All tracked items across vulnerabilities, news, research, incidents, and regulatory updates.
Monte Carlo simulations (statistical methods that use repeated random sampling to model outcomes) can improve red teaming skills by offering fresh perspectives for presenting security findings. Red teaming involves challenging an organization by analyzing its business processes and methodologies, and Monte Carlo simulations have been applied to security programs, threat modeling (the process of identifying potential attacks on a system), and measuring cybersecurity risk.
Phishing campaigns (fake emails designed to trick people into revealing information) produce results that are hard to compare over time because different security teams use different tools and methods. The author recommends tracking a standard set of metrics to make these comparisons meaningful.
scikit-learn (a Python machine learning library) versions up to 0.23.0 have a vulnerability where the joblib.load() function (which deserializes, or reconstructs objects from saved files) can execute harmful commands if an untrusted file is loaded. However, the vulnerability is disputed because joblib.load() is documented as unsafe and users are responsible for only loading files they trust.
A security researcher discovered a vulnerability in Mozilla's infrastructure by researching Firefox's remote debugging features and found that Mozilla uses Phabricator (a web-based platform for code reviews, bug tracking, and storing credentials). The researcher was awarded a $3000 bug bounty for successfully locating exposed credentials through this system.
IBM Maximo Anywhere versions 7.6.2.0, 7.6.2.1, 7.6.3.0, and 7.6.3.1 lack jailbreak detection (a security check to prevent attackers from removing operating system restrictions on mobile devices), allowing attackers to potentially access sensitive device information. This vulnerability is related to improper privilege management (failure to properly control what actions users are allowed to perform).
TensorFlow versions before 1.7.0 contain an integer overflow bug in the BMP decoder (DecodeBmp feature) that allows out-of-bounds read (accessing memory beyond intended boundaries), potentially exposing sensitive data from the computer's memory. This vulnerability exists in the file core/kernels/decode_bmp_op.cc and is classified as a CWE-125 weakness.
Cookie Crimes is a known attack technique that exploits Chrome's remote debugging feature (a tool that lets developers control browsers from a distance) to steal cookies (small files that store login information and user data). Because Microsoft's new Edge browser is based on Chromium (the open-source code that powers Chrome), the same Cookie Crimes attack works on Edge with only minor changes, like replacing "chrome.exe" with "msedge.exe".
Chrome's remote debugging feature (a tool normally used by developers to test their code) can be abused by malware after gaining initial access to a computer, allowing attackers to steal cookies (small files that store login information), spy on user activities, and remotely control the browser without needing administrator permissions.
Attackers are using credentials (login information) that are exposed in plain text to break into systems and access sensitive data. Rather than passively waiting for problems, security teams should actively search their systems for exposed credentials using targeted techniques and knowledge about their infrastructure.
Oracle Coherence, a caching tool in Oracle Fusion Middleware, has a vulnerability (CVE-2020-2949) that allows attackers without authentication to read some data they shouldn't be able to access over a network. The vulnerability affects versions 3.7.1.0, 12.1.3.0.0, 12.2.1.3.0, and 12.2.1.4.0, and has a CVSS score (a 0-10 rating of how severe a vulnerability is) of 5.3.
Oracle Coherence, a caching component in Oracle Fusion Middleware, has a critical vulnerability (CVE-2020-2915) that allows attackers without authentication to gain complete control over the system through network protocols called IIOP and T3. The vulnerability affects multiple versions (3.7.1.0, 12.1.3.0.0, 12.2.1.3.0, and 12.2.1.4.0) and has a CVSS score (a 0-10 severity rating) of 9.8, indicating it is extremely dangerous.
Attack graphs are visual diagrams that show how attackers move through a system, including the actions and TTPs (tactics, techniques and procedures, or the specific methods attackers use) they take along the way. Creating these graphs helps red teams (security professionals simulating attacks) plan operations and communicate results to leadership by telling a clear story without overwhelming people with technical details.
Project Worlds Official Car Rental System 1 has multiple SQL injection vulnerabilities (CWE-89, a flaw where attackers can manipulate database queries by inserting malicious code) in several input fields across different pages, allowing attackers to steal data from the MySQL database or bypass login authentication. The vulnerable parameters are found in the email field on account.php, the username and password fields on login.php, and the id parameter on book_car.php.
This is an announcement for a published book on red team strategies (offensive security testing methods used to identify vulnerabilities by simulating attacker behavior) and cybersecurity attacks. The 524-page book is divided into two parts: program management for building offensive security programs, and technical tactics and tools for Windows, macOS, and Linux systems.
CVE-2019-20634 is a vulnerability in Proofpoint Email Protection where attackers can collect scoring information from email headers to build a copycat machine learning model. By understanding how this model works, attackers can craft malicious emails designed to receive favorable scores and bypass the email filter.
The LearnPress plugin for WordPress versions 3.2.6.5 and earlier has a privilege escalation vulnerability (CVE-2020-7916) where any registered user can assign themselves the teacher role without permission checks, allowing them to access restricted instructor data. The flaw exists in the be_teacher function within class-lp-admin-ajax.php, which can be exploited through a specific URL endpoint without additional verification.
PHPGurukul Daily Expense Tracker System version 1.0 contains a SQL injection vulnerability (a type of attack where malicious SQL code is inserted into input fields) in the email parameter of index.php and register.php files. This flaw allows attackers to dump the MySQL database (extract all stored data) and bypass the login system.
An article titled 'Pass the Cookie and Pivot to the Clouds' was published in 2600 magazine's Winter edition, discussing a technique called 'Pass the Cookie' (a method where attackers use stolen session tokens to gain unauthorized access to systems). The article is available through bookstores and the 2600 Online Shop, and the author recommends an upcoming red teaming book for those interested in learning more about cybersecurity attack strategies.
This item is a personal reflection on a final-year university project about web application security principles completed approximately 18 years ago. The author describes submitting their security-focused research paper to Michael Howard at Microsoft, who reviewed it.
This post discusses how disabling remote management endpoints can improve an organization's security by reducing attack surface (the total number of entry points an attacker could exploit) and preventing the spread of automated malware. The approach follows zero trust principles, which means treating all network access as potentially risky unless verified.
Fix: Upgrade to TensorFlow 1.7.0 or later. A patch is available at https://github.com/tensorflow/tensorflow/commit/49f73c55d56edffebde4bca4a407ad69c1cae433.
NVD/CVE DatabaseFix: Blue teams should look for command line arguments like --remote-debugging-port and custom --user-data-dir to detect potential misuse of this feature in both Chrome and Edge. The author also suggested adding detections for this attack technique to Windows Defender, and notes that "there are more mitigation ideas in the previous blog post about Chrome" which readers should reference.
Embrace The Red