#web

By Waqas The notorious Warzone Rat operation was active from 2018 until its takedown. This is a post from HackRead.com Read the original post: US Takes Down Notorious Warzone RAT Malware Operation, Arrests 2

By Waqas Patch Your VPN! ExpressVPN Bug Leaks DNS Requests for Windows Users with Split Tunneling! This is a post from HackRead.com Read the original post: ExpressVPN Bug Leaked DNS Requests for Windows Users

In January, we recorded a total of 261 ransomware victims.

By Deeba Ahmed The cybercrime gang behind the ransomware attack is unknown. This is a post from HackRead.com Read the original post: Ransomware Attack Disrupts Services in 18 Romanian Hospitals

### Summary When using form data, `python-multipart` uses a Regular Expression to parse the HTTP `Content-Type` header, including options. An attacker could send a custom-made `Content-Type` option that is very difficult for the RegEx to process, consuming CPU resources and stalling indefinitely (minutes or more) while holding the main event loop. This means that process can't handle any more requests. This can create a ReDoS (Regular expression Denial of Service): https://owasp.org/www-community/attacks/Regular_expression_Denial_of_Service_-_ReDoS This only applies when the app uses form data, parsed with `python-multipart`. ### Details A regular HTTP `Content-Type` header could look like: ``` Content-Type: text/html; charset=utf-8 ``` `python-multipart` parses the option with this RegEx: https://github.com/andrew-d/python-multipart/blob/d3d16dae4b061c34fe9d3c9081d9800c49fc1f7a/multipart/multipart.py#L72-L74 A custom option could be made and sent to the server to break it wit...

This week on the Lock and Code podcast, we speak with Jason Haddix about how businesses can protect against modern cyberthreats.

Ubuntu Security Notice 6631-1 - Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

This is additional research regarding a mitigation bypass in Windows Defender. Back in 2022, the researcher disclosed how it could be easily bypassed by passing an extra path traversal when referencing mshtml but that issue has since been mitigated. However, the researcher discovered using multiple commas can also be used to achieve the bypass.

An issue was discovered on WyreStorm Apollo VX20 versions prior to 1.3.58. Remote attackers can restart the device via a /device/reboot HTTP GET request.

WyreStorm Apollo VX20 versions prior to 1.3.58 suffer from a cleartext credential disclosure vulnerability when accessing /device/config with an HTTP GET.