BlueNoroff strikes again with new macOS malware
https://ift.tt/31fBn5P
Submitted November 11, 2023 at 10:50PM by avid_reader_72
via reddit https://ift.tt/5smNezA
https://ift.tt/31fBn5P
Submitted November 11, 2023 at 10:50PM by avid_reader_72
via reddit https://ift.tt/5smNezA
Jamf
Jamf Threat Labs Discovers Malware from BlueNoroff
Newly discovered later-stage malware from BlueNoroff APT group targets macOS with characteristics similar to their RustBucket campaign.
GPTs & Assistants API - Code Interpreter Data Exfiltration
https://ift.tt/7pKsHSi
Submitted November 12, 2023 at 03:47PM by Standard_Arm_4476
via reddit https://ift.tt/6N1jXmF
https://ift.tt/7pKsHSi
Submitted November 12, 2023 at 03:47PM by Standard_Arm_4476
via reddit https://ift.tt/6N1jXmF
One shot, Triple kill: Pwning all three Google kernelCTF instances with a single 1-day Linux vulnerability
https://ift.tt/f8owygW
Submitted November 13, 2023 at 08:07PM by poltess0
via reddit https://ift.tt/NCP7Tre
https://ift.tt/f8owygW
Submitted November 13, 2023 at 08:07PM by poltess0
via reddit https://ift.tt/NCP7Tre
CVE Watcher: Hunting Down CVEs Before the Patch Drops
https://ift.tt/wRcYmQt
Submitted November 14, 2023 at 01:44AM by Pale_Fly_2673
via reddit https://ift.tt/IDjaBLl
https://ift.tt/wRcYmQt
Submitted November 14, 2023 at 01:44AM by Pale_Fly_2673
via reddit https://ift.tt/IDjaBLl
GitHub
GitHub - Aqua-Nautilus/CVE-Half-Day-Watcher
Contribute to Aqua-Nautilus/CVE-Half-Day-Watcher development by creating an account on GitHub.
The Open Source Fortress: A workshop for finding vulnerabilities in codebases using open source tools
https://ossfortress.io
Submitted November 14, 2023 at 01:19PM by iosifache
via reddit https://ift.tt/4xJ1ysI
https://ossfortress.io
Submitted November 14, 2023 at 01:19PM by iosifache
via reddit https://ift.tt/4xJ1ysI
ossfortress.io
The Open Source Fortress | The Open Source Fortress
Nothing new, still broken, insecure by default since then: Python's e-mail libraries and certificate verification and how it affected open source projects
https://ift.tt/YIZ8Jb5
Submitted November 14, 2023 at 03:13PM by aunga
via reddit https://ift.tt/6x5wdlD
https://ift.tt/YIZ8Jb5
Submitted November 14, 2023 at 03:13PM by aunga
via reddit https://ift.tt/6x5wdlD
Pentagrid AG
Nothing new, still broken, insecure by default since then: Python's e-
Python’s e-mail libraries smtplib, imaplib, and poplib do not verify server certificates unless a proper SSL context is passed to the API. This leads to security problems.
Beginners guide to free SIEM: Automated setup of Graylog Open using Puppet
https://ift.tt/Cp0S8tc
Submitted November 14, 2023 at 05:22PM by ezzzzz
via reddit https://ift.tt/opLe6cD
https://ift.tt/Cp0S8tc
Submitted November 14, 2023 at 05:22PM by ezzzzz
via reddit https://ift.tt/opLe6cD
Research Blog | Project Black
Automated Graylog Open Setup using Puppet
The term SIEM often conjures images of complex configurations and $100k bills leading to inaction. It doesn't have to be that way. In cybersecurity (and often in life), starting somewhere and taking even a small step in the right direction is preferable to…
Passive SSH Key Compromise via Lattices
https://ift.tt/uhITYfO
Submitted November 14, 2023 at 06:52PM by elatllat
via reddit https://ift.tt/RbMi3OL
https://ift.tt/uhITYfO
Submitted November 14, 2023 at 06:52PM by elatllat
via reddit https://ift.tt/RbMi3OL
Vibrate'em All & Denial of Pleasure Attacks against BLE Adult Toys with a #FlipperZero 📡😎🔥♀️♂️⚧️
https://ift.tt/e4AEWUx
Submitted November 14, 2023 at 11:17PM by Fun-Book-8926
via reddit https://ift.tt/FLqGV32
https://ift.tt/e4AEWUx
Submitted November 14, 2023 at 11:17PM by Fun-Book-8926
via reddit https://ift.tt/FLqGV32
WHID - We Hack In Disguise
Denial of Pleasure: Attacking Unusual BLE Targets with a Flipper Zero
Become familiar with developing applications for Flipper Zero, which will be capable of activating adult toys all at once or completely inhibit their use for those within your range (i.e. Denial of Pleasure Attack).
Tapping into a telecommunications company's office cameras
https://ift.tt/9q4Hs57
Submitted November 15, 2023 at 12:40AM by EatonZ
via reddit https://ift.tt/E5JHDWh
https://ift.tt/9q4Hs57
Submitted November 15, 2023 at 12:40AM by EatonZ
via reddit https://ift.tt/E5JHDWh
Eaton-Works
Tapping into a telecommunications company’s office cameras
API flaw enabled livestreaming of a telecommunications company’s office cameras.
Critical bug bounty reports in Microsoft & GitHub, with publication of CVE-2023-36052: "All the Small Things: Azure CLI Leakage and Problematic Usage Patterns".
https://ift.tt/a56K3hM
Submitted November 15, 2023 at 02:04AM by Hefty_Knowledge_7449
via reddit https://ift.tt/2dGsX8R
https://ift.tt/a56K3hM
Submitted November 15, 2023 at 02:04AM by Hefty_Knowledge_7449
via reddit https://ift.tt/2dGsX8R
Palo Alto Networks Blog
All the Small Things: Azure CLI Leakage and Problematic Usage Patterns
Developer usage patterns with Azure CLI may leak sensitive data in CI/CD logs when used in public repositories, potentially exposing critical information.
Reptar
https://ift.tt/NmdchfU
Submitted November 15, 2023 at 03:52AM by moviuro
via reddit https://ift.tt/oyNtnqi
https://ift.tt/NmdchfU
Submitted November 15, 2023 at 03:52AM by moviuro
via reddit https://ift.tt/oyNtnqi
Cmpxchg8B
Reptar
Summer 2023 Study on Wi-Fi 6 & WPA3 Popularity
https://ift.tt/QZATCVm
Submitted November 15, 2023 at 05:08AM by wirelessbits
via reddit https://ift.tt/sKB5brq
https://ift.tt/QZATCVm
Submitted November 15, 2023 at 05:08AM by wirelessbits
via reddit https://ift.tt/sKB5brq
Medium
Summer 2023 Study on Wi-Fi AP PHY & Security Adoption
In summer 2023 for a graduate program class I worked with an excellent team made up of Elvis Maese, Parth Joshi, Scott Randall, & Chris…
Static Code Injections in OpenCart (CVE-2023-47444)
https://ift.tt/0CmQE7A
Submitted November 15, 2023 at 05:03AM by UsedSite2578
via reddit https://ift.tt/gAm07Pu
https://ift.tt/0CmQE7A
Submitted November 15, 2023 at 05:03AM by UsedSite2578
via reddit https://ift.tt/gAm07Pu
0xbro
Static Code Injections in OpenCart (CVE-2023-47444)
In OpenCart versions 4.0.0.0 to 4.0.2.3, authenticated backend users having common/security access and modify privileges can write arbitrary untrusted data inside config.php and admin/config.php, resulting in remote code execution on the underlying server.
Microsoft Edge VR - Escaping the sandbox: A bug that speaks for itself
https://ift.tt/jobA6uZ
Submitted November 15, 2023 at 02:52PM by poltess0
via reddit https://ift.tt/Ve62h3D
https://ift.tt/jobA6uZ
Submitted November 15, 2023 at 02:52PM by poltess0
via reddit https://ift.tt/Ve62h3D
Microsoft Browser Vulnerability Research
Escaping the sandbox: A bug that speaks for itself
Introduction
Reptar: an Intel Ice Lake CPU vulnerability, by Tavis Ormandy
https://ift.tt/NmdchfU
Submitted November 15, 2023 at 02:42PM by poltess0
via reddit https://ift.tt/YyVUNXm
https://ift.tt/NmdchfU
Submitted November 15, 2023 at 02:42PM by poltess0
via reddit https://ift.tt/YyVUNXm
Cmpxchg8B
Reptar
Executing from Memory Using ActiveMQ CVE-2023-46604
https://ift.tt/Pb0lhs1
Submitted November 15, 2023 at 08:15PM by chicksdigthelongrun
via reddit https://ift.tt/810Y2Kq
https://ift.tt/Pb0lhs1
Submitted November 15, 2023 at 08:15PM by chicksdigthelongrun
via reddit https://ift.tt/810Y2Kq
VulnCheck
Executing from Memory Using ActiveMQ CVE-2023-46604 - Blog - VulnCheck
VulnCheck finds a new way to exploit ActiveMQ CVE-2023-46604 that allows the attacker to hide in memory and avoid process-based detections.
windows arbitrary MSR write and kernel-memory write
https://ift.tt/Onl1eEZ
Submitted November 15, 2023 at 07:42PM by meowerguy
via reddit https://ift.tt/NVD6azm
https://ift.tt/Onl1eEZ
Submitted November 15, 2023 at 07:42PM by meowerguy
via reddit https://ift.tt/NVD6azm
GitHub
CVE-2023-36427/report.md at main · tandasat/CVE-2023-36427
Report and exploit of CVE-2023-36427. Contribute to tandasat/CVE-2023-36427 development by creating an account on GitHub.
A Simple Python Redirection Container for Red Team Operations
https://ift.tt/23MjSx8
Submitted November 15, 2023 at 09:27PM by RoseSec_
via reddit https://ift.tt/g0czPAk
https://ift.tt/23MjSx8
Submitted November 15, 2023 at 09:27PM by RoseSec_
via reddit https://ift.tt/g0czPAk
GitHub
Red-Teaming-TTPs/Redirection_Containers.md at main · RoseSecurity/Red-Teaming-TTPs
Useful Techniques, Tactics, and Procedures for red teamers and defenders, alike! - RoseSecurity/Red-Teaming-TTPs
Ransomware group breaches company, reports them to SEC for failure to disclose
https://ift.tt/AEfIlDa
Submitted November 16, 2023 at 07:51AM by AviN456
via reddit https://ift.tt/T4yolzG
https://ift.tt/AEfIlDa
Submitted November 16, 2023 at 07:51AM by AviN456
via reddit https://ift.tt/T4yolzG
www.databreaches.net
AlphV files an SEC complaint against MeridianLink for not disclosing a breach to the SEC (2)
Earlier today, AlphV added MeridianLink to their leak site. MeridianLink (MLNK) is the provider of a loan origination system and digital lending platform for...
Accessing Azure Kubernetes Service as Guest and Cross-Tenant
https://ift.tt/EDS946p
Submitted November 16, 2023 at 08:11PM by cbagdude
via reddit https://ift.tt/5xtWZTB
https://ift.tt/EDS946p
Submitted November 16, 2023 at 08:11PM by cbagdude
via reddit https://ift.tt/5xtWZTB
Binary Security AS
Accessing Azure Kubernetes Service as Guest and Cross-Tenant
In our research, Binary Security found a weakness in Azure Kubernetes Service (AKS) that allows Guest users or third-party apps to access the AKS API without getting assigned any specific roles. Microsoft originally responded that it “does not meet the definition…