Clone and emulate RFID access card in a second using proxmark3 in standalone mode
https://ift.tt/hdT9rMk
Submitted June 26, 2024 at 06:23PM by barakadua131
via reddit https://ift.tt/LPId2UG
https://ift.tt/hdT9rMk
Submitted June 26, 2024 at 06:23PM by barakadua131
via reddit https://ift.tt/LPId2UG
Mobile Hacker
RFID Hacking with Proxmark3: Cloning, Emulating, and Standalone Mode
Access cards – those little plastic rectangles that grant us entry to buildings, parking lots, and secure areas. But what if I told you that these cards can be cloned, and even emulated? Enter the Proxmark3, a powerful tool that opens doors (literally) to…
Phantom Secrets: Undetected Secrets Expose Major Corporations
https://ift.tt/B2T7hyz
Submitted June 26, 2024 at 06:50PM by Pale_Fly_2673
via reddit https://ift.tt/3EMLgl6
https://ift.tt/B2T7hyz
Submitted June 26, 2024 at 06:50PM by Pale_Fly_2673
via reddit https://ift.tt/3EMLgl6
Aqua
Phantom Secrets: Undetected Secrets Expose Major Corporations
Our research discovers that almost 18% of secrets might be overlooked and some cannot be discovered by current scanning tools.
Fuzzing noscripting languages' interpreters' native functions using AFL++ to find memory corruption and more
https://ift.tt/0BQ4TgO
Submitted June 27, 2024 at 04:21PM by MegaManSec2
via reddit https://ift.tt/7S43acH
https://ift.tt/0BQ4TgO
Submitted June 27, 2024 at 04:21PM by MegaManSec2
via reddit https://ift.tt/7S43acH
Joshua.Hu Joshua Rogers’ Scribbles
Fuzzing noscripting languages’ interpreters’ native functions using AFL++ to find memory corruption and more
Fuzzing applications needs no introduction, and I have written about some interesting problems related to fuzzing in the past [0][1][2][3]. At scale, fuzzing has traditionally focused on compiled binaries and detecting crashes and other memory corruption…
Sustaining Digital Certificate Security - Entrust Certificate Distrust
https://ift.tt/8bZSfOc
Submitted June 28, 2024 at 01:12AM by SlyFuu
via reddit https://ift.tt/AeqmF1Y
https://ift.tt/8bZSfOc
Submitted June 28, 2024 at 01:12AM by SlyFuu
via reddit https://ift.tt/AeqmF1Y
Google Online Security Blog
Sustaining Digital Certificate Security - Entrust Certificate Distrust
Posted by Chrome Root Program, Chrome Security Team Update (09/10/2024): In support of more closely aligning Chrome’s planned compliance ...
17 vulnerabilities in Sharp Multi-Function Printers
https://ift.tt/2cyz8AT
Submitted June 28, 2024 at 02:02AM by PierreKimSec
via reddit https://ift.tt/miTYPIo
https://ift.tt/2cyz8AT
Submitted June 28, 2024 at 02:02AM by PierreKimSec
via reddit https://ift.tt/miTYPIo
South Korean telecom company attacks customers with malware — over 600,000 torrent users report missing files, strange folders, and disabled PCs
https://ift.tt/tR0Amfh
Submitted June 28, 2024 at 02:59AM by Jacko10101010101
via reddit https://ift.tt/0nrgde8
https://ift.tt/tR0Amfh
Submitted June 28, 2024 at 02:59AM by Jacko10101010101
via reddit https://ift.tt/0nrgde8
Tom's Hardware
South Korean telecom company attacks customers with malware — over 600,000 torrent users report missing files, strange folders…
ISP sends malware to hundreds of thousands of customers to stop them from using a file-sharing service.
Understanding Protected Management Frames - Part 2
https://ift.tt/Ricg4lk
Submitted June 28, 2024 at 01:27PM by thexerocouk
via reddit https://ift.tt/pFmI0Ry
https://ift.tt/Ricg4lk
Submitted June 28, 2024 at 01:27PM by thexerocouk
via reddit https://ift.tt/pFmI0Ry
Seeking Feedback on a New Security Tool - Secunetcon
https://ift.tt/4BXCSvy
Submitted June 29, 2024 at 07:57PM by juliusthejules
via reddit https://ift.tt/Xdwng6l
https://ift.tt/4BXCSvy
Submitted June 29, 2024 at 07:57PM by juliusthejules
via reddit https://ift.tt/Xdwng6l
Bytecode Breakdown: Unraveling Factorio's Lua Security Flaws
https://ift.tt/8vMmkID
Submitted June 29, 2024 at 09:59PM by Beginning_Ad_1705
via reddit https://ift.tt/0Zgzcjs
https://ift.tt/8vMmkID
Submitted June 29, 2024 at 09:59PM by Beginning_Ad_1705
via reddit https://ift.tt/0Zgzcjs
memorycorruption.net
Bytecode Breakdown: Unraveling Factorio's Lua Security Flaws
Dynamic languages are safe from memory corruptions bugs, right?
Postviewer V3 - Racing All The Way To Glory (Google CTF)
https://ift.tt/Is7dhbM
Submitted July 01, 2024 at 02:22AM by Caustic66
via reddit https://ift.tt/xVCOWzX
https://ift.tt/Is7dhbM
Submitted July 01, 2024 at 02:22AM by Caustic66
via reddit https://ift.tt/xVCOWzX
Eyald
Postviewer V3 - Racing All The Way To Glory - Eyal D.
CVE-2024-27292: docAssembling exploits for RCE
https://ift.tt/Xp2Qkgz
Submitted July 01, 2024 at 12:50PM by _pimps
via reddit https://ift.tt/MXrhvOW
https://ift.tt/Xp2Qkgz
Submitted July 01, 2024 at 12:50PM by _pimps
via reddit https://ift.tt/MXrhvOW
Tanto Security
CVE-2024-27292: docAssembling exploits for RCE
Chaining vulnerabilities to execute code in Docassemble
regreSSHion: RCE in OpenSSH's server, on glibc-based Linux systems(CVE-2024-6387)
https://ift.tt/CvFV02o
Submitted July 01, 2024 at 02:33PM by poltess0
via reddit https://ift.tt/8mkENQZ
https://ift.tt/CvFV02o
Submitted July 01, 2024 at 02:33PM by poltess0
via reddit https://ift.tt/8mkENQZ
LaZagne: Open-source password recovery tool
https://ift.tt/pyIGSXf
Submitted July 01, 2024 at 05:33PM by Justin_coco
via reddit https://ift.tt/g9Q4oi1
https://ift.tt/pyIGSXf
Submitted July 01, 2024 at 05:33PM by Justin_coco
via reddit https://ift.tt/g9Q4oi1
Medium
LaZagne: Uncovering Passwords Like a Pro
In the realm of cybersecurity, the ability to recover passwords can be both a powerful tool and a significant threat. LaZagne, an…
regreSSHion: RCE Vulnerability in OpenSSH (CVE-2024-6387)
https://ift.tt/zvZ7ODI
Submitted July 02, 2024 at 10:14AM by oshratn
via reddit https://ift.tt/q9rOy4V
https://ift.tt/zvZ7ODI
Submitted July 02, 2024 at 10:14AM by oshratn
via reddit https://ift.tt/q9rOy4V
ARMO
regreSSHion: RCE Vulnerability in OpenSSH (CVE-2024-6387)
Learn about regreSSHion, the high severity RCE vulnerability (CVE-2024-6387) in OpenSSH, its impact, and protection measures
Evolution of Wi-Fi Security - From WEP to WPA3
https://ift.tt/N2iJR7g
Submitted July 02, 2024 at 12:58PM by thexerocouk
via reddit https://ift.tt/QdmKkgw
https://ift.tt/N2iJR7g
Submitted July 02, 2024 at 12:58PM by thexerocouk
via reddit https://ift.tt/QdmKkgw
BlueToolkit - automated and portable Bluetooth vulnerability testing framework against 43 exploits
https://ift.tt/IvnSNiC
Submitted July 02, 2024 at 02:30PM by barakadua131
via reddit https://ift.tt/1FoQpw3
https://ift.tt/IvnSNiC
Submitted July 02, 2024 at 02:30PM by barakadua131
via reddit https://ift.tt/1FoQpw3
Mobile Hacker
Uncover Bluetooth Vulnerabilities with BlueToolkit
BlueToolkit is designed to uncover both new and old vulnerabilities in Bluetooth-enabled devices. This makes it a capable tool for vulnerability research, penetration testing, and Bluetooth hacking
Race Conditions Found in Open-source IAM Solution Keycloak
https://ift.tt/4IZvtYj
Submitted July 02, 2024 at 06:44PM by jat0369
via reddit https://ift.tt/FZn6HMD
https://ift.tt/4IZvtYj
Submitted July 02, 2024 at 06:44PM by jat0369
via reddit https://ift.tt/FZn6HMD
Cyberark
You Can’t Always Win Racing the (Key)cloak
Web Race Conditions – Success and Failure – a Keycloak Case Study In today’s connected world, many organizations’ “keys to the kingdom” are held in identity and access management (IAM) solutions;...
Kirin: Hitting the Internet with Distributed BGP Announcements
https://ift.tt/FEIDX8n
Submitted July 02, 2024 at 11:05PM by 0x414141
via reddit https://ift.tt/3cpPWSg
https://ift.tt/FEIDX8n
Submitted July 02, 2024 at 11:05PM by 0x414141
via reddit https://ift.tt/3cpPWSg
Unpatched RCE Vulnerabilities in Gogs: Argument Injection in the Built-In SSH Server
https://ift.tt/xjyePDd
Submitted July 03, 2024 at 01:38AM by SonarPaul
via reddit https://ift.tt/ZQKRGSc
https://ift.tt/xjyePDd
Submitted July 03, 2024 at 01:38AM by SonarPaul
via reddit https://ift.tt/ZQKRGSc
Sonarsource
Unpatched Gogs Vulnerabilities: SSH Argument Injection (1/2)
We discovered 4 critical code vulnerabilities in Gogs, a source code hosting solution, which are still unpatched. Read about the details and how to protect yourself.
Exploiting Client-Side Path Traversal to Perform Cross-Site Request Forgery (CSPT2CSRF)
https://ift.tt/SwDY4kX
Submitted July 03, 2024 at 02:15AM by nibblesec
via reddit https://ift.tt/q9j8A7a
https://ift.tt/SwDY4kX
Submitted July 03, 2024 at 02:15AM by nibblesec
via reddit https://ift.tt/q9j8A7a
Doyensec
Exploiting Client-Side Path Traversal to Perform Cross-Site Request Forgery - Introducing CSPT2CSRF
To provide users with a safer browsing experience, the IETF proposal named “Incrementally Better Cookies” set in motion a few important changes to address Cross-Site Request Forgery (CSRF) and other client-side issues. Soon after, Chrome and other major browsers…
Vulnerabilities in CocoaPods Open the Door to Supply Chain Attacks Against Thousands of iOS and MacOS Applications
https://ift.tt/78dkGcv
Submitted July 03, 2024 at 05:46PM by eranvak
via reddit https://ift.tt/2SVZ68f
https://ift.tt/78dkGcv
Submitted July 03, 2024 at 05:46PM by eranvak
via reddit https://ift.tt/2SVZ68f
www.evasec.io
Vulnerabilities in CocoaPods Open the Door to Supply Chain Attacks Against Thousands of iOS and MacOS Applications | E.V.A
Multiple vulnerabilities affecting the CocoaPods ecosystem, have been discovered, posing a major risk of supply chain attacks.