Security Guide for Startups: How to think about security while moving quickly | LunaSec
https://ift.tt/aRNuB02
Submitted August 08, 2022 at 10:12PM by breadchris
via reddit https://ift.tt/OG37UJx
https://ift.tt/aRNuB02
Submitted August 08, 2022 at 10:12PM by breadchris
via reddit https://ift.tt/OG37UJx
www.lunasec.io
Security Guide for Startups: How to think about security while moving quickly | LunaSec
A set of security action items, built around OWASP SAMM, that you and your company can work to complete while balancing your company's ability to quickly execute and grow.
zathura - SELinux confined
https://ift.tt/5FpanLH
Submitted August 09, 2022 at 12:09AM by esp0x31
via reddit https://ift.tt/gA7FWhP
https://ift.tt/5FpanLH
Submitted August 09, 2022 at 12:09AM by esp0x31
via reddit https://ift.tt/gA7FWhP
blog.esp0x31.io
zathura - SELinux confined
How to securely confine the zathura application to a SELinux domain.
Auditing Crypto Wallets
https://ift.tt/Rn3opm9
Submitted August 09, 2022 at 07:13AM by catlasshrugged
via reddit https://ift.tt/OCVmyWh
https://ift.tt/Rn3opm9
Submitted August 09, 2022 at 07:13AM by catlasshrugged
via reddit https://ift.tt/OCVmyWh
Advisory: Cisco Small Business RV Series Routers Web Filter Database Update Command Injection Vulnerability
https://ift.tt/aHOWCZV
Submitted August 09, 2022 at 01:04PM by g_e_r_h_a_r_d
via reddit https://ift.tt/ejRK6xO
https://ift.tt/aHOWCZV
Submitted August 09, 2022 at 01:04PM by g_e_r_h_a_r_d
via reddit https://ift.tt/ejRK6xO
ONEKEY
Advisory: Cisco Small Business RV Series Routers Web Filter Database Update Command Injection Vulnerability
The advisory describes a vulnerability ONEKEY identified when hunting for bugs to craft exploit chains for PWN2OWN 2021. Read advisory!
LibAFL: A Framework to Build Modular and Reusable Fuzzers
https://ift.tt/RQtXcpE
Submitted August 09, 2022 at 02:01PM by domenukk
via reddit https://ift.tt/nDfkEVM
https://ift.tt/RQtXcpE
Submitted August 09, 2022 at 02:01PM by domenukk
via reddit https://ift.tt/nDfkEVM
Security Best Practices in PHP
https://ift.tt/N0DrC7J
Submitted August 09, 2022 at 03:39PM by pigoretee
via reddit https://ift.tt/xLvk6mM
https://ift.tt/N0DrC7J
Submitted August 09, 2022 at 03:39PM by pigoretee
via reddit https://ift.tt/xLvk6mM
Sweetcode.io
Security Best Practices in PHP
Learn how to increase the security of PHP applications, with code examples, to make them more robust and less prone to cyber-attacks.
Microsoft Office to publish symbols starting August 2022
https://ift.tt/28aRvLN
Submitted August 09, 2022 at 07:38PM by TheDarthSnarf
via reddit https://ift.tt/rELBS3w
https://ift.tt/28aRvLN
Submitted August 09, 2022 at 07:38PM by TheDarthSnarf
via reddit https://ift.tt/rELBS3w
Discovering Domains via a Timing Attack on Certificate Transparency
https://ift.tt/gzb8OCy
Submitted August 10, 2022 at 01:24AM by 0xdea
via reddit https://ift.tt/kWZ5TNj
https://ift.tt/gzb8OCy
Submitted August 10, 2022 at 01:24AM by 0xdea
via reddit https://ift.tt/kWZ5TNj
PT SWARM
Discovering Domains via a Time-Correlation Attack on Certificate Transparency
New attack on certificate transparency reveals previously unknown domains!
A Novel SIP Based Distributed Reflection Denial-of-Service Attack and an Effective Defense Mechanism
https://ift.tt/4mdzFoB
Submitted August 10, 2022 at 08:09AM by sanitybit
via reddit https://ift.tt/hDYfUn0
https://ift.tt/4mdzFoB
Submitted August 10, 2022 at 08:09AM by sanitybit
via reddit https://ift.tt/hDYfUn0
Everything In Its Right Place - Part 2
https://ift.tt/7tUQuCx
Submitted August 10, 2022 at 08:05AM by Gallus
via reddit https://ift.tt/oDxgLA8
https://ift.tt/7tUQuCx
Submitted August 10, 2022 at 08:05AM by Gallus
via reddit https://ift.tt/oDxgLA8
Medium
Everything In Its Right Place
Part 2
From Shared Dash to Root Bash :: Pre-Authenticated RCE in VMWare vRealize Operations Manager
https://ift.tt/NK1tfJs
Submitted August 10, 2022 at 08:02AM by Gallus
via reddit https://ift.tt/v69dQ8i
https://ift.tt/NK1tfJs
Submitted August 10, 2022 at 08:02AM by Gallus
via reddit https://ift.tt/v69dQ8i
srcincite.io
From Shared Dash to Root Bash :: Pre-Authenticated RCE in VMWare vRealize Operations Manager
On May 27th, I reported a handful of security vulnerabilities to VMWare impacting their vRealize Operations Management Suite (vROps) appliance. In this blog ...
ÆPIC Leak: Intel CPU bug able to architecturally disclose sensitive data
https://aepicleak.com/
Submitted August 10, 2022 at 11:37AM by sanitybit
via reddit https://ift.tt/rc8gtLn
https://aepicleak.com/
Submitted August 10, 2022 at 11:37AM by sanitybit
via reddit https://ift.tt/rc8gtLn
Reddit
From the netsec community on Reddit: ÆPIC Leak: Intel CPU bug able to architecturally disclose sensitive data
Posted by sanitybit - 130 votes and 1 comment
SD-PWN Part 4 — VMware VeloCloud — The Last Takeover?
https://ift.tt/QleK2mv
Submitted August 10, 2022 at 02:41AM by biggorilla135
via reddit https://ift.tt/oEYHSNi
https://ift.tt/QleK2mv
Submitted August 10, 2022 at 02:41AM by biggorilla135
via reddit https://ift.tt/oEYHSNi
Medium
SD-PWN Part 4 — VMware VeloCloud — The Last Takeover
This is the last part of our SD-PWN series where we present severe vulnerabilities in four of the leading SD-WAN vendors. This time…
BlueHound combines information about user permissions, network access and unpatched vulnerabilities to reveal the paths attackers would take if they were inside your network.
https://ift.tt/d2XaJBf
Submitted August 10, 2022 at 01:46PM by sanitybit
via reddit https://ift.tt/OS1eB9M
https://ift.tt/d2XaJBf
Submitted August 10, 2022 at 01:46PM by sanitybit
via reddit https://ift.tt/OS1eB9M
GitHub
GitHub - zeronetworks/BlueHound: BlueHound - pinpoint the security issues that actually matter
BlueHound - pinpoint the security issues that actually matter - GitHub - zeronetworks/BlueHound: BlueHound - pinpoint the security issues that actually matter
PowerHuntShares is designed to automatically inventory, analyze, and report excessive privilege assigned to SMB shares on Active Directory domain joined computers
https://ift.tt/DWpTnqC
Submitted August 10, 2022 at 01:34PM by sanitybit
via reddit https://ift.tt/qdCvLMz
https://ift.tt/DWpTnqC
Submitted August 10, 2022 at 01:34PM by sanitybit
via reddit https://ift.tt/qdCvLMz
NetSPI
How to Attack and Remediate Excessive Network Share Permissions in Active Directory Environments
Learn how to quickly inventory, attack, and remediate network shares configured with excessive permissions assigned to SMB shares in Active Directory environments.
New Blog-Post on Reconnaissance - Looking for feedback/recommendations to improve
https://ift.tt/wdei84L
Submitted August 10, 2022 at 04:19PM by thebishslap
via reddit https://ift.tt/Zr8aJzf
https://ift.tt/wdei84L
Submitted August 10, 2022 at 04:19PM by thebishslap
via reddit https://ift.tt/Zr8aJzf
Sam’s Bish-Bytes
Passive v. Active Reconnaissance
What is Reconnaissance in 'Hacking Terms'?
Cryptominer detection: a Machine Learning approach
https://ift.tt/n9Dw4UF
Submitted August 10, 2022 at 08:37PM by MiguelHzBz
via reddit https://ift.tt/mfA67IB
https://ift.tt/n9Dw4UF
Submitted August 10, 2022 at 08:37PM by MiguelHzBz
via reddit https://ift.tt/mfA67IB
Sysdig
Cryptominer detection: a Machine Learning approach – Sysdig
Cryptominers are one of the main cloud threats today. Detecting crypto miners is a complex task, but machine learning could help to develop a robust detection algorithm.
AWSGoat is a vulnerable by design infrastructure on AWS featuring the latest released OWASP Top 10 web application security risks (2021) and other misconfigured AWS services.
https://ift.tt/oKSt714
Submitted August 11, 2022 at 12:30AM by sanitybit
via reddit https://ift.tt/xNqXSZ1
https://ift.tt/oKSt714
Submitted August 11, 2022 at 12:30AM by sanitybit
via reddit https://ift.tt/xNqXSZ1
GitHub
GitHub - ine-labs/AWSGoat: AWSGoat : A Damn Vulnerable AWS Infrastructure
AWSGoat : A Damn Vulnerable AWS Infrastructure. Contribute to ine-labs/AWSGoat development by creating an account on GitHub.
Browser-Powered Desync Attacks: A New Frontier in HTTP Request Smuggling
https://ift.tt/Tz6j3OD
Submitted August 10, 2022 at 11:52PM by Fugitif
via reddit https://ift.tt/n8FVMRC
https://ift.tt/Tz6j3OD
Submitted August 10, 2022 at 11:52PM by Fugitif
via reddit https://ift.tt/n8FVMRC
PortSwigger Research
Browser-Powered Desync Attacks: A New Frontier in HTTP Request Smuggling
The recent rise of HTTP Request Smuggling has seen a flood of critical findings enabling near-complete compromise of numerous major websites. However, the threat has been confined to attacker-accessib
A deep dive into an in-the-wild Android exploit: the quantum state of Linux kernel garbage collection - CVE-2021-0920 (Part 1)
https://ift.tt/WQDOhgP
Submitted August 11, 2022 at 05:37AM by sanitybit
via reddit https://ift.tt/2R0TxuJ
https://ift.tt/WQDOhgP
Submitted August 11, 2022 at 05:37AM by sanitybit
via reddit https://ift.tt/2R0TxuJ
Blogspot
The quantum state of Linux kernel garbage collection CVE-2021-0920 (Part I)
A deep dive into an in-the-wild Android exploit Guest Post by Xingyu Jin, Android Security Research This is part one of a two-part guest...
How Cisco got hacked - insights on what the attackers did
https://ift.tt/FlTNtVq
Submitted August 11, 2022 at 05:14AM by jwizq
via reddit https://ift.tt/42vqpCy
https://ift.tt/FlTNtVq
Submitted August 11, 2022 at 05:14AM by jwizq
via reddit https://ift.tt/42vqpCy
Cisco Talos Blog
Cisco Talos shares insights related to recent cyber attack on Cisco
Update History
Aug. 10, 2022
Adding clarifying details on activity involving active directory.
Aug. 10, 2022
Update made to the Cisco Response and Recommendations section related to MFA.
Aug. 10, 2022
Adding clarifying details on activity involving active directory.
Aug. 10, 2022
Update made to the Cisco Response and Recommendations section related to MFA.