Monday, September 25, 2023

Defeating Visual Studio Code embedded reverse shell

Here is a blogpost that covers some techniques to block vscode tunnel. Any feedback will be greatly apreciated. submitted by /u/ipfyx

The WebP 0day

submitted by /u/MegaManSec2

New ways to inject system CA certificates in Android 14

submitted by /u/pimterry

DEF CON 31 Main Stage Talks

submitted by /u/albinowax

Fileless Remote Code Execution on Juniper Firewalls

submitted by /u/chicksdigthelongrun

When MFA isn’t actually MFA

submitted by /u/_vavkamil_

A Big Look at Security in OpenAPI

submitted by /u/keissiaresa

The bogus CVE problem

submitted by /u/keissiaresa

Meta Quest 2: Defense through offense

submitted by /u/poltess0
Infosecurity Magazine

Researchers Spot Novel “Deadglyph” Backdoor

Malware is linked to UAE-backed spies
Infosecurity Magazine

Almost US 900 Schools Breached Via MOVEit

National Student Clearinghouse reveals more details of incident

Don’t Get Burned by CAPTCHAs: A Recipe for Accurate Bot Protection

Traditional CAPTCHAs, such as reCAPTCHA, no longer protect online businesses adequately. Real users hate them. Bots bypass them. It's time to upgrade.
The Hacker News

New Report Uncovers Three Distinct Clusters of China-Nexus Attacks on Southeast Asian Government

An unnamed Southeast Asian government has been targeted by multiple China-nexus threat actors as part of espionage campaigns targeting the region over extended periods of time. "While this activity occurred around the same time and in some instances even simultaneously...
The Register

T-mobile exposes some customer data – but don’t call it a breach

PLUS: Trojan hidden in PoC; cyber insurance surge; pig butchering's new cuts; and the week's critical vulns Infosec in brief  T-Mobile has had another bad week on the infosec front – this time stemming from a system glitch that...