H2Csmuggler – HTTP Request Smuggling Over HTTP/2 Cleartext (H2C)

~ Dade Murphy ~ Leave a comment

KitPloit - PenTest Tools!-- h2cSmuggler smuggles HTTP traffic past insecure edge-server proxy_pass configurations by establishing HTTP/2 cleartext (h2c) communications with h2c-compatible back-end servers, allowing a bypass of proxy rules and access controls. See my detailed write-up below for: Technical breakdown of the vulnerability Insecure-by-default services Remediation guidance Here: https://labs.bishopfox.com/tech-blog/h2c-smuggling-request-smuggling-via-http/2-cleartext-h2c How to test? Any proxy endpoint … Continue reading H2Csmuggler – HTTP Request Smuggling Over HTTP/2 Cleartext (H2C)

Cisco Issues Patches For 2 High-Severity IOS XR Flaws Under Active Attacks

~ Dade Murphy ~ Leave a comment

The Hacker News-- Cisco yesterday released security patches for two high-severity vulnerabilities affecting its IOS XR software that were found exploited in the wild a month ago.Tracked as CVE-2020-3566 and CVE-2020-3569, details for both zero-day unauthenticated DoS vulnerabilities were made public by Cisco late last month when the company found hackers actively exploiting Cisco IOS … Continue reading Cisco Issues Patches For 2 High-Severity IOS XR Flaws Under Active Attacks

Introducing VideoBytes, by Malwarebytes Labs

~ Dade Murphy ~ Leave a comment

Malwarebytes Labs-- We have exciting news for avid readers of Malwarebytes Labs: This week, we’re launching a new, monthly video series that will feature the research, insights, and commentary of our own Adam Kujawa, security evangelist and a director for Malwarebytes Labs. Welcome to VideoBytes, our little corner of threat cinema on the web. The … Continue reading Introducing VideoBytes, by Malwarebytes Labs