1. Log4Shell: RCE 0-day exploit found in log4j, a popular Java logging package | LunaSec (www.lunasec.io)
One of the worst CVE ever seen.
Related:
- Chrome Users Beware: Manifest V3 is Deceitful and Threatening | Electronic Frontier Foundation (www.eff.org)
- tangxiaofeng7/CVE-2021-44228-Apache-Log4j-Rce: Apache Log4j 遠程代碼執行 (github.com)
- JNDI injection and utilization after 8u191 (www-cnblogs-com.translate.goog)
- CVE-2021-44228 - Log4j 2 Vulnerability Analysis - Randori Attack Team (www.randori.com)
- Actual CVE-2021-44228 payloads captured in the wild (blog.cloudflare.com)
2. The Invisible JavaScript Backdoor – Certitude Blog (certitude.consulting)
Related:
3. Analyzing a watering hole campaign using macOS exploits (blog.google)
Related:
- How we protect users from 0-day attacks (blog.google)
- CVE - CVE-2021-30869 (cve.mitre.org)
- About the security content of Security Update 2021-006 Catalina - Apple Support (support.apple.com)
- MRGEffitas/Ironsquirrel: Encrypted exploit delivery for the masses (github.com)
- propertyNameEnumerator must check it can still take the fast path aft… · WebKit/WebKit@f4e35a4 (github.com)
- Capstone.js (alexaltea.github.io)
- The Ultimate Disassembly Framework – Capstone – The Ultimate Disassembler (www.capstone-engine.org)
- 2107 - XNU kernel type confusion in turnstiles - project-zero (bugs.chromium.org)
- Slides/zer0con21.pdf at main · wangtielei/Slides (github.com)
4. Exploiting CSP in Webkit to Break Authentication & Authorization (threatnix.io)
Related:
5. ChaosDB Explained: Azure’s Cosmos DB Vulnerability Walkthrough | Wiz Blog (www.wiz.io)
Related: