Sysdig – Page 2 – Cybersecurity News Everyday

Fuzzing and Bypassing the AWS WAF

January 9, 2024May 16, 2024 Sysdig

The Sysdig Threat Research Team discovered techniques that allowed the AWS WAF to be bypassed using a specialized DOM event. Web Application Firewalls (WAFs) serve as the first line of defense for your web applications, acting as a filter between your application and incoming web traffic to protect against unauthorized or malicious activity.…

Threat Research

CVE-2023-38545: High Severity cURL Vulnerability Detection

October 12, 2023May 24, 2024 Sysdig

On Oct. 11, a new version of curl (8.4.0) was released where a couple of new vulnerabilities were fixed (CVE-2023-38545 with severity HIGH and CVE-2023-38546 with severity LOW). These issues were previously announced in the project’s discussion. At the time of this blog, there have been several proof of concepts released for CVE-2023-38545 which result in crashes, but not exploitation.…

Threat Research

Detecting and Mitigating CVE-2023-4911: Local Privilege Escalation Vulnerability

October 6, 2023May 24, 2024 Sysdig

Recently, Qualys discovered and reported a critical vulnerability affecting the popular GLIBC ecosystem, which is installed by default on most Linux-based operating systems. Specifically, a buffer overflow was found in the code responsible for handling special environment variables during the startup of a process which can result in a local privilege escalation.…

Author: Sysdig

Fuzzing and Bypassing the AWS WAF

CVE-2023-38545: High Severity cURL Vulnerability Detection

Detecting and Mitigating CVE-2023-4911: Local Privilege Escalation Vulnerability