Python Risk Identification Tool for generative AI (PyRIT)
https://ift.tt/jxdMCXu
Submitted February 23, 2024 at 08:10AM by ___printf_chk
via reddit https://ift.tt/MoAeaSf
https://ift.tt/jxdMCXu
Submitted February 23, 2024 at 08:10AM by ___printf_chk
via reddit https://ift.tt/MoAeaSf
GitHub
GitHub - Azure/PyRIT: The Python Risk Identification Tool for generative AI (PyRIT) is an open access automation framework to empower…
The Python Risk Identification Tool for generative AI (PyRIT) is an open access automation framework to empower security professionals and machine learning engineers to proactively find risks in th...
Code injection or backdoor: A new look at Ivanti's CVE-2021-44529
https://ift.tt/d1nV3pc
Submitted February 23, 2024 at 05:23PM by albinowax
via reddit https://ift.tt/6FJgDeU
https://ift.tt/d1nV3pc
Submitted February 23, 2024 at 05:23PM by albinowax
via reddit https://ift.tt/6FJgDeU
GreyNoise Labs
GreyNoise Labs - Code injection or backdoor: A new look at Ivanti’s CVE-2021-44529
In 2021, Ivanti patched a vulnerability that they called “code injection”. Rumors say it was a backdoor in an open source project. Let’s find out what actually happened!
Continuously fuzzing Python C extensions
https://ift.tt/8tLxw6P
Submitted February 23, 2024 at 09:07PM by Schwag
via reddit https://ift.tt/EfMtIxO
https://ift.tt/8tLxw6P
Submitted February 23, 2024 at 09:07PM by Schwag
via reddit https://ift.tt/EfMtIxO
Trail of Bits Blog
Continuously fuzzing Python C extensions
By Matt Schwager Deserializing, decoding, and processing untrusted input are telltale signs that your project would benefit from fuzzing. Yes, even Python projects. Fuzzing helps reduce bugs in hig…
Wannabe Security Researcher!?!? Is the noscript of my very first blog post of my very first blog, I hope it to be informative for who is interested in Security and more specifically about an home assignment I received for a position of Sr. Security Researcher and how I approached it.
https://ift.tt/DnusIAl
Submitted February 24, 2024 at 03:59AM by Technical_Shelter621
via reddit https://ift.tt/iLIGU9a
https://ift.tt/DnusIAl
Submitted February 24, 2024 at 03:59AM by Technical_Shelter621
via reddit https://ift.tt/iLIGU9a
Blog
Wannabe Security Researcher!?!?
This is the very first article that I am publishing on this blog, I wanted to share this experience with folks that are passionate like myself about Security at 360 degrees and also share my thought …
Go Go XSS Gadgets: Chaining a DOM Clobbering Exploit in the Wild
https://ift.tt/70N1BCL
Submitted February 24, 2024 at 10:35PM by poltess0
via reddit https://ift.tt/F6IPT8o
https://ift.tt/70N1BCL
Submitted February 24, 2024 at 10:35PM by poltess0
via reddit https://ift.tt/F6IPT8o
VNC through ssh tunnel
http://localhost
Submitted February 25, 2024 at 08:45PM by Good_Till_970
via reddit https://ift.tt/q6TgsA1
http://localhost
Submitted February 25, 2024 at 08:45PM by Good_Till_970
via reddit https://ift.tt/q6TgsA1
Reddit
From the netsec community on Reddit: VNC through ssh tunnel
Posted by Good_Till_970 - 2 votes and 12 comments
SEO Poisoning to Domain Control: The Gootloader Saga Continues
https://ift.tt/FPHo0ig
Submitted February 26, 2024 at 06:46AM by TheDFIRReport
via reddit https://ift.tt/tiy0LDR
https://ift.tt/FPHo0ig
Submitted February 26, 2024 at 06:46AM by TheDFIRReport
via reddit https://ift.tt/tiy0LDR
The DFIR Report
SEO Poisoning to Domain Control: The Gootloader Saga Continues
Key Takeaways In February 2023, we detected an intrusion that was initiated by a user downloading and executing a file from a SEO-poisoned search result, leading to a Gootloader infection. Around n…
Exploiting inconsistent UTF-8 handling in mbstring to bypass an XSS filter in Joomla
https://ift.tt/RHNSWtL
Submitted February 26, 2024 at 02:15PM by albinowax
via reddit https://ift.tt/ZNgEleS
https://ift.tt/RHNSWtL
Submitted February 26, 2024 at 02:15PM by albinowax
via reddit https://ift.tt/ZNgEleS
Sonarsource
Joomla: PHP Bug Introduces Multiple XSS Vulnerabilities
Our Clean Code solution, SonarCloud, led us to a severe security issue in the popular Content Management System Joomla.
Join us in Seoul this May. Last chance to submit you talk for TyphoonCon 2024!
https://ift.tt/KzScmyb
Submitted February 26, 2024 at 01:56PM by LongjumpingLime4139
via reddit https://ift.tt/Dx64hM3
https://ift.tt/KzScmyb
Submitted February 26, 2024 at 01:56PM by LongjumpingLime4139
via reddit https://ift.tt/Dx64hM3
Actively exploited open redirect in Google Web Light
https://ift.tt/VgLkGOC
Submitted February 26, 2024 at 12:39PM by jk0pr
via reddit https://ift.tt/T1NyosG
https://ift.tt/VgLkGOC
Submitted February 26, 2024 at 12:39PM by jk0pr
via reddit https://ift.tt/T1NyosG
Untrusted Network
Actively exploited open redirect in Google Web Light
An open redirect vulnerability exists in the remains of Google Web Light service, which is being actively exploited in multiple phishing campaigns. Google decided not to fix it, so it might be advisable to block access to the Web Light domain in corporate…
Security Incident & Vulnerability Response Playbooks
https://ift.tt/bProgiB
Submitted February 26, 2024 at 06:26PM by zootea100
via reddit https://ift.tt/HI6kdLn
https://ift.tt/bProgiB
Submitted February 26, 2024 at 06:26PM by zootea100
via reddit https://ift.tt/HI6kdLn
“SubdoMailing” — Thousands of Hijacked Major-Brand Subdomains Found Bombarding Users With Millions of Malicious Emails
https://ift.tt/YgNtWnG
Submitted February 26, 2024 at 08:02PM by pinpepnet
via reddit https://ift.tt/dS54lnR
https://ift.tt/YgNtWnG
Submitted February 26, 2024 at 08:02PM by pinpepnet
via reddit https://ift.tt/dS54lnR
Medium
“SubdoMailing” — Thousands of Hijacked Major-Brand Subdomains Found Bombarding Users With Millions of Malicious Emails
By Nati Tal, Oleg Zaytsev (Guardio Labs)
It's now possible to find the AWS Account ID for any S3 Bucket (private or public)
https://ift.tt/IRkANmc
Submitted February 26, 2024 at 08:52PM by tracebit
via reddit https://ift.tt/eDY65x7
https://ift.tt/IRkANmc
Submitted February 26, 2024 at 08:52PM by tracebit
via reddit https://ift.tt/eDY65x7
Tracebit
How to find the AWS Account ID of any S3 Bucket
A technique to find the Account ID of a private S3 bucket.
QR Code Phishing with EvilGophish
https://ift.tt/GEcv7KP
Submitted February 26, 2024 at 08:28PM by fin3ss3g0d
via reddit https://ift.tt/6Rsoel9
https://ift.tt/GEcv7KP
Submitted February 26, 2024 at 08:28PM by fin3ss3g0d
via reddit https://ift.tt/6Rsoel9
fin3ss3g0d's Blog -
QR Code Phishing with EvilGophish - fin3ss3g0d's Blog
In the evolving landscape of cybersecurity, adversaries are continually seeking innovative methods to bypass traditional security measures. One such method gaining traction is the use of QR codes. At first glance, QR codes appear as benign tools for quick…
Advanced CyberChef Techniques for Configuration Extraction - Detailed Walkthrough and Examples
https://ift.tt/kASs2xO
Submitted February 26, 2024 at 08:00PM by Embeere
via reddit https://ift.tt/ldUMPH0
https://ift.tt/kASs2xO
Submitted February 26, 2024 at 08:00PM by Embeere
via reddit https://ift.tt/ldUMPH0
Embee Research
Advanced CyberChef Techniques For Malware Analysis - Detailed Walkthrough and Examples
Advanced CyberChef techniques using Registers, Regex and Flow Control
Windows Sysinternals - Sysmon - A practical guide to implementation and essential tips
https://ift.tt/GxuKotb
Submitted February 27, 2024 at 02:14AM by clod81
via reddit https://ift.tt/T7P2aDu
https://ift.tt/GxuKotb
Submitted February 27, 2024 at 02:14AM by clod81
via reddit https://ift.tt/T7P2aDu
Tier Zero Security
Information Security Services. Offensive Security, Penetration Testing, Mobile and Application, Purple Team, Red Team
CVE-2023-52161: inet-wireless daemon (iwd) APs allowed clients to connect with a NULL key, bypassing the WiFi password
https://ift.tt/weyTsWk
Submitted February 27, 2024 at 03:40AM by supernetworks
via reddit https://ift.tt/u85oKXx
https://ift.tt/weyTsWk
Submitted February 27, 2024 at 03:40AM by supernetworks
via reddit https://ift.tt/u85oKXx
Top10Vpn
New WiFi Authentication Vulnerabilities Discovered
Two new WiFi vulnerabilities allow hackers to trick you into connecting to fake hotspots and steal your data, and join secure networks without the password.
A growing database of InfoSec salaries for 2024 (Open Data)
https://ift.tt/KW2bjRL
Submitted February 27, 2024 at 07:24PM by infosec-jobs
via reddit https://ift.tt/kyZbiGz
https://ift.tt/KW2bjRL
Submitted February 27, 2024 at 07:24PM by infosec-jobs
via reddit https://ift.tt/kyZbiGz
isecjobs.com
The Global InfoSec / Cybersecurity Salary Index for 2024
An open database of salaries in the InfoSec / Cybersecurity space.
Podcast: Lockbit the largest ransomware gang hacked
https://ift.tt/fio8tHr
Submitted February 27, 2024 at 08:05PM by ShadowStackRE
via reddit https://ift.tt/kWYZ3ts
https://ift.tt/fio8tHr
Submitted February 27, 2024 at 08:05PM by ShadowStackRE
via reddit https://ift.tt/kWYZ3ts
New Server Side Prototype Pollution Gadgets Scanner from Doyensec
https://ift.tt/pvWuh0l
Submitted February 27, 2024 at 09:23PM by ds_at
via reddit https://ift.tt/vEVOKZz
https://ift.tt/pvWuh0l
Submitted February 27, 2024 at 09:23PM by ds_at
via reddit https://ift.tt/vEVOKZz
Data Scientists Targeted by Malicious Hugging Face ML Models with Silent Backdoor
https://ift.tt/rRGfoCm
Submitted February 27, 2024 at 09:32PM by SRMish3
via reddit https://ift.tt/XSjfTq2
https://ift.tt/rRGfoCm
Submitted February 27, 2024 at 09:32PM by SRMish3
via reddit https://ift.tt/XSjfTq2
JFrog
Data Scientists Targeted by Malicious Hugging Face ML Models with Silent Backdoor
Is Hugging Face the target of model-based attacks? See a detailed explanation of the attack mechanism and what is required to identify real threats >