TC39 proposal for mitigating prototype pollution
https://ift.tt/hz4Hvwu
Submitted February 03, 2023 at 06:12AM by Gallus
via reddit https://ift.tt/Kt49bXx
https://ift.tt/hz4Hvwu
Submitted February 03, 2023 at 06:12AM by Gallus
via reddit https://ift.tt/Kt49bXx
GitHub
GitHub - tc39/proposal-symbol-proto: TC39 proposal for mitigating prototype pollution
TC39 proposal for mitigating prototype pollution. Contribute to tc39/proposal-symbol-proto development by creating an account on GitHub.
Adobe Acrobat Reader - resetForm - CAgg UaF - RCE Exploit - CVE-2023-21608
https://ift.tt/soxF1zf
Submitted February 03, 2023 at 08:28AM by hacksysteam
via reddit https://ift.tt/5cuPbp1
https://ift.tt/soxF1zf
Submitted February 03, 2023 at 08:28AM by hacksysteam
via reddit https://ift.tt/5cuPbp1
HackSys Inc
Pre-Auth RCE in Aspera Faspex: Case Guide for Auditing Ruby on Rails
https://ift.tt/SsN6p7v
Submitted February 03, 2023 at 08:21AM by Mempodipper
via reddit https://ift.tt/zbposvJ
https://ift.tt/SsN6p7v
Submitted February 03, 2023 at 08:21AM by Mempodipper
via reddit https://ift.tt/zbposvJ
Assetnote
Pre-Auth RCE in Aspera Faspex: Case Guide for Auditing Ruby on Rails
Application security issues found by Assetnote
PixPirate: a new Brazilian Banking Trojan | Cleafy LABS
https://ift.tt/3IZYFH7
Submitted February 03, 2023 at 08:08PM by f3d_0x0
via reddit https://ift.tt/7MeVK9O
https://ift.tt/3IZYFH7
Submitted February 03, 2023 at 08:08PM by f3d_0x0
via reddit https://ift.tt/7MeVK9O
Cleafy
PixPirate: a new Brazilian Banking Trojan | Cleafy LABS
Learn about PixPirate, the new Android banking trojan discovered by Cleafy TIR. This malware uses ATS to automate malicious money transfers via the Pix payment platform used by multiple Brazilian banks. Discover its features, including interception of banking…
How to Develop Intuition for Security Research: Apply the Scientific Method
https://ift.tt/9wLZIjo
Submitted February 03, 2023 at 09:20PM by crypt_keepr
via reddit https://ift.tt/mdu8b2U
https://ift.tt/9wLZIjo
Submitted February 03, 2023 at 09:20PM by crypt_keepr
via reddit https://ift.tt/mdu8b2U
Research Innovations
How to Develop Intuition for Security Research: Apply the Scientific Method
Intuition plays a prominent role in security research. It guides a researcher’s thought process to determine how to prioritize system components for analysis. What is the source of intuition? Can its source be defined and systematized so new researchers can…
Gartner Peer Insights widget - postMessage DOM XSS vulnerability
https://ift.tt/Fd819fH
Submitted February 04, 2023 at 04:31AM by Gallus
via reddit https://ift.tt/BlmPQSx
https://ift.tt/Fd819fH
Submitted February 04, 2023 at 04:31AM by Gallus
via reddit https://ift.tt/BlmPQSx
DoS and arbitrary file read in (ImageMagick: The hidden vulnerability behind your online images)
https://ift.tt/Xygx6Na
Submitted February 05, 2023 at 03:41AM by Mini_True
via reddit https://ift.tt/Sm3ViNE
https://ift.tt/Xygx6Na
Submitted February 05, 2023 at 03:41AM by Mini_True
via reddit https://ift.tt/Sm3ViNE
Linux Privilege Escalation: DirtyPipe (CVE 2022-0847)
https://ift.tt/C4lF5mU
Submitted February 05, 2023 at 09:28AM by glum-platimium
via reddit https://ift.tt/fTxcy5S
https://ift.tt/C4lF5mU
Submitted February 05, 2023 at 09:28AM by glum-platimium
via reddit https://ift.tt/fTxcy5S
Codelivly
Linux Privilege Escalation: DirtyPipe (CVE 2022-0847)
Max came to know of the vulnerability after he tried to resolve unprecedented CRC error in access logs
Reversing UK mobile rail tickets
https://ift.tt/0DSiPBa
Submitted February 05, 2023 at 10:58AM by Gallus
via reddit https://ift.tt/AtebC3w
https://ift.tt/0DSiPBa
Submitted February 05, 2023 at 10:58AM by Gallus
via reddit https://ift.tt/AtebC3w
eta.st
Reversing UK mobile rail tickets
The UK has used small credit-card sized tickets to pay for train travel for years and years, since long before I was born — originally theAPTIS ticket1,which...
"New Remote Job Board"
https://ift.tt/blZs7KX
Submitted February 05, 2023 at 04:25PM by Shazeb02
via reddit https://ift.tt/pfn3KWr
https://ift.tt/blZs7KX
Submitted February 05, 2023 at 04:25PM by Shazeb02
via reddit https://ift.tt/pfn3KWr
The Defender's Guide to OneNote MalDocs
https://ift.tt/nUuVGEQ
Submitted February 05, 2023 at 04:16PM by SuaveHobo
via reddit https://ift.tt/10Rp2TA
https://ift.tt/nUuVGEQ
Submitted February 05, 2023 at 04:16PM by SuaveHobo
via reddit https://ift.tt/10Rp2TA
Opalsec
The Defender's Guide to OneNote MalDocs
Who's abusing it, and how to mitigate it in your environment
CVE-2022-44268 - Arbitrary File Read PoC - PNG generator
https://ift.tt/Gm7ew2U
Submitted February 06, 2023 at 12:52AM by voidz0r
via reddit https://ift.tt/oNJ0tkA
https://ift.tt/Gm7ew2U
Submitted February 06, 2023 at 12:52AM by voidz0r
via reddit https://ift.tt/oNJ0tkA
GitHub
GitHub - voidz0r/CVE-2022-44268: A PoC for the CVE-2022-44268 - ImageMagick arbitrary file read
A PoC for the CVE-2022-44268 - ImageMagick arbitrary file read - GitHub - voidz0r/CVE-2022-44268: A PoC for the CVE-2022-44268 - ImageMagick arbitrary file read
StarHound - CLI tool for importing BloodHound's Active Directory and Azure data (for latest SharpHound/AzureHound data collectors)
https://ift.tt/IdnvG9K
Submitted February 05, 2023 at 05:26PM by malacupa
via reddit https://ift.tt/B8fAOUG
https://ift.tt/IdnvG9K
Submitted February 05, 2023 at 05:26PM by malacupa
via reddit https://ift.tt/B8fAOUG
malacupa.com
StarHound - CLI import tool for SharpHound/AzureHound data
StarHound - alternative tool to import SharpHound and AzureHound data into neo4j using CLI
Italy Takes Action Against Impending Global Cyberattack
https://ift.tt/x3Aj6P7
Submitted February 06, 2023 at 09:06PM by Damanjain
via reddit https://ift.tt/puV4US2
https://ift.tt/x3Aj6P7
Submitted February 06, 2023 at 09:06PM by Damanjain
via reddit https://ift.tt/puV4US2
The Buzz News
Italy Issues Global Cybersecurity Alert: Protect Your Systems Now!
Italy Cybersecurity Alert - Ransomware attacks have targeted thousands of computer servers worldwide. Hackers targeted VMware ESXi.
Hacking into Toyota's global supplier management network
https://ift.tt/P2c5thM
Submitted February 06, 2023 at 10:09PM by EatonZ
via reddit https://ift.tt/gkPBObt
https://ift.tt/P2c5thM
Submitted February 06, 2023 at 10:09PM by EatonZ
via reddit https://ift.tt/gkPBObt
Eaton-Works
Hacking into Toyota’s global supplier management network
Inside an exploit that allowed logging in to Toyota’s GSPIMS application as any user, including system admins.
SimpleX Chat – the 1st messenger without user IDs (not even random numbers) – v4.5 released with multiple user profiles and transport isolation!
https://ift.tt/resz3BS
Submitted February 07, 2023 at 01:26AM by epoberezkin
via reddit https://ift.tt/2PgvGSl
https://ift.tt/resz3BS
Submitted February 07, 2023 at 01:26AM by epoberezkin
via reddit https://ift.tt/2PgvGSl
simplex.chat
SimpleX Chat v4.5 released – with multiple chat profiles, message draft, transport isolation and Italian language!
I Built a Self-Destructing USB Drive Part 3
https://ift.tt/juzhJye
Submitted February 07, 2023 at 09:22AM by Machinehum
via reddit https://ift.tt/Kxmywaz
https://ift.tt/juzhJye
Submitted February 07, 2023 at 09:22AM by Machinehum
via reddit https://ift.tt/Kxmywaz
Interrupt Labs Blog
I Built a Self-Destructing USB Drive Part 3
I’m building an open-source USB drive with a hidden self-destruct feature. Say goodbye to your data if you don’t lick your fingers before plugging it
NETGEAR Nighthawk upnpd Pre-authentication Buffer Overflow
https://ift.tt/FilUNcg
Submitted February 07, 2023 at 03:25PM by luci_morningstart
via reddit https://ift.tt/d9otKpL
https://ift.tt/FilUNcg
Submitted February 07, 2023 at 03:25PM by luci_morningstart
via reddit https://ift.tt/d9otKpL
Tracing the Linux kernel using Exein Pulsar: a 5 Minute Tutorial
https://ift.tt/A4RtpC6
Submitted February 07, 2023 at 08:29PM by hdtrinh
via reddit https://ift.tt/B1WvhA6
https://ift.tt/A4RtpC6
Submitted February 07, 2023 at 08:29PM by hdtrinh
via reddit https://ift.tt/B1WvhA6
blog.exein.io
Tracing the Linux kernel using Exein Pulsar: a 5 Minute Tutorial | Exein Blog
Cover image
A Detailed Analysis of a New Stealer called Stealerium
https://ift.tt/IqfBdrJ
Submitted February 07, 2023 at 08:27PM by CyberMasterV
via reddit https://ift.tt/Mr7ViHQ
https://ift.tt/IqfBdrJ
Submitted February 07, 2023 at 08:27PM by CyberMasterV
via reddit https://ift.tt/Mr7ViHQ
Security Scorecard
[Whitepaper] A Detailed Analysis Of A New Stealer Called Stealerium
Discovering a weakness leading to a partial bypass of the login rate limiting in the AWS Console
https://ift.tt/SeULhGb
Submitted February 07, 2023 at 09:44PM by thorn42
via reddit https://ift.tt/EXlrA5o
https://ift.tt/SeULhGb
Submitted February 07, 2023 at 09:44PM by thorn42
via reddit https://ift.tt/EXlrA5o
Datadoghq
Discovering a weakness leading to a partial bypass of the login rate limiting in the AWS Console
In this post, we discuss a weakness we discovered in the AWS Console authentication flow that allowed an attacker to partially bypass the login rate limit.