While investigating our clients’ attack surfaces, I find myself repeating tasks frequently enough to demonstrate a need for automation, yet not... continue reading
As security has become a growing focus within the DevOps community – resulting in the new and expanding field of DevSecOps – developers have been... continue reading
At DEF CON 29, we gave away physical copies of the pocket-sized capture-the-flag (CTF) guide, “Breaking & Entering: A Pocket Guide for Friendly... continue reading
What is Fuzzing? Fuzzing, also known as fuzz testing, is a technique that allows developers and security researchers alike to perform blackbox... continue reading
In my previous post, I introduced IAM Vulnerable, walked through how to set it up in a playground AWS account, and demonstrated how to practice... continue reading
This past summer, the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) partnered with forces in the United Kingdom and... continue reading
ADVISORY SUMMARY An insecure filesystem permissions vulnerability was identified in eCatcher version 6.6.4 and earlier. To exploit this... continue reading
ADVISORY SUMMARY An IDOR vulnerability allowed reading and modifying the workouts of all users of the Wodify platform. Additionally, this access... continue reading
Jun 15, 2021 5:00:00 AM |
By Robert Punnett, Auner Moncada, Daniel Fulford
ADVISORY SUMMARY The text-to-speech engine in libretro RetroArch for Windows 1.9.0 - 1.9.4 passes unsanitized input to PowerShell through ... continue reading
eWeek
DARK Reading
HELPNET Security