Challenge-3 Weekly Cloud Security Challenge
https://ift.tt/O59lJ3t
Submitted February 22, 2022 at 11:19PM by 0xdeadbeef0000
via reddit https://ift.tt/REiaIMu
https://ift.tt/O59lJ3t
Submitted February 22, 2022 at 11:19PM by 0xdeadbeef0000
via reddit https://ift.tt/REiaIMu
reddit
Challenge-3 Weekly Cloud Security Challenge
Posted in r/netsec by u/0xdeadbeef0000 • 13 points and 0 comments
Cyrus SASL 2.1.28 has been released with SCRAM improvements and CVE fixes
https://ift.tt/aHW3Jfh
Submitted February 23, 2022 at 05:53AM by Neustradamus
via reddit https://ift.tt/prjcStz
https://ift.tt/aHW3Jfh
Submitted February 23, 2022 at 05:53AM by Neustradamus
via reddit https://ift.tt/prjcStz
reddit
Cyrus SASL 2.1.28 has been released with SCRAM improvements and...
Posted in r/netsec by u/Neustradamus • 3 points and 0 comments
You can still CSRF POST requests under the default browser SameSite cookie policy. How to jump through the required hoops.
https://ift.tt/lmc8TDz
Submitted February 23, 2022 at 06:16AM by MysteriousHotel3017
via reddit https://ift.tt/ZsrzLdD
https://ift.tt/lmc8TDz
Submitted February 23, 2022 at 06:16AM by MysteriousHotel3017
via reddit https://ift.tt/ZsrzLdD
reddit
You can still CSRF POST requests under the default browser...
Posted in r/netsec by u/MysteriousHotel3017 • 1 point and 0 comments
tmp.0ut Volume 2
https://tmpout.sh/2/
Submitted February 23, 2022 at 07:46AM by VVX7
via reddit https://ift.tt/Pm3zJIi
https://tmpout.sh/2/
Submitted February 23, 2022 at 07:46AM by VVX7
via reddit https://ift.tt/Pm3zJIi
reddit
tmp.0ut Volume 2
Posted in r/netsec by u/VVX7 • 1 point and 0 comments
Remote Code Execution in pfSense <= 2.5.2
https://ift.tt/KM4YRoP
Submitted February 23, 2022 at 07:36PM by smaury
via reddit https://ift.tt/Kd6035x
https://ift.tt/KM4YRoP
Submitted February 23, 2022 at 07:36PM by smaury
via reddit https://ift.tt/Kd6035x
Shielder
Shielder - Remote Code Execution in pfSense <= 2.5.2
pfSense <= 2.5.2 allows authenticated users to inject arbitrary sed-specific code, which leads to an Arbitrary File Write, resulting in a Remote Code Execution. The vulnerability is also exploitable through a Cross-Site Request Forgery.
The vulnerability research team @GitLab is introducing an open-source community-driven advisory database for third-party security dependencies
https://ift.tt/XOq5Yrj
Submitted February 23, 2022 at 10:12PM by howie1001
via reddit https://ift.tt/7rI19bk
https://ift.tt/XOq5Yrj
Submitted February 23, 2022 at 10:12PM by howie1001
via reddit https://ift.tt/7rI19bk
GitLab
Introducing a community-driven advisory database for third-party software dependencies
The advisory data can be readily adopted, adapted, and exchanged. Learn more here.
Automating bug bounties
https://ift.tt/7yVEbiH
Submitted February 24, 2022 at 03:52AM by pedro_benteveo
via reddit https://ift.tt/1sUa9L5
https://ift.tt/7yVEbiH
Submitted February 24, 2022 at 03:52AM by pedro_benteveo
via reddit https://ift.tt/1sUa9L5
Benteveo
Automating bug bounties — Benteveo
I have bad news. I first noticed this one day like any other, and once I noticed it, I couldn’t escape the reality. Hacking is boring. This may seem counter-intuitive at first. If you looked at your average hacker, they wouldn’t look bored. More like a mixture…
Logic Flaw Leading to RCE in Dynamicweb 9.5.0 - 9.12.7
https://ift.tt/5fQzcEy
Submitted February 24, 2022 at 06:44AM by Mempodipper
via reddit https://ift.tt/YXnZKk6
https://ift.tt/5fQzcEy
Submitted February 24, 2022 at 06:44AM by Mempodipper
via reddit https://ift.tt/YXnZKk6
Assetnote
Logic Flaw Leading to RCE in Dynamicweb 9.5.0 - 9.12.7
Application security issues found by Assetnote
The Bvp47 - a Top-tier Backdoor of US NSA Equation Group
https://ift.tt/Cnih1MY
Submitted February 24, 2022 at 03:10PM by eberkut
via reddit https://ift.tt/56ycbYN
https://ift.tt/Cnih1MY
Submitted February 24, 2022 at 03:10PM by eberkut
via reddit https://ift.tt/56ycbYN
www.pangulab.cn
The Bvp47 - a Top-tier Backdoor of US NSA Equation Group
Understanding Threat Actor’s by @berkdusunur
https://ift.tt/Pi4SoTR
Submitted February 25, 2022 at 12:15AM by EyeAccomplished5529
via reddit https://ift.tt/LBHgWnp
https://ift.tt/Pi4SoTR
Submitted February 25, 2022 at 12:15AM by EyeAccomplished5529
via reddit https://ift.tt/LBHgWnp
Medium
Understanding Threat Actors
Hello everyone. I am so excited to publish my second article in 2022 which is ‘Understanding Threat Actors’.
A Detailed Analysis of the LockBit Ransomware
https://ift.tt/0ci5NLs
Submitted February 25, 2022 at 01:19AM by CyberMasterV
via reddit https://ift.tt/nfIUe4o
https://ift.tt/0ci5NLs
Submitted February 25, 2022 at 01:19AM by CyberMasterV
via reddit https://ift.tt/nfIUe4o
HermeticWiper: What We Know About New Malware Targeting Ukrainian Infrastructure (Thus Far)
https://ift.tt/N1u7MQS
Submitted February 25, 2022 at 05:05AM by jat0369
via reddit https://ift.tt/WVb0qc8
https://ift.tt/N1u7MQS
Submitted February 25, 2022 at 05:05AM by jat0369
via reddit https://ift.tt/WVb0qc8
Cyberark
HermeticWiper: What We Know About New Malware Targeting Ukrainian Infrastructure (Thus Far)
As geopolitical tensions continue to mount, reports are emerging of a new wiper malware targeting Ukrainian infrastructure, such as government departments. Symantec and ESET research first tweeted...
BGP Security in 2021
https://ift.tt/DYm3JiX
Submitted February 25, 2022 at 08:23PM by danyork
via reddit https://ift.tt/yx4EnQi
https://ift.tt/DYm3JiX
Submitted February 25, 2022 at 08:23PM by danyork
via reddit https://ift.tt/yx4EnQi
reddit
BGP Security in 2021
Posted in r/netsec by u/danyork • 10 points and 0 comments
Catching bugs in VMware: Carbon Black Cloud Workload Appliance and vRealize Operations Manager
https://ift.tt/tnkd5G3
Submitted February 25, 2022 at 07:15PM by scopedsecurity
via reddit https://ift.tt/EMpYqoN
https://ift.tt/tnkd5G3
Submitted February 25, 2022 at 07:15PM by scopedsecurity
via reddit https://ift.tt/EMpYqoN
PT SWARM
Catching bugs in VMware: Carbon Black Cloud Workload Appliance and vRealize Operations Manager
Last year we found a lot of exciting vulnerabilities in VMware products. The vendor was notified and they have since been patched. This is the second part of our research. This article covers an Authentication Bypass in VMware Carbon Black Cloud Workload…
Pentest-tool: Simple and secure web deployment for pentest and redteam with simwigo
https://ift.tt/Vvxc2j9
Submitted February 26, 2022 at 12:10AM by B1che
via reddit https://ift.tt/zPl1JU2
https://ift.tt/Vvxc2j9
Submitted February 26, 2022 at 12:10AM by B1che
via reddit https://ift.tt/zPl1JU2
GitHub
GitHub - 8iche/simwigo: Simwigo is a cross-platform tool, written in Go, to simplify the deployment of a web service.
Simwigo is a cross-platform tool, written in Go, to simplify the deployment of a web service. - GitHub - 8iche/simwigo: Simwigo is a cross-platform tool, written in Go, to simplify the deployment o...
How to Decrypt the Files Encrypted by the Hive Ransomware
https://ift.tt/wAu2F8b
Submitted February 26, 2022 at 02:44AM by CyberMasterV
via reddit https://ift.tt/gexVkt8
https://ift.tt/wAu2F8b
Submitted February 26, 2022 at 02:44AM by CyberMasterV
via reddit https://ift.tt/gexVkt8
LIFARS, a SecurityScorecard company
How to Decrypt the Files Encrypted by the Hive Ransomware
South Korean researchers published an academic paper that presents a method to decrypt the files encrypted by the Hive Ransomware . This article How to Decrypt the Files Encrypted by the Hive Ransomware
The Ransomware Files podcast: In 2019, 23 cities in Texas were infected with the REvil ransomware in a huge attack. The cities recovered quickly but a MSP, whose ScreenConnect software was exploited, was irreparably damaged. It's a heartbreaking story that reveals the human cost of ransomware.
https://ift.tt/PrbN1Lk
Submitted February 26, 2022 at 06:59AM by ferrochron1
via reddit https://ift.tt/ryId5zi
https://ift.tt/PrbN1Lk
Submitted February 26, 2022 at 06:59AM by ferrochron1
via reddit https://ift.tt/ryId5zi
Anchor
The Ransomware Files • A podcast on Anchor
The Ransomware Files podcast tells the harrowing stories of technology experts who have fought back against ransomware, which is one of the greatest crime waves the internet has ever seen. It features in-the-trenches stories about how organisations recovered…
Fuzzing Network Servers with De-Socketing
https://ift.tt/K14UxrG
Submitted February 26, 2022 at 10:49PM by martinclauss
via reddit https://ift.tt/snXmtSW
https://ift.tt/K14UxrG
Submitted February 26, 2022 at 10:49PM by martinclauss
via reddit https://ift.tt/snXmtSW
GitHub
GitHub - fkie-cad/libdesock: A de-socketing library for fuzzing.
A de-socketing library for fuzzing. Contribute to fkie-cad/libdesock development by creating an account on GitHub.
ZDI-CAN-12671: Windows Kernel DoS/Privilege Escalation via a NULL Pointer Deref
https://ift.tt/pUn7vu4
Submitted February 27, 2022 at 09:03AM by yuhong
via reddit https://ift.tt/PORIfNz
https://ift.tt/pUn7vu4
Submitted February 27, 2022 at 09:03AM by yuhong
via reddit https://ift.tt/PORIfNz
Zero Day Initiative
Zero Day Initiative — ZDI-CAN-12671: Windows Kernel DoS/Privilege Escalation via a NULL Pointer Deref
You can find me on Twitter at @HexKitchen , and follow the team for the latest in exploit techniques and security patches.
Circumventing Deep Packet Inspection with Socat and rot13
https://ift.tt/oMLUxRT
Submitted February 27, 2022 at 01:46PM by jrj334
via reddit https://ift.tt/pWOKy5A
https://ift.tt/oMLUxRT
Submitted February 27, 2022 at 01:46PM by jrj334
via reddit https://ift.tt/pWOKy5A
Gist
Circumventing Deep Packet Inspection with Socat and rot13
Circumventing Deep Packet Inspection with Socat and rot13 - socat_caesar_dpi.md
Ukrainian Security Researcher Leaks Conti Ransomware Gang Data
https://ift.tt/vRha7Po
Submitted February 28, 2022 at 10:54AM by ferrochron1
via reddit https://ift.tt/JmDX0kV
https://ift.tt/vRha7Po
Submitted February 28, 2022 at 10:54AM by ferrochron1
via reddit https://ift.tt/JmDX0kV
Databreachtoday
Ukrainian Researcher Leaks Conti Ransomware Gang Data
A Ukrainian cybersecurity researcher has released a huge batch of data that came from the internal systems of the Conti ransomware gang. The researcher released the