Gartner Peer Insights widget - postMessage DOM XSS vulnerability
https://ift.tt/Fd819fH
Submitted February 04, 2023 at 04:31AM by Gallus
via reddit https://ift.tt/BlmPQSx
https://ift.tt/Fd819fH
Submitted February 04, 2023 at 04:31AM by Gallus
via reddit https://ift.tt/BlmPQSx
DoS and arbitrary file read in (ImageMagick: The hidden vulnerability behind your online images)
https://ift.tt/Xygx6Na
Submitted February 05, 2023 at 03:41AM by Mini_True
via reddit https://ift.tt/Sm3ViNE
https://ift.tt/Xygx6Na
Submitted February 05, 2023 at 03:41AM by Mini_True
via reddit https://ift.tt/Sm3ViNE
Linux Privilege Escalation: DirtyPipe (CVE 2022-0847)
https://ift.tt/C4lF5mU
Submitted February 05, 2023 at 09:28AM by glum-platimium
via reddit https://ift.tt/fTxcy5S
https://ift.tt/C4lF5mU
Submitted February 05, 2023 at 09:28AM by glum-platimium
via reddit https://ift.tt/fTxcy5S
Codelivly
Linux Privilege Escalation: DirtyPipe (CVE 2022-0847)
Max came to know of the vulnerability after he tried to resolve unprecedented CRC error in access logs
Reversing UK mobile rail tickets
https://ift.tt/0DSiPBa
Submitted February 05, 2023 at 10:58AM by Gallus
via reddit https://ift.tt/AtebC3w
https://ift.tt/0DSiPBa
Submitted February 05, 2023 at 10:58AM by Gallus
via reddit https://ift.tt/AtebC3w
eta.st
Reversing UK mobile rail tickets
The UK has used small credit-card sized tickets to pay for train travel for years and years, since long before I was born — originally theAPTIS ticket1,which...
"New Remote Job Board"
https://ift.tt/blZs7KX
Submitted February 05, 2023 at 04:25PM by Shazeb02
via reddit https://ift.tt/pfn3KWr
https://ift.tt/blZs7KX
Submitted February 05, 2023 at 04:25PM by Shazeb02
via reddit https://ift.tt/pfn3KWr
The Defender's Guide to OneNote MalDocs
https://ift.tt/nUuVGEQ
Submitted February 05, 2023 at 04:16PM by SuaveHobo
via reddit https://ift.tt/10Rp2TA
https://ift.tt/nUuVGEQ
Submitted February 05, 2023 at 04:16PM by SuaveHobo
via reddit https://ift.tt/10Rp2TA
Opalsec
The Defender's Guide to OneNote MalDocs
Who's abusing it, and how to mitigate it in your environment
CVE-2022-44268 - Arbitrary File Read PoC - PNG generator
https://ift.tt/Gm7ew2U
Submitted February 06, 2023 at 12:52AM by voidz0r
via reddit https://ift.tt/oNJ0tkA
https://ift.tt/Gm7ew2U
Submitted February 06, 2023 at 12:52AM by voidz0r
via reddit https://ift.tt/oNJ0tkA
GitHub
GitHub - voidz0r/CVE-2022-44268: A PoC for the CVE-2022-44268 - ImageMagick arbitrary file read
A PoC for the CVE-2022-44268 - ImageMagick arbitrary file read - GitHub - voidz0r/CVE-2022-44268: A PoC for the CVE-2022-44268 - ImageMagick arbitrary file read
StarHound - CLI tool for importing BloodHound's Active Directory and Azure data (for latest SharpHound/AzureHound data collectors)
https://ift.tt/IdnvG9K
Submitted February 05, 2023 at 05:26PM by malacupa
via reddit https://ift.tt/B8fAOUG
https://ift.tt/IdnvG9K
Submitted February 05, 2023 at 05:26PM by malacupa
via reddit https://ift.tt/B8fAOUG
malacupa.com
StarHound - CLI import tool for SharpHound/AzureHound data
StarHound - alternative tool to import SharpHound and AzureHound data into neo4j using CLI
Italy Takes Action Against Impending Global Cyberattack
https://ift.tt/x3Aj6P7
Submitted February 06, 2023 at 09:06PM by Damanjain
via reddit https://ift.tt/puV4US2
https://ift.tt/x3Aj6P7
Submitted February 06, 2023 at 09:06PM by Damanjain
via reddit https://ift.tt/puV4US2
The Buzz News
Italy Issues Global Cybersecurity Alert: Protect Your Systems Now!
Italy Cybersecurity Alert - Ransomware attacks have targeted thousands of computer servers worldwide. Hackers targeted VMware ESXi.
Hacking into Toyota's global supplier management network
https://ift.tt/P2c5thM
Submitted February 06, 2023 at 10:09PM by EatonZ
via reddit https://ift.tt/gkPBObt
https://ift.tt/P2c5thM
Submitted February 06, 2023 at 10:09PM by EatonZ
via reddit https://ift.tt/gkPBObt
Eaton-Works
Hacking into Toyota’s global supplier management network
Inside an exploit that allowed logging in to Toyota’s GSPIMS application as any user, including system admins.
SimpleX Chat – the 1st messenger without user IDs (not even random numbers) – v4.5 released with multiple user profiles and transport isolation!
https://ift.tt/resz3BS
Submitted February 07, 2023 at 01:26AM by epoberezkin
via reddit https://ift.tt/2PgvGSl
https://ift.tt/resz3BS
Submitted February 07, 2023 at 01:26AM by epoberezkin
via reddit https://ift.tt/2PgvGSl
simplex.chat
SimpleX Chat v4.5 released – with multiple chat profiles, message draft, transport isolation and Italian language!
I Built a Self-Destructing USB Drive Part 3
https://ift.tt/juzhJye
Submitted February 07, 2023 at 09:22AM by Machinehum
via reddit https://ift.tt/Kxmywaz
https://ift.tt/juzhJye
Submitted February 07, 2023 at 09:22AM by Machinehum
via reddit https://ift.tt/Kxmywaz
Interrupt Labs Blog
I Built a Self-Destructing USB Drive Part 3
I’m building an open-source USB drive with a hidden self-destruct feature. Say goodbye to your data if you don’t lick your fingers before plugging it
NETGEAR Nighthawk upnpd Pre-authentication Buffer Overflow
https://ift.tt/FilUNcg
Submitted February 07, 2023 at 03:25PM by luci_morningstart
via reddit https://ift.tt/d9otKpL
https://ift.tt/FilUNcg
Submitted February 07, 2023 at 03:25PM by luci_morningstart
via reddit https://ift.tt/d9otKpL
Tracing the Linux kernel using Exein Pulsar: a 5 Minute Tutorial
https://ift.tt/A4RtpC6
Submitted February 07, 2023 at 08:29PM by hdtrinh
via reddit https://ift.tt/B1WvhA6
https://ift.tt/A4RtpC6
Submitted February 07, 2023 at 08:29PM by hdtrinh
via reddit https://ift.tt/B1WvhA6
blog.exein.io
Tracing the Linux kernel using Exein Pulsar: a 5 Minute Tutorial | Exein Blog
Cover image
A Detailed Analysis of a New Stealer called Stealerium
https://ift.tt/IqfBdrJ
Submitted February 07, 2023 at 08:27PM by CyberMasterV
via reddit https://ift.tt/Mr7ViHQ
https://ift.tt/IqfBdrJ
Submitted February 07, 2023 at 08:27PM by CyberMasterV
via reddit https://ift.tt/Mr7ViHQ
Security Scorecard
[Whitepaper] A Detailed Analysis Of A New Stealer Called Stealerium
Discovering a weakness leading to a partial bypass of the login rate limiting in the AWS Console
https://ift.tt/SeULhGb
Submitted February 07, 2023 at 09:44PM by thorn42
via reddit https://ift.tt/EXlrA5o
https://ift.tt/SeULhGb
Submitted February 07, 2023 at 09:44PM by thorn42
via reddit https://ift.tt/EXlrA5o
Datadoghq
Discovering a weakness leading to a partial bypass of the login rate limiting in the AWS Console
In this post, we discuss a weakness we discovered in the AWS Console authentication flow that allowed an attacker to partially bypass the login rate limit.
GitHub - mazen160/secrets-patterns-db: Secrets Patterns DB: A comprehensive open-source regex database for secret detection.
https://ift.tt/6IWtvPk
Submitted February 07, 2023 at 09:54PM by mazen160
via reddit https://ift.tt/sIVtCpQ
https://ift.tt/6IWtvPk
Submitted February 07, 2023 at 09:54PM by mazen160
via reddit https://ift.tt/sIVtCpQ
GitHub
GitHub - mazen160/secrets-patterns-db: Secrets Patterns DB: The largest open-source Database for detecting secrets, API keys, passwords…
Secrets Patterns DB: The largest open-source Database for detecting secrets, API keys, passwords, tokens, and more. - GitHub - mazen160/secrets-patterns-db: Secrets Patterns DB: The largest open-so...
Post-Exploitation: Abusing the KeePass Plugin Cache
https://ift.tt/KJV0v2H
Submitted February 07, 2023 at 11:57PM by guedou
via reddit https://ift.tt/M4eDGlU
https://ift.tt/KJV0v2H
Submitted February 07, 2023 at 11:57PM by guedou
via reddit https://ift.tt/M4eDGlU
Quarkslab
Post-Exploitation: Abusing the KeePass Plugin Cache
🔑 Introducing Matano Identity Data Lake for Open Source Cloud-Native SIEM!
https://ift.tt/0uIX5UH
Submitted February 08, 2023 at 01:11AM by shaeqahmed
via reddit https://ift.tt/EH61jAG
https://ift.tt/0uIX5UH
Submitted February 08, 2023 at 01:11AM by shaeqahmed
via reddit https://ift.tt/EH61jAG
www.matano.dev
Matano adds Identity Data Lake | Matano
We're adding support for pulling logs and enrichment data from identity and auth sources to your Matano data lake. This means you can query failed/successful sign-in attempts, view audit logs, and query user information from popular SaaS sources directly…
Recovery noscript for ESXiArgs ransomware
https://ift.tt/qAp2ojD
Submitted February 08, 2023 at 06:06AM by YogiBerra88888
via reddit https://ift.tt/aLZX2q3
https://ift.tt/qAp2ojD
Submitted February 08, 2023 at 06:06AM by YogiBerra88888
via reddit https://ift.tt/aLZX2q3
GitHub
GitHub - cisagov/ESXiArgs-Recover: A tool to recover from ESXiArgs ransomware
A tool to recover from ESXiArgs ransomware. Contribute to cisagov/ESXiArgs-Recover development by creating an account on GitHub.
Dota 2 Under Attack: How a V8 Bug Was Exploited in the Game
https://ift.tt/fxTBtmb
Submitted February 08, 2023 at 03:30PM by stashing_the_smack
via reddit https://ift.tt/bnLPGZ1
https://ift.tt/fxTBtmb
Submitted February 08, 2023 at 03:30PM by stashing_the_smack
via reddit https://ift.tt/bnLPGZ1
Avast Threat Labs
Dota 2 Under Attack: How a V8 Bug Was Exploited in the Game - Avast Threat Labs
Avast discovered an exploit for CVE-2021-38003 was used in the wild to attack Dota 2 players. This exploit achieved remote code execution on other players' machines by taking advantage of Dota's usage of an outdated V8 version. In response to Avast's findings…