Cisco Security Advisory: Cisco Wireless LAN Controller Management Interface Authentication Bypass Vulnerability
https://ift.tt/Stu3RFU
Submitted April 15, 2022 at 05:28AM by ghost-train
via reddit https://ift.tt/sagheRP
https://ift.tt/Stu3RFU
Submitted April 15, 2022 at 05:28AM by ghost-train
via reddit https://ift.tt/sagheRP
Cisco
Cisco Security Advisory: Cisco Wireless LAN Controller Management Interface Authentication Bypass Vulnerability
A vulnerability in the authentication functionality of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to bypass authentication controls and log in to the device through the management interface
This vulnerability…
This vulnerability…
Blinding Snort: Breaking the Modbus OT Preprocessor
https://ift.tt/MbzWjnV
Submitted April 15, 2022 at 01:25AM by derp6996
via reddit https://ift.tt/F6U7mNy
https://ift.tt/MbzWjnV
Submitted April 15, 2022 at 01:25AM by derp6996
via reddit https://ift.tt/F6U7mNy
Claroty
Blinding Snort IDS/IPS: Breaking the Modbus OT Preprocessor
Team82 discovered a means by which it could blind the popular Snort intrusion detection and prevention system to malicious packets. Learn more with Claroty.
iViewed your API keys
https://ift.tt/PsOhi4p
Submitted April 15, 2022 at 06:28PM by Gallus
via reddit https://ift.tt/3MEgD8Q
https://ift.tt/PsOhi4p
Submitted April 15, 2022 at 06:28PM by Gallus
via reddit https://ift.tt/3MEgD8Q
Duale Siad
iViewed your API keys
Reporting on a security issue on ABC's iView.
Turncoat - Extract private messages from malware/phishing Telegram Bots
https://ift.tt/0KU8HEp
Submitted April 15, 2022 at 08:12PM by DoOrDieCalm
via reddit https://ift.tt/zjS96iW
https://ift.tt/0KU8HEp
Submitted April 15, 2022 at 08:12PM by DoOrDieCalm
via reddit https://ift.tt/zjS96iW
GitHub
GitHub - DODC/turncoat
Contribute to DODC/turncoat development by creating an account on GitHub.
New tool to exploit TURN servers - create a socks proxy into the internal network
https://ift.tt/ovtzBCd
Submitted April 15, 2022 at 11:04PM by FireFart
via reddit https://ift.tt/UbpgT40
https://ift.tt/ovtzBCd
Submitted April 15, 2022 at 11:04PM by FireFart
via reddit https://ift.tt/UbpgT40
GitHub
GitHub - firefart/stunner: Stunner is a tool to test and exploit STUN, TURN and TURN over TCP servers.
Stunner is a tool to test and exploit STUN, TURN and TURN over TCP servers. - GitHub - firefart/stunner: Stunner is a tool to test and exploit STUN, TURN and TURN over TCP servers.
Multiple Vulnerabilities in Cisco Expressway
https://ift.tt/AoNs6Le
Submitted April 15, 2022 at 11:01PM by FireFart
via reddit https://ift.tt/RIW9Bgu
https://ift.tt/AoNs6Le
Submitted April 15, 2022 at 11:01PM by FireFart
via reddit https://ift.tt/RIW9Bgu
firefart
Multiple Vulnerabilities in Cisco Expressway
Some time ago I stumbled across a [HackerOne report](https://hackerone.com/reports/333419) about abusing Slacks TURN server for proxy functionality inside their internal network. I found this interesting and decided to take a look at our videoconferencing…
PYSA Ransomware Group Technical Analysis
https://ift.tt/w5taY2P
Submitted April 16, 2022 at 02:33AM by wtfse
via reddit https://ift.tt/MUw74us
https://ift.tt/w5taY2P
Submitted April 16, 2022 at 02:33AM by wtfse
via reddit https://ift.tt/MUw74us
[Techmonitor.ai] Failed cyberattack on Ukraine's electricity grid could indicate Russia's growing willingness to attack critical infrastructure
https://ift.tt/8Ob1Uij
Submitted April 16, 2022 at 02:25AM by NoStarchPress
via reddit https://ift.tt/r6adhtM
https://ift.tt/8Ob1Uij
Submitted April 16, 2022 at 02:25AM by NoStarchPress
via reddit https://ift.tt/r6adhtM
Tech Monitor
Ukraine electricity grid cyberattack: More destructive attacks may follow
A failed cyberattack on Ukraine's electricity grid could indicate Russia's growing willingness to attack critical infrastructure.
GitHub: Security alert - Attack campaign involving stolen OAuth user tokens issued to two third-party integrators (Heroku and Travis CI)
https://ift.tt/oBUuPEG
Submitted April 16, 2022 at 06:49AM by DAMNIT_RENZO
via reddit https://ift.tt/Cv2p1DQ
https://ift.tt/oBUuPEG
Submitted April 16, 2022 at 06:49AM by DAMNIT_RENZO
via reddit https://ift.tt/Cv2p1DQ
The GitHub Blog
Security alert: Attack campaign involving stolen OAuth user tokens issued to two third-party integrators | The GitHub Blog
On April 12, GitHub Security began an investigation that uncovered evidence that an attacker abused stolen OAuth user tokens issued to two third-party OAuth integrators, Heroku and Travis-CI, to download data from dozens of organizations, including npm. Read…
Industroyer2: The Worst Sequel
https://ift.tt/dJ7NtUK
Submitted April 16, 2022 at 06:11PM by entropydaemon5
via reddit https://ift.tt/0lwBmHg
https://ift.tt/dJ7NtUK
Submitted April 16, 2022 at 06:11PM by entropydaemon5
via reddit https://ift.tt/0lwBmHg
Medium
Industroyer2: The Worst Sequel
Background:
Spock SLAF is a Shared Library for Application Firewall "SLAF". It has the purpose to protect any service that uses the OpenSSL library. The SLAF inserts hooking to intercept all communication to detect security anomalies and block and log attacks.
https://ift.tt/dsHhklw
Submitted April 17, 2022 at 07:05AM by CoolerVoid
via reddit https://ift.tt/6ZYWaqL
https://ift.tt/dsHhklw
Submitted April 17, 2022 at 07:05AM by CoolerVoid
via reddit https://ift.tt/6ZYWaqL
GitHub
GitHub - CoolerVoid/spock_slaf: Spock is a shared library that hooks OpenSSL to detect, block and log attacks like buffer overflow…
Spock is a shared library that hooks OpenSSL to detect, block and log attacks like buffer overflow, path traversal, XXE and SQL injection. - GitHub - CoolerVoid/spock_slaf: Spock is a shared librar...
Packets Remystified: Broadcast Brujería
https://ift.tt/Px0HoX1
Submitted April 17, 2022 at 11:58AM by 0xdea
via reddit https://ift.tt/8wDUOPZ
https://ift.tt/Px0HoX1
Submitted April 17, 2022 at 11:58AM by 0xdea
via reddit https://ift.tt/8wDUOPZ
GitHub
protocols/broadcast_brujeria at main · netspooky/protocols
Contribute to netspooky/protocols development by creating an account on GitHub.
Semgrep rules for smart contracts based on DeFi exploits
https://ift.tt/1Gnh48T
Submitted April 18, 2022 at 12:58AM by iterablewords
via reddit https://ift.tt/5IluJPX
https://ift.tt/1Gnh48T
Submitted April 18, 2022 at 12:58AM by iterablewords
via reddit https://ift.tt/5IluJPX
GitHub
GitHub - Decurity/semgrep-smart-contracts: Semgrep rules for smart contracts based on DeFi exploits
Semgrep rules for smart contracts based on DeFi exploits - GitHub - Decurity/semgrep-smart-contracts: Semgrep rules for smart contracts based on DeFi exploits
THCon CTF Writeup - SHA-1 exploitation, PHP LFI and RCE
https://ift.tt/xHgdm0v
Submitted April 18, 2022 at 02:35AM by GuyLewin
via reddit https://ift.tt/ciPzyYh
https://ift.tt/xHgdm0v
Submitted April 18, 2022 at 02:35AM by GuyLewin
via reddit https://ift.tt/ciPzyYh
Guy Lewin’s Blog
THCon 2k22 CTF - “Local Card Maker” Writeup
I participated in THCon 2k22 CTF and amongst the incredible “web” challenges - my favorite was “Local Card Maker” (made by jrjgjk). In this post I’ll describe the challenge and my step-by-step solution.
Was this Russian Malware Actually a Ukrainian Inside Job? You decide
https://ift.tt/6rNzR5Y
Submitted April 19, 2022 at 02:02AM by entropydaemon5
via reddit https://ift.tt/8CT3Sfk
https://ift.tt/6rNzR5Y
Submitted April 19, 2022 at 02:02AM by entropydaemon5
via reddit https://ift.tt/8CT3Sfk
Medium
Industroyer2: The Worst Sequel
Background:
MITRE Engenuity ATT&CK results are out
https://ift.tt/XNLQcY9
Submitted April 19, 2022 at 04:45AM by DanielWalker12
via reddit https://ift.tt/gETJZjK
https://ift.tt/XNLQcY9
Submitted April 19, 2022 at 04:45AM by DanielWalker12
via reddit https://ift.tt/gETJZjK
CVE-2022-26809 : Remote Procedure Call Runtime Vulnerability
https://ift.tt/v4enwsW
Submitted April 19, 2022 at 07:23AM by Late_Ice_9288
via reddit https://ift.tt/a4VSqMR
https://ift.tt/v4enwsW
Submitted April 19, 2022 at 07:23AM by Late_Ice_9288
via reddit https://ift.tt/a4VSqMR
reddit
CVE-2022-26809 : Remote Procedure Call Runtime Vulnerability
Posted in r/netsec by u/Late_Ice_9288 • 4 points and 0 comments
Good hacking tool ressources and review.
https://ift.tt/tqZiTUa
Submitted April 19, 2022 at 10:25AM by subrealz
via reddit https://ift.tt/dk7a3eV
https://ift.tt/tqZiTUa
Submitted April 19, 2022 at 10:25AM by subrealz
via reddit https://ift.tt/dk7a3eV
Quora
Pentester Club Pvt Ltd
Learn Financial Instuments and Ethicla hacking more techniques
Is this real? How it's done? (programs, methods, etc...)
https://ift.tt/CUdHGiE
Submitted April 19, 2022 at 02:03PM by kali_Error
via reddit https://ift.tt/cVml7J6
https://ift.tt/CUdHGiE
Submitted April 19, 2022 at 02:03PM by kali_Error
via reddit https://ift.tt/cVml7J6
Exploiting, detecting, and correcting IAM security misconfigurations
https://ift.tt/Fq9UOKA
Submitted April 19, 2022 at 04:54PM by MiguelHzBz
via reddit https://ift.tt/4eZyh5I
https://ift.tt/Fq9UOKA
Submitted April 19, 2022 at 04:54PM by MiguelHzBz
via reddit https://ift.tt/4eZyh5I
ADMIN Magazine
IAM Security Misconfigurations » ADMIN Magazine
Teaching Burp a new HTTP Transport Encoding
https://ift.tt/j26c8El
Submitted April 19, 2022 at 07:23PM by 0xdea
via reddit https://ift.tt/H3OLZbp
https://ift.tt/j26c8El
Submitted April 19, 2022 at 07:23PM by 0xdea
via reddit https://ift.tt/H3OLZbp
Pentagrid AG
Teaching Burp a new HTTP Transport Encoding