Targeted attack on industrial enterprises and public institutions [Kaspersky]
https://ift.tt/Yog0OBN
Submitted August 08, 2022 at 08:38PM by EspoJ
via reddit https://ift.tt/U7m8QYR
https://ift.tt/Yog0OBN
Submitted August 08, 2022 at 08:38PM by EspoJ
via reddit https://ift.tt/U7m8QYR
Kaspersky ICS CERT | Kaspersky Industrial Control Systems Cyber Emergency Response Team
Targeted attack on industrial enterprises and public institutions | Kaspersky ICS CERT
The attackers were able to penetrate dozens of enterprises and even hijack the IT infrastructure of some, taking control of systems used to manage security solutions. The goal of this series of attacks was cyberespionage.
SimpleX Chat - the first messaging platform that has no user identifiers (not even random numbers) - v3.1 of iOS and Android apps released - with secret chat groups and server access via Tor.
https://ift.tt/AjXoKpg
Submitted August 08, 2022 at 09:49PM by epoberezkin
via reddit https://ift.tt/gu6n1Sl
https://ift.tt/AjXoKpg
Submitted August 08, 2022 at 09:49PM by epoberezkin
via reddit https://ift.tt/gu6n1Sl
GitHub
simplex-chat/20220808-simplex-chat-v3.1-chat-groups.md at stable · simplex-chat/simplex-chat
SimpleX - the first messaging platform operating without user identifiers of any kind - 100% private by design! iOS and Android apps are released 📱! - simplex-chat/20220808-simplex-chat-v3.1-chat-g...
Security Guide for Startups: How to think about security while moving quickly | LunaSec
https://ift.tt/aRNuB02
Submitted August 08, 2022 at 10:12PM by breadchris
via reddit https://ift.tt/OG37UJx
https://ift.tt/aRNuB02
Submitted August 08, 2022 at 10:12PM by breadchris
via reddit https://ift.tt/OG37UJx
www.lunasec.io
Security Guide for Startups: How to think about security while moving quickly | LunaSec
A set of security action items, built around OWASP SAMM, that you and your company can work to complete while balancing your company's ability to quickly execute and grow.
zathura - SELinux confined
https://ift.tt/5FpanLH
Submitted August 09, 2022 at 12:09AM by esp0x31
via reddit https://ift.tt/gA7FWhP
https://ift.tt/5FpanLH
Submitted August 09, 2022 at 12:09AM by esp0x31
via reddit https://ift.tt/gA7FWhP
blog.esp0x31.io
zathura - SELinux confined
How to securely confine the zathura application to a SELinux domain.
Auditing Crypto Wallets
https://ift.tt/Rn3opm9
Submitted August 09, 2022 at 07:13AM by catlasshrugged
via reddit https://ift.tt/OCVmyWh
https://ift.tt/Rn3opm9
Submitted August 09, 2022 at 07:13AM by catlasshrugged
via reddit https://ift.tt/OCVmyWh
Advisory: Cisco Small Business RV Series Routers Web Filter Database Update Command Injection Vulnerability
https://ift.tt/aHOWCZV
Submitted August 09, 2022 at 01:04PM by g_e_r_h_a_r_d
via reddit https://ift.tt/ejRK6xO
https://ift.tt/aHOWCZV
Submitted August 09, 2022 at 01:04PM by g_e_r_h_a_r_d
via reddit https://ift.tt/ejRK6xO
ONEKEY
Advisory: Cisco Small Business RV Series Routers Web Filter Database Update Command Injection Vulnerability
The advisory describes a vulnerability ONEKEY identified when hunting for bugs to craft exploit chains for PWN2OWN 2021. Read advisory!
LibAFL: A Framework to Build Modular and Reusable Fuzzers
https://ift.tt/RQtXcpE
Submitted August 09, 2022 at 02:01PM by domenukk
via reddit https://ift.tt/nDfkEVM
https://ift.tt/RQtXcpE
Submitted August 09, 2022 at 02:01PM by domenukk
via reddit https://ift.tt/nDfkEVM
Security Best Practices in PHP
https://ift.tt/N0DrC7J
Submitted August 09, 2022 at 03:39PM by pigoretee
via reddit https://ift.tt/xLvk6mM
https://ift.tt/N0DrC7J
Submitted August 09, 2022 at 03:39PM by pigoretee
via reddit https://ift.tt/xLvk6mM
Sweetcode.io
Security Best Practices in PHP
Learn how to increase the security of PHP applications, with code examples, to make them more robust and less prone to cyber-attacks.
Microsoft Office to publish symbols starting August 2022
https://ift.tt/28aRvLN
Submitted August 09, 2022 at 07:38PM by TheDarthSnarf
via reddit https://ift.tt/rELBS3w
https://ift.tt/28aRvLN
Submitted August 09, 2022 at 07:38PM by TheDarthSnarf
via reddit https://ift.tt/rELBS3w
Discovering Domains via a Timing Attack on Certificate Transparency
https://ift.tt/gzb8OCy
Submitted August 10, 2022 at 01:24AM by 0xdea
via reddit https://ift.tt/kWZ5TNj
https://ift.tt/gzb8OCy
Submitted August 10, 2022 at 01:24AM by 0xdea
via reddit https://ift.tt/kWZ5TNj
PT SWARM
Discovering Domains via a Time-Correlation Attack on Certificate Transparency
New attack on certificate transparency reveals previously unknown domains!
A Novel SIP Based Distributed Reflection Denial-of-Service Attack and an Effective Defense Mechanism
https://ift.tt/4mdzFoB
Submitted August 10, 2022 at 08:09AM by sanitybit
via reddit https://ift.tt/hDYfUn0
https://ift.tt/4mdzFoB
Submitted August 10, 2022 at 08:09AM by sanitybit
via reddit https://ift.tt/hDYfUn0
Everything In Its Right Place - Part 2
https://ift.tt/7tUQuCx
Submitted August 10, 2022 at 08:05AM by Gallus
via reddit https://ift.tt/oDxgLA8
https://ift.tt/7tUQuCx
Submitted August 10, 2022 at 08:05AM by Gallus
via reddit https://ift.tt/oDxgLA8
Medium
Everything In Its Right Place
Part 2
From Shared Dash to Root Bash :: Pre-Authenticated RCE in VMWare vRealize Operations Manager
https://ift.tt/NK1tfJs
Submitted August 10, 2022 at 08:02AM by Gallus
via reddit https://ift.tt/v69dQ8i
https://ift.tt/NK1tfJs
Submitted August 10, 2022 at 08:02AM by Gallus
via reddit https://ift.tt/v69dQ8i
srcincite.io
From Shared Dash to Root Bash :: Pre-Authenticated RCE in VMWare vRealize Operations Manager
On May 27th, I reported a handful of security vulnerabilities to VMWare impacting their vRealize Operations Management Suite (vROps) appliance. In this blog ...
ÆPIC Leak: Intel CPU bug able to architecturally disclose sensitive data
https://aepicleak.com/
Submitted August 10, 2022 at 11:37AM by sanitybit
via reddit https://ift.tt/rc8gtLn
https://aepicleak.com/
Submitted August 10, 2022 at 11:37AM by sanitybit
via reddit https://ift.tt/rc8gtLn
Reddit
From the netsec community on Reddit: ÆPIC Leak: Intel CPU bug able to architecturally disclose sensitive data
Posted by sanitybit - 130 votes and 1 comment
SD-PWN Part 4 — VMware VeloCloud — The Last Takeover?
https://ift.tt/QleK2mv
Submitted August 10, 2022 at 02:41AM by biggorilla135
via reddit https://ift.tt/oEYHSNi
https://ift.tt/QleK2mv
Submitted August 10, 2022 at 02:41AM by biggorilla135
via reddit https://ift.tt/oEYHSNi
Medium
SD-PWN Part 4 — VMware VeloCloud — The Last Takeover
This is the last part of our SD-PWN series where we present severe vulnerabilities in four of the leading SD-WAN vendors. This time…
BlueHound combines information about user permissions, network access and unpatched vulnerabilities to reveal the paths attackers would take if they were inside your network.
https://ift.tt/d2XaJBf
Submitted August 10, 2022 at 01:46PM by sanitybit
via reddit https://ift.tt/OS1eB9M
https://ift.tt/d2XaJBf
Submitted August 10, 2022 at 01:46PM by sanitybit
via reddit https://ift.tt/OS1eB9M
GitHub
GitHub - zeronetworks/BlueHound: BlueHound - pinpoint the security issues that actually matter
BlueHound - pinpoint the security issues that actually matter - GitHub - zeronetworks/BlueHound: BlueHound - pinpoint the security issues that actually matter
PowerHuntShares is designed to automatically inventory, analyze, and report excessive privilege assigned to SMB shares on Active Directory domain joined computers
https://ift.tt/DWpTnqC
Submitted August 10, 2022 at 01:34PM by sanitybit
via reddit https://ift.tt/qdCvLMz
https://ift.tt/DWpTnqC
Submitted August 10, 2022 at 01:34PM by sanitybit
via reddit https://ift.tt/qdCvLMz
NetSPI
How to Attack and Remediate Excessive Network Share Permissions in Active Directory Environments
Learn how to quickly inventory, attack, and remediate network shares configured with excessive permissions assigned to SMB shares in Active Directory environments.
New Blog-Post on Reconnaissance - Looking for feedback/recommendations to improve
https://ift.tt/wdei84L
Submitted August 10, 2022 at 04:19PM by thebishslap
via reddit https://ift.tt/Zr8aJzf
https://ift.tt/wdei84L
Submitted August 10, 2022 at 04:19PM by thebishslap
via reddit https://ift.tt/Zr8aJzf
Sam’s Bish-Bytes
Passive v. Active Reconnaissance
What is Reconnaissance in 'Hacking Terms'?
Cryptominer detection: a Machine Learning approach
https://ift.tt/n9Dw4UF
Submitted August 10, 2022 at 08:37PM by MiguelHzBz
via reddit https://ift.tt/mfA67IB
https://ift.tt/n9Dw4UF
Submitted August 10, 2022 at 08:37PM by MiguelHzBz
via reddit https://ift.tt/mfA67IB
Sysdig
Cryptominer detection: a Machine Learning approach – Sysdig
Cryptominers are one of the main cloud threats today. Detecting crypto miners is a complex task, but machine learning could help to develop a robust detection algorithm.
AWSGoat is a vulnerable by design infrastructure on AWS featuring the latest released OWASP Top 10 web application security risks (2021) and other misconfigured AWS services.
https://ift.tt/oKSt714
Submitted August 11, 2022 at 12:30AM by sanitybit
via reddit https://ift.tt/xNqXSZ1
https://ift.tt/oKSt714
Submitted August 11, 2022 at 12:30AM by sanitybit
via reddit https://ift.tt/xNqXSZ1
GitHub
GitHub - ine-labs/AWSGoat: AWSGoat : A Damn Vulnerable AWS Infrastructure
AWSGoat : A Damn Vulnerable AWS Infrastructure. Contribute to ine-labs/AWSGoat development by creating an account on GitHub.
Browser-Powered Desync Attacks: A New Frontier in HTTP Request Smuggling
https://ift.tt/Tz6j3OD
Submitted August 10, 2022 at 11:52PM by Fugitif
via reddit https://ift.tt/n8FVMRC
https://ift.tt/Tz6j3OD
Submitted August 10, 2022 at 11:52PM by Fugitif
via reddit https://ift.tt/n8FVMRC
PortSwigger Research
Browser-Powered Desync Attacks: A New Frontier in HTTP Request Smuggling
The recent rise of HTTP Request Smuggling has seen a flood of critical findings enabling near-complete compromise of numerous major websites. However, the threat has been confined to attacker-accessib