This Week In Security: Zimbra RCE, Routers Under Attack, And Old Tricks In WebAssembly

This Week In Security: Zimbra RCE, Routers Under Attack, And Old Tricks In WebAssembly

There’s a problem in the unrar utility, and as a result, the Zimbra mail server was vulnerable to Remote Code Execution by simply sending an email. So first, unrar is a source-available command-line application made by RarLab, the same folks behind WinRAR. CVE-2022-30333 is the vulnerability there, and it’s a classic path traversal on archive … Read more

Robot Opens Master Combination Locks In Less Than A Minute

Robot Opens Master Combination Locks In Less Than A Minute

A common trope in bank heist B-movies is someone effortlessly bypassing a safe’s combination lock. Typically, the hero or villain will turn the dial while listening to the internal machinery, then deduce the combination based on sounds made by the lock. In real life, high-quality combination locks are not vulnerable to such simple attacks, but … Read more