BusKill (open-source laptop kill cord) Warrant Canary for 2023 🕵️
https://ift.tt/T4ALOUH
Submitted January 04, 2023 at 10:21PM by maltfield
via reddit https://ift.tt/cLwG507
https://ift.tt/T4ALOUH
Submitted January 04, 2023 at 10:21PM by maltfield
via reddit https://ift.tt/cLwG507
BusKill
BusKill Canary #5 - BusKill
This post contains the cryptographically-signed BusKill warrant canary #005 for January 2023 to June 2023.
a quick post about rbac-police
https://ift.tt/1ieqDva
Submitted January 04, 2023 at 11:32PM by punksecurity_simon
via reddit https://ift.tt/m6uPDwN
https://ift.tt/1ieqDva
Submitted January 04, 2023 at 11:32PM by punksecurity_simon
via reddit https://ift.tt/m6uPDwN
punksecurity.co.uk
Auditing Kubernetes with rbac-police
Kubernetes pods can be abused to take over the entire Kubernetes cluster. rbac-police shows you which.
In-depth Analysis of the PyTorch Dependency Confusion Administered Malware
https://ift.tt/Ftw4oNx
Submitted January 05, 2023 at 02:17AM by gfdgfbal
via reddit https://ift.tt/qvSjXoA
https://ift.tt/Ftw4oNx
Submitted January 05, 2023 at 02:17AM by gfdgfbal
via reddit https://ift.tt/qvSjXoA
Aqua
In-depth Analysis of the PyTorch Dependency Confusion Administered Malware
PyTorch-nightly dependency chain was compromised. In this blog, we will provide an explanation of this attack and how to safeguard against similar attacks.
Escaping from bhyve
https://ift.tt/2BoJNK7
Submitted January 05, 2023 at 04:25AM by Gallus
via reddit https://ift.tt/iH3d2Yk
https://ift.tt/2BoJNK7
Submitted January 05, 2023 at 04:25AM by Gallus
via reddit https://ift.tt/iH3d2Yk
Synacktiv
Escaping from bhyve
Bhyve is a hypervisor for FreeBSD.
Fun and Games with Intel AMT
https://ift.tt/6h0S4pL
Submitted January 05, 2023 at 03:58AM by lightgrains
via reddit https://ift.tt/Zos7Guy
https://ift.tt/6h0S4pL
Submitted January 05, 2023 at 03:58AM by lightgrains
via reddit https://ift.tt/Zos7Guy
StarkeBlog
Fun and Games with Intel AMT
What is this?
Casper-fs is a Custom Hidden Linux Kernel Module generator. Each module works in the file system to protect and hide secret files.
https://ift.tt/JB7YOlj
Submitted January 05, 2023 at 07:26AM by CoolerVoid
via reddit https://ift.tt/aTdwJ7v
https://ift.tt/JB7YOlj
Submitted January 05, 2023 at 07:26AM by CoolerVoid
via reddit https://ift.tt/aTdwJ7v
YWallet Audit Results
https://ift.tt/rcqZ7nz
Submitted January 05, 2023 at 07:17AM by Gallus
via reddit https://ift.tt/2TqFGCl
https://ift.tt/rcqZ7nz
Submitted January 05, 2023 at 07:17AM by Gallus
via reddit https://ift.tt/2TqFGCl
Zecsec
YWallet Audit Results Published
In October of last year, I reviewed YWallet for security and privacy issues. This was the first audit I performed for the Zcash Ecosystem Security grant.
Today, the final report is being made available to the Zcash community at the link below.
The audit found…
Today, the final report is being made available to the Zcash community at the link below.
The audit found…
Prototype Pollution in Python
https://ift.tt/lsrOXLb
Submitted January 05, 2023 at 07:16AM by Gallus
via reddit https://ift.tt/UPTp7NR
https://ift.tt/lsrOXLb
Submitted January 05, 2023 at 07:16AM by Gallus
via reddit https://ift.tt/UPTp7NR
Abdulrah33m's Blog - Just another security researcher motivated by "why"s
Prototype Pollution in Python - Abdulrah33m's Blog
> TL;DR The main objective of this research is to prove the possibility of having a variation of Prototype Pollution in other programming languages, including those that are class-based by showing Class Pollution in Python. > Background Prototype Pollution…
Padding oracle attack: demonstration
https://ift.tt/qWhMi9s
Submitted January 05, 2023 at 10:26AM by yurichev
via reddit https://ift.tt/VoXhad9
https://ift.tt/qWhMi9s
Submitted January 05, 2023 at 10:26AM by yurichev
via reddit https://ift.tt/VoXhad9
Padding oracle attack: demonstration
https://ift.tt/qWhMi9s
Submitted January 05, 2023 at 11:41AM by yurichev
via reddit https://ift.tt/FdjRnUK
https://ift.tt/qWhMi9s
Submitted January 05, 2023 at 11:41AM by yurichev
via reddit https://ift.tt/FdjRnUK
Reddit
r/netsec on Reddit: Padding oracle attack: demonstration
Posted by u/yurichev - 30 votes and 2 comments
CarolinaCon 2023 CFP is accepting submissions here
https://ift.tt/wH3ScdE
Submitted January 05, 2023 at 11:58AM by blkmanta
via reddit https://ift.tt/lV8GCLZ
https://ift.tt/wH3ScdE
Submitted January 05, 2023 at 11:58AM by blkmanta
via reddit https://ift.tt/lV8GCLZ
cfp.carolinacon.org
CarolinaCon 2023
Schedule, talks and talk submissions for CarolinaCon 2023
Circle CI Compromised - Attackers Accessed Tokens & Other Sensitive Information
https://ift.tt/rT2ONyc
Submitted January 05, 2023 at 02:08PM by sanitybit
via reddit https://ift.tt/7aHZOv0
https://ift.tt/rT2ONyc
Submitted January 05, 2023 at 02:08PM by sanitybit
via reddit https://ift.tt/7aHZOv0
CircleCI
CircleCI security alert: Rotate any secrets stored in CircleCI (Updated Jan 13)
Read CircleCI’s security alerts from January 2023. Last updated 1/13/2023.
“MasquerAds” — Google’s Ad-Words Massively Abused by Threat Actors, Targeting Organizations, GPUs…
https://ift.tt/5nqPZuB
Submitted January 05, 2023 at 05:34PM by SharonBlatt
via reddit https://ift.tt/QoRrkMz
https://ift.tt/5nqPZuB
Submitted January 05, 2023 at 05:34PM by SharonBlatt
via reddit https://ift.tt/QoRrkMz
Medium
“MasquerAds” — Google’s Ad-Words Massively Abused by Threat Actors, Targeting Organizations, GPUs and Crypto Wallets
By Nati Tal (Guardio Labs)
pure Python implementation of MemoryModule technique to load a dll from memory without injection or shellcode
https://ift.tt/UTAtVpG
Submitted January 05, 2023 at 04:58PM by naksyn_
via reddit https://ift.tt/PZUhRoK
https://ift.tt/UTAtVpG
Submitted January 05, 2023 at 04:58PM by naksyn_
via reddit https://ift.tt/PZUhRoK
GitHub
GitHub - naksyn/PythonMemoryModule: pure-python implementation of MemoryModule technique to load dll and unmanaged exe entirely…
pure-python implementation of MemoryModule technique to load dll and unmanaged exe entirely from memory - GitHub - naksyn/PythonMemoryModule: pure-python implementation of MemoryModule technique to...
SpyNote: Spyware with RAT capabilities targeting Financial Institutions
https://ift.tt/JK6V2s5
Submitted January 05, 2023 at 07:50PM by YioUio
via reddit https://ift.tt/i5Xe43N
https://ift.tt/JK6V2s5
Submitted January 05, 2023 at 07:50PM by YioUio
via reddit https://ift.tt/i5Xe43N
GitHub Actions Privilege Escalations - The "workflow_run" trigger
https://ift.tt/Ng52PMB
Submitted January 05, 2023 at 09:34PM by dotanoam
via reddit https://ift.tt/vD5gs2C
https://ift.tt/Ng52PMB
Submitted January 05, 2023 at 09:34PM by dotanoam
via reddit https://ift.tt/vD5gs2C
Legitsecurity
Vulnerable GitHub Actions Workflows Part 1: Privilege Escalation Inside Your CI/CD Pipeline
Learn how Legit Security discovered a vulnerable GitHub actions workflow. Get details on the vulnerability and and what you can do to mitigate it.
How to avoid DoS when using Rust’s popular Hyper package
https://ift.tt/RkIrwXg
Submitted January 05, 2023 at 09:33PM by SRMish3
via reddit https://ift.tt/Ws6MUH1
https://ift.tt/RkIrwXg
Submitted January 05, 2023 at 09:33PM by SRMish3
via reddit https://ift.tt/Ws6MUH1
JFrog
Potential DoS Vulnerability in Rust Hyper
⚡ATTENTION⚡ Devs that rely on hyper-rust: your own code should include limitations for HTTP Body size - Hyper library does not restrict by default. Find out more…
Centos Web Panel 7 Unauthenticated Remote Code Execution - CVE-2022-44877
https://ift.tt/nmXLrsC
Submitted January 05, 2023 at 11:16PM by numanturle
via reddit https://ift.tt/eY59dUV
https://ift.tt/nmXLrsC
Submitted January 05, 2023 at 11:16PM by numanturle
via reddit https://ift.tt/eY59dUV
GitHub
GitHub - numanturle/CVE-2022-44877
Contribute to numanturle/CVE-2022-44877 development by creating an account on GitHub.
Unraveling the techniques of Mac ransomware
https://ift.tt/5anlUT2
Submitted January 05, 2023 at 11:04PM by SCI_Rusher
via reddit https://ift.tt/WJLfjCT
https://ift.tt/5anlUT2
Submitted January 05, 2023 at 11:04PM by SCI_Rusher
via reddit https://ift.tt/WJLfjCT
Announcing the Ronin 2.0.0 Open Beta
https://ift.tt/3Pkcbdm
Submitted January 06, 2023 at 11:32AM by postmodern
via reddit https://ift.tt/DCVqvoX
https://ift.tt/3Pkcbdm
Submitted January 06, 2023 at 11:32AM by postmodern
via reddit https://ift.tt/DCVqvoX
Variant analysis of CVE-2022-3515 affecting libksba, which resulted in CVE-2022-47629
https://ift.tt/HzoL91x
Submitted January 06, 2023 at 12:39PM by Gallus
via reddit https://ift.tt/FwVkfh2
https://ift.tt/HzoL91x
Submitted January 06, 2023 at 12:39PM by Gallus
via reddit https://ift.tt/FwVkfh2
GitHub
publications/CVE-2022-47629.md at master · elttam/publications
Contribute to elttam/publications development by creating an account on GitHub.