Random in Security is a summary of the cybersecurity news.
DEVCORE published a detailed article a remote code execution vulnerability they discovered in PHP. This vulnerability affects all versions of PHP installed on the Windows operating system. All versions of XAMPP installations on Windows are vulnerable by default.
we need to stop doing phishing tests and start doing phishing fire drills.
That’s the summary of this article on Google Online Security Blog. Much like the regular pre-announced evacuation training instead of surprise drills.
This is a post-mortem from 2019, where an attacker gained initial access via an outdate Jenkins. On a compromised Jenkins slave the attacker abused forwarded SSH keys of the devops team and inserted their own SSH keys on the accessible hosts. The post-mortem includes many good lessons and improvements.
There was a new article released that discussed malicious VSCode extensions. Back in 2023, researchers of Aqua Security already had investigated the security problems with the Visual Studio Code market place. They created an extension by typosquatting an existing extension and observed the downloads and subsequent impact. Most interestingly, Microsoft also has an article on the question, “Can I trust extensions from the Marketplace?”
A network packet forensics tool for SSH
Knock Subdomain Scan
RDP Bitmap Cache parser
This article provides some additional background information. RDP optimizes the connection by caching images of the screen. These cached images are stored in files on the client machine