China's Built World's Fastest Quantum Computer, 10 Million Times Faster Than Google's
https://ift.tt/3Bx4aVS
Submitted November 03, 2021 at 07:29PM by ictinc
via reddit https://ift.tt/3mI5XTG
https://ift.tt/3Bx4aVS
Submitted November 03, 2021 at 07:29PM by ictinc
via reddit https://ift.tt/3mI5XTG
IndiaTimes
China's Built World's Fastest Quantum Computer, 10 Million Times Faster Than Google's
Chinese scientists claim to built the world's fastest supercomputer, even faster than Google Sycamore
A Technical Analysis of CVE-2021-30864: Bypassing App Sandbox Restrictions
https://ift.tt/3EDVrDe
Submitted November 03, 2021 at 08:46PM by shleimeleh
via reddit https://ift.tt/3GMIvNj
https://ift.tt/3EDVrDe
Submitted November 03, 2021 at 08:46PM by shleimeleh
via reddit https://ift.tt/3GMIvNj
Perception Point
A Technical Analysis of CVE-2021-30864: Bypassing App Sandbox Restrictions
Perception Point researchers have discovered a vulnerability in macOS which allows an attacker to bypass App Sandbox restrictions. The vulnerability was disclosed to Apple, and the fix was announced on the latest macOS Monterey 12.0.1 security update on October…
LDAP Password Hunter: Automated tool to lookup for world-readable secrets in LDAP database building a custom list of attributes at runtime based on the CN=Schema,CN=Configuration
https://ift.tt/3bCYJuc
Submitted November 03, 2021 at 08:37PM by oldboy21
via reddit https://ift.tt/3bCr03N
https://ift.tt/3bCYJuc
Submitted November 03, 2021 at 08:37PM by oldboy21
via reddit https://ift.tt/3bCr03N
GitHub
GitHub - oldboy21/LDAP-Password-Hunter: Password Hunter in Active Directory
Password Hunter in Active Directory. Contribute to oldboy21/LDAP-Password-Hunter development by creating an account on GitHub.
Malicious Code Analysis attack: Abuse code analysis tools to execute code on the analyzing host, or to bypass CI checks
https://ift.tt/3EGAWGa
Submitted November 03, 2021 at 10:26PM by Hefty_Knowledge_7449
via reddit https://ift.tt/3CKo5Sv
https://ift.tt/3EGAWGa
Submitted November 03, 2021 at 10:26PM by Hefty_Knowledge_7449
via reddit https://ift.tt/3CKo5Sv
Medium
Malicious code analysis: Abusing SAST (mis)configurations to hack CI systems
What happens when SAST tools do more than just scanning? What if security scanners abuse their privileges?
Great tech blog for securing AWS EC2 Instances with Microsoft Defender https://ift.tt/3BJgt1x
https://ift.tt/3BJgt1x
Submitted November 03, 2021 at 11:27PM by or-lightspin
via reddit https://ift.tt/3CI7qPv
https://ift.tt/3BJgt1x
Submitted November 03, 2021 at 11:27PM by or-lightspin
via reddit https://ift.tt/3CI7qPv
blog.lightspin.io
Microsoft Defender for Endpoint on AWS: Part 1
This blog serves as the first part of our series that deep dives into Microsoft Defender for Endpoint on AWS.
BugBuntu is a customized distro based on Ubuntu 18.04 and focused on Bug Bounty tools.
https://ift.tt/3Ez5cme
Submitted November 04, 2021 at 12:46AM by halencarjunior
via reddit https://ift.tt/3bFQVri
https://ift.tt/3Ez5cme
Submitted November 04, 2021 at 12:46AM by halencarjunior
via reddit https://ift.tt/3bFQVri
GitHub
GitHub - halencarjunior/BugBuntu: BugBuntu Linux
BugBuntu Linux. Contribute to halencarjunior/BugBuntu development by creating an account on GitHub.
SSS3 is a simple S3 Bucket testing software. It uses aws cli to search for public buckets in a list of domains/subdomains.
https://ift.tt/3q1spt5
Submitted November 04, 2021 at 12:45AM by halencarjunior
via reddit https://ift.tt/3wfAhIt
https://ift.tt/3q1spt5
Submitted November 04, 2021 at 12:45AM by halencarjunior
via reddit https://ift.tt/3wfAhIt
GitHub
GitHub - halencarjunior/sss3: Simple S3 Bucket Testing Software
Simple S3 Bucket Testing Software. Contribute to halencarjunior/sss3 development by creating an account on GitHub.
Getting DDoS everyday by a competitor, I have a dedicated server with OVH and have CSF Firewall and Mod Security installed and configurated to CT Limit 25 + Check every minute, but my competitor is still able to just keep changing the attack IP's and putting my site offline around 60-70% of the time
https://ift.tt/3bETytK
Submitted November 04, 2021 at 07:47AM by philkk
via reddit https://ift.tt/2ZUpJmx
https://ift.tt/3bETytK
Submitted November 04, 2021 at 07:47AM by philkk
via reddit https://ift.tt/2ZUpJmx
VESlocker: Hardware-grade PIN security API
https://veslocker.com
Submitted November 04, 2021 at 10:01AM by vesvault
via reddit https://ift.tt/3BIDTnM
https://veslocker.com
Submitted November 04, 2021 at 10:01AM by vesvault
via reddit https://ift.tt/3BIDTnM
reddit
VESlocker: Hardware-grade PIN security API
Posted in r/netsec by u/vesvault • 1 point and 0 comments
Finding and Fixing DOM-based XSS with Static Analysis
https://ift.tt/3nTKref
Submitted November 03, 2021 at 08:43PM by mozfreddyb
via reddit https://ift.tt/3q4uVPg
https://ift.tt/3nTKref
Submitted November 03, 2021 at 08:43PM by mozfreddyb
via reddit https://ift.tt/3q4uVPg
Attack & Defense
Finding and Fixing DOM-based XSS with Static Analysis
Despite all the efforts of fixing Cross-Site Scripting (XSS) on the web, it continuously ranks as one of the most dangerous security issues in software. In particular, DOM-based XSS is ...
WordPress and the new vulnerability Trojan Source (CVE-2021-42694 and CVE-2021-42574)
https://ift.tt/3q6tccv
Submitted November 04, 2021 at 08:40PM by jonas02
via reddit https://ift.tt/3o1rIxz
https://ift.tt/3q6tccv
Submitted November 04, 2021 at 08:40PM by jonas02
via reddit https://ift.tt/3o1rIxz
WPSec
WordPress and Trojan Source - WPSec
TL;DR: We have found no evidence that the new Trojan Source method has been used to sneak in backdoors in any of the WordPress plugins listed on WordPress.org (CVE-2021-42694 and CVE-2021-42574) A new vulnerability affecting the supply chain of Source Code…
Cloud Shadow Admins Revisited in Light of Nobelium
https://ift.tt/3wkm6Ci
Submitted November 04, 2021 at 10:39PM by jat0369
via reddit https://ift.tt/3GOEcRv
https://ift.tt/3wkm6Ci
Submitted November 04, 2021 at 10:39PM by jat0369
via reddit https://ift.tt/3GOEcRv
Cyberark
Cloud Shadow Admins Revisited in Light of Nobelium
A recently detected attack campaign involving threat actor Nobelium has caught our attention due to an attack vector our team has previously researched – Cloud Shadow Admins – that the adversary...
Widespread Security Risk Identified in Phones and Bluetooth Devices
https://ift.tt/3mJagOS
Submitted November 05, 2021 at 01:48PM by bunnyhoperornoter
via reddit https://ift.tt/3k96M6u
https://ift.tt/3mJagOS
Submitted November 05, 2021 at 01:48PM by bunnyhoperornoter
via reddit https://ift.tt/3k96M6u
IEEE Spectrum
Widespread Vulnerability Identified in Phones and Bluetooth Devices
Approximately 40 percent of mobile phones may be uniquely identified via Bluetooth signals
Chishing - An Emerging Threat to Business Chat Applications
https://ift.tt/31ywbQG
Submitted November 05, 2021 at 05:40PM by pizzahax
via reddit https://ift.tt/31yCIe9
https://ift.tt/31ywbQG
Submitted November 05, 2021 at 05:40PM by pizzahax
via reddit https://ift.tt/31yCIe9
Community-Driven Open Database of Vulnerability Exploitation inTheWild
https://inthewild.io/
Submitted November 05, 2021 at 07:41PM by 4lreadytekken
via reddit https://ift.tt/3C01NLH
https://inthewild.io/
Submitted November 05, 2021 at 07:41PM by 4lreadytekken
via reddit https://ift.tt/3C01NLH
reddit
Community-Driven Open Database of Vulnerability Exploitation inTheWild
Posted in r/netsec by u/4lreadytekken • 12 points and 9 comments
"Architecture 4001: x86-64 Intel Firmware Attack & Defense" free multi-day class
https://ift.tt/3q9oJpb
Submitted November 05, 2021 at 07:24PM by OpenSecurityTraining
via reddit https://ift.tt/3nV0use
https://ift.tt/3q9oJpb
Submitted November 05, 2021 at 07:24PM by OpenSecurityTraining
via reddit https://ift.tt/3nV0use
p.ost2.fyi
Architecture 4001: x86-64 Intel Firmware Attack & Defense
This class teaches Intel x86 reset vector firmware (aka BIOS). It requires you to have taken Arch1001, Arch2001, and Dbg1015.
A (free) Kubernetes Canarytoken - Get attackers to reveal themselves with a stray kubeconfig
https://ift.tt/3mK0Wdw
Submitted November 05, 2021 at 08:19PM by thinkst
via reddit https://ift.tt/3GTJxHl
https://ift.tt/3mK0Wdw
Submitted November 05, 2021 at 08:19PM by thinkst
via reddit https://ift.tt/3GTJxHl
Thinkst Thoughts
A Kubeconfig Canarytoken
Introducing the new Kubeconfig Canarytoken A while back we asked: “What will an attacker do if they find an AWS API key on your server?” (We are pretty convinced they will try to use it, and when t…
Threema: Three Strikes, You’re Out
https://ift.tt/3EHwAOM
Submitted November 05, 2021 at 09:35PM by moviuro
via reddit https://ift.tt/3mLbuJs
https://ift.tt/3EHwAOM
Submitted November 05, 2021 at 09:35PM by moviuro
via reddit https://ift.tt/3mLbuJs
Dhole Moments
Threema: Three Strikes, You’re Out - Dhole Moments
Threema boldly claims to be more secure than Signal. Does this hold up to scrutiny?
Why We Need mTLS in Kubernetes Service Meshes
https://ift.tt/3wnfLWz
Submitted November 05, 2021 at 09:30PM by chillysurfer
via reddit https://ift.tt/3EPAiGc
https://ift.tt/3wnfLWz
Submitted November 05, 2021 at 09:30PM by chillysurfer
via reddit https://ift.tt/3EPAiGc
Thomas Stringer
Why We Need mTLS in Kubernetes Service Meshes
One of the great features of service meshes in Kubernetes is the ability to have an out-of-the-box zero-application-changes solution that delivers a powerful security feature: mTLS (mutual Transport Layer Security). But… why do we need mTLS? It’s because…
show netsec: blint, a binary linter powered by lief
https://ift.tt/3CKTd4q
Submitted November 05, 2021 at 09:05PM by prabhus
via reddit https://ift.tt/3o1oXMv
https://ift.tt/3CKTd4q
Submitted November 05, 2021 at 09:05PM by prabhus
via reddit https://ift.tt/3o1oXMv
reddit
show netsec: blint, a binary linter powered by lief
Posted in r/netsec by u/prabhus • 1 point and 0 comments
Evaluating Physical-Layer BLE Location Tracking Attacks on Mobile Devices
https://ift.tt/3ESuvzV
Submitted November 05, 2021 at 10:38PM by dontbenebby
via reddit https://ift.tt/3ka74tR
https://ift.tt/3ESuvzV
Submitted November 05, 2021 at 10:38PM by dontbenebby
via reddit https://ift.tt/3ka74tR