Zeitpunkt Nutzer Delta Tröts TNR Titel Version maxTL Fr 09.08.2024 00:00:08 7.221 +1 614.708 85,1 NerdCulture 4.2.10 1.000 Do 08.08.2024 00:00:07 7.220 0 614.036 85,0 NerdCulture 4.2.10 1.000 Mi 07.08.2024 00:00:02 7.220 +1 613.632 85,0 NerdCulture 4.2.10 1.000 Di 06.08.2024 00:00:00 7.219 +1 613.101 84,9 NerdCulture 4.2.10 1.000 Mo 05.08.2024 00:00:07 7.218 +1 612.605 84,9 NerdCulture 4.2.10 1.000 So 04.08.2024 00:01:08 7.217 0 612.238 84,8 NerdCulture 4.2.10 1.000 Sa 03.08.2024 00:01:10 7.217 0 611.946 84,8 NerdCulture 4.2.10 1.000 Fr 02.08.2024 00:01:14 7.217 -1 611.448 84,7 NerdCulture 4.2.10 1.000 Do 01.08.2024 00:01:37 7.218 +1 610.940 84,6 NerdCulture 4.2.10 1.000 Mi 31.07.2024 00:00:30 7.217 0 610.506 84,6 NerdCulture 4.2.10 1.000
Olly 👾 (@Olly42) · 01/2024 · Tröts: 261 · Folger: 29
Fr 09.08.2024 13:55
[0.0.0.0 Day] 18-Year-Old Browser Vulnerability impacts MacOS and Linux Devices. :apple_inc: :linux:
0.0.0.0 Day impacts Google Chrome/Chromium, Mozilla Firefox and Apple Safari that enables external websites to communicate with software that runs locally on MacOS and Linux.
https://www.oligo.security/blog/0-0-0-0-day-exploiting-localhost-apis-from-the-browser
#apple #macos #linux #google #chrome #firefox #safari #it #security #privacy #technology #engineering #tech #media #news
Public websites using domains ending in ".com" are able to communicate with services running on the local network and execute arbitrary code on the visitor's host by using the address 0.0.0.0 as opposed to localhost/127.0.0.1. It does not affect Windows devices as Microsoft blocks the IP address at the operating system level.
[ImageSource: Oligo Security]
Number of public sites communicating with 0.0.0.0
Google Chrome, the world's most popular web browser, has decided to take action and block access to 0.0.0.0 via a gradual rollout lasting from version 128 (upcoming) until version 133.
[ImageSource: Oligo Security] Malicious request seen in the Selenium attacks. Another case is a campaign targeting Selenium Grid, discovered by Wiz last month. In this campaign, attackers use JavaScript on a public domain to send requests to 'http://0[.]0[.]0[.]0:4444.' Those requests are routed to the Selenium Grid servers, enabling the attackers to execute code or conduct network reconnaissance.
[Öffentlich] Antw.: 0 Wtrl.: 0 Fav.: 0 · via Metatext