VMware Workspace ONE Access, Identity Manager and vRealize Automation updates address multiple vulnerabilities.

SpiderFoot automates OSINT for threat intelligence and mapping your attack surface. - spiderfoot/README.md at master · smicallef/spiderfoot

Cado Labs routinely analyses cloud environments to look for the latest threats. As part of ongoing research, we found the first publicly-known case of malware specifically designed to execute in an AWS Lambda environment. We named this malware Denonia, after…

A fully automated, reliable, and accurate scanner for finding Spring4Shell and Spring Cloud RCE vulnerabilities - GitHub - fullhunt/spring4shell-scan: A fully automated, reliable, and accurate scan...

PCI Security Standards Council publishes the PCI Data Security Standard v4.0- view resources for the Standard here.

Posted in r/netsec by u/eg1x • 61 points and 1 comment

Exploiting CVE-2022-0778 in a WebRTC context requires that you get a few things right first. But once that is sorted, DoS (in RTC) is the new RCE!

After Russia’s invasion of Ukraine, it has created a new certificate authority to support sanctioned organizations.

How do you retain those cybersecurity professionals you already have on the team. How do you keep them engaged and challenged?

I decided to post a short write-up on this MSRC case as this case was first one I worked with co-contributor @KimJamia Consent hack timeline Initial submission Q1 2022Microsoft proactively addresse…

crawls the website and finds broken social media links that can be hijacked - GitHub - utkusen/socialhunter: crawls the website and finds broken social media links that can be hijacked

Sometimes you are asked to perform a firewall analysis to determine if the configuration can be improved upon to reduce the ability for an attacker to move laterally through the network or identify…

“Humans are more suited to recognize […]

A deliberately vulnerable CI/CD environment. Learn CI/CD security through multiple challenges. - GitHub - cider-security-research/cicd-goat: A deliberately vulnerable CI/CD environment. Learn CI/CD...

Lightspin obtains credentials to an internal AWS service by exploiting a local file read vulnerability on the RDS EC2 instance using the log_fdw extension.

The AWS VPN Client application is affected by an arbitrary file write as SYSTEM, which can lead to privilege escalation.

A few months ago I noticed the gadget in my previous article had been patched and no longer worked in Ruby 3.0.3, so I spent a bit of time dusting off the old tools to see if I could find another one.

Team Nautilus discovered & analyzed two npm flaws related to 2FA that can allow attackers to target packages for account takeover & supply chain attacks

Background: