In the summer of 2022, a few Twilio employees received an odd text message. Appearing to be from the internal IT department, these messages suggested employees need to reset expiring passwords through a specific URL. However, neither the URL or the message was legitimate, and the threat actors controlled the URL. They essentially tricked employees into giving away credentials, resulting in the compromise of over 130 connected organizations.

Let’s catch up on the more interesting vulnerability disclosures and cyber security news gathered from articles across the web this week. This is what we have been reading about on our coffee break! A badly coded WordPress plugin again. Luckily it has been caught: Sneaky! DNS is such a great lure for using as a control channel. I’m really surprised its not used more: Oh dear. At least they found it in the end…

At DEF CON 32's AppSec Village, we explored secrets security challenges, answered common questions, and shared how to detect and handle hidden credentials effectively.

On August 21, 2024, SolarWinds released a second hotfix for SolarWinds Web Help Desk (WHD) version 12.8.3. This hotfix addresses a newly disclosed hardcoded credential vulnerability (CVE-2024-28987) that allows a remote, unauthenticated attacker to access internal functionality and modify data. Additionally, the hotfix resolves the Java deserialization remote code execution (RCE) vulnerability (CVE-2024-28986) disclosed the previous week and fixes functionality issues introduced by the first hotfix.

As companies handle increasingly sensitive information, securing data in motion—the data actively transferred across networks or between devices—has become an important priority. Whether moving through corporate networks, across mobile devices, or stored in the cloud, this data is particularly vulnerable to threats from malicious actors, insider threats, and unauthorized users.

As offensive security specialists for over 10 years, we have tested countless organisations who believe their SIEM, EDR or MDR provider offers them comprehensive defense, only to find them lacking in fundamental areas. From our experience, some “traditional” in-house, yet adequately resourced, Security Operations Centres (SOCs) can still provide a robust defense, while others struggle to stay on top of emerging threats.

Out-of-bounds memory access, also known as buffer overflow, occurs when a program tries to read from or write to a memory location outside the bounds of the memory buffer that has been allocated for it. This type of vulnerability is particularly dangerous because it can lead to various issues, including crashes, data corruption, sensitive data leaks, and even the execution of malicious code.