Attacks & Vulnerabilities |
SAP fixed a maximum severity flaw in SQL Anywhere Monitor (3 minute read)
SAP patched 19 vulnerabilities in November, including CVE-2025-42890 (CVSS 10/10), a critical hardcoded credentials flaw in SQL Anywhere Monitor (Non-GUI) that enabled arbitrary code execution with complete system compromise. Additional critical fixes include CVE-2025-42887 (CVSS 9.9) in SAP Solution Manager, which addresses code injection via missing input sanitization, and an update to CVE-2025-42944 that addresses insecure deserialization in SAP NetWeaver AS Java. Organizations should immediately discontinue SQL Anywhere Monitor usage, delete all monitor database instances, and apply patches across affected SAP products. No evidence of active exploitation has been reported. |
Amazon discovers APT exploiting Cisco and Citrix zero-days (2 minute read)
Amazon's threat intelligence team discovered an APT exploiting zero-day vulnerabilities CVE-2025-20337 in Cisco Identity Service Engine (pre-authentication RCE via deserialization) and CVE-2025-5777 in Citrix systems. The attacks were detected via MadPot honeypots before public disclosure. The threat actor deployed a custom Java web shell named IdentityAuditAction, which features in-memory operation, Java reflection for thread injection, DES encryption with non-standard Base64 encoding, and HTTP header-based authentication requiring specific knowledge to access. Organizations should immediately patch affected Cisco ISE and Citrix NetScaler systems, implement firewall restrictions on management portal access, deploy defense-in-depth strategies for identity infrastructure, and monitor for anomalous behavior patterns in authentication systems even when properly configured. |
|
No Leak, No Problem - Bypassing ASLR with a ROP Chain to Gain RCE (10 minute read)
A showcase on how to exploit a modern ARM-based IoT device, specifically a network camera, by bypassing Address Space Layout Randomization (ASLR) to achieve unauthenticated remote code execution (RCE) using a Return-Oriented Programming (ROP) chain. This approach cleverly bypasses ASLR, a memory protection mechanism designed to block exploit attempts, allowing remote code execution without requiring the leakage of addresses. By manipulating writable memory and leveraging known offsets, the attacker can execute commands on the device, illustrating how gaps in embedded device security can be exploited even with mitigations in place. |
Active Directory Under Siege: Why Critical Infrastructure Needs Stronger Security (3 minute read)
Active Directory remains the authentication backbone for 90% of Fortune 1000 companies, with attackers exploiting golden ticket attacks, DCSync privilege escalation, Kerberoasting, and compromised credentials (involved in 88% of breaches per Verizon DBIR) to gain network-wide control, as demonstrated by the 2024 Change Healthcare breach, where MFA absence enabled full AD compromise. Critical vulnerabilities include weak passwords, service accounts with excessive permissions and non-expiring credentials, cached admin credentials in memory, legacy NTLM protocol exploitation, and hybrid environment complexity, creating visibility gaps between on-premises and cloud security teams. Implement layered defenses, including continuous credential monitoring against breach databases (blocking 4B+ compromised passwords), privileged access management with just-in-time elevation, zero-trust conditional access with MFA for all privileged accounts, continuous AD change monitoring for suspicious patterns, and aggressive patching of domain controllers within days of security updates. |
Two Scenario Threat Modeling (5 minute read)
Many people feel intimidated by the number of potential scenarios and never perform threat modeling. Instead, many of the insights of a threat modeling exercise can be garnered by considering only a worst case scenario and a likely but impactful scenario. Security teams should devise detailed story-driven scenarios for these exercises and then proceed in either an informal or formal threat modeling exercise. |
|
Tenzai (Product Launch)
Tenzai is an AI-driven penetration testing platform that continuously identifies and addresses software vulnerabilities, aiming to automate manual and infrequent pentesting. |
Mailgoose (GitHub Repo)
Mailgoose is a web application that allows users to check whether their SPF, DMARC, and DKIM configurations are set up correctly. |
Private AI Compute: our next step in building private and helpful AI (2 minute read)
Private AI Compute is a Google platform that enhances AI privacy by combining the power of advanced Gemini cloud models with on-device security standards. This approach ensures users' data is kept private while unlocking fast, intelligent features like smarter suggestions. The system uses encrypted, hardware-secured spaces and multi-layered safeguards, allowing advanced AI without compromising personal data privacy. |
|
AWS Backup Now Supports Amazon EKS (1 minute read)
AWS Backup now allows for creating fully managed backups of EKS clusters. It supports scheduled backups, data retention, immutable vaults, and cross-region and cross-account copies for application data and cluster state. |
|
| Love TLDR? Tell your friends and get rewards! | | Share your referral link below with friends to get free TLDR swag! | | | |
| Track your referrals here. |
| Want to advertise in TLDR? 📰 If your company is interested in reaching an audience of cybersecurity professionals and decision makers, you may want to advertise with us.
Want to work at TLDR? 💼 Apply here or send a friend's resume to jobs@tldr.tech and get $1k if we hire them!
If you have any comments or feedback, just respond to this email! Thanks for reading, Prasanna Gautam, Eric Fernandez & Sammy Tbeile
|
|
| |
0 Comments