Fireblocks OSS MPC Lib
https://ift.tt/u3lPCHZ
Submitted September 29, 2023 at 06:49PM by kruksym
via reddit https://ift.tt/IzXHQb0
https://ift.tt/u3lPCHZ
Submitted September 29, 2023 at 06:49PM by kruksym
via reddit https://ift.tt/IzXHQb0
GitHub
GitHub - fireblocks/mpc-lib
Contribute to fireblocks/mpc-lib development by creating an account on GitHub.
You Can't Control Your Data in the Cloud
https://ift.tt/4T2eMRG
Submitted September 30, 2023 at 02:51AM by osantacruz
via reddit https://ift.tt/8Es0JYG
https://ift.tt/4T2eMRG
Submitted September 30, 2023 at 02:51AM by osantacruz
via reddit https://ift.tt/8Es0JYG
karl-voit.at
You Can't Control Your Data in the Cloud
Lazarus luring employees with trojanized coding challenges: The case of a Spanish aerospace company
https://ift.tt/uzOivmr
Submitted October 01, 2023 at 01:32PM by shulginlegacy
via reddit https://ift.tt/wN3Fs6K
https://ift.tt/uzOivmr
Submitted October 01, 2023 at 01:32PM by shulginlegacy
via reddit https://ift.tt/wN3Fs6K
Welivesecurity
Lazarus luring employees with trojanized coding challenges: The case of a Spanish aerospace company
ESET researchers uncover a Lazarus attack against an aerospace company in Spain, where the group deployed several tools, including a publicly undocumented backdoor we named LightlessCan.
Past week in brief - BlackTech's Cisco Router Intrusion, Google's libvpx Zero-Day, GPUzip Data Leak, Russia's $20M Zero-Day Bounty, and Malware in Bing Chat
https://ift.tt/lQHLwnY
Submitted October 01, 2023 at 10:47PM by mandos_io
via reddit https://ift.tt/mG7rMWz
https://ift.tt/lQHLwnY
Submitted October 01, 2023 at 10:47PM by mandos_io
via reddit https://ift.tt/mG7rMWz
SocVel Quiz 1 October 2023
https://ift.tt/XZNomqA
Submitted October 02, 2023 at 03:49AM by jaco_za
via reddit https://ift.tt/TpFjbPL
https://ift.tt/XZNomqA
Submitted October 02, 2023 at 03:49AM by jaco_za
via reddit https://ift.tt/TpFjbPL
Six 0day exploits were filed against Exim by ZDI, including several RCE. After days of silence, Exim has filed this public detail
https://ift.tt/5BaGigf
Submitted October 02, 2023 at 03:40AM by 1esproc
via reddit https://ift.tt/NkX5n4O
https://ift.tt/5BaGigf
Submitted October 02, 2023 at 03:40AM by 1esproc
via reddit https://ift.tt/NkX5n4O
The Marvin Attack
https://ift.tt/fbNeC85
Submitted October 02, 2023 at 03:22PM by Xaneris47
via reddit https://ift.tt/dsnbGva
https://ift.tt/fbNeC85
Submitted October 02, 2023 at 03:22PM by Xaneris47
via reddit https://ift.tt/dsnbGva
Redhat
The Marvin Attack
The Marvin Attack is a return of a timing variant of a 25-year-old vulnerability that allows performing RSA decryption and signing operations with the private key of a TLS server.
r-tec Blog | .NET Assembly Obfuscation for Memory Scanner Evasion
https://ift.tt/qAgtF8W
Submitted October 02, 2023 at 04:15PM by S3cur3Th1sSh1t
via reddit https://ift.tt/m2DwLjH
https://ift.tt/qAgtF8W
Submitted October 02, 2023 at 04:15PM by S3cur3Th1sSh1t
via reddit https://ift.tt/m2DwLjH
www.r-tec.net
.NET Assembly Obfuscation for Memory Scanner Evasion
This blog post will give a short overview of how in-memory .NET assembly execution commonly works and what detection mechanisms exist.
cloudgrep: cloudgrep is grep for cloud storage
https://ift.tt/S0pbaFZ
Submitted October 02, 2023 at 06:41PM by 0x636f6f6c
via reddit https://ift.tt/NUVWtzl
https://ift.tt/S0pbaFZ
Submitted October 02, 2023 at 06:41PM by 0x636f6f6c
via reddit https://ift.tt/NUVWtzl
GitHub
GitHub - cado-security/cloudgrep: cloudgrep is grep for cloud storage
cloudgrep is grep for cloud storage. Contribute to cado-security/cloudgrep development by creating an account on GitHub.
Decrypting the Shadows: Revealing the Secrets of Ransomware Operators - An Interview with @htmalgae
https://ift.tt/uAGCzme
Submitted October 02, 2023 at 07:44PM by ziyahanalbeniz
via reddit https://ift.tt/3UtRr1H
https://ift.tt/uAGCzme
Submitted October 02, 2023 at 07:44PM by ziyahanalbeniz
via reddit https://ift.tt/3UtRr1H
SOCRadar® Cyber Intelligence Inc.
Decrypting the Shadows: Revealing the Secrets of Ransomware Operators - An Interview with @htmalgae - SOCRadar® Cyber Intelligence…
Meet @htmalgae, an anonymous security researcher with a wealth of experience in web application development. In the digital realm, htmalgae operates under
Microsoft Defender flags Tor Browser as a Trojan and removes it from the system
https://ift.tt/Hwzpqik
Submitted October 02, 2023 at 08:07PM by nareksays
via reddit https://ift.tt/dpR2UIb
https://ift.tt/Hwzpqik
Submitted October 02, 2023 at 08:07PM by nareksays
via reddit https://ift.tt/dpR2UIb
root with a single command: sudo logrotate
https://ift.tt/67L1quM
Submitted October 03, 2023 at 04:16PM by MegaManSec2
via reddit https://ift.tt/XJ3EGfu
https://ift.tt/67L1quM
Submitted October 03, 2023 at 04:16PM by MegaManSec2
via reddit https://ift.tt/XJ3EGfu
Joshua.Hu
root with a single command: sudo logrotate
The scenario is this: a brand new Ubuntu 22.04 server has an account which is restricted to running sudo logrotate *. Can we get root? Short answer: Yes. I couldn’t find much online about this type of exploitation of logrotate, so let’s document something…
Exploiting Edge Routers Acting as IoT Gateways
https://ift.tt/JyKzPgV
Submitted October 03, 2023 at 06:43PM by derp6996
via reddit https://ift.tt/5md3l19
https://ift.tt/JyKzPgV
Submitted October 03, 2023 at 06:43PM by derp6996
via reddit https://ift.tt/5md3l19
Claroty
The Path to the Cloud is Filled with Holes: Exploiting 4G Edge Routers
Retired Server called Home — A server decommissioning failure
https://ift.tt/YzbfrcU
Submitted October 03, 2023 at 06:36PM by oherrala
via reddit https://ift.tt/Nb9Tkgn
https://ift.tt/YzbfrcU
Submitted October 03, 2023 at 06:36PM by oherrala
via reddit https://ift.tt/Nb9Tkgn
Medium
Retired Device called Home
We were told a story which piqued our curiosity. Our customer’s security team started to get a flood of Beacon alerts from one of their…
Cloudflare Protection Bypass Vulnerability on Threat Actors' Radar
https://ift.tt/ErIafvZ
Submitted October 03, 2023 at 06:25PM by ziyahanalbeniz
via reddit https://ift.tt/lMI3ZjV
https://ift.tt/ErIafvZ
Submitted October 03, 2023 at 06:25PM by ziyahanalbeniz
via reddit https://ift.tt/lMI3ZjV
SOCRadar® Cyber Intelligence Inc.
Cloudflare Protection Bypass Vulnerability on Threat Actors' Radar
Cloudflare, a leading cybersecurity provider, faces a security challenge due to vulnerabilities that could put its customer environments...
Let’s Go into the rabbit hole (part 1) — the challenges of dynamically hooking Golang programs
https://ift.tt/1SXZIDE
Submitted October 03, 2023 at 09:05PM by guedou
via reddit https://ift.tt/t4wKfki
https://ift.tt/1SXZIDE
Submitted October 03, 2023 at 09:05PM by guedou
via reddit https://ift.tt/t4wKfki
Quarkslab
Let’s Go into the rabbit hole (part 1) — the challenges of dynamically hooking Golang programs
Defending new vectors: Threat actors attempt SQL Server to cloud lateral movement
https://ift.tt/RlQMsvr
Submitted October 03, 2023 at 10:35PM by SCI_Rusher
via reddit https://ift.tt/H4aFPKU
https://ift.tt/RlQMsvr
Submitted October 03, 2023 at 10:35PM by SCI_Rusher
via reddit https://ift.tt/H4aFPKU
Microsoft Security Blog
Defending new vectors: Threat actors attempt SQL Server to cloud lateral movement | Microsoft Security Blog
Microsoft security researchers recently identified an attack where attackers attempted to move laterally to a cloud environment through a SQL Server instance. The attackers initially exploited a SQL injection vulnerability in an application within the target’s…
[QubesOS] Disarm BusKill Dead Man Switch with Keyboard Shortcut (Guide)
https://ift.tt/7BrenmR
Submitted October 03, 2023 at 09:51PM by maltfield
via reddit https://ift.tt/EImobu9
https://ift.tt/7BrenmR
Submitted October 03, 2023 at 09:51PM by maltfield
via reddit https://ift.tt/EImobu9
BusKill
Disarm BusKill in QubesOS - BusKill
Keyboard shortcuts in QubesOS to arm & disarm (pause) the BusKill laptop kill cord -- so you can go to the bathroom without your laptop self-destruct triggering
PETEP: Open source tool for Penetration Testing of non-HTTP protocols (TCP, UDP) through graphical UI or code, also supports using Burp/Zaproxy by wrapping the binary traffic into HTTP.
https://ift.tt/1a0jg95
Submitted October 03, 2023 at 11:40PM by vutmajk
via reddit https://ift.tt/gXHqSOt
https://ift.tt/1a0jg95
Submitted October 03, 2023 at 11:40PM by vutmajk
via reddit https://ift.tt/gXHqSOt
GitHub
GitHub - Warxim/petep: PETEP (PEnetration TEsting Proxy) is an open-source Java application for traffic analysis & modification…
PETEP (PEnetration TEsting Proxy) is an open-source Java application for traffic analysis & modification using TCP/UDP proxies. PETEP is a useful tool for performing penetration tests of ap...
Remote Code Execution In PyTorch Model Server TorchServe
https://ift.tt/vsFRSd8
Submitted October 04, 2023 at 12:42AM by BigBother59
via reddit https://ift.tt/peXQ0oq
https://ift.tt/vsFRSd8
Submitted October 04, 2023 at 12:42AM by BigBother59
via reddit https://ift.tt/peXQ0oq
GitHub
GHSA-4mqg-h5jf-j9m7 - GitHub Advisory Database
TorchServe Pre-Auth Remote Code Execution
Exploring the STSAFE-A110
https://ift.tt/Mcpu5oJ
Submitted October 04, 2023 at 11:28AM by thinkV
via reddit https://ift.tt/EIrk6aS
https://ift.tt/Mcpu5oJ
Submitted October 04, 2023 at 11:28AM by thinkV
via reddit https://ift.tt/EIrk6aS
Elttam
Exploring the STSAFE-A110
elttam is an independent security company providing research-driven security assessment services. We combine pragmatism and deep technical insight to help our customers secure their most important assets.