VESlocker: Hardware-grade PIN security API
https://veslocker.com
Submitted November 04, 2021 at 10:01AM by vesvault
via reddit https://ift.tt/3BIDTnM
https://veslocker.com
Submitted November 04, 2021 at 10:01AM by vesvault
via reddit https://ift.tt/3BIDTnM
reddit
VESlocker: Hardware-grade PIN security API
Posted in r/netsec by u/vesvault • 1 point and 0 comments
Finding and Fixing DOM-based XSS with Static Analysis
https://ift.tt/3nTKref
Submitted November 03, 2021 at 08:43PM by mozfreddyb
via reddit https://ift.tt/3q4uVPg
https://ift.tt/3nTKref
Submitted November 03, 2021 at 08:43PM by mozfreddyb
via reddit https://ift.tt/3q4uVPg
Attack & Defense
Finding and Fixing DOM-based XSS with Static Analysis
Despite all the efforts of fixing Cross-Site Scripting (XSS) on the web, it continuously ranks as one of the most dangerous security issues in software. In particular, DOM-based XSS is ...
WordPress and the new vulnerability Trojan Source (CVE-2021-42694 and CVE-2021-42574)
https://ift.tt/3q6tccv
Submitted November 04, 2021 at 08:40PM by jonas02
via reddit https://ift.tt/3o1rIxz
https://ift.tt/3q6tccv
Submitted November 04, 2021 at 08:40PM by jonas02
via reddit https://ift.tt/3o1rIxz
WPSec
WordPress and Trojan Source - WPSec
TL;DR: We have found no evidence that the new Trojan Source method has been used to sneak in backdoors in any of the WordPress plugins listed on WordPress.org (CVE-2021-42694 and CVE-2021-42574) A new vulnerability affecting the supply chain of Source Code…
Cloud Shadow Admins Revisited in Light of Nobelium
https://ift.tt/3wkm6Ci
Submitted November 04, 2021 at 10:39PM by jat0369
via reddit https://ift.tt/3GOEcRv
https://ift.tt/3wkm6Ci
Submitted November 04, 2021 at 10:39PM by jat0369
via reddit https://ift.tt/3GOEcRv
Cyberark
Cloud Shadow Admins Revisited in Light of Nobelium
A recently detected attack campaign involving threat actor Nobelium has caught our attention due to an attack vector our team has previously researched – Cloud Shadow Admins – that the adversary...
Widespread Security Risk Identified in Phones and Bluetooth Devices
https://ift.tt/3mJagOS
Submitted November 05, 2021 at 01:48PM by bunnyhoperornoter
via reddit https://ift.tt/3k96M6u
https://ift.tt/3mJagOS
Submitted November 05, 2021 at 01:48PM by bunnyhoperornoter
via reddit https://ift.tt/3k96M6u
IEEE Spectrum
Widespread Vulnerability Identified in Phones and Bluetooth Devices
Approximately 40 percent of mobile phones may be uniquely identified via Bluetooth signals
Chishing - An Emerging Threat to Business Chat Applications
https://ift.tt/31ywbQG
Submitted November 05, 2021 at 05:40PM by pizzahax
via reddit https://ift.tt/31yCIe9
https://ift.tt/31ywbQG
Submitted November 05, 2021 at 05:40PM by pizzahax
via reddit https://ift.tt/31yCIe9
Community-Driven Open Database of Vulnerability Exploitation inTheWild
https://inthewild.io/
Submitted November 05, 2021 at 07:41PM by 4lreadytekken
via reddit https://ift.tt/3C01NLH
https://inthewild.io/
Submitted November 05, 2021 at 07:41PM by 4lreadytekken
via reddit https://ift.tt/3C01NLH
reddit
Community-Driven Open Database of Vulnerability Exploitation inTheWild
Posted in r/netsec by u/4lreadytekken • 12 points and 9 comments
"Architecture 4001: x86-64 Intel Firmware Attack & Defense" free multi-day class
https://ift.tt/3q9oJpb
Submitted November 05, 2021 at 07:24PM by OpenSecurityTraining
via reddit https://ift.tt/3nV0use
https://ift.tt/3q9oJpb
Submitted November 05, 2021 at 07:24PM by OpenSecurityTraining
via reddit https://ift.tt/3nV0use
p.ost2.fyi
Architecture 4001: x86-64 Intel Firmware Attack & Defense
This class teaches Intel x86 reset vector firmware (aka BIOS). It requires you to have taken Arch1001, Arch2001, and Dbg1015.
A (free) Kubernetes Canarytoken - Get attackers to reveal themselves with a stray kubeconfig
https://ift.tt/3mK0Wdw
Submitted November 05, 2021 at 08:19PM by thinkst
via reddit https://ift.tt/3GTJxHl
https://ift.tt/3mK0Wdw
Submitted November 05, 2021 at 08:19PM by thinkst
via reddit https://ift.tt/3GTJxHl
Thinkst Thoughts
A Kubeconfig Canarytoken
Introducing the new Kubeconfig Canarytoken A while back we asked: “What will an attacker do if they find an AWS API key on your server?” (We are pretty convinced they will try to use it, and when t…
Threema: Three Strikes, You’re Out
https://ift.tt/3EHwAOM
Submitted November 05, 2021 at 09:35PM by moviuro
via reddit https://ift.tt/3mLbuJs
https://ift.tt/3EHwAOM
Submitted November 05, 2021 at 09:35PM by moviuro
via reddit https://ift.tt/3mLbuJs
Dhole Moments
Threema: Three Strikes, You’re Out - Dhole Moments
Threema boldly claims to be more secure than Signal. Does this hold up to scrutiny?
Why We Need mTLS in Kubernetes Service Meshes
https://ift.tt/3wnfLWz
Submitted November 05, 2021 at 09:30PM by chillysurfer
via reddit https://ift.tt/3EPAiGc
https://ift.tt/3wnfLWz
Submitted November 05, 2021 at 09:30PM by chillysurfer
via reddit https://ift.tt/3EPAiGc
Thomas Stringer
Why We Need mTLS in Kubernetes Service Meshes
One of the great features of service meshes in Kubernetes is the ability to have an out-of-the-box zero-application-changes solution that delivers a powerful security feature: mTLS (mutual Transport Layer Security). But… why do we need mTLS? It’s because…
show netsec: blint, a binary linter powered by lief
https://ift.tt/3CKTd4q
Submitted November 05, 2021 at 09:05PM by prabhus
via reddit https://ift.tt/3o1oXMv
https://ift.tt/3CKTd4q
Submitted November 05, 2021 at 09:05PM by prabhus
via reddit https://ift.tt/3o1oXMv
reddit
show netsec: blint, a binary linter powered by lief
Posted in r/netsec by u/prabhus • 1 point and 0 comments
Evaluating Physical-Layer BLE Location Tracking Attacks on Mobile Devices
https://ift.tt/3ESuvzV
Submitted November 05, 2021 at 10:38PM by dontbenebby
via reddit https://ift.tt/3ka74tR
https://ift.tt/3ESuvzV
Submitted November 05, 2021 at 10:38PM by dontbenebby
via reddit https://ift.tt/3ka74tR
A Konami Code for Vuln Chaining Combos
https://ift.tt/31AjIMl
Submitted November 06, 2021 at 01:58AM by IndySecMan
via reddit https://ift.tt/3qclq0K
https://ift.tt/31AjIMl
Submitted November 06, 2021 at 01:58AM by IndySecMan
via reddit https://ift.tt/3qclq0K
Medium
A Konami Code for Vuln Chaining Combos
Automate finding relational vulnerabilities for a more accurate risk rating
Verizon SIMs open their own TCP/IP sessions. And other stuff.
https://ift.tt/3BQMjtg
Submitted November 06, 2021 at 03:23AM by dburgess000
via reddit https://ift.tt/3wiVmSF
https://ift.tt/3BQMjtg
Submitted November 06, 2021 at 03:23AM by dburgess000
via reddit https://ift.tt/3wiVmSF
Medium
More Proactive SIMs
AT&T inspired me to explore a little more.
How to exploit CVE-2021-40539 on ManageEngine ADSelfService Plus
https://ift.tt/3CVumek
Submitted November 06, 2021 at 06:56AM by scopedsecurity
via reddit https://ift.tt/31v34O1
https://ift.tt/3CVumek
Submitted November 06, 2021 at 06:56AM by scopedsecurity
via reddit https://ift.tt/31v34O1
Synacktiv
How to exploit CVE-2021-40539 on ManageEngine ADSelfService Plus
A detailed analysis of the STOP/Djvu Ransomware
https://ift.tt/3BRtENO
Submitted November 07, 2021 at 02:06AM by CyberMasterV
via reddit https://ift.tt/3bOiNtw
https://ift.tt/3BRtENO
Submitted November 07, 2021 at 02:06AM by CyberMasterV
via reddit https://ift.tt/3bOiNtw
reddit
A detailed analysis of the STOP/Djvu Ransomware
Posted in r/netsec by u/CyberMasterV • 107 points and 3 comments
crashmon - a CrashWrangler replacement based on LLDB. Supports Apple Silicon - @ant4g0nist
https://ift.tt/3bMcRBe
Submitted November 07, 2021 at 10:40PM by ant4g0nist
via reddit https://ift.tt/302sdiw
https://ift.tt/3bMcRBe
Submitted November 07, 2021 at 10:40PM by ant4g0nist
via reddit https://ift.tt/302sdiw
GitHub
GitHub - ant4g0nist/crashmon: crashmon - A LLDB Based replacement for CrashWrangler
crashmon - A LLDB Based replacement for CrashWrangler - GitHub - ant4g0nist/crashmon: crashmon - A LLDB Based replacement for CrashWrangler
Homebrew Package Manager Harden Script
https://ift.tt/3kho7ua
Submitted November 08, 2021 at 04:11AM by AtropineTearz
via reddit https://ift.tt/3EOaLgw
https://ift.tt/3kho7ua
Submitted November 08, 2021 at 04:11AM by AtropineTearz
via reddit https://ift.tt/3EOaLgw
GitHub
TheMacHardeningScripts/brew-harden.sh at main · AtropineTears/TheMacHardeningScripts
Scripts to secure and harden Mac OS X. Contribute to AtropineTears/TheMacHardeningScripts development by creating an account on GitHub.
Trawling Weird Google Autocompletes
https://ift.tt/3bO6kGb
Submitted November 08, 2021 at 11:10AM by Vimda
via reddit https://ift.tt/301GH1Q
https://ift.tt/3bO6kGb
Submitted November 08, 2021 at 11:10AM by Vimda
via reddit https://ift.tt/301GH1Q
Sinkingpoint
Trawling Weird Google Autocompletes
A while back, I noticed that whenever I typed https:// into the search bar in Firefox on my phone, Google would helpfully try and autocomplete my search with a number of random domains. This immediatly nerd sniped me, so I thought it might be interesting…
How SSL certificates are leaking sensitive information - Detectify Labs
https://ift.tt/3BMjwpB
Submitted November 08, 2021 at 01:28PM by intheclairdelune
via reddit https://ift.tt/3kcDvaT
https://ift.tt/3BMjwpB
Submitted November 08, 2021 at 01:28PM by intheclairdelune
via reddit https://ift.tt/3kcDvaT