[Techmonitor.ai] Failed cyberattack on Ukraine's electricity grid could indicate Russia's growing willingness to attack critical infrastructure
https://ift.tt/8Ob1Uij
Submitted April 16, 2022 at 02:25AM by NoStarchPress
via reddit https://ift.tt/r6adhtM
https://ift.tt/8Ob1Uij
Submitted April 16, 2022 at 02:25AM by NoStarchPress
via reddit https://ift.tt/r6adhtM
Tech Monitor
Ukraine electricity grid cyberattack: More destructive attacks may follow
A failed cyberattack on Ukraine's electricity grid could indicate Russia's growing willingness to attack critical infrastructure.
GitHub: Security alert - Attack campaign involving stolen OAuth user tokens issued to two third-party integrators (Heroku and Travis CI)
https://ift.tt/oBUuPEG
Submitted April 16, 2022 at 06:49AM by DAMNIT_RENZO
via reddit https://ift.tt/Cv2p1DQ
https://ift.tt/oBUuPEG
Submitted April 16, 2022 at 06:49AM by DAMNIT_RENZO
via reddit https://ift.tt/Cv2p1DQ
The GitHub Blog
Security alert: Attack campaign involving stolen OAuth user tokens issued to two third-party integrators | The GitHub Blog
On April 12, GitHub Security began an investigation that uncovered evidence that an attacker abused stolen OAuth user tokens issued to two third-party OAuth integrators, Heroku and Travis-CI, to download data from dozens of organizations, including npm. Read…
Industroyer2: The Worst Sequel
https://ift.tt/dJ7NtUK
Submitted April 16, 2022 at 06:11PM by entropydaemon5
via reddit https://ift.tt/0lwBmHg
https://ift.tt/dJ7NtUK
Submitted April 16, 2022 at 06:11PM by entropydaemon5
via reddit https://ift.tt/0lwBmHg
Medium
Industroyer2: The Worst Sequel
Background:
Spock SLAF is a Shared Library for Application Firewall "SLAF". It has the purpose to protect any service that uses the OpenSSL library. The SLAF inserts hooking to intercept all communication to detect security anomalies and block and log attacks.
https://ift.tt/dsHhklw
Submitted April 17, 2022 at 07:05AM by CoolerVoid
via reddit https://ift.tt/6ZYWaqL
https://ift.tt/dsHhklw
Submitted April 17, 2022 at 07:05AM by CoolerVoid
via reddit https://ift.tt/6ZYWaqL
GitHub
GitHub - CoolerVoid/spock_slaf: Spock is a shared library that hooks OpenSSL to detect, block and log attacks like buffer overflow…
Spock is a shared library that hooks OpenSSL to detect, block and log attacks like buffer overflow, path traversal, XXE and SQL injection. - GitHub - CoolerVoid/spock_slaf: Spock is a shared librar...
Packets Remystified: Broadcast Brujería
https://ift.tt/Px0HoX1
Submitted April 17, 2022 at 11:58AM by 0xdea
via reddit https://ift.tt/8wDUOPZ
https://ift.tt/Px0HoX1
Submitted April 17, 2022 at 11:58AM by 0xdea
via reddit https://ift.tt/8wDUOPZ
GitHub
protocols/broadcast_brujeria at main · netspooky/protocols
Contribute to netspooky/protocols development by creating an account on GitHub.
Semgrep rules for smart contracts based on DeFi exploits
https://ift.tt/1Gnh48T
Submitted April 18, 2022 at 12:58AM by iterablewords
via reddit https://ift.tt/5IluJPX
https://ift.tt/1Gnh48T
Submitted April 18, 2022 at 12:58AM by iterablewords
via reddit https://ift.tt/5IluJPX
GitHub
GitHub - Decurity/semgrep-smart-contracts: Semgrep rules for smart contracts based on DeFi exploits
Semgrep rules for smart contracts based on DeFi exploits - GitHub - Decurity/semgrep-smart-contracts: Semgrep rules for smart contracts based on DeFi exploits
THCon CTF Writeup - SHA-1 exploitation, PHP LFI and RCE
https://ift.tt/xHgdm0v
Submitted April 18, 2022 at 02:35AM by GuyLewin
via reddit https://ift.tt/ciPzyYh
https://ift.tt/xHgdm0v
Submitted April 18, 2022 at 02:35AM by GuyLewin
via reddit https://ift.tt/ciPzyYh
Guy Lewin’s Blog
THCon 2k22 CTF - “Local Card Maker” Writeup
I participated in THCon 2k22 CTF and amongst the incredible “web” challenges - my favorite was “Local Card Maker” (made by jrjgjk). In this post I’ll describe the challenge and my step-by-step solution.
Was this Russian Malware Actually a Ukrainian Inside Job? You decide
https://ift.tt/6rNzR5Y
Submitted April 19, 2022 at 02:02AM by entropydaemon5
via reddit https://ift.tt/8CT3Sfk
https://ift.tt/6rNzR5Y
Submitted April 19, 2022 at 02:02AM by entropydaemon5
via reddit https://ift.tt/8CT3Sfk
Medium
Industroyer2: The Worst Sequel
Background:
MITRE Engenuity ATT&CK results are out
https://ift.tt/XNLQcY9
Submitted April 19, 2022 at 04:45AM by DanielWalker12
via reddit https://ift.tt/gETJZjK
https://ift.tt/XNLQcY9
Submitted April 19, 2022 at 04:45AM by DanielWalker12
via reddit https://ift.tt/gETJZjK
CVE-2022-26809 : Remote Procedure Call Runtime Vulnerability
https://ift.tt/v4enwsW
Submitted April 19, 2022 at 07:23AM by Late_Ice_9288
via reddit https://ift.tt/a4VSqMR
https://ift.tt/v4enwsW
Submitted April 19, 2022 at 07:23AM by Late_Ice_9288
via reddit https://ift.tt/a4VSqMR
reddit
CVE-2022-26809 : Remote Procedure Call Runtime Vulnerability
Posted in r/netsec by u/Late_Ice_9288 • 4 points and 0 comments
Good hacking tool ressources and review.
https://ift.tt/tqZiTUa
Submitted April 19, 2022 at 10:25AM by subrealz
via reddit https://ift.tt/dk7a3eV
https://ift.tt/tqZiTUa
Submitted April 19, 2022 at 10:25AM by subrealz
via reddit https://ift.tt/dk7a3eV
Quora
Pentester Club Pvt Ltd
Learn Financial Instuments and Ethicla hacking more techniques
Is this real? How it's done? (programs, methods, etc...)
https://ift.tt/CUdHGiE
Submitted April 19, 2022 at 02:03PM by kali_Error
via reddit https://ift.tt/cVml7J6
https://ift.tt/CUdHGiE
Submitted April 19, 2022 at 02:03PM by kali_Error
via reddit https://ift.tt/cVml7J6
Exploiting, detecting, and correcting IAM security misconfigurations
https://ift.tt/Fq9UOKA
Submitted April 19, 2022 at 04:54PM by MiguelHzBz
via reddit https://ift.tt/4eZyh5I
https://ift.tt/Fq9UOKA
Submitted April 19, 2022 at 04:54PM by MiguelHzBz
via reddit https://ift.tt/4eZyh5I
ADMIN Magazine
IAM Security Misconfigurations » ADMIN Magazine
Teaching Burp a new HTTP Transport Encoding
https://ift.tt/j26c8El
Submitted April 19, 2022 at 07:23PM by 0xdea
via reddit https://ift.tt/H3OLZbp
https://ift.tt/j26c8El
Submitted April 19, 2022 at 07:23PM by 0xdea
via reddit https://ift.tt/H3OLZbp
Pentagrid AG
Teaching Burp a new HTTP Transport Encoding
Shielder - Printing Fake Fiscal Receipts - An Italian Job p.1
https://ift.tt/cFMbtd7
Submitted April 19, 2022 at 11:20PM by smaury
via reddit https://ift.tt/Jbdhn1r
https://ift.tt/cFMbtd7
Submitted April 19, 2022 at 11:20PM by smaury
via reddit https://ift.tt/Jbdhn1r
Shielder
Shielder - Printing Fake Fiscal Receipts - An Italian Job p.1
Reverse engineering and analysis of a fiscal printer device for fun and (real) profit.
US Govt Cloud Security Needs ("SCuBA"): including Technical Reference Architecture and Extensible Visibility Reference Framework (eVRF) Guidebook links
https://ift.tt/NbZtCRg
Submitted April 20, 2022 at 03:11AM by ScottContini
via reddit https://ift.tt/LJPmK4C
https://ift.tt/NbZtCRg
Submitted April 20, 2022 at 03:11AM by ScottContini
via reddit https://ift.tt/LJPmK4C
www.cisa.gov
“SCuBA”? It means better visibility, standards and security practices for government cloud | CISA
In recent years, the federal government has leveraged cloud-based software and platform services as a means for greater capacity and accessibility as well as for good financial stewardship. However, moving to the cloud can introduce new types of risks if…
AWS's Log4Shell HotPatch Vulnerable to Container Escape and Privilige Escalation
https://ift.tt/TyX7mVU
Submitted April 20, 2022 at 04:20AM by YuvalAvra
via reddit https://ift.tt/r83tHId
https://ift.tt/TyX7mVU
Submitted April 20, 2022 at 04:20AM by YuvalAvra
via reddit https://ift.tt/r83tHId
Unit 42
AWS's Log4Shell Hot Patch Vulnerable to Container Escape and Privilege Escalation
We identified severe security issues within AWS Log4Shell hot patch solutions. We provide a root cause analysis and overview of fixes and mitigations.
CVE-2022-21449: Psychic Signatures in Java
https://ift.tt/jyCP5bv
Submitted April 20, 2022 at 07:26AM by Gallus
via reddit https://ift.tt/cwSgo5P
https://ift.tt/jyCP5bv
Submitted April 20, 2022 at 07:26AM by Gallus
via reddit https://ift.tt/cwSgo5P
Neil Madden
CVE-2022-21449: Psychic Signatures in Java
The long-running BBC sci-fi show Doctor Who has a recurring plot device where the Doctor manages to get out of trouble by showing an identity card which is actually completely blank. Of course, thi…
A Detailed Analysis of The SunCrypt Ransomware
https://ift.tt/gD9drIO
Submitted April 20, 2022 at 10:30PM by CyberMasterV
via reddit https://ift.tt/LJjFYib
https://ift.tt/gD9drIO
Submitted April 20, 2022 at 10:30PM by CyberMasterV
via reddit https://ift.tt/LJjFYib
SecurityScorecard
10 Ransomware Examples from Recent High-Impact Attacks
Learn from 10 major ransomware examples that disrupted organizations worldwide. Understand attack methods and strengthen your cyber defenses.
SSRF Attack Examples and Mitigations
https://ift.tt/7SZFTap
Submitted April 20, 2022 at 09:52PM by benarent
via reddit https://ift.tt/a1uEwjN
https://ift.tt/7SZFTap
Submitted April 20, 2022 at 09:52PM by benarent
via reddit https://ift.tt/a1uEwjN
Goteleport
How to prevent ssrf attack
Understanding Server-Side Request Forgery (SSRF), vulnerabilities and mitigations.
Threat Hunting for Phishing Pages
https://ift.tt/UpGf5mI
Submitted April 21, 2022 at 12:41AM by mstfknn
via reddit https://ift.tt/cr47eMZ
https://ift.tt/UpGf5mI
Submitted April 21, 2022 at 12:41AM by mstfknn
via reddit https://ift.tt/cr47eMZ
BRANDEFENSE
Threat Hunting For Phishing Pages - BRANDEFENSE
This article will discuss various techniques for catching phishing pages and the main purposes of bad actors.