Black Basta ransomware is targeting critical infrastructure sectors
https://ift.tt/3uIhldq
Submitted May 20, 2024 at 10:58PM by moonlock_security
via reddit https://ift.tt/tplQXaL
https://ift.tt/3uIhldq
Submitted May 20, 2024 at 10:58PM by moonlock_security
via reddit https://ift.tt/tplQXaL
Moonlock
Black Basta ransomware is targeting critical infrastructure
CISA and the FBI have issued a warning.
Memory Corruption Vulnerability in Fluent Bit (CVE-2024-4323)
https://ift.tt/XfY8lb7
Submitted May 20, 2024 at 10:42PM by dinobyt3s
via reddit https://ift.tt/v17wzq5
https://ift.tt/XfY8lb7
Submitted May 20, 2024 at 10:42PM by dinobyt3s
via reddit https://ift.tt/v17wzq5
Tenable®
Linguistic Lumberjack: Attacking Cloud Services via Logging Endpoints (Fluent Bit - CVE-2024-4323)
Tenable Research has discovered a critical memory corruption vulnerability dubbed Linguistic Lumberjack in Fluent Bit, a core component in the monitoring infrastructure of many cloud services.
Microsoft Entra Connect: Connect Sync vs Cloud Sync
https://ift.tt/jSEsxre
Submitted May 21, 2024 at 02:04AM by clod81
via reddit https://ift.tt/jIGTyni
https://ift.tt/jSEsxre
Submitted May 21, 2024 at 02:04AM by clod81
via reddit https://ift.tt/jIGTyni
Tier Zero Security
Information Security Services. Offensive Security, Penetration Testing, Mobile and Application, Purple Team, Red Team
New SamsStealer Malware Targets Passwords in Windows Systems
https://ift.tt/Jw2E9AZ
Submitted May 21, 2024 at 03:28AM by miso25
via reddit https://ift.tt/SzWGO6K
https://ift.tt/Jw2E9AZ
Submitted May 21, 2024 at 03:28AM by miso25
via reddit https://ift.tt/SzWGO6K
CyberInsider
New SamsStealer Malware Targets Passwords in Windows Systems
CYFIRMA researchers have identified a new information-stealing malware named "SamsStealer" that targets Windows systems.
Hacking MS Entra Connect: Connect Sync vs Cloud Sync from a hacker’s perspective
https://ift.tt/jSEsxre
Submitted May 21, 2024 at 08:07AM by eitot8
via reddit https://ift.tt/3o5jAPa
https://ift.tt/jSEsxre
Submitted May 21, 2024 at 08:07AM by eitot8
via reddit https://ift.tt/3o5jAPa
Tier Zero Security
Information Security Services. Offensive Security, Penetration Testing, Mobile and Application, Purple Team, Red Team
*Technical blog post alert* In this post we share our considerations behind the Vault architecture. The architecture uses the principle of separating control and data functionality to support enhanced scalability and high throughput, high data volume, and low latency
https://ift.tt/w9sHvxa
Submitted May 21, 2024 at 12:42PM by Piiano_sec
via reddit https://ift.tt/YjIlmpi
https://ift.tt/w9sHvxa
Submitted May 21, 2024 at 12:42PM by Piiano_sec
via reddit https://ift.tt/YjIlmpi
MCPTotal
Secure MCP Cloud for Enterprises
MCP Made Easy and secure - Onboard AI tools in a click.
Response Filter Denial of Service (RFDoS): shut down a website by triggering WAF rule
https://ift.tt/HRLfJWD
Submitted May 21, 2024 at 12:34PM by albinowax
via reddit https://ift.tt/x8ojq2F
https://ift.tt/HRLfJWD
Submitted May 21, 2024 at 12:34PM by albinowax
via reddit https://ift.tt/x8ojq2F
Sicuranext Blog
Response Filter Denial of Service (RFDoS): shut down a website by triggering WAF rule
TL;DR: Basically, if a target website is protected by a WAF using the OWASP Core Rule Set or Comodo Rule Set or Atomicorp Rule Set, you can send the string ORA-1234 or OracleDrive or ASL-CONFIG-FILE in a comment, product review, registration form, e-commerce…
Abusing url handling in iTerm2 and Hyper for code execution
https://ift.tt/3y8eul7
Submitted May 21, 2024 at 06:45PM by nex25519
via reddit https://ift.tt/QjrL5Os
https://ift.tt/3y8eul7
Submitted May 21, 2024 at 06:45PM by nex25519
via reddit https://ift.tt/QjrL5Os
Vin01’s Blog
Abusing url handling in iTerm2 and Hyper for code execution
What are escape sequences
TrollUAC
https://ift.tt/LYFG5Nv
Submitted May 21, 2024 at 08:23PM by cybersectroll
via reddit https://ift.tt/H1M5D4U
https://ift.tt/LYFG5Nv
Submitted May 21, 2024 at 08:23PM by cybersectroll
via reddit https://ift.tt/H1M5D4U
GitHub
GitHub - cybersectroll/TrollUAC
Contribute to cybersectroll/TrollUAC development by creating an account on GitHub.
Using HTTPS certificates to sign/encrypt arbitrary data
https://ift.tt/YysBgCD
Submitted May 21, 2024 at 10:56PM by yurichev
via reddit https://ift.tt/jR6LwWY
https://ift.tt/YysBgCD
Submitted May 21, 2024 at 10:56PM by yurichev
via reddit https://ift.tt/jR6LwWY
GitHub - thiagopeixoto/mystique-self-injection: An improvement and a different approach to Mockingjay Self-Injection.
https://ift.tt/b1X08Lw
Submitted May 21, 2024 at 10:46PM by thewatcher_
via reddit https://ift.tt/sK8lTVf
https://ift.tt/b1X08Lw
Submitted May 21, 2024 at 10:46PM by thewatcher_
via reddit https://ift.tt/sK8lTVf
GitHub
GitHub - thiagopeixoto/mystique-self-injection: An improvement and a different approach to Mockingjay Self-Injection.
An improvement and a different approach to Mockingjay Self-Injection. - thiagopeixoto/mystique-self-injection
Network Pentesting - Full Guide
https://ift.tt/CR86VEj
Submitted May 22, 2024 at 02:30AM by Material-Tonight8924
via reddit https://ift.tt/5aLMmjs
https://ift.tt/CR86VEj
Submitted May 22, 2024 at 02:30AM by Material-Tonight8924
via reddit https://ift.tt/5aLMmjs
Medium
Freeway for Network Pentesting
In this article we will focus on exploiting vulnerabilities in the WiFi protocol (IEEE 802.XX) using Freeway.
Local Nmap Dashboard with Grafana
https://ift.tt/DLxJHbP
Submitted May 22, 2024 at 05:22AM by Advanced_Echo7951
via reddit https://ift.tt/OPLbugZ
https://ift.tt/DLxJHbP
Submitted May 22, 2024 at 05:22AM by Advanced_Echo7951
via reddit https://ift.tt/OPLbugZ
HackerTarget.com
Nmap Dashboard Using Grafana | HackerTarget.com
Visualise Nmap Results with a detailed Dashboard built using the powerful Open Source Grafana Analytics Software.
Random thoughts on physical security measures
https://ift.tt/CN7U01k
Submitted May 22, 2024 at 04:28PM by DiabloHorn
via reddit https://ift.tt/MbolOUu
https://ift.tt/CN7U01k
Submitted May 22, 2024 at 04:28PM by DiabloHorn
via reddit https://ift.tt/MbolOUu
DiabloHorn
Random thoughts on physical security measures
Lately, I’ve been drawn to do some desk research and limited hands-on testing of physical security measures. I’ve written about this subject before, you can find the article here. Howev…
PyAuth: Auth system with encryption and web dashboard in python.
https://ift.tt/RqCbNLZ
Submitted May 22, 2024 at 06:18PM by AhmedMinegames
via reddit https://ift.tt/MCHrBbX
https://ift.tt/RqCbNLZ
Submitted May 22, 2024 at 06:18PM by AhmedMinegames
via reddit https://ift.tt/MCHrBbX
GitHub
GitHub - Fadi002/pyauth: Auth system with encryption and web dashboard in python
Auth system with encryption and web dashboard in python - Fadi002/pyauth
OOPS! There goes the OPSEC!
https://ift.tt/t9OqpCZ
Submitted May 22, 2024 at 08:17PM by tharkun42
via reddit https://ift.tt/F8QL0uG
https://ift.tt/t9OqpCZ
Submitted May 22, 2024 at 08:17PM by tharkun42
via reddit https://ift.tt/F8QL0uG
Zetier
Oops, there goes the OPSEC
Breadcrumbs are left throughout computer systems that hackers can use to track attribution or recover sensitive information. See possible gotchas in this post.
ANSI Escape Injection Vulnerability in WinRAR (CVE-2024–33899, CVE-2024–36052)
https://ift.tt/SOhgHol
Submitted May 22, 2024 at 07:58PM by rushedcar
via reddit https://ift.tt/UMPFYpT
https://ift.tt/SOhgHol
Submitted May 22, 2024 at 07:58PM by rushedcar
via reddit https://ift.tt/UMPFYpT
Medium
ANSI Escape Injection Vulnerability in WinRAR
On 28 February 2024, RARLAB released an update for WinRAR, patching an ANSI escape sequence injection vulnerability that I had found in the…
RF Swift: A swifty RF toolbox for your needs, and it's multi-platform!
https://ift.tt/1cnHbG0
Submitted May 22, 2024 at 07:34PM by sebazzen
via reddit https://ift.tt/myfwVMe
https://ift.tt/1cnHbG0
Submitted May 22, 2024 at 07:34PM by sebazzen
via reddit https://ift.tt/myfwVMe
GitHub
GitHub - PentHertz/RF-Swift: 🚀 A powerful multi-platform RF toolbox that deploys specialized radio tools in seconds on Linux, Windows…
🚀 A powerful multi-platform RF toolbox that deploys specialized radio tools in seconds on Linux, Windows, and macOS—supporting x86_64, ARM64 (Raspberry Pi, Apple Silicon), and RISC-V architectures ...
Memory Pollution in LLMs: Understanding New AI Security Concerns
https://ift.tt/VWsuj8E
Submitted May 22, 2024 at 09:19PM by Standard_Arm_4476
via reddit https://ift.tt/RFGrfCe
https://ift.tt/VWsuj8E
Submitted May 22, 2024 at 09:19PM by Standard_Arm_4476
via reddit https://ift.tt/RFGrfCe
Boost Security Audit - Shielder
https://ift.tt/Hr7RI2t
Submitted May 22, 2024 at 08:56PM by smaury
via reddit https://ift.tt/bHGNvZL
https://ift.tt/Hr7RI2t
Submitted May 22, 2024 at 08:56PM by smaury
via reddit https://ift.tt/bHGNvZL
Shielder
Shielder - Boost Security Audit
Boost Security Audit, sponsored by Amazon Web Services (AWS), facilitated by Open Source Technology Improvement Fund (OSTIF) and performed by Shielder.
Reshaper - The guide to the ultimate Burp plugin for advanced shenanigans
https://ift.tt/JUK1ESg
Submitted May 22, 2024 at 01:21PM by ivxrehc
via reddit https://ift.tt/Z1aPOE4
https://ift.tt/JUK1ESg
Submitted May 22, 2024 at 01:21PM by ivxrehc
via reddit https://ift.tt/Z1aPOE4
Shelltrail
Reshaper - The guide to the ultimate Burp plugin for advanced shenanigans | Shelltrail
Have you ever had issues with CSRF tokens during a web assessment? Or drop data from burp to commandline for parsing? This is the guide to leverage the power of the Reshaper plugin developed by @ddwightx