CVE-2022-0811 : New Vulnerability in CRI-O Engine Lets Attackers Escape Kubernetes Containers
https://ift.tt/cCVaX8b
Submitted March 21, 2022 at 07:15AM by Late_Ice_9288
via reddit https://ift.tt/8027Zwj
https://ift.tt/cCVaX8b
Submitted March 21, 2022 at 07:15AM by Late_Ice_9288
via reddit https://ift.tt/8027Zwj
GitHub
GitHub is where people build software. More than 83 million people use GitHub to discover, fork, and contribute to over 200 million projects.
Shielder - Reversing embedded device bootloader (U-Boot) - p.2
https://ift.tt/ftHDBTG
Submitted March 21, 2022 at 05:47PM by smaury
via reddit https://ift.tt/a3D7Ne5
https://ift.tt/ftHDBTG
Submitted March 21, 2022 at 05:47PM by smaury
via reddit https://ift.tt/a3D7Ne5
Shielder
Shielder - Reversing embedded device bootloader (U-Boot) - p.2
In the course of these two articles, we will share an analysis of some aspects of reversing a low-level binary.
Unconstrained Delegation
https://ift.tt/lpmiGuq
Submitted March 21, 2022 at 11:53PM by netbiosX
via reddit https://ift.tt/HiEnXze
https://ift.tt/lpmiGuq
Submitted March 21, 2022 at 11:53PM by netbiosX
via reddit https://ift.tt/HiEnXze
Penetration Testing Lab
Unconstrained Delegation
Microsoft to support scenarios where users authenticate via Kerberos to one system and information needs to be updated on another system implemented unconstrained delegation. This was implemented i…
LAPSUS group claims to have hacked Okta
https://ift.tt/2Pq0uRL
Submitted March 22, 2022 at 11:35AM by kanben
via reddit https://ift.tt/iwsvU6P
https://ift.tt/2Pq0uRL
Submitted March 22, 2022 at 11:35AM by kanben
via reddit https://ift.tt/iwsvU6P
Nitter
MG (@_MG_)
Oh man, if this it what it looks (Okta got popped)… Blue Team everywhere is gonna be crazy busy.
RomHack 2022 CFP is Open!
https://ift.tt/fCuTRjF
Submitted March 22, 2022 at 12:04PM by smaury
via reddit https://ift.tt/yLik9bC
https://ift.tt/fCuTRjF
Submitted March 22, 2022 at 12:04PM by smaury
via reddit https://ift.tt/yLik9bC
Multiple Vulnerabilities in GARO Wallbox
https://ift.tt/7yYJhe0
Submitted March 22, 2022 at 06:13PM by eddit__plus
via reddit https://ift.tt/N7EsojS
https://ift.tt/7yYJhe0
Submitted March 22, 2022 at 06:13PM by eddit__plus
via reddit https://ift.tt/N7EsojS
GitHub
advisory/GARO at main · delikely/advisory
Vulnerability Discloses . Contribute to delikely/advisory development by creating an account on GitHub.
A journey into IoT - Unknown Chinese alarm - Part 1 - Discover components and ports
https://ift.tt/PQoR4Dr
Submitted March 22, 2022 at 08:18PM by 0xdea
via reddit https://ift.tt/dvOaTYo
https://ift.tt/PQoR4Dr
Submitted March 22, 2022 at 08:18PM by 0xdea
via reddit https://ift.tt/dvOaTYo
hn security
A journey into IoT - Unknown Chinese alarm - Part 1 - Discover components and ports - hn security
DISCLAIMER: as many other security researchers […]
OpenSSH phishing FIDO token protected keys (PoC)
https://ift.tt/MSYfoRT
Submitted March 22, 2022 at 09:06PM by ssh-mitm
via reddit https://ift.tt/teGLkxU
https://ift.tt/MSYfoRT
Submitted March 22, 2022 at 09:06PM by ssh-mitm
via reddit https://ift.tt/teGLkxU
docs.ssh-mitm.at
SSH-MITM Docs - Trivial Authentication
[CFP] Call for paper/tools/workshop for THREAT CON 2022 is now live
https://ift.tt/RrhOLdE
Submitted March 22, 2022 at 10:13PM by nyoface
via reddit https://ift.tt/8Ov1XDb
https://ift.tt/RrhOLdE
Submitted March 22, 2022 at 10:13PM by nyoface
via reddit https://ift.tt/8Ov1XDb
threatcon.io
Call for Papers (CFP) - THREAT CON 2022
THREAT CON is an initiative that aims to facilitate a gateway to standard practices and create a new development within the field of cybersecurity- for developers, security practitioners, IT administrators or anyone interested.
Microsoft: DEV-0537 (LAPSUS$) criminal actor targeting organizations for data exfiltration and destruction
https://ift.tt/xHiQg86
Submitted March 23, 2022 at 10:02AM by momothereal
via reddit https://ift.tt/miBjRSM
https://ift.tt/xHiQg86
Submitted March 23, 2022 at 10:02AM by momothereal
via reddit https://ift.tt/miBjRSM
Microsoft News
DEV-0537 criminal actor targeting organizations for data exfiltration and destruction
The activity we have observed has been attributed to a threat group that Microsoft tracks as DEV-0537, also known as LAPSUS$. DEV-0537 is known for using a pure extortion and destruction model without deploying ransomware payloads.
Ricochet reborn: We are building a user friendly TORChat (Ricochet) for GNU/Linux, MacOS and Windows
https://ift.tt/7nzwNj4
Submitted March 23, 2022 at 04:54AM by SpeekSecure
via reddit https://ift.tt/iG6Adw5
https://ift.tt/7nzwNj4
Submitted March 23, 2022 at 04:54AM by SpeekSecure
via reddit https://ift.tt/iG6Adw5
GitHub
GitHub - Speek-App/Speek: Privacy focused messenger that doesn't trust anyone with your identity, your contact list, or your communications
Privacy focused messenger that doesn't trust anyone with your identity, your contact list, or your communications - Speek-App/Speek
LTrack: Stealthy Tracking of Mobile Phones in LTE
https://ift.tt/iz5vMPw
Submitted March 23, 2022 at 05:28PM by rbarkley
via reddit https://ift.tt/rl2ieST
https://ift.tt/iz5vMPw
Submitted March 23, 2022 at 05:28PM by rbarkley
via reddit https://ift.tt/rl2ieST
Reddit
From the netsec community on Reddit: LTrack: Stealthy Tracking of Mobile Phones in LTE
Posted by rbarkley - 17 votes and 4 comments
Large-scale npm attack targets Azure developers with malicious packages
https://ift.tt/KCe7JMy
Submitted March 23, 2022 at 11:21PM by SRMish3
via reddit https://ift.tt/XYrlU8C
https://ift.tt/KCe7JMy
Submitted March 23, 2022 at 11:21PM by SRMish3
via reddit https://ift.tt/XYrlU8C
JFrog
Large-scale npm attack targets Azure developers with malicious packages
JFrog discovers hundreds of npm malicious packages in a large-scale typosquatting attack designed to steal PII from Azure developers. Find out more >
GitHub - Developers Support Ukraine
https://ift.tt/xkGS5Dg
Submitted March 23, 2022 at 11:08PM by ssh-mitm
via reddit https://ift.tt/nHNhdbY
https://ift.tt/xkGS5Dg
Submitted March 23, 2022 at 11:08PM by ssh-mitm
via reddit https://ift.tt/nHNhdbY
GitHub
GitHub - support-ukraine/support-ukraine
Contribute to support-ukraine/support-ukraine development by creating an account on GitHub.
I've heard someone here might be interested in virus(ransomware) samples. I'd like to know what this is or what to do about it.
https://ift.tt/KZDBRS3
Submitted March 24, 2022 at 12:21AM by TarnaBar
via reddit https://ift.tt/cy4sm0A
https://ift.tt/KZDBRS3
Submitted March 24, 2022 at 12:21AM by TarnaBar
via reddit https://ift.tt/cy4sm0A
CVE-2022-24415, CVE-2022-24416, CVE-2022-24419, CVE-2022-24420, CVE-2022-24421 : New Dell BIOS Bugs Affect Millions of Inspiron, Vostro, XPS, Alienware Systems
https://ift.tt/829ogO0
Submitted March 24, 2022 at 07:20AM by Late_Ice_9288
via reddit https://ift.tt/m7BcZR8
https://ift.tt/829ogO0
Submitted March 24, 2022 at 07:20AM by Late_Ice_9288
via reddit https://ift.tt/m7BcZR8
reddit
CVE-2022-24415, CVE-2022-24416, CVE-2022-24419, CVE-2022-24420,...
Posted in r/netsec by u/Late_Ice_9288 • 1 point and 0 comments
Remote Code Execution on Western Digital PR4100 NAS (CVE-2022-23121)
https://ift.tt/pMiONcs
Submitted March 24, 2022 at 06:50PM by digicat
via reddit https://ift.tt/mWqaKpX
https://ift.tt/pMiONcs
Submitted March 24, 2022 at 06:50PM by digicat
via reddit https://ift.tt/mWqaKpX
NCC Group Research Blog
Remote Code Execution on Western Digital PR4100 NAS (CVE-2022-23121)
This blog post describes an unchecked return value vulnerability found and exploited in September 2021 by Alex Plaskett, Cedric Halbronn and Aaron Adams working at the Exploit Development Group (ED…
LAPSUS$ ringleader suspected to be 16-year-old British teen
https://ift.tt/BALKoMC
Submitted March 24, 2022 at 06:57PM by PM_ME_YOUR_PC_DEALS
via reddit https://ift.tt/8ewAEin
https://ift.tt/BALKoMC
Submitted March 24, 2022 at 06:57PM by PM_ME_YOUR_PC_DEALS
via reddit https://ift.tt/8ewAEin
WePC
LAPSUS$ ringleader suspected to be 16-year-old British teen
The hacking group LAPSUS$ has been making waves across the technology industry over the past few months, the new group, thought to be a collective of
Another vulnerability in the LPC55S69 ROM
https://ift.tt/zeaNdo3
Submitted March 25, 2022 at 12:31AM by mckirk_
via reddit https://ift.tt/GZjUDg9
https://ift.tt/zeaNdo3
Submitted March 25, 2022 at 12:31AM by mckirk_
via reddit https://ift.tt/GZjUDg9
Oxide
Oxide / Another vulnerability in the LPC55S69 ROM
The discovery of an undocumented hardware block in the LPC55S69
Heap Overflow in OpenBSD's slaacd via Router Advertisement
https://ift.tt/aODymTj
Submitted March 25, 2022 at 07:18AM by Gallus
via reddit https://ift.tt/fkH5deX
https://ift.tt/aODymTj
Submitted March 25, 2022 at 07:18AM by Gallus
via reddit https://ift.tt/fkH5deX
Quarkslab
Heap Overflow in OpenBSD's slaacd via Router Advertisement
Video - SSH Phishing attack on FIDO protected ssh keys
https://ift.tt/ejtEYNx
Submitted March 25, 2022 at 04:58PM by ssh-mitm
via reddit https://ift.tt/KGbX67n
https://ift.tt/ejtEYNx
Submitted March 25, 2022 at 04:58PM by ssh-mitm
via reddit https://ift.tt/KGbX67n
Vimeo
DS21 - 217 - Manfred Kaiser - SSH spoofing attack on FIDO2 Devices in Combination with Agent Forwarding
With OpenSSH 8.5 agent forwarding was implemented for SFTP and SCP to allow remote copy operations. Agent forwarding has already been considered a security risk…