Automatic detection method of software upgrade vulnerability based on network traffic analysis by Jinhui TENG, Yan GUANG, Hui SHU, Bing ZHANG

“…During the software upgrade process,the lack of authentication for upgrade information or packages can lead to remote code execution vulnerabilities based on man-in-the-middle attack.An automatic detection method for upgrading vulnerabilities was proposed.The method described the upgrade mechanism by extracting the network traffic during the upgrade process,then matched it with the vulnerability feature vector to anticipate upgrading vulnerabilities.In a validation environment,the man-in-the-middle attack using the portrait information was carried out to verify the detection results.In addition,an automatic vulnerability analysis and verification system based on this method was designed.184 Windows applications samples was test and 117 upgrade vulnerabilities were detected in these samples,which proved validity of the method.…”
Get full text

Monitoring Keamanan Runtime pada Kubernetes Menggunakan Falco by Ryan Fadhillah, Nur Rohman Rosyid

“…Proses pengujian kapabilitas deteksi dilakukan terhadap tiga skenario serangan yang termasuk kedalam daftar resiko yang ada pada OWASP Top 10 Cloud-Native Application Security, di antaranya yaitu Remote Code Execution (RCE), exfiltration using common Linux binaries, dan privileged container. …”
Get full text

Uncovering Threats in Container Systems: A Study on Misconfigured Container Components in the Wild by Dongmin Choi, Hyunmin Seo, Kwanwoo Kim, Myoungsung You, Seungwon Shin, Jinwoo Kim

“…We identify five distinct vulnerabilities that either leak sensitive information or allow remote code execution, demonstrating the real-world feasibility and potential impact of exploiting these misconfigured container components.…”
Get full text

A Cybersecurity Risk Assessment for Enhanced Security in Virtual Reality by Rebecca Acheampong, Dorin-Mircea Popovici, Titus C. Balan, Alexandre Rekeraho, Ionut-Alexandru Oprea

“…This methodology provides a comprehensive risk evaluation method, identifying critical vulnerabilities such as Remote Code Execution (RCE), social engineering, excessive permission exploitation, unauthorized access, and data exfiltration. …”
Get full text

Safety of Systems Integrating Fire Protection Equipment – Risks, Gaps, Recommendations by Wojciech Wróblewski, Dorota Seliga

“…It has been found that cybercriminals can use various techniques: denial-of- service (DoS) attacks, man-in-the-middle attacks, remote code execution and social engineering, to disrupt systems. …”
Get full text

A Comprehensive Analysis of Cybersecurity Infrastructure in Academic Environments by Holger Santillan, Julio Andrés Arévalo Satán, Peregrina Wong

“…Domain security analysis revealed critical vulnerabilities, including an outdated version of PHP and possible remote code execution (CVSS 9.8-10) in “virtual.ups.edu.ec”. …”
Get full text

Infrastructure as Code for Cybersecurity Training by Rui Pinto, Rolando Martins, Carlos Novo

“…Lastly, we explore several up-to-date vulnerabilities that are constantly messing with the lives of individuals and organizations, most related to Privilege Escalation, Remote Code Execution attacks, and Incident Forensics, allowing the improvement of skills concerning Red team and Blue team scenarios. …”
Get full text