Google hackers disclose exploit for an UNPATCHED Windows vulnerability (CVE-2020-0986) that was exploited as 0-day in the wild, for which Microsoft issued an incomplete patch and then failed to patch it again under the 90-day deadline.

Read — https://thehackernews.com/2020/12/google-discloses-poorly-patched-now.html

Ongoing DDoS attack impacting Netscaler ADCS.

https://www.bleepingcomputer.com/news/security/citrix-confirms-ongoing-ddos-attack-impacting-netscaler-adcs/

Vulnerabilities in McAfee ePolicy Orchestrator

https://swarm.ptsecurity.com/vulnerabilities-in-mcafee-epolicy-orchestrator/

Best of Linux Privilege Escalation

Linux Privilege Escalation using Capabilities
https://lnkd.in/fuj7vUD

Lxd Privilege Escalation
https://lnkd.in/gRfBdJt

Docker Privilege Escalation
https://lnkd.in/f9kreJj

Exploiting Wildcard for Privilege Escalation
https://lnkd.in/dj3dagD

Linux Privilege Escalation using LD_Preload
https://lnkd.in/gbZJ9Mn

Linux Privilege Escalation Using PATH Variable
https://lnkd.in/fDNjsgB

Linux Privilege Escalation using Misconfigured NFS
https://lnkd.in/fgJfS3x

Linux Privilege Escalation using Sudo Rights
https://lnkd.in/fxPnTiU

Linux Privilege Escalation using SUID Binaries
https://lnkd.in/fkciJKr

Editing /etc/passwd File for Privilege Escalation
https://lnkd.in/fVj3c28

SolarWinds has released an updated advisory for the additional SuperNova malware discovered to have been distributed through the company's network management platform.

https://www.bleepingcomputer.com/news/security/solarwinds-releases-updated-advisory-for-new-supernova-malware/

Third edition of US Army bug bounty program prepared for deployment.

https://portswigger.net/daily-swig/third-edition-of-us-army-bug-bounty-program-prepared-for-deployment #UnitedStates

Pwn write-ups from IceCTF

https://gitlab.com/hkraw/ctf_/-/wikis/Ice-CTF/story-shell-frozen-daintree-christmascarol(1,2)-2020

Bug? No, Telegram exposing its users' precise location is a feature working as 'expected'

Messaging app makes inadvertent oversharing too easy

A researcher who noted that using the "People Nearby" feature of popular messaging app Telegram exposed the exact location of the user has been told that it's working as expected.

Folk who activate this feature see a list of other users within a few miles to "quickly add people nearby... and discover local group chats."

Using a utility that fakes the location of an Android device, Ahmed Hassan was able to discover the distance of individuals from three different points, and then use trilateration to pinpoint exactly where they were. He was able to retrieve exact home addresses using this method, which is not technically difficult.

https://www.theregister.com/2021/01/05/telegram_location_people_nearby/

Getting root on a 4G LTE mobile hotspot (Alcatel MW41)
https://alex.studer.dev/2021/01/04/mw41-1

The Defense Digital Service (DDS) and HackerOne today announced the launch of DDS’s eleventh bug bounty program with HackerOne and the third with the U.S. Department of the Army. Hack the Army 3.0 is a time-bound, hacker-powered security test aimed at surfacing vulnerabilities so they can be resolved before they are exploited by adversaries. The bug bounty program is open to both military and civilian participants and will run from January 6, 2021 through February 17, 2021.

https://www.hackerone.com/press-release/defense-digital-service-kicks-third-hack-army-bug-bounty-challenge-hackerone

Hello friends ! This user is a scammer.

Introduces itself as the administrator of @freedom_fox Private Channel !
But he is lying

▶️ pwn.college

pwn.college is a first-stage education platform for students (and other interested parties) to learn about, and practice, core cybersecurity concepts in a hands-on fashion.

ASU’s Fall 2020 CSE466 class :

Module 0: Introduction
Module 1: Program Misuse
Module 2: Shellcode
Module 3: Sandboxing
Module 4: Binary Reverse Engineering
Module 5: Memory Errors
Module 6: Exploitation
Module 7: Return Oriented Programming
Module 8: Kernel Introduction
Module 9: Dynamic Allocator Misuse
Module 10: Race Conditions
Module 11: Advanced Exploitation
Module 12: Automatic Vulnerability Discovery

🌐 Website

@securebyte

Hack your APIs: interview with Corey Ball - API security expert https://portswigger.net/blog/hack-your-apis-interview-with-corey-ball-api-security-expert