mosesrenegade
@mosesrenegade.bsky.social
That post was scheduled weeks ago so I do apologize for that. Clarification on my thoughts. Internal systems running Windows (older stacks) I think could be a bigger concern. I’m thinking through customer internal environments where the servlet console is exposed. Sadly.
March 24, 2025 at 4:04 PM
That post was scheduled weeks ago so I do apologize for that. Clarification on my thoughts. Internal systems running Windows (older stacks) I think could be a bigger concern. I’m thinking through customer internal environments where the servlet console is exposed. Sadly.
Sketchy POC: github.com/iSee857/C...
Apache Tomcat RCE Vulnerability Under Fire With Exploit
The researchers who discovered the initial assault warned that the simple, staged attack is just the beginning for advanced exploit sequences that will test cyber defenses in new and more difficult ways.
www.darkreading.com
March 22, 2025 at 1:00 PM
Sketchy POC: github.com/iSee857/C...
I was, of course, to my detriment, going to give the vendor some grace, hoping that, given enough time, they would do the right thing. But time is the factor will they, in time, change to a whitelist method?
Infosec Drama of the Week?
I want to be clear that in the video, I'm talking about this post:https://labs.watchtowr.com/by-executive-order-we-are-banning-blacklists-domain-level-rce-in...
youtu.be
March 22, 2025 at 12:42 AM
I was, of course, to my detriment, going to give the vendor some grace, hoping that, given enough time, they would do the right thing. But time is the factor will they, in time, change to a whitelist method?
I feel like I'm off my game. I would have never even considered this vector. This group knew what it was doing; they made their Author Commit show up as "Responder Bot." Smart.
Harden-Runner detection: tj-actions/changed-files action is compromised - StepSecurity
tj-actions/changed-files
www.stepsecurity.io
March 19, 2025 at 12:00 PM
I feel like I'm off my game. I would have never even considered this vector. This group knew what it was doing; they made their Author Commit show up as "Responder Bot." Smart.
This particular attacker leveraged the fact that 23,000 companies use this plug-in. When used, it leaks out secrets from your CI/CD system. This is scarily brilliant.
Harden-Runner detection: tj-actions/changed-files action is compromised - StepSecurity
tj-actions/changed-files
www.stepsecurity.io
March 19, 2025 at 12:00 PM
This particular attacker leveraged the fact that 23,000 companies use this plug-in. When used, it leaks out secrets from your CI/CD system. This is scarily brilliant.
If that is your cup of tea, check out the following: github.com/nickvourd... Using Cloudflare Workers and Azure CDN to make this work. This is a pretty good idea.
March 17, 2025 at 2:01 PM
If that is your cup of tea, check out the following: github.com/nickvourd... Using Cloudflare Workers and Azure CDN to make this work. This is a pretty good idea.