Kyler Nguyen’s Post

Sandbox Escape Vulnerabilities in Judge0 Expose Systems to Complete Takeover: Multiple critical security flaws have been disclosed in the Judge0 open-source online code execution system that could be exploited to obtain code execution on the target system. The three flaws, all critical in nature, allow an "adversary with sufficient access to perform a sandbox escape and obtain root permissions on the host machine," Australian https://lnkd.in/dJGhYRqt

The Script That Got Away (Almost!) 🔎I recently discovered a reflected XSS (Cross-Site Scripting) vulnerability in a web application while conducting a security review. XSS vulnerabilities can allow attackers to inject malicious scripts into web pages, leading to data theft, session hijacking, or malicious actions executed in the victim’s browser. 🛠️ Every bug counts when you’re securing the web. #EthicalHacking #XSS #BugBountyHunter #WebSecurity

Multiple critical security flaws have been identified in Judge0, an open-source online code execution system. These vulnerabilities could allow attackers to escape the sandbox environment, gain root access, and take complete control of the host machine. The disclosed vulnerabilities include symlink exploitation, patch bypass issues, and a Server-Side Request Forgery (SSRF) that enables remote code execution as root.

Exploitation takes a lot of planning, research, and good execution, but it tends to be the noisiest, as it can potentially be disruptive to the victim. Make sure to have good logs and log correlation to detect exploitation so further attacks can be prevented.

CRYSTALRAY Hackers Infect Over 1,500 Victims Using Network Mapping Tool: A threat actor that was previously observed using an open-source network mapping tool has greatly expanded their operations to infect over 1,500 victims. Sysdig, which is tracking the cluster under the name CRYSTALRAY, said the activities have witnessed a 10x surge, adding it includes "mass scanning, exploiting multiple vulnerabilities, and placing backdoors using multiple [open-source software] https://lnkd.in/g2zm8Z45

🚨 Ivanti has addressed a critical Remote Code Execution (RCE) vulnerability (CVE-2023-41724) impacting Standalone Sentry versions 9.17.0, 9.18.0, 9.19.0, and older. This flaw could allow attackers on the same network to execute commands on the underlying operating system. While the company says it's found no evidence that these vulnerabilities are being exploited, users should immediately update to versions 9.17.1, 9.18.1, and 9.19.1. For additional protection, consider additional network segmentation. https://lnkd.in/gk6P4SZd

Trend Micro Search: The Potential Impact of the OpenSSH Vulnerabilities CVE-2024–6387 and CVE-2024-6409: We check the OpenSSH vulnerabilities CVE-2024–6387 and CVE-2024-6409, examining their potential real-world impact and the possibility of exploitation for CVE-2024–6387 in x64 systems. Check it out!

We take a closer look at critical #OpenSSH vulnerabilities CVE-2024-6387 "regreSSHion" (CVSS 9.8) and CVE-2024-6409. We discuss the exploits and their impact on x64 systems. Read more: https://bit.ly/3WsNviE

🚨 [Cyber] SolarWinds Serv-U Information Disclosure Vulnerability (CVE-2024-28995) 👉 What is the Vulnerability?A Directory Traversal Vulnerability in SolarWinds Serv-U software is being actively exploited in the wild. Tracked as CVE-2024-28995, the vulnerability is due to improper validation... #NoHackMe_news #NoHackMe_news_en https://lnkd.in/gBNYdBR3

CRYSTALRAY Hackers Infect Over 1,500 Victims Using Network Mapping Tool A threat actor that was previously observed using an open-source network mapping tool has greatly expanded their operations to infect over 1,500 victims. Sysdig, which is tracking the cluster under the name CRYSTALRAY, said the activities have witnessed a 10x surge, adding it includes "mass scanning, exploiting multiple vulnerabilities, and placing backdoors using multiple [open-source software] https://lnkd.in/gPQKfCA6