Henrik Falk October 10, 2024
Hacking the Cosmos: Cyber operations against the space sector. A case study from the war in Ukraine
The report looks into the effects of these operations as well as their perpetrators and what it signifies in the larger context of the Russo-Ukrainian conflict.
css.ethz.ch/en/center/CSS-news/2024/10/hacking-the-cosmos-cyber-operations-against-the-space-sector-a-case-study-from-the-war-in-ukraine.html
Why Code Security Matters - Even in Hardened Environments
In this blog post, we will highlight the importance of fundamental code security by showcasing a technique that attackers can use to turn a file write vulnerability in a Node.js application into remote code execution – even though the target’s file system is mounted read-only. The technique thwarts the restrictions applied in a hardened environment like this by leveraging exposed pipe file descriptors to gain code execution.
www.sonarsource.com/blog/why-code-security-matters-even-in-hardened-environments
EKUwu: Not just another AD CS ESC
Using built-in default version 1 certificate templates, an attacker can craft a CSR to include application policies that are preferred over the configured Extended Key Usage attributes specified in the template. The only requirement is enrollment rights, and it can be used to generate client authentication, certificate request agent, and codesigning certificates using the WebServer template.
trustedsec.com/blog/ekuwu-not-just-another-ad-cs-esc
