ArtiPACKED: Hacking Giants Through a Race Condition in GitHub Actions Artifacts
https://ift.tt/XzE2qSk
Submitted August 13, 2024 at 05:26PM by Due_Lengthiness_9329
via reddit https://ift.tt/wQAlgr5
https://ift.tt/XzE2qSk
Submitted August 13, 2024 at 05:26PM by Due_Lengthiness_9329
via reddit https://ift.tt/wQAlgr5
Unit 42
ArtiPACKED: Hacking Giants Through a Race Condition in GitHub Actions Artifacts
New research uncovers a potential attack vector on GitHub repositories, with leaked tokens leading to potential compromise of services.
Too Many Secrets: Proprietary Encryption Protocol Analysis in VStarcam CB73 Security Camera
https://ift.tt/XOim0Ba
Submitted August 13, 2024 at 05:24PM by mattbrwn0
via reddit https://ift.tt/3ZlVcTH
https://ift.tt/XOim0Ba
Submitted August 13, 2024 at 05:24PM by mattbrwn0
via reddit https://ift.tt/3ZlVcTH
Compromising Microsoft's AI Healthcare Chatbot Service (Critical Issue with Cross-Tenant Access)
https://ift.tt/EZHti7c
Submitted August 13, 2024 at 06:32PM by dinobyt3s
via reddit https://ift.tt/cqHFtdC
https://ift.tt/EZHti7c
Submitted August 13, 2024 at 06:32PM by dinobyt3s
via reddit https://ift.tt/cqHFtdC
Tenable®
Compromising Microsoft's AI Healthcare Chatbot Service
Tenable Research discovered multiple privilege-escalation issues in the Azure Health Bot Service via a server-side request forgery (SSRF), which allowed researchers access to cross-tenant resources.
Real World Cloud TTPs vs. Canary Infrastructure
https://ift.tt/QaJ0LwM
Submitted August 13, 2024 at 07:39PM by tracebit
via reddit https://ift.tt/P5WF1qb
https://ift.tt/QaJ0LwM
Submitted August 13, 2024 at 07:39PM by tracebit
via reddit https://ift.tt/P5WF1qb
Tracebit
Canary Infrastructure vs. Real World TTPs | Tracebit
We investigate three recent AWS security incidents and discuss how canaries could help you detect these early, and throughout the attack lifecycle.
Snaffler Parser (HTML, TXT, CSV and more output / Pure PowerShell no dependencies)
https://ift.tt/jFHtcs4
Submitted August 14, 2024 at 12:02AM by GonzoZH
via reddit https://ift.tt/7mhAzLu
https://ift.tt/jFHtcs4
Submitted August 14, 2024 at 12:02AM by GonzoZH
via reddit https://ift.tt/7mhAzLu
GitHub
GitHub - zh54321/SnafflerParser: Parses Snaffler output file and generate beautified outputs.
Parses Snaffler output file and generate beautified outputs. - zh54321/SnafflerParser
Wormable Substack XSS
https://ift.tt/i2VbHw7
Submitted August 12, 2024 at 11:46PM by Mission-Egg7495
via reddit https://ift.tt/HADKCrm
https://ift.tt/i2VbHw7
Submitted August 12, 2024 at 11:46PM by Mission-Egg7495
via reddit https://ift.tt/HADKCrm
blog.calif.io
Wormable Substack XSS
We found a stored Cross-Site Scripting (XSS) vulnerability in Substack.
RCE in Windows IPv6 Stack (CVE-2024-38063)
https://ift.tt/crePQoK
Submitted August 14, 2024 at 09:16PM by nicholashairs
via reddit https://ift.tt/mNEfU6v
https://ift.tt/crePQoK
Submitted August 14, 2024 at 09:16PM by nicholashairs
via reddit https://ift.tt/mNEfU6v
Lil Pwny Rides Again: Streamline Your Active Directory Password Audits with the New 3.2.0 Update
https://ift.tt/L4vXYT9
Submitted August 15, 2024 at 02:24AM by TheAlphaBravo
via reddit https://ift.tt/vZAO4Lm
https://ift.tt/L4vXYT9
Submitted August 15, 2024 at 02:24AM by TheAlphaBravo
via reddit https://ift.tt/vZAO4Lm
PaperMtn
Lil Pwny Rides Again: Streamline Your Active Directory Password Audits with the New 3.2.0 Update
I’m excited to announce the release of Lil Pwny 3.2.0, featuring powerful new enhancements to the Active Directory password auditing tool. This update brings significant improvements and new …
Mixing watering hole attacks with history leak via CSS
https://ift.tt/jgUDEsl
Submitted August 15, 2024 at 02:02PM by gid0rah
via reddit https://ift.tt/emLMVHf
https://ift.tt/jgUDEsl
Submitted August 15, 2024 at 02:02PM by gid0rah
via reddit https://ift.tt/emLMVHf
Mixing watering hole attacks with history leak via CSS |
Mixing watering hole attacks with history leak via CSS | AdeptsOf0xCC
Using CSS and social engineering to identify juicy targets when performing watering hole attacks
Entra Id security bypass
https://ift.tt/7Wehbrc
Submitted August 15, 2024 at 05:30PM by Fun_Preference1113
via reddit https://ift.tt/V95fAHb
https://ift.tt/7Wehbrc
Submitted August 15, 2024 at 05:30PM by Fun_Preference1113
via reddit https://ift.tt/V95fAHb
Cymulate
Exploiting Pass-through Authentication Validation in Azure AD
By manipulating the credential validation process, attackers can bypass security checks, posing significant risks to hybrid identity infrastructures
Inside the "3 Billion People" National Public Data Breach
https://ift.tt/1wAxpIu
Submitted August 15, 2024 at 05:27PM by sadyetfly11
via reddit https://ift.tt/TOGIY79
https://ift.tt/1wAxpIu
Submitted August 15, 2024 at 05:27PM by sadyetfly11
via reddit https://ift.tt/TOGIY79
Troy Hunt
Inside the "3 Billion People" National Public Data Breach
I decided to write this post because there's no concise way to explain the nuances of what's being described as one of the largest data breaches ever. Usually, it's easy to articulate a data breach; a service people provide their information to had someone…
MSI motherboards susceptible to code execution & firmware implant - analysis of CVE-2024-36877
https://ift.tt/WKlN6Um
Submitted August 15, 2024 at 10:31PM by edward_snowedin
via reddit https://ift.tt/61Bgzqm
https://ift.tt/WKlN6Um
Submitted August 15, 2024 at 10:31PM by edward_snowedin
via reddit https://ift.tt/61Bgzqm
Jjensn
At Home In Your Firmware: Analysis of CVE-2024-36877
How I exploited a SMM Memory Corruption Vulnerability in MSI firmware
New phishing technique using udl files
https://ift.tt/iyIfuSE
Submitted August 15, 2024 at 10:06PM by oddvarmoe
via reddit https://ift.tt/8ZevcVw
https://ift.tt/iyIfuSE
Submitted August 15, 2024 at 10:06PM by oddvarmoe
via reddit https://ift.tt/8ZevcVw
TrustedSec
Oops I UDL'd it Again
Creating a Malicious Atlassian Plugin | Atlassian Research Part 2
https://ift.tt/PUiG7sJ
Submitted August 16, 2024 at 03:05PM by _cydave
via reddit https://ift.tt/vpgNRXn
https://ift.tt/PUiG7sJ
Submitted August 16, 2024 at 03:05PM by _cydave
via reddit https://ift.tt/vpgNRXn
Cyllective
Creating a Malicious Atlassian Plugin
Exploring the world of a possible supply chain attack, resulting in a compromised, malicious Confluence plugin
MIFARE Classic: exposing the static encrypted nonce variant
https://ift.tt/hqcnbia
Submitted August 16, 2024 at 08:26PM by netsec_burn
via reddit https://ift.tt/3HM8lWs
https://ift.tt/hqcnbia
Submitted August 16, 2024 at 08:26PM by netsec_burn
via reddit https://ift.tt/3HM8lWs
Double-Locked and Ready: The New Era of Multi-Factor Authentication
https://ift.tt/w7V0d5a
Submitted August 16, 2024 at 08:18PM by Adi_r_15
via reddit https://ift.tt/quypQ3J
https://ift.tt/w7V0d5a
Submitted August 16, 2024 at 08:18PM by Adi_r_15
via reddit https://ift.tt/quypQ3J
Medium
Double-Locked and Ready: The New Era of Multi-Factor Authentication
Ever felt uneasy about the security of your online accounts? With cyber threats evolving, relying solely on passwords isn’t enough anymore…
CVE-2024-41660: A Critical Vulnerability in OpenBMC
https://ift.tt/a3lQgLJ
Submitted August 16, 2024 at 11:33PM by sadyetfly11
via reddit https://ift.tt/2MqI6kH
https://ift.tt/a3lQgLJ
Submitted August 16, 2024 at 11:33PM by sadyetfly11
via reddit https://ift.tt/2MqI6kH
Tetrel Security
CVE-2024-41660: A Critical Vulnerability in OpenBMC
Top 7 Identity and Access Management (IAM) Tools to Watch in 2024
https://ift.tt/3JcGutb
Submitted August 17, 2024 at 03:30PM by Adi_r_15
via reddit https://ift.tt/CveF3Li
https://ift.tt/3JcGutb
Submitted August 17, 2024 at 03:30PM by Adi_r_15
via reddit https://ift.tt/CveF3Li
Medium
Top 7 Identity and Access Management (IAM) Tools to Watch in 2024
In today’s digital age, managing who has access to what can feel like juggling flaming torches. With cyber threats evolving and businesses…
Exploiting HuggingFace’s Assistants to Extract Users’ Data
https://ift.tt/7fgGU8K
Submitted August 17, 2024 at 07:47PM by oweillnet
via reddit https://ift.tt/6ZqF8JW
https://ift.tt/7fgGU8K
Submitted August 17, 2024 at 07:47PM by oweillnet
via reddit https://ift.tt/6ZqF8JW
www.lasso.security
Exploiting HuggingFace’s Assistants to Extract Users’ Data
Explore the resilience of the new Hugging Chat Assistance to Sleepy Agent and Image Markdown Rendering vulnerabilities.
CVE-2024-7646: Ingress-NGINX Annotation Validation Bypass
https://ift.tt/XqoIifz
Submitted August 18, 2024 at 09:09PM by oshratn
via reddit https://ift.tt/fDTov1p
https://ift.tt/XqoIifz
Submitted August 18, 2024 at 09:09PM by oshratn
via reddit https://ift.tt/fDTov1p
ARMO
CVE-2024-7646: Ingress-NGINX Annotation Validation Bypass
Learn how CVE-2024-7646 allows attackers to bypass ingress-nginx validation and compromise Kubernetes clusters, and how to secure your systems
Phrack 71 released
https://ift.tt/7MKpqGu
Submitted August 20, 2024 at 02:24AM by guitmz
via reddit https://ift.tt/r29A1jT
https://ift.tt/7MKpqGu
Submitted August 20, 2024 at 02:24AM by guitmz
via reddit https://ift.tt/r29A1jT
phrack.org
.:: Phrack Magazine ::.
Phrack staff website.