malicious servers. The group targets individuals, gambling companies, and entities in Southeast Asia, UAE, China, and Hong Kong. Their malware chain includes the WizardNet backdoor and utilizes DNS hijacking to deliver malicious updates. Evidence links TheWizards to Sichuan Dianke Network Security Technology Co., Ltd. (UPSEC), suggesting it may be a digital quartermaster for this APT group. The attackers use sophisticated tools and techniques to evade detection and maintain persistence on compromised systems.Pulse ID: 68124373bde0da2a4679b021 Pulse Link: <a href="https://otx.alienvault.com/pulse/68124373bde0da2a4679b021" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://otx.alienvault.com/pulse/68124373bde0da2a4679b021</a> Pulse Author: AlienVault Created: 2025-04-30 15:36:19Be advised, this data is unverified and should be considered preliminary. Always do further verification.<a href="https://social.raytec.co/tags/AdversaryInTheMiddle" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#AdversaryInTheMiddle</a> <a href="https://social.raytec.co/tags/Asia" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Asia</a> <a href="https://social.raytec.co/tags/BackDoor" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#BackDoor</a> <a href="https://social.raytec.co/tags/China" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#China</a> <a href="https://social.raytec.co/tags/Chinese" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Chinese</a> <a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CyberSecurity</a> <a href="https://social.raytec.co/tags/DNS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DNS</a> <a href="https://social.raytec.co/tags/HongKong" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#HongKong</a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#InfoSec</a> <a href="https://social.raytec.co/tags/Malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Malware</a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OTX</a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OpenThreatExchange</a> <a href="https://social.raytec.co/tags/RCE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#RCE</a> <a href="https://social.raytec.co/tags/UAE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#UAE</a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#bot</a> <a href="https://social.raytec.co/tags/AlienVault" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#AlienVault</a>

stux⚡woah :apple_inc: Wormable Zero-Click Remote Code Execution (RCE) in AirPlay Protocol<a href="https://www.oligo.security/blog/airborne" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.oligo.security/blog/airborne</a><a href="https://mstdn.social/tags/AirPlay" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#AirPlay</a> <a href="https://mstdn.social/tags/RCE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#RCE</a> <a href="https://mstdn.social/tags/Airborne" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Airborne</a>

Susi ScholzBin vorfreudig gespannt auf <a href="https://climatejustice.social/tags/RCE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#RCE</a> nach dem Roman von <a href="https://digitalcourage.social/@SibylleBerg" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@SibylleBerg</a> in den Münchner Kammerspielen! 😀 Das Buch mag ich, also ganz gute Voraussetzungen.

N_{Dario Fadda}Buon sabato a tutti! È online la consuenta puntata di <a href="https://poliversity.it/tags/NINAsec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#NINAsec</a>, la newsletter.Oggi si parla di vulnerabilità, <a href="https://poliversity.it/tags/RCE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#RCE</a> e <a href="https://poliversity.it/tags/backdoor" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#backdoor</a> ma con un taglio un po’ più tecnico, con spunti di codice per l’implementazione. E il solito <a href="https://poliversity.it/tags/funfact" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#funfact</a> 😜 <a href="https://open.substack.com/pub/ninasec/p/security-weekly-23-28225?r=6bjer&utm_campaign=post&utm_medium=web&showWelcomeOnShare=true" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://open.substack.com/pub/ninasec/p/security-weekly-23-28225?r=6bjer&utm_campaign=post&utm_medium=web&showWelcomeOnShare=true</a>

st1nger :unverified: 🏴‍☠️ :linux: :freebsd:<a href="https://infosec.exchange/tags/WorstFit" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#WorstFit</a> - Unveiling Hidden Transformers in <a href="https://infosec.exchange/tags/Windows" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Windows</a> ANSI ( Path Traversal, Argument Injection, <a href="https://infosec.exchange/tags/RCE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#RCE</a> ) <a href="https://blog.orange.tw/posts/2025-01-worstfit-unveiling-hidden-transformers-in-windows-ansi/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://blog.orange.tw/posts/2025-01-worstfit-unveiling-hidden-transformers-in-windows-ansi/</a>

De ArcheoloogAfgelopen woensdag spraken leden van <a href="https://mastodon.social/tags/Duikclub" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Duikclub</a> <a href="https://mastodon.social/tags/Texel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Texel</a>, medewerkers van de Rijksdienst voor het Cultureel Erfgoed (<a href="https://mastodon.social/tags/RCE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#RCE</a>) en het bestuur van de Landelijke Werkgroep Archeologie Onder Water (<a href="https://mastodon.social/tags/LWAOW" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#LWAOW</a>) in Museum Kaap <a href="https://mastodon.social/tags/Skil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Skil</a> op Texel over de toekomst van sportduiken op scheepswrakken. Sinds april 2024 geldt de <a href="https://mastodon.social/tags/Ontheffingsregeling" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Ontheffingsregeling</a> <a href="https://mastodon.social/tags/Maritieme" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Maritieme</a> <a href="https://mastodon.social/tags/Archeologie" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Archeologie</a>. Deze bepaalt dat geregistreerde sportduikers met toestemming van de overheid onderzoek kunnen doen naar scheepswrakken. /1 <a href="https://www.regionoordkop.nl/22/11/2024/belangstellenden-bespreken-toekomst-sportduiken-op-scheepswrakken/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.regionoordkop.nl/22/11/2024/belangstellenden-bespreken-toekomst-sportduiken-op-scheepswrakken/</a>

mac callRencontres du Ciel et de l'Espace 2024, conférence "Voyage dans la beauté du ciel" de ce matin, avec Philippe Henarejos (Redac Chef du magazine 'Ciel et espace') et Miguel "Grande Classe" Montargès ( <a href="https://mastodon.obspm.fr/@mmontarges" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@mmontarges</a> astronome-adjoint au LESIA à l'observatoire de Meudon)<a href="https://mastodon.xyz/tags/RCE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#RCE</a> <a href="https://mastodon.xyz/tags/RCE2024" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#RCE2024</a>

Renaud Lifchitz :verified:<a href="https://infosec.exchange/tags/Microsoft" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Microsoft</a> <a href="https://infosec.exchange/tags/SharePoint" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SharePoint</a> <a href="https://infosec.exchange/tags/RCE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#RCE</a> bug exploited to <a href="https://infosec.exchange/tags/breach" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#breach</a> corporate network <a href="https://www.bleepingcomputer.com/news/security/microsoft-sharepoint-rce-bug-exploited-to-breach-corporate-network/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.bleepingcomputer.com/news/security/microsoft-sharepoint-rce-bug-exploited-to-breach-corporate-network/</a>

Network is reliable<a href="https://infosec.exchange/@tasket" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@tasket</a> Classic virtualization like in <a href="https://mastodon.social/tags/QubesOS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#QubesOS</a> is only good to control damage by separation of your activity to domains. It usually does nothing to prevent <a href="https://mastodon.social/tags/RCE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#RCE</a> bug exploitation. Same time <a href="https://mastodon.social/tags/GrapheneOS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#GrapheneOS</a> does a lot to prevent this first step. Right now it has no domain separation like in QubesOS, but there is Android Virtualization Framework which makes it possible.

Recherches récentes

Options de recherche

Administré par :

Statistiques du serveur :

#rce