Serialization and Deserialization in C# using System.Text.Json by Nitish Kaushik | Microsoft MVP youtube.com/watch?v=kj3nPM…

JSON network data deserialization
#programminghorror
#meme

A New CERT Vulnerability Note: R Programming Language implementations are vulnerable to arbitrary code execution during deserialization of .rds and .rdx files - kb.cert.org/vuls/id/238194

Using Amazon Q Developer to solve a problem in my code related to data deserialization in #Kafka and #Protobuf .

📝 Blog post:

community.aws/content/2fbWID…

CVE-2024-27322 vulnerability in R's deserialization process gives attackers a way to execute arbitrary code in target environments via specially crafted files 🔥

buff.ly/3WoDTaj

RT Stefan Tanase

#hackernews #hackers #cybersecurity

Creating #Dart and #Flutter applications often includes a range of typical tasks, such as implementing JSON deserialization, consuming backend APIs, creating a dependency inversion mechanism, implementing navigation and localization, managing assets, writing tests, and more.

👇🏻

CVE-2024-27322 (CVSS 8.8) arises from the deserialization process in R, where objects encoded in formats like JSON, XML, and binary are converted back to their original form for use within an application or program
meterpreter.org/high-severity-…

What if I told you that #AmazonQ helped me solve a nasty data deserialization problem involving #ApacheKafka , #Go , and #ProtoBuf ?

➡️ Would you believe it? 🤨

You don't have to believe it. See for yourself. I wrote a blog post detailing this experience.

community.aws/content/2fbWID…

Our SAI team uncovered a #0day deserialization vulnerability in the popular statistical programming language R, widely used within #government and #MedicalResearch . This could be used as part of a #supplychainattack .

Learn more 👇hubs.ly/Q02vkG4w0

#Security4AI

Deserialization is a major security hole in OOP PHP applications.

Here's a tool to design a remote code execution on popular OOP PHP libraries. Hair raising.

Luckily, Zerolith does not use serialization/deserialization because it's not OOP. :)

github.com/ambionics/phpg…

Warning: #CVE -2024-27322 is a #deserialization #vulnerability in #R resulting in #ArbitraryCodeExecution . Avoid importing untrusted files in your projects and beware of possible supply chain attacks via R packages using the #readRDS function. kb.cert.org/vuls/id/238194 #patch #patch

Working on cutting down deserialization times, had a vague idea, turns out it worked pretty well :) If this is a bottleneck for you take some time to really think about it, you'll probably cut down your time atmost in a days time by 30%

Deserialization is slow, but, what about the time u are taking to serialize ur orders before sending to the exchange?

Yeah, that can be made faster, with 9 lines of code, almost 50% faster.

Patched Deserialization Flaw in Siemens Product Allows RCE dlvr.it/T6Fwxb #ProtectTheClick

Critical R deserialization #vulnerability #CVE -2024-27322 enables arbitrary code execution.
hiddenlayer.com/research/r-bit…

We were able to further reduce the gas consumption of Mina Protocol (httpz) 🪶 bridge to Ethereum Foundation. It’s still huge but we lowered from hundreds of millions in only a few days. I think we can get it to 5/10M.

Latest values:
- Deserialization: from ~26M --> 17M
- Verifier: from ~27M --> 21M…

R-BITRARY CODE EXECUTION: VULNERABILITY IN R’S DESERIALIZATION
hiddenlayer.com/research/r-bit…

Dear network,
A severe security vulnerability has been discovered in R, and reported from the US National Vulnerability Database lnkd.in/dmYP2Vcs.

📌 The vulnerability involves the 'deserialization of untrusted data'...

Upgrade to R Version 4.4.0 Now! 🚨

intermediate representation structs feel like the path to a proper deserialization impl

PSA: R security note VU#238194

R is vulnerable to arbitrary code execution during deserialization of .rds and .rdx files. V4.4.0 now restricts promises in the serialization stream so they're used for implementing lazy evaluation
kb.cert.org/vuls/id/238194 #rstats #infosec