TARLOGIC's BLOG
Cybersecurity

Cybersecurity articles with security analysis and ethical hacking technics information

CVE-2024-53677: Critical vulnerability affecting Apache Struts
CVE-2024-53677: Critical vulnerability affecting Apache Struts
S.T.A².R.S Team

Information has been disclosed about a new critical vulnerability affecting the popular Apache Struts framework. The CVE-2024-53677 vulnerability could allow a remote attacker to e[...]

Read more
CVE-2024-52316: Critical vulnerability in Apache Tomcat
CVE-2024-52316: Critical vulnerability in Apache Tomcat
S.T.A².R.S Team

Critical vulnerability CVE-2024-52316 affecting Apache Tomcat allows authentication bypass when using the Jakarta authentication API A critical vulnerability has been identified in[...]

Read more
CVE-2024-6387: RegreSSHion, a high vulnerability that affects OpenSSH
CVE-2024-6387: RegreSSHion, a high vulnerability that affects OpenSSH
S.T.A².R.S Team

Information has been disclosed about a new high vulnerability (CVE-2024-6387) that affects OpenSSH over Linux Servers. RegreSSHion allows an unauthenticated attacker to obtain remo[...]

Read more
Bluetooth Architecture from Scratch
Bluetooth Architecture from Scratch
Jesús Gómez Moreno

The Bluetooth architecture determines which functions should be operational in an implementation and how they should be organised Bluetooth is composed of multiple technologies, pr[...]

Read more
The Way of the Hunter: Defining an ad hoc EDR evaluation methodology
The Way of the Hunter: Defining an ad hoc EDR evaluation methodology
Julio Jairo Estévez

Nowadays Threat Hunting is a very popular term in the infosec community. However, there is not a widely shared definition of that role. Discrepancies persist as everyone considers [...]

Read more
Continuous Threat Hunting vs. Campaign-based Threat Hunting
Continuous Threat Hunting vs. Campaign-based Threat Hunting
Alberto Terceiro

Continuous Threat Hunting allows early detection of threats and is more complete than Campaign-based Threat Hunting The classic Threat Detection model has traditionally been consid[...]

Read more
CVE-2024-30078: Remote code execution on Windows Wi-Fi driver
CVE-2024-30078: Remote code execution on Windows Wi-Fi driver
S.T.A².R.S Team

CVE-2024-30078 is a Windows Wi-Fi driver vulnerability with low exploit complexity that allows remote code execution Last June 11, Microsoft made public in its «Patch Tuesdays» a[...]

Read more
CVE-2024-4577: Critical vulnerability in PHP
CVE-2024-4577: Critical vulnerability in PHP
S.T.A².R.S Team

CVE-2024-4577 can be exploited in all versions of PHP for Windows and lead to the execution of malicious code A critical vulnerability in PHP has recently been published that could[...]

Read more
CVE-2024-32002: Critical vulnerability in Git
CVE-2024-32002: Critical vulnerability in Git
S.T.A².R.S Team

Critical vulnerability CVE-2024-32002 affecting Git update control software can lead to remote code execution A critical vulnerability in Git has recently been published that coul[...]

Read more
CVE-2024-3400: Unauthenticated code injection in PAN-OS
CVE-2024-3400: Unauthenticated code injection in PAN-OS
S.T.A².R.S Team

CVE-2024-3400 affects Palo Alto Networks PAN-OS software used to manage the first layer of defense for many enterprises A critical command injection vulnerability has been recently[...]

Read more
1 2 3 4 13
Advanced penetration testing services