YWallet Audit Results
https://ift.tt/rcqZ7nz
Submitted January 05, 2023 at 07:17AM by Gallus
via reddit https://ift.tt/2TqFGCl
https://ift.tt/rcqZ7nz
Submitted January 05, 2023 at 07:17AM by Gallus
via reddit https://ift.tt/2TqFGCl
Zecsec
YWallet Audit Results Published
In October of last year, I reviewed YWallet for security and privacy issues. This was the first audit I performed for the Zcash Ecosystem Security grant.
Today, the final report is being made available to the Zcash community at the link below.
The audit found…
Today, the final report is being made available to the Zcash community at the link below.
The audit found…
Prototype Pollution in Python
https://ift.tt/lsrOXLb
Submitted January 05, 2023 at 07:16AM by Gallus
via reddit https://ift.tt/UPTp7NR
https://ift.tt/lsrOXLb
Submitted January 05, 2023 at 07:16AM by Gallus
via reddit https://ift.tt/UPTp7NR
Abdulrah33m's Blog - Just another security researcher motivated by "why"s
Prototype Pollution in Python - Abdulrah33m's Blog
> TL;DR The main objective of this research is to prove the possibility of having a variation of Prototype Pollution in other programming languages, including those that are class-based by showing Class Pollution in Python. > Background Prototype Pollution…
Padding oracle attack: demonstration
https://ift.tt/qWhMi9s
Submitted January 05, 2023 at 10:26AM by yurichev
via reddit https://ift.tt/VoXhad9
https://ift.tt/qWhMi9s
Submitted January 05, 2023 at 10:26AM by yurichev
via reddit https://ift.tt/VoXhad9
Padding oracle attack: demonstration
https://ift.tt/qWhMi9s
Submitted January 05, 2023 at 11:41AM by yurichev
via reddit https://ift.tt/FdjRnUK
https://ift.tt/qWhMi9s
Submitted January 05, 2023 at 11:41AM by yurichev
via reddit https://ift.tt/FdjRnUK
Reddit
r/netsec on Reddit: Padding oracle attack: demonstration
Posted by u/yurichev - 30 votes and 2 comments
CarolinaCon 2023 CFP is accepting submissions here
https://ift.tt/wH3ScdE
Submitted January 05, 2023 at 11:58AM by blkmanta
via reddit https://ift.tt/lV8GCLZ
https://ift.tt/wH3ScdE
Submitted January 05, 2023 at 11:58AM by blkmanta
via reddit https://ift.tt/lV8GCLZ
cfp.carolinacon.org
CarolinaCon 2023
Schedule, talks and talk submissions for CarolinaCon 2023
Circle CI Compromised - Attackers Accessed Tokens & Other Sensitive Information
https://ift.tt/rT2ONyc
Submitted January 05, 2023 at 02:08PM by sanitybit
via reddit https://ift.tt/7aHZOv0
https://ift.tt/rT2ONyc
Submitted January 05, 2023 at 02:08PM by sanitybit
via reddit https://ift.tt/7aHZOv0
CircleCI
CircleCI security alert: Rotate any secrets stored in CircleCI (Updated Jan 13)
Read CircleCI’s security alerts from January 2023. Last updated 1/13/2023.
“MasquerAds” — Google’s Ad-Words Massively Abused by Threat Actors, Targeting Organizations, GPUs…
https://ift.tt/5nqPZuB
Submitted January 05, 2023 at 05:34PM by SharonBlatt
via reddit https://ift.tt/QoRrkMz
https://ift.tt/5nqPZuB
Submitted January 05, 2023 at 05:34PM by SharonBlatt
via reddit https://ift.tt/QoRrkMz
Medium
“MasquerAds” — Google’s Ad-Words Massively Abused by Threat Actors, Targeting Organizations, GPUs and Crypto Wallets
By Nati Tal (Guardio Labs)
pure Python implementation of MemoryModule technique to load a dll from memory without injection or shellcode
https://ift.tt/UTAtVpG
Submitted January 05, 2023 at 04:58PM by naksyn_
via reddit https://ift.tt/PZUhRoK
https://ift.tt/UTAtVpG
Submitted January 05, 2023 at 04:58PM by naksyn_
via reddit https://ift.tt/PZUhRoK
GitHub
GitHub - naksyn/PythonMemoryModule: pure-python implementation of MemoryModule technique to load dll and unmanaged exe entirely…
pure-python implementation of MemoryModule technique to load dll and unmanaged exe entirely from memory - GitHub - naksyn/PythonMemoryModule: pure-python implementation of MemoryModule technique to...
SpyNote: Spyware with RAT capabilities targeting Financial Institutions
https://ift.tt/JK6V2s5
Submitted January 05, 2023 at 07:50PM by YioUio
via reddit https://ift.tt/i5Xe43N
https://ift.tt/JK6V2s5
Submitted January 05, 2023 at 07:50PM by YioUio
via reddit https://ift.tt/i5Xe43N
GitHub Actions Privilege Escalations - The "workflow_run" trigger
https://ift.tt/Ng52PMB
Submitted January 05, 2023 at 09:34PM by dotanoam
via reddit https://ift.tt/vD5gs2C
https://ift.tt/Ng52PMB
Submitted January 05, 2023 at 09:34PM by dotanoam
via reddit https://ift.tt/vD5gs2C
Legitsecurity
Vulnerable GitHub Actions Workflows Part 1: Privilege Escalation Inside Your CI/CD Pipeline
Learn how Legit Security discovered a vulnerable GitHub actions workflow. Get details on the vulnerability and and what you can do to mitigate it.
How to avoid DoS when using Rust’s popular Hyper package
https://ift.tt/RkIrwXg
Submitted January 05, 2023 at 09:33PM by SRMish3
via reddit https://ift.tt/Ws6MUH1
https://ift.tt/RkIrwXg
Submitted January 05, 2023 at 09:33PM by SRMish3
via reddit https://ift.tt/Ws6MUH1
JFrog
Potential DoS Vulnerability in Rust Hyper
⚡ATTENTION⚡ Devs that rely on hyper-rust: your own code should include limitations for HTTP Body size - Hyper library does not restrict by default. Find out more…
Centos Web Panel 7 Unauthenticated Remote Code Execution - CVE-2022-44877
https://ift.tt/nmXLrsC
Submitted January 05, 2023 at 11:16PM by numanturle
via reddit https://ift.tt/eY59dUV
https://ift.tt/nmXLrsC
Submitted January 05, 2023 at 11:16PM by numanturle
via reddit https://ift.tt/eY59dUV
GitHub
GitHub - numanturle/CVE-2022-44877
Contribute to numanturle/CVE-2022-44877 development by creating an account on GitHub.
Unraveling the techniques of Mac ransomware
https://ift.tt/5anlUT2
Submitted January 05, 2023 at 11:04PM by SCI_Rusher
via reddit https://ift.tt/WJLfjCT
https://ift.tt/5anlUT2
Submitted January 05, 2023 at 11:04PM by SCI_Rusher
via reddit https://ift.tt/WJLfjCT
Announcing the Ronin 2.0.0 Open Beta
https://ift.tt/3Pkcbdm
Submitted January 06, 2023 at 11:32AM by postmodern
via reddit https://ift.tt/DCVqvoX
https://ift.tt/3Pkcbdm
Submitted January 06, 2023 at 11:32AM by postmodern
via reddit https://ift.tt/DCVqvoX
Variant analysis of CVE-2022-3515 affecting libksba, which resulted in CVE-2022-47629
https://ift.tt/HzoL91x
Submitted January 06, 2023 at 12:39PM by Gallus
via reddit https://ift.tt/FwVkfh2
https://ift.tt/HzoL91x
Submitted January 06, 2023 at 12:39PM by Gallus
via reddit https://ift.tt/FwVkfh2
GitHub
publications/CVE-2022-47629.md at master · elttam/publications
Contribute to elttam/publications development by creating an account on GitHub.
Announcing the Ronin 2.0.0 Open Beta. Ronin is a free and Open Source Ruby toolkit for security research and development.
https://ift.tt/3Pkcbdm
Submitted January 06, 2023 at 12:27PM by postmodern
via reddit https://ift.tt/5sXJw2x
https://ift.tt/3Pkcbdm
Submitted January 06, 2023 at 12:27PM by postmodern
via reddit https://ift.tt/5sXJw2x
reddit
Announcing the Ronin 2.0.0 Open Beta. Ronin is a free and Open...
Posted in r/netsec by u/postmodern • 0 points and 1 comment
SoftICE-like kernel debugger for Windows 11
https://ift.tt/UWIiHsk
Submitted January 05, 2023 at 12:02AM by vplanta
via reddit https://ift.tt/Fz5c9Wm
https://ift.tt/UWIiHsk
Submitted January 05, 2023 at 12:02AM by vplanta
via reddit https://ift.tt/Fz5c9Wm
GitHub
GitHub - vitoplantamura/BugChecker: SoftICE-like kernel debugger for Windows 11
SoftICE-like kernel debugger for Windows 11. Contribute to vitoplantamura/BugChecker development by creating an account on GitHub.
The Mac Malware of 2022
https://ift.tt/sE621yq
Submitted January 06, 2023 at 07:04PM by KolideKenny
via reddit https://ift.tt/735XPku
https://ift.tt/sE621yq
Submitted January 06, 2023 at 07:04PM by KolideKenny
via reddit https://ift.tt/735XPku
objective-see.org
The Mac Malware of 2022 👾
A comprehensive analysis of the year's new malware
How the Lastpass Breach affects Lastpass SSO
https://ift.tt/3IDCOKf
Submitted January 06, 2023 at 09:46PM by csanders_
via reddit https://ift.tt/bsEaMnF
https://ift.tt/3IDCOKf
Submitted January 06, 2023 at 09:46PM by csanders_
via reddit https://ift.tt/bsEaMnF
Medium
How the Lastpass Breach affects Lastpass SSO
Every week, almost without fail, I come across one thing that confuses, entertains, or most commonly infuriates me. I’ve decided to keep a…
Fetch Diversion
https://ift.tt/8laehMU
Submitted January 06, 2023 at 09:34PM by albinowax
via reddit https://ift.tt/jcoQOyP
https://ift.tt/8laehMU
Submitted January 06, 2023 at 09:34PM by albinowax
via reddit https://ift.tt/jcoQOyP
acut3
Fetch Diversion
API calls and requests for resources can sometimes be diverted toward a different endpoint on the same host, potentially resulting in DOM XSS’s that would otherwise be impossible to trigger, or other types of client-side vulnerabilities.
Latest activity from Turla {Mandiant}
https://ift.tt/h1In7OR
Submitted January 06, 2023 at 10:41PM by EspoJ
via reddit https://ift.tt/YikbEHa
https://ift.tt/h1In7OR
Submitted January 06, 2023 at 10:41PM by EspoJ
via reddit https://ift.tt/YikbEHa
Mandiant
Turla: A Galaxy of Opportunity | Mandiant