Post Account Takeover? Account Takeover of Internal Tesla Accounts
https://ift.tt/VLYbOvp
Submitted April 05, 2023 at 02:11AM by techdash
via reddit https://ift.tt/JQUqKTL
https://ift.tt/VLYbOvp
Submitted April 05, 2023 at 02:11AM by techdash
via reddit https://ift.tt/JQUqKTL
Medium
Post Account Takeover? Account Takeover of Internal Tesla Accounts
In testing various Tesla web applications as part of the Tesla Bug Bounty Program, I’ve created many Tesla user accounts. At some point…
We put GPT-4 in Semgrep to point out false positives & fix code
https://ift.tt/ofKYTJr
Submitted April 05, 2023 at 03:47AM by pabloest
via reddit https://ift.tt/jGQZ7AB
https://ift.tt/ofKYTJr
Submitted April 05, 2023 at 03:47AM by pabloest
via reddit https://ift.tt/jGQZ7AB
We put GPT-4 in Semgrep to point out false positives & fix code
Semgrep is a code search tool many use for security scanning (SAST). We added GPT-4 to our cloud service to ask which Semgrep findings matter before we notify developers, and on our internal projects, it seemed to reason well about this task. We also tried…
The Current State of Security • Eleanor Saitta & Aino Vonge Corry [Podcast]
https://ift.tt/Ij2XsV0
Submitted April 05, 2023 at 12:46PM by goto-con
via reddit https://ift.tt/TWzrcxE
https://ift.tt/Ij2XsV0
Submitted April 05, 2023 at 12:46PM by goto-con
via reddit https://ift.tt/TWzrcxE
UI Best Practices for Password Manager Compatibility and Embracing Passwordless Security
https://ift.tt/xiRFTQm
Submitted April 05, 2023 at 02:40PM by agesdear
via reddit https://ift.tt/7yjxhmQ
https://ift.tt/xiRFTQm
Submitted April 05, 2023 at 02:40PM by agesdear
via reddit https://ift.tt/7yjxhmQ
Medium
UI Best Practices for Password Manager Compatibility and Embracing Passwordless Security
As user security continues to be a top priority in the digital age, it is essential for applications and companies to not only allow…
The Uninvited Guest: IDORs, Garage Doors, and Stolen Secrets
https://ift.tt/D2wpVcl
Submitted April 05, 2023 at 05:05PM by uniqualykerd
via reddit https://ift.tt/a1FYqjp
https://ift.tt/D2wpVcl
Submitted April 05, 2023 at 05:05PM by uniqualykerd
via reddit https://ift.tt/a1FYqjp
Medium
The Uninvited Guest: IDORs, Garage Doors, and Stolen Secrets
Uncovering Critical Security Flaws in Nexx’s Smart Devices: Garage Doors, Alarms, and Plugs at Risk
CVE-2023-23397: Microsoft Outlook Elevation of Privilege Vulnerability
https://ift.tt/qyptO0A
Submitted April 05, 2023 at 06:41PM by securitinerd
via reddit https://ift.tt/GzgqEPi
https://ift.tt/qyptO0A
Submitted April 05, 2023 at 06:41PM by securitinerd
via reddit https://ift.tt/GzgqEPi
DARKRELAY
CVE-2023-23397: Microsoft Outlook Elevation of Privilege Vulnerability
Introduction On the latest Patch Tuesday, Microsoft released 83 security fixes, one of which is the "CVE-2023-23397" vulnerability that affects all versions of the Outlook desktop app on Windows systems. However, this vulnerability does not impact the Outlook…
Operation Cookie Monster took down the cookie marketplace Genesis
https://ift.tt/UnmGFy2
Submitted April 05, 2023 at 08:20PM by tysonsw
via reddit https://ift.tt/UZ5hlBi
https://ift.tt/UnmGFy2
Submitted April 05, 2023 at 08:20PM by tysonsw
via reddit https://ift.tt/UZ5hlBi
Troy Hunt
Seized Genesis Market Data is Now Searchable in Have I Been Pwned, Courtesy of the FBI and "Operation Cookie Monster"
A quick summary first before the details: This week, the FBI in cooperation with international law enforcement partners took down a notorious marketplace trading in stolen identity data in an effort they've named "Operation Cookie Monster". They've provided…
Announcing Kurl
https://ift.tt/p1bTKjC
Submitted April 06, 2023 at 03:26AM by gabriel_schneider
via reddit https://ift.tt/trAVkv5
https://ift.tt/p1bTKjC
Submitted April 06, 2023 at 03:26AM by gabriel_schneider
via reddit https://ift.tt/trAVkv5
GitHub
GitHub - gbrls/kurl: HTTP Requests for security researchers
HTTP Requests for security researchers. Contribute to gbrls/kurl development by creating an account on GitHub.
My mate created a game that teaches you how to jailbreak LLM models like ChatGPT
https://ift.tt/DyXPf6Z
Submitted April 06, 2023 at 06:07AM by hakluke
via reddit https://ift.tt/tKxD1vJ
https://ift.tt/DyXPf6Z
Submitted April 06, 2023 at 06:07AM by hakluke
via reddit https://ift.tt/tKxD1vJ
Doublespeak.chat
A text-based AI escape game by Forces Unseen.
CyberGhostVPN Linux client vulnerable to MITM, RCE, LPE writeup
https://ift.tt/mzf3XCS
Submitted April 06, 2023 at 09:46AM by mmmds
via reddit https://ift.tt/Ds5aX3e
https://ift.tt/mzf3XCS
Submitted April 06, 2023 at 09:46AM by mmmds
via reddit https://ift.tt/Ds5aX3e
Technical analysis of the Genesis Market malware and tooling
https://ift.tt/vEYoK2r
Submitted April 06, 2023 at 02:30PM by xnyhps
via reddit https://ift.tt/GV8aT5l
https://ift.tt/vEYoK2r
Submitted April 06, 2023 at 02:30PM by xnyhps
via reddit https://ift.tt/GV8aT5l
sector7.computest.nl
Technical analysis of the Genesis Market
For the last couple of weeks we’ve assisted the Dutch police in investigating the Genesis Market. In case you are unfamiliar with this market, it was used to sell stolen login credentials, browser cookies and online fingerprints (in order to prevent ‘risky…
7 Questions and Answers about Firmware and Firmware Security
https://ift.tt/9ujEX6J
Submitted April 06, 2023 at 07:16PM by attilaszia
via reddit https://ift.tt/IALR6an
https://ift.tt/9ujEX6J
Submitted April 06, 2023 at 07:16PM by attilaszia
via reddit https://ift.tt/IALR6an
Bugprove
7 Questions and Answers about Firmware and Firmware Security
This all-inclusive article provides a complete overview of firmware, including how it works, common formats, and the importance plus mechanics of firmware security.
New Doyensec advisory! CSRF protection bypass discovered in Sveltekit. Ensure your apps are up-to-date.
https://ift.tt/z6Pypg5
Submitted April 06, 2023 at 09:28PM by ds_at
via reddit https://ift.tt/vYLSqwk
https://ift.tt/z6Pypg5
Submitted April 06, 2023 at 09:28PM by ds_at
via reddit https://ift.tt/vYLSqwk
Stopping cybercriminals from abusing security tools - Microsoft On the Issues
https://ift.tt/fzX0YTy
Submitted April 06, 2023 at 11:29PM by DH_Prelude
via reddit https://ift.tt/B7gMh8p
https://ift.tt/fzX0YTy
Submitted April 06, 2023 at 11:29PM by DH_Prelude
via reddit https://ift.tt/B7gMh8p
Microsoft On the Issues
Stopping cybercriminals from abusing security tools
Microsoft’s Digital Crimes Unit (DCU), cybersecurity software company Fortra™ and Health Information Sharing and Analysis Center (Health-ISAC) are taking technical and legal action to disrupt cracked, legacy copies of Cobalt Strike and abused Microsoft software…
Pwning Pixel 6 with a leftover patch
https://ift.tt/oHze5Kt
Submitted April 07, 2023 at 03:30AM by Titokhan
via reddit https://ift.tt/U6543iw
https://ift.tt/oHze5Kt
Submitted April 07, 2023 at 03:30AM by Titokhan
via reddit https://ift.tt/U6543iw
The GitHub Blog
Pwning Pixel 6 with a leftover patch | The GitHub Blog
In this post, I’ll look at a security-related change in version r40p0 of the Arm Mali driver that was AWOL in the January update of the Pixel bulletin, where other patches from r40p0 was applied, and how these two lines of changes can be exploited to gain…
A Follow-up to the Exploit-DB and 0day.today Comparison
https://ift.tt/YDp5f1r
Submitted April 07, 2023 at 08:39PM by chicksdigthelongrun
via reddit https://ift.tt/5wOLNpJ
https://ift.tt/YDp5f1r
Submitted April 07, 2023 at 08:39PM by chicksdigthelongrun
via reddit https://ift.tt/5wOLNpJ
A Follow-up to the Exploit-DB and 0day.today Comparison - Blog - VulnCheck
Following reader suggestions, we take a deeper look at the types of vulnerabilities in the Exploit-DB and 0day.today exploit databases. We also examine exploit attack vectors and find out how many of the exploits have been used in the wild.
I wrote a thing! - How AI is revolutionizing infosec offensively and defensively.
https://ift.tt/3t80g5r
Submitted April 07, 2023 at 08:03PM by jat0369
via reddit https://ift.tt/npbHSwI
https://ift.tt/3t80g5r
Submitted April 07, 2023 at 08:03PM by jat0369
via reddit https://ift.tt/npbHSwI
Cyberark
AI, ChatGPT and Identity Security’s Critical Human Element
In 1999, a far-fetched movie about a dystopia run by intelligent machines captured our imaginations (and to this day, remains my favorite film). Twenty-four years later, the line between fact and...
MERCURY and DEV-1084: Destructive attack on hybrid environment
https://ift.tt/2DbpQ8x
Submitted April 07, 2023 at 11:40PM by SCI_Rusher
via reddit https://ift.tt/GC8ZKTP
https://ift.tt/2DbpQ8x
Submitted April 07, 2023 at 11:40PM by SCI_Rusher
via reddit https://ift.tt/GC8ZKTP
Microsoft Security Blog
MERCURY and DEV-1084: Destructive attack on hybrid environment | Microsoft Security Blog
Microsoft detected a unique operation where threat actors carried out destructive actions in both on-premises and cloud environments.
/r/netsec's Q2 2023 Information Security Hiring Thread
OverviewIf you have open positions at your company for information security professionals and would like to hire from the /r/netsec user base, please leave a comment detailing any open job listings at your company.We would also like to encourage you to post internship positions as well. Many of our readers are currently in school or are just finishing their education.Please reserve top level comments for those posting open positions.Rules & GuidelinesInclude the company name in the post. If you want to be topsykret, go recruit elsewhere. Include the geographic location of the position along with the availability of relocation assistance or remote work.If you are a third party recruiter, you must disclose this in your posting.Please be thorough and upfront with the position details.Use of non-hr'd (realistic) requirements is encouraged.While it's fine to link to the position on your companies website, provide the important details in the comment.Mention if applicants should apply officially through HR, or directly through you.Please clearly list citizenship, visa, and security clearance requirements.You can see an example of acceptable posts by perusing past hiring threads.FeedbackFeedback and suggestions are welcome, but please don't hijack this thread (use moderator mail instead.)
Submitted April 08, 2023 at 12:37AM by ranok
via reddit https://ift.tt/TrmxgPd
OverviewIf you have open positions at your company for information security professionals and would like to hire from the /r/netsec user base, please leave a comment detailing any open job listings at your company.We would also like to encourage you to post internship positions as well. Many of our readers are currently in school or are just finishing their education.Please reserve top level comments for those posting open positions.Rules & GuidelinesInclude the company name in the post. If you want to be topsykret, go recruit elsewhere. Include the geographic location of the position along with the availability of relocation assistance or remote work.If you are a third party recruiter, you must disclose this in your posting.Please be thorough and upfront with the position details.Use of non-hr'd (realistic) requirements is encouraged.While it's fine to link to the position on your companies website, provide the important details in the comment.Mention if applicants should apply officially through HR, or directly through you.Please clearly list citizenship, visa, and security clearance requirements.You can see an example of acceptable posts by perusing past hiring threads.FeedbackFeedback and suggestions are welcome, but please don't hijack this thread (use moderator mail instead.)
Submitted April 08, 2023 at 12:37AM by ranok
via reddit https://ift.tt/TrmxgPd
Nonsense, mayhem, SameSite, cors and CSRF - Part 2
https://ift.tt/HIgBGfK
Submitted April 08, 2023 at 02:46PM by arnc_cryptid
via reddit https://ift.tt/CbHt9Qo
https://ift.tt/HIgBGfK
Submitted April 08, 2023 at 02:46PM by arnc_cryptid
via reddit https://ift.tt/CbHt9Qo
kernelpanic.cryptid.fr
Nonsense, mayhem, browser security, CSRF, and CORS - Part 2 | kernel panic
Keep calm and grab a shell
Vulnerable version of WordPress that is provided monthly.
https://ift.tt/rmLVnFQ
Submitted April 08, 2023 at 06:37PM by seyyid_
via reddit https://ift.tt/sihYLr7
https://ift.tt/rmLVnFQ
Submitted April 08, 2023 at 06:37PM by seyyid_
via reddit https://ift.tt/sihYLr7
GitHub
GitHub - onhexgroup/Vulnerable-WordPress: Vulnerable version of WordPress that is provided monthly.
Vulnerable version of WordPress that is provided monthly. - GitHub - onhexgroup/Vulnerable-WordPress: Vulnerable version of WordPress that is provided monthly.