Guess who forgot to do a newsletter last week?
Cool file upload attack to get access to SSH unauthenticated.
https://blog.fadyothman.com/cve-2021-28379-gaining-rce-via-ssh-backdoor-in-vestacp/
Neat tool to MITM an iOS device. The code is worth a look.
https://github.com/doronz88/harlogger
There is a new release of a (new to me) tool to test SAML implementations.
https://blog.compass-security.com/2021/03/saml-raider-release-1-4-0/
More cool HTTP2 vulnerabilities exploited.
https://blog.assetnote.io/2021/03/18/h2c-smuggling/
TLS 1.0 and 1.1 are formally deprecated. These become High findings on reports now.
https://datatracker.ietf.org/doc/rfc8996/
Retire.js, one of my favorite tools, has been updated.
https://retirejs.github.io/retire.js/
And finally, spend your Sunday patching OpenSSL.
https://thehackernews.com/2021/03/openssl-releases-patches-for-2-high.html
Have a secure week, everyone.