CVE-2023-33383 - Authentication Bypass via out-of-bounds read condition in Shelly 4PM Pro relay switch
https://ift.tt/pm48ZoP
Submitted August 03, 2023 at 05:51PM by 9lyph
via reddit https://ift.tt/KQJqWmj
https://ift.tt/pm48ZoP
Submitted August 03, 2023 at 05:51PM by 9lyph
via reddit https://ift.tt/KQJqWmj
Exploit Security
CVE-2023-33383
Targeted npm Malware Attempts to Steal Company Source Code
https://ift.tt/qP5Q9Nb
Submitted August 04, 2023 at 12:44AM by louis11
via reddit https://ift.tt/k134APB
https://ift.tt/qP5Q9Nb
Submitted August 04, 2023 at 12:44AM by louis11
via reddit https://ift.tt/k134APB
Phylum
Targeted npm Malware Attempts to Steal Company Source Code and Secrets
🚨August 9, 2023 Update: This appears to be a slow, on-going attack. Since our initial report, two more packages have been identified as part of this campaign: ng-zulutrade-ssr and binarium-crm. We will provide periodic updates as we identify further publications…
Fast security review of a smart contract stablecoin
https://ift.tt/bChxlOr
Submitted August 04, 2023 at 01:28AM by kruksym
via reddit https://ift.tt/pNvdXfA
https://ift.tt/bChxlOr
Submitted August 04, 2023 at 01:28AM by kruksym
via reddit https://ift.tt/pNvdXfA
CoinFabrik
Ripio (UXD) Stablecoin Token Fast Security Review
Ripio unveils UXD on LaChain for Latin America. With LaCoin (LAC) as native, we're diving deep into security audits of the stable coin!
Xbox One Directory Traversal (2019)
https://ift.tt/PZcAWUd
Submitted August 04, 2023 at 01:54AM by ynscdrc
via reddit https://ift.tt/rlZi1qL
https://ift.tt/PZcAWUd
Submitted August 04, 2023 at 01:54AM by ynscdrc
via reddit https://ift.tt/rlZi1qL
GitHub
GitHub - yunuscadirci/XboxOneDirectoryTraversal: details about directory traversal on Xbox One
details about directory traversal on Xbox One. Contribute to yunuscadirci/XboxOneDirectoryTraversal development by creating an account on GitHub.
Don’t you (forget NLP): Prompt injection with control characters in ChatGPT
https://ift.tt/xQ93YPj
Submitted August 04, 2023 at 11:17AM by Mempodipper
via reddit https://ift.tt/u97ophq
https://ift.tt/xQ93YPj
Submitted August 04, 2023 at 11:17AM by Mempodipper
via reddit https://ift.tt/u97ophq
dropbox.tech
Dont you (forget NLP): Prompt injection with control characters in ChatGPT
Password Managers as Ethical Hacking Tools
https://ift.tt/DqthUGM
Submitted August 04, 2023 at 05:29PM by arrowflakes
via reddit https://ift.tt/M4LDvcJ
https://ift.tt/DqthUGM
Submitted August 04, 2023 at 05:29PM by arrowflakes
via reddit https://ift.tt/M4LDvcJ
Magnet’s Substack
Uncovering security bugs by chance with password generators
Password Managers as Ethical Hacking Tools
Leaked Secrets and Unlimited Miles: Hacking the Largest Airline and Hotel Rewards Platform
https://ift.tt/WCVO6HR
Submitted August 04, 2023 at 05:53PM by qwerty0x41
via reddit https://ift.tt/ikXQvO8
https://ift.tt/WCVO6HR
Submitted August 04, 2023 at 05:53PM by qwerty0x41
via reddit https://ift.tt/ikXQvO8
Sam Curry | Web Application Security Researcher
Leaked Secrets and Unlimited Miles: Hacking the Largest Airline and Hotel Rewards Platform
Between March, 2023 and May, 2023 we reported multiple security vulnerabilities to points.com, the backend provider for a large portion of airline and hotel rewards programs...
Technology Security Career Advice
http://uwu.com
Submitted August 05, 2023 at 12:48AM by emizzle6250
via reddit https://ift.tt/5BkRajv
http://uwu.com
Submitted August 05, 2023 at 12:48AM by emizzle6250
via reddit https://ift.tt/5BkRajv
Reddit
From the netsec community on Reddit: Technology Security Career Advice
Posted by emizzle6250 - 1 vote and 2 comments
GitHub - kryptokrona/kryptokrona-kotlin-sdk: Kryptokrona SDK in Kotlin for building decentralized private communication and payment systems.
https://ift.tt/wnszYZR
Submitted August 05, 2023 at 03:18PM by xzzzv
via reddit https://ift.tt/EOyiQ0D
https://ift.tt/wnszYZR
Submitted August 05, 2023 at 03:18PM by xzzzv
via reddit https://ift.tt/EOyiQ0D
GitHub
GitHub - kryptokrona/kryptokrona-kotlin-sdk: Build decentralized private communication/payment systems in Kotlin.
Build decentralized private communication/payment systems in Kotlin. - kryptokrona/kryptokrona-kotlin-sdk
Attacking JS engines: Fundamentals for understanding memory corruption crashes
https://ift.tt/v2xhNUq
Submitted August 05, 2023 at 08:54PM by adityatelange
via reddit https://ift.tt/SNnzGIx
https://ift.tt/v2xhNUq
Submitted August 05, 2023 at 08:54PM by adityatelange
via reddit https://ift.tt/SNnzGIx
www.sidechannel.blog
Attacking JS engines: Fundamentals for understanding memory corruption crashes | SideChannel – Tempest
It will be possible to better understand the Javanoscript structures in memory while executing code in browsers or in any other program that makes use of the most famous JS interpreters, such as Firefox, Google Chrome, Internet Explorer and Safari
Burp HTTP history browser (BHHB)
https://ift.tt/nKfd2SJ
Submitted August 05, 2023 at 08:52PM by adityatelange
via reddit https://ift.tt/4mrn7JP
https://ift.tt/nKfd2SJ
Submitted August 05, 2023 at 08:52PM by adityatelange
via reddit https://ift.tt/4mrn7JP
GitHub
GitHub - adityatelange/bhhb: Burp HTTP history browser (BHHB) - A tool to view HTTP history exported from Burp Suite Community…
Burp HTTP history browser (BHHB) - A tool to view HTTP history exported from Burp Suite Community Edition - adityatelange/bhhb
New acoustic attack steals data from keystrokes with 95% accuracy
https://ift.tt/YBLSQDI
Submitted August 06, 2023 at 01:27AM by WashingtonPass
via reddit https://ift.tt/uTZrVdz
https://ift.tt/YBLSQDI
Submitted August 06, 2023 at 01:27AM by WashingtonPass
via reddit https://ift.tt/uTZrVdz
Living Off the Land: Reverse Engineering Methodology + Tips & Tricks (Cmdl32 Case Study)
https://ift.tt/W8bJAYc
Submitted August 07, 2023 at 03:01AM by elliotkillick
via reddit https://ift.tt/qvmXhcG
https://ift.tt/W8bJAYc
Submitted August 07, 2023 at 03:01AM by elliotkillick
via reddit https://ift.tt/qvmXhcG
Elliot on Security
Elliot on Security - Living Off the Land: Reverse Engineering Methodology + Tips & Tricks (Cmdl32 Case Study)
Gain the reverse engineering proficiency needed to find new (undiscovered) 'living off the land' programs in Windows as they exist right now. Plus, how this one went under the radar for over a decade!
Vulnerable WordPress: Release 2023 July - Plugins:142 Vulns:179
https://ift.tt/6g7Dc2Y
Submitted August 07, 2023 at 12:37PM by seyyid_
via reddit https://ift.tt/JjayC7D
https://ift.tt/6g7Dc2Y
Submitted August 07, 2023 at 12:37PM by seyyid_
via reddit https://ift.tt/JjayC7D
GitHub
Release 2023 July - Lake Urmia · onhexgroup/Vulnerable-WordPress
Information about this release:
Worpress version: 6.2.2
Number of installed plugins (Clean and Vulnerable) : 142
Number of vulnerabilities: 179
adminuser: onhexgroup
adminpass: jidCy(SbEz!25qyjT...
Worpress version: 6.2.2
Number of installed plugins (Clean and Vulnerable) : 142
Number of vulnerabilities: 179
adminuser: onhexgroup
adminpass: jidCy(SbEz!25qyjT...
One-click setup SCCM Lab (as snaplabs.io template) for offensive tool testing (or for anything else)
https://ift.tt/7iEZRtN
Submitted August 07, 2023 at 01:54PM by an0n_r0
via reddit https://ift.tt/fsCh63l
https://ift.tt/7iEZRtN
Submitted August 07, 2023 at 01:54PM by an0n_r0
via reddit https://ift.tt/fsCh63l
3D-Printed Dead Man Switch (Proof-of-Concept Demo)
https://ift.tt/GvIjXkw
Submitted August 07, 2023 at 09:25PM by maltfield
via reddit https://ift.tt/l280xTy
https://ift.tt/GvIjXkw
Submitted August 07, 2023 at 09:25PM by maltfield
via reddit https://ift.tt/l280xTy
BusKill
3D Printable BusKill Proof-of-Concept - BusKill
We were successfully able to initiate a BusKill lockscreen trigger using a 3D-printed BusKill (DIY USB kill cord) prototype
Attack & defense
https://ift.tt/HAI9tnv
Submitted August 07, 2023 at 11:18PM by Pretend-Piglet-2978
via reddit https://ift.tt/NG96zAP
https://ift.tt/HAI9tnv
Submitted August 07, 2023 at 11:18PM by Pretend-Piglet-2978
via reddit https://ift.tt/NG96zAP
Getting pwn'd by AI: Penetration Testing with Large Language Models
https://ift.tt/GwWbFca
Submitted August 08, 2023 at 01:28PM by andreashappe
via reddit https://ift.tt/9p1FAxJ
https://ift.tt/GwWbFca
Submitted August 08, 2023 at 01:28PM by andreashappe
via reddit https://ift.tt/9p1FAxJ
Revealing VS Code's Vulnerability: Token Storage is Accessible Across All Extensions
https://ift.tt/b6NHCqL
Submitted August 08, 2023 at 02:25PM by OreenLivni
via reddit https://ift.tt/FVQSKMd
https://ift.tt/b6NHCqL
Submitted August 08, 2023 at 02:25PM by OreenLivni
via reddit https://ift.tt/FVQSKMd
Cycode
VS Code's Token Security: Keeping Your Secrets... Not So Secretly - Cycode
Discover how a vulnerability in VS Code’s secure token storage enables high-risk ‘Token Stealing’ attacks, exposing third-party application tokens and organizational security.
Kubernetes Exposed: One Yaml away from Disaster
https://ift.tt/MZOfbwA
Submitted August 08, 2023 at 05:55PM by mkatch
via reddit https://ift.tt/I7pHUgM
https://ift.tt/MZOfbwA
Submitted August 08, 2023 at 05:55PM by mkatch
via reddit https://ift.tt/I7pHUgM
Aqua
Kubernetes Exposed: One Yaml away from Disaster
We found two main misconfigurations in Kubernetes clusters belonging to more than 350 organizations openly accessible and largely unprotected.
Evading signature-based phishing detections
https://ift.tt/ZzIwk4t
Submitted August 08, 2023 at 08:00PM by S3cur3Th1sSh1t
via reddit https://ift.tt/QGnwvi6
https://ift.tt/ZzIwk4t
Submitted August 08, 2023 at 08:00PM by S3cur3Th1sSh1t
via reddit https://ift.tt/QGnwvi6
www.r-tec.net
Evade signature-based phishing detections
Phishing attacks: Examples of unsafe web resources are social engineering sites and sites that host malware or unwanted software. Come see what's possible.