Cacti: Unauthenticated Remote Code Execution (CVE-2022-46169)
https://ift.tt/BUxzjQ9
Submitted January 11, 2023 at 05:28AM by monoimpact
via reddit https://ift.tt/hcIzBt2
https://ift.tt/BUxzjQ9
Submitted January 11, 2023 at 05:28AM by monoimpact
via reddit https://ift.tt/hcIzBt2
Sonarsource
Cacti: Unauthenticated Remote Code Execution
Learn how we discovered a critical vulnerability in Cacti with the help of SonarCloud.
How to find a Google account with a phone number
https://ift.tt/HURL6Mo
Submitted January 11, 2023 at 05:03AM by Gallus
via reddit https://ift.tt/ZmLdTp3
https://ift.tt/HURL6Mo
Submitted January 11, 2023 at 05:03AM by Gallus
via reddit https://ift.tt/ZmLdTp3
Aware Online Academy
How can I find a Google account with a phone number?
In this blog you can read how you can find a Google account (GAIA ID) of a user using a phone number (and/or email address)
SANS Christmas Challenge 2022 - Write-up
https://ift.tt/M3ynXSr
Submitted January 11, 2023 at 02:53PM by the-useless-one
via reddit https://ift.tt/7s3RPQh
https://ift.tt/M3ynXSr
Submitted January 11, 2023 at 02:53PM by the-useless-one
via reddit https://ift.tt/7s3RPQh
Legitify supports scanning GitLab for security misconfigurations and best practices
https://ift.tt/XZSkcTo
Submitted January 11, 2023 at 05:54PM by dotanoam
via reddit https://ift.tt/H3d6PZI
https://ift.tt/XZSkcTo
Submitted January 11, 2023 at 05:54PM by dotanoam
via reddit https://ift.tt/H3d6PZI
GitHub
Release v0.2.0 · Legit-Labs/legitify
Main Features:
Support for: GitHub Enterprise Server, GitLab Server, and GitLab Cloud
Added Legitify Custom GitHub Actions to ease Legitify CI/CD Automation
Changelog
bcf0773 feat: generalized S...
Support for: GitHub Enterprise Server, GitLab Server, and GitLab Cloud
Added Legitify Custom GitHub Actions to ease Legitify CI/CD Automation
Changelog
bcf0773 feat: generalized S...
T95 Allwinner T616 Malware Analysis - "Pre-owned" Android TV Device
https://ift.tt/Uq5FPc0
Submitted January 12, 2023 at 02:03AM by sanitybit
via reddit https://ift.tt/nv0G9Jg
https://ift.tt/Uq5FPc0
Submitted January 12, 2023 at 02:03AM by sanitybit
via reddit https://ift.tt/nv0G9Jg
GitHub
GitHub - DesktopECHO/T95-H616-Malware: "Pre-Owned" malware in ROM on T95 Android TV Box (AllWinner H616)
"Pre-Owned" malware in ROM on T95 Android TV Box (AllWinner H616) - GitHub - DesktopECHO/T95-H616-Malware: "Pre-Owned" malware in ROM on T95 Android TV Box (AllWinner H616)
Exfiltration Over a Blocked Port on a Next-Gen Firewall
https://ift.tt/fUmqaGz
Submitted January 12, 2023 at 02:37PM by cuptugout
via reddit https://ift.tt/OtUCM2b
https://ift.tt/fUmqaGz
Submitted January 12, 2023 at 02:37PM by cuptugout
via reddit https://ift.tt/OtUCM2b
Cymulate
Exfiltration Over a Blocked Port on a Next-Gen Firewall
How Does Cymulate Assess for Data Exfiltration? Learn more in this blog post by security advisor David Kellerman.
Avoiding API Key Exposures: The Importance of Strong Fundamentals and the Limitations of AI
https://tg12.github.io/
Submitted January 12, 2023 at 09:28PM by DevOpsMuffin39
via reddit https://ift.tt/epsV2tf
https://tg12.github.io/
Submitted January 12, 2023 at 09:28PM by DevOpsMuffin39
via reddit https://ift.tt/epsV2tf
reddit
Avoiding API Key Exposures: The Importance of Strong Fundamentals...
Posted in r/netsec by u/DevOpsMuffin39 • 1 point and 0 comments
Keeping the wolves out of wolfSSL (Protocol Fuzzing)
https://ift.tt/h7HCIGK
Submitted January 13, 2023 at 01:33AM by maxammann
via reddit https://ift.tt/O9USPh7
https://ift.tt/h7HCIGK
Submitted January 13, 2023 at 01:33AM by maxammann
via reddit https://ift.tt/O9USPh7
Trail of Bits Blog
Keeping the wolves out of wolfSSL
By Max Ammann Trail of Bits is publicly disclosing four vulnerabilities that affect wolfSSL: CVE-2022-38152, CVE-2022-38153, CVE-2022-39173, and CVE-2022-42905. The four issues, which have CVSS sco…
List of git commits before and after a security audit
https://ift.tt/MG3AVgk
Submitted January 13, 2023 at 02:29AM by kruksym
via reddit https://ift.tt/d58VE4O
https://ift.tt/MG3AVgk
Submitted January 13, 2023 at 02:29AM by kruksym
via reddit https://ift.tt/d58VE4O
GraphQL exploitation – All you need to know – Cybervelia
https://ift.tt/lILWoxS
Submitted January 13, 2023 at 02:28AM by Necessary-Reality-80
via reddit https://ift.tt/SLsfWgA
https://ift.tt/lILWoxS
Submitted January 13, 2023 at 02:28AM by Necessary-Reality-80
via reddit https://ift.tt/SLsfWgA
Cybervelia
GraphQL exploitation – The ultimate guide
So you are a tester and you would like to know more about GraphQL Testing.
Bad things come in large packages: .pkg signature verification bypass on macOS
https://ift.tt/m7BK9nM
Submitted January 13, 2023 at 03:39PM by xnyhps
via reddit https://ift.tt/EsJ1GlY
https://ift.tt/m7BK9nM
Submitted January 13, 2023 at 03:39PM by xnyhps
via reddit https://ift.tt/EsJ1GlY
sector7.computest.nl
Bad things come in large packages: .pkg signature verification bypass on macOS
Code signing of applications is an essential element of macOS security. Besides signing applications, it is also possible to sign installer packages (.pkg files). During a short review of the xar source code, we found a vulnerability (CVE-2022-42841) that…
Crassus: Windows privilege escalation discovery tool
https://ift.tt/5BpuRQl
Submitted January 13, 2023 at 07:51PM by Fugitif
via reddit https://ift.tt/el0hwB4
https://ift.tt/5BpuRQl
Submitted January 13, 2023 at 07:51PM by Fugitif
via reddit https://ift.tt/el0hwB4
GitHub
GitHub - vu-ls/Crassus
Contribute to vu-ls/Crassus development by creating an account on GitHub.
Clear communication is crucial: why writing effective vulnerability reports matters
https://ift.tt/MQqmK3Y
Submitted January 13, 2023 at 07:44PM by glum-platimium
via reddit https://ift.tt/Bos83bv
https://ift.tt/MQqmK3Y
Submitted January 13, 2023 at 07:44PM by glum-platimium
via reddit https://ift.tt/Bos83bv
How to use Open Source CloudQuery for Attack Surface Management and Graph Visualization for Cloud and AWS | CloudQuery
https://ift.tt/tbJuToS
Submitted January 13, 2023 at 07:31PM by jsonpile
via reddit https://ift.tt/k1FauPV
https://ift.tt/tbJuToS
Submitted January 13, 2023 at 07:31PM by jsonpile
via reddit https://ift.tt/k1FauPV
www.cloudquery.io
CloudQuery Blog | How to Build an Open Source ASM for Attack Surface Management with CloudQuery and Neo4j
How to Build an Open Source ASM for Attack Surface Management with CloudQuery and Neo4j, including pre-built queries and views.
🚀 Announcing Matano + Suricata: Build your own Security Data Lake on AWS using Suricata Logs
https://ift.tt/8ZDrzJt
Submitted January 13, 2023 at 08:49PM by shaeqahmed
via reddit https://ift.tt/ybB5hn6
https://ift.tt/8ZDrzJt
Submitted January 13, 2023 at 08:49PM by shaeqahmed
via reddit https://ift.tt/ybB5hn6
www.matano.dev
Adding Suricata Support to Matano | Matano
We're excited to announce that Matano now supports managed log sources from Suricata. This means that you can easily ingest and analyze your network activity logs and alerts from Suricata into your Matano security lake without having to define any schemas…
Announcing a stable release of sigstore-python
https://ift.tt/ui0Zl3Y
Submitted January 13, 2023 at 08:39PM by yossarian_flew_away
via reddit https://ift.tt/nfWsHe5
https://ift.tt/ui0Zl3Y
Submitted January 13, 2023 at 08:39PM by yossarian_flew_away
via reddit https://ift.tt/nfWsHe5
Trail of Bits Blog
Announcing a stable release of sigstore-python
By William Woodruff Read the official announcement on the Sigstore blog as well! Trail of Bits is thrilled to announce the first stable release of sigstore-python, a client implementation of Sigsto…
A Public Git repository & misconfiguration detection tool
https://ift.tt/LKyZWNk
Submitted January 14, 2023 at 01:31AM by nicksthehacker_
via reddit https://ift.tt/16hbVEN
https://ift.tt/LKyZWNk
Submitted January 14, 2023 at 01:31AM by nicksthehacker_
via reddit https://ift.tt/16hbVEN
GitHub
GitHub - boringtools/git-alerts: A Public Git repository & misconfiguration detection tool
A Public Git repository & misconfiguration detection tool - GitHub - boringtools/git-alerts: A Public Git repository & misconfiguration detection tool
Load testing private endpoints
https://ift.tt/QnT9HYL
Submitted January 14, 2023 at 02:51AM by krstCB
via reddit https://ift.tt/qAUkBEV
https://ift.tt/QnT9HYL
Submitted January 14, 2023 at 02:51AM by krstCB
via reddit https://ift.tt/qAUkBEV
Getanteon
Testing the Performance of User Authentication Flow
Explore how to thoroughly test the performance of user authentication flows
CircleCI incident report for January 4, 2023 security incident
https://ift.tt/iH8gqXe
Submitted January 14, 2023 at 03:56AM by baty0man_
via reddit https://ift.tt/Fzt9qdG
https://ift.tt/iH8gqXe
Submitted January 14, 2023 at 03:56AM by baty0man_
via reddit https://ift.tt/Fzt9qdG
CircleCI
CircleCI incident report for January 4, 2023 security incident
Read the complete incident report from CircleCI’s January 4, 2023 security alert.
santa-linux: a proof of concept binary authorization system for linux, based on Google's Santa
https://ift.tt/GUPxHnd
Submitted January 14, 2023 at 10:19PM by ahigherporpoise
via reddit https://ift.tt/bTnECXy
https://ift.tt/GUPxHnd
Submitted January 14, 2023 at 10:19PM by ahigherporpoise
via reddit https://ift.tt/bTnECXy
GitHub
GitHub - mellow-hype/santa-linux: A proof-of-concept Linux clone of Santa, Google's binary authorization system for macOS
A proof-of-concept Linux clone of Santa, Google's binary authorization system for macOS - GitHub - mellow-hype/santa-linux: A proof-of-concept Linux clone of Santa, Google's binary ...
Impact of the CircleCI Security Incident on the Datadog Agent
https://ift.tt/e87yTsx
Submitted January 14, 2023 at 11:59PM by dlorenc
via reddit https://ift.tt/9wTuo6P
https://ift.tt/e87yTsx
Submitted January 14, 2023 at 11:59PM by dlorenc
via reddit https://ift.tt/9wTuo6P
Datadog Infrastructure and Application Monitoring
Impact of the CircleCI Security Incident on the Datadog Agent
Datadog, the leading service for cloud-scale monitoring.