cybersecurity

Lobsters.

Just heard about this on a podcast, and I've often looked for ways to put my skills to use on a volunteer basis. This would probably also be an excellent resume builder for students / aspiring cybersecurity professionals.

In his groundbreaking new research, HTTP/1.1 Must Die: The Desync Endgame, Kettle challenges the security community to completely rethink its approach to request smuggling. He argues that, in practical terms, it's nigh on impossible to consistently and reliably determine the boundaries between HTTP/1.1 requests, especially when implemented across the chains of interconnected systems that comprise modern web architectures. Mistakes such as parsing discrepancies are inevitable, and when using upstream HTTP/1.1, even the tiniest of bugs often have critical security impact, including complete site takeover.

This research demonstrates unequivocally that patching individual implementations will never be enough to eliminate the threat of request smuggling. Using upstream HTTP/2 offers a robust solution.

I just read this article in a marketing blog from portswigger, the maker of the penetration testing tool burp suite.

Can someone with more insight explain what we're supposed to do? Completely disabling HTTP/1.1 is probably not doable for many organisations.

Hackernews

Secrets vaults are the backbone of digital infrastructure. They store the credentials, tokens, and certificates that govern access to systems, services, APIs, and data. They’re not just a part of the trust model, they are the trust model. In other words, if your vault is compromised, your infrastructure is already lost.

Driven by the understanding that vaults are high-value targets for attackers, our research team at Cyata set out to conduct a comprehensive assessment of HashiCorp Vault (“Vault”), one of the most widely used tools in this space.

Over several weeks of deep investigation, we identified nine previously unknown zero-day vulnerabilities, each assigned a CVE through responsible disclosure. We worked closely with HashiCorp to ensure all issues were patched prior to public release.

The flaws we uncovered bypass lockouts, evade policy checks, and enable impersonation. One vulnerability even allows root-level privilege escalation, and another – perhaps most concerning – leads to the first public remote code execution (RCE) reported in Vault, enabling an attacker to execute a full-blown system takeover.

We found a pattern of logic failures that, individually and in combination, create dangerous attack paths – especially in real-world Vault deployments where misconfigurations or excessive permissions are common.

These vulnerabilities weren’t memory corruption or race condition issues, but subtle logic flaws buried in Vault’s authentication, identity, and policy enforcement layers. Some had existed for nearly a decade, quietly embedded and easy to miss, yet straightforward to exploit once understood.

Previous public research on Vault risks, most notably Google Project Zero’s Enter the Vault (2020), focused on bypasses in cloud-provider-specific IAM backends like AWS and GCP. Our work targets Vault’s core authentication flows, surfacing issues that impact both Open Source and Enterprise versions, across multiple solution providers.

In this post, we share what we found, how we found it, and what it means for the infrastructure Vault is meant to protect.

Security researchers at Cisco Talos discovered critical vulnerabilities in Dell's ControlVault3 hardware security module that affect over 100 Dell laptop models[^1]. Called "ReVault," these five vulnerabilities allow attackers to compromise the system in two main ways:

1. Post-compromise persistence: A non-administrative user can exploit the Windows APIs to execute arbitrary code on the ControlVault firmware, steal security keys, and modify the firmware to maintain access even after Windows reinstallation[^1].

2. Physical attack: An attacker with physical access can directly connect to the Unified Security Hub board via USB, bypass login credentials and disk encryption, and even trick the fingerprint reader into accepting any fingerprint[^1].

The affected ControlVault3 and ControlVault3+ modules are primarily found in Dell Latitude and Precision business laptops used in cybersecurity, government, and other security-sensitive environments[^1].

Key mitigations include:

• Installing the latest firmware updates
• Disabling unused security peripherals
• Enabling chassis intrusion detection
• Using Windows Enhanced Sign-in Security (ESS)
• Monitoring for suspicious crashes in Windows Biometric Service[^1]

[^1]: Cisco Talos - ReVault! When your SoC turns against you…

Weekly thread to discuss whatever you’re working on, big or small, at work or in your free time.

Full PDF Report.

CTM360 has discovered a widespread ongoing malicious campaign specifically aimed at TikTok Shop users across the globe. Threat actors are exploiting the official in-app e-commerce platform through a dual attack strategy that combines phishing and malware to target users. The core tactic involves a deceptive replica of TikTok Shop that tricks users into thinking theyʼre interacting with a legitimate affiliate or the real platform. We have dubbed this Tiktok Shop scam campaign as “ClickTokˮ.

The ongoing TikTok Shop scam campaign employs multiple sophisticated tactics to target different users including end users (buyers), and TikTok Shop Affiliate Program participants on the platform. The Threat actors are using fake Meta ads and AI-generated TikTok videos that mimic influencers or official brand ambassadors.

A key element of the campaign involves lookalike domains that closely mimic legitimate TikTok URLs. These domains serve two main purposes: hosting phishing pages designed to steal user credentials and distributing trojanized apps. Once installed, these trojanized apps mimic TikTokʼs interface but covertly deploy a variant of the SparkKitty Spyware, enabling deep data exfiltration from compromised devices.

Key Findings on ClickTok Scam Campaign:

• The campaignʼs scope extends beyond TikTok Shop impersonation and includes fraudulent versions of TikTok Wholesale and TikTok Mall. Over 10,000 + impersonated websites have been identified to date, many hosted on dedicated spoofed domains.
• TikTok shop sites have been observed using free or low-cost top-level domains such as .top, .shop, and .icu etc.
• The threat actors distribute malicious App files through embedded download links and QR codes, with 5,000 distinct App download sites detected thus far.
• The campaign cryptocurrency wallet as the payment method, subsequently hijacks transactions to carry out fraud and steal digital funds.
• TikTok Shop is officially available in 17 countries, including the UK, US, Indonesia, and several in Europe and Asia; however, TikTok shop scams is rapidly increasing and spreading on a global scale, targeting users worldwide beyond these regions.

Weekly thread for any and all career, learning and general guidance questions. Thinking of taking a training or going for a cert? Wondering how to level up your career? Wondering what NOT to do? Got other questions? This is the time and place to ask!

We’re glad to announce version 2.14.0 of Vulnerability-Lookup!
This version introduces several new features, enhancements, and fixes.

What's New

New Watchlist View

You can now view your monitored products and their related vulnerabilities directly in the browser, mirroring the structure of email notifications. Authenticated RSS/Atom feeds are available. (#181)

(enable audio in the screencast)

GNA Verification

We added a way to confirm whether a Vulnerability-Lookup instance is officially operated by a GNA. The information is available on the About page. (#179)

Optional CVD Process

The Coordinated Vulnerability Disclosure module can now be disabled if not applicable to your deployment. (#178)

Changes

Other changes include a smoother post-login experience and a fail-safe around ML-Gateway calls for related vulnerabilities. (#170)

Changelog

📂 To explore the full list of changes, visit the changelog on GitHub:
https://github.com/vulnerability-lookup/vulnerability-lookup/releases/tag/v2.14.0

🙏 Thank you very much to all the contributors and testers!

Feedback and Support

If you encounter any issues or have suggestions, feel free to open a ticket on our GitHub repository:
https://github.com/vulnerability-lookup/vulnerability-lookup/issues/
Your feedback is always appreciated!

Follow Us on Fediverse/Mastodon

You can follow us on Mastodon and get real time information about security advisories:
https://social.circl.lu/@vulnerability_lookup/