Attending #Insomnihack this week? Don't miss our researcher @pspaul breaking down various unsafe patterns attackers can abuse to compromise your GitHub Actions workflows!
| blog | https://www.sonarsource.com/blog/ |
| https://twitter.com/Sonar_Research |
Sonar Research
- 806 Followers
- 3 Following
- 186 Posts
Cutting-edge security research by Sonar to educate the world about code security across all software.
Our team is hiring! If you are passionate about finding bugs in code, exploiting them in creative ways, and sharing your findings on our blog, apply here: https://jobs.lever.co/sonarsource/06d335cb-8235-4372-9413-e60253ec530a
Sonar - Vulnerability Researcher (f/m/d)
Who is Sonar? Sonar helps prevent code quality and code security issues from reaching production, amplifies developers' productivity in concert with AI assistants, and improves the developer experience with streamlined workflows. Sonar analyzes all code, regardless of who writes it — your internal team, genAI, or third parties — resulting in more secure, reliable, and maintainable applications. Rooted in the open source community, Sonar’s solutions support over 30 programming languages, frameworks, and infrastructure technologies. Today, Sonar is trusted by +7M developers worldwide, including teams at the DoD, Microsoft, NASA, MasterCard, Siemens, and T-Mobile. We believe in developing great products that are supported by great internal teams and a strong culture. We are highly committed to and obsessed with the company, users, each other, and our open source community. We have high standards and hold each other accountable for acting with positivity, dedication, thoughtfulness, em
🧟 A fixed vulnerability that comes back to life?
This could have happened in GitHub Actions until yesterday! Learn how attackers could have exploited seemingly fixed workflow vulnerabilities:
From bit flip to RCE in Ollama! 🦙
Our latest blog post explains how a file parsing bug led to an interesting out-of-bounds write primitive. Learn how it could have been exploited in Ollama, a tool to run LLMs locally:
🔄📦 GitHub Actions offer powerful automation capabilities for CI/CD, but they're not immune to attacks.
Take a look at how we tackle this risk with SonarQube Cloud by diving into real-world vulnerabilities.
Using SonarQube to solve a CTF challenge? Done! ✅
Learn how we detected a 0-day vulnerability during #KalmarCTF, making us first to solve the challenge! From Zip Slip to RCE, using lazy class loading:
🗒️✍️Taking a note on security: our latest blog post focuses on Go vulnerabilities, including Arbitrary File Write, XSS, and Misconfiguration. Showcasing our new support for the language in SonarQube Cloud!
📱 Ever wondered what vulnerabilities look like in Android apps?
We have 2 real-world examples for you! From simple misconfig to cross-app data flow, learn how vulnerabilities manifest in the Kotlin code of Android apps:
🔓⏫ After compromising every endpoint within an organization, our “Caught in the FortiNet” blog series comes to an end with one more thing.
Read more about FortiClient's XPC mistake that allows local privilege escalation to root on macOS:
Caught in the FortiNet: How Attackers Can Exploit FortiClient to Compromise Organizations (3/3)
In the last blog of this series, we will focus back on FortiClient and learn how the inner workings of this application work, and what crucial mistake happened that led to us uncovering a local privilege escalation vulnerability.
📁🫷🚧Can't control the extension of a file upload, but you want an XSS?
Read more on how we overcame this obstacle to further exploit entire organizations using Fortinet endpoint protection:
Caught in the FortiNet: How Attackers Can Exploit FortiClient to Compromise Organizations (2/3)
We recently discovered critical vulnerabilities in Fortinet’s endpoint protection solution that enable attackers to fully compromise organizations with minimal user interaction. In this second article, we will cover how attackers can use the compromised endpoint to achieve lateral movement within an organization.