MSI motherboards susceptible to code execution & firmware implant - analysis of CVE-2024-36877
https://ift.tt/WKlN6Um
Submitted August 15, 2024 at 10:31PM by edward_snowedin
via reddit https://ift.tt/61Bgzqm
https://ift.tt/WKlN6Um
Submitted August 15, 2024 at 10:31PM by edward_snowedin
via reddit https://ift.tt/61Bgzqm
Jjensn
At Home In Your Firmware: Analysis of CVE-2024-36877
How I exploited a SMM Memory Corruption Vulnerability in MSI firmware
New phishing technique using udl files
https://ift.tt/iyIfuSE
Submitted August 15, 2024 at 10:06PM by oddvarmoe
via reddit https://ift.tt/8ZevcVw
https://ift.tt/iyIfuSE
Submitted August 15, 2024 at 10:06PM by oddvarmoe
via reddit https://ift.tt/8ZevcVw
TrustedSec
Oops I UDL'd it Again
Creating a Malicious Atlassian Plugin | Atlassian Research Part 2
https://ift.tt/PUiG7sJ
Submitted August 16, 2024 at 03:05PM by _cydave
via reddit https://ift.tt/vpgNRXn
https://ift.tt/PUiG7sJ
Submitted August 16, 2024 at 03:05PM by _cydave
via reddit https://ift.tt/vpgNRXn
Cyllective
Creating a Malicious Atlassian Plugin
Exploring the world of a possible supply chain attack, resulting in a compromised, malicious Confluence plugin
MIFARE Classic: exposing the static encrypted nonce variant
https://ift.tt/hqcnbia
Submitted August 16, 2024 at 08:26PM by netsec_burn
via reddit https://ift.tt/3HM8lWs
https://ift.tt/hqcnbia
Submitted August 16, 2024 at 08:26PM by netsec_burn
via reddit https://ift.tt/3HM8lWs
Double-Locked and Ready: The New Era of Multi-Factor Authentication
https://ift.tt/w7V0d5a
Submitted August 16, 2024 at 08:18PM by Adi_r_15
via reddit https://ift.tt/quypQ3J
https://ift.tt/w7V0d5a
Submitted August 16, 2024 at 08:18PM by Adi_r_15
via reddit https://ift.tt/quypQ3J
Medium
Double-Locked and Ready: The New Era of Multi-Factor Authentication
Ever felt uneasy about the security of your online accounts? With cyber threats evolving, relying solely on passwords isn’t enough anymore…
CVE-2024-41660: A Critical Vulnerability in OpenBMC
https://ift.tt/a3lQgLJ
Submitted August 16, 2024 at 11:33PM by sadyetfly11
via reddit https://ift.tt/2MqI6kH
https://ift.tt/a3lQgLJ
Submitted August 16, 2024 at 11:33PM by sadyetfly11
via reddit https://ift.tt/2MqI6kH
Tetrel Security
CVE-2024-41660: A Critical Vulnerability in OpenBMC
Top 7 Identity and Access Management (IAM) Tools to Watch in 2024
https://ift.tt/3JcGutb
Submitted August 17, 2024 at 03:30PM by Adi_r_15
via reddit https://ift.tt/CveF3Li
https://ift.tt/3JcGutb
Submitted August 17, 2024 at 03:30PM by Adi_r_15
via reddit https://ift.tt/CveF3Li
Medium
Top 7 Identity and Access Management (IAM) Tools to Watch in 2024
In today’s digital age, managing who has access to what can feel like juggling flaming torches. With cyber threats evolving and businesses…
Exploiting HuggingFace’s Assistants to Extract Users’ Data
https://ift.tt/7fgGU8K
Submitted August 17, 2024 at 07:47PM by oweillnet
via reddit https://ift.tt/6ZqF8JW
https://ift.tt/7fgGU8K
Submitted August 17, 2024 at 07:47PM by oweillnet
via reddit https://ift.tt/6ZqF8JW
www.lasso.security
Exploiting HuggingFace’s Assistants to Extract Users’ Data
Explore the resilience of the new Hugging Chat Assistance to Sleepy Agent and Image Markdown Rendering vulnerabilities.
CVE-2024-7646: Ingress-NGINX Annotation Validation Bypass
https://ift.tt/XqoIifz
Submitted August 18, 2024 at 09:09PM by oshratn
via reddit https://ift.tt/fDTov1p
https://ift.tt/XqoIifz
Submitted August 18, 2024 at 09:09PM by oshratn
via reddit https://ift.tt/fDTov1p
ARMO
CVE-2024-7646: Ingress-NGINX Annotation Validation Bypass
Learn how CVE-2024-7646 allows attackers to bypass ingress-nginx validation and compromise Kubernetes clusters, and how to secure your systems
Phrack 71 released
https://ift.tt/7MKpqGu
Submitted August 20, 2024 at 02:24AM by guitmz
via reddit https://ift.tt/r29A1jT
https://ift.tt/7MKpqGu
Submitted August 20, 2024 at 02:24AM by guitmz
via reddit https://ift.tt/r29A1jT
phrack.org
.:: Phrack Magazine ::.
Phrack staff website.
Columbus ransomware attack: What’s still unknown one month after the data breach
https://ift.tt/dS5OpWz
Submitted August 20, 2024 at 02:43PM by zolakrystie
via reddit https://ift.tt/jZpsMc9
https://ift.tt/dS5OpWz
Submitted August 20, 2024 at 02:43PM by zolakrystie
via reddit https://ift.tt/jZpsMc9
The Columbus Dispatch
Columbus ransomware attack: What’s still unknown one month after the data breach
Mayor Andrew J. Ginther and other city officials have carried out a \
Web Browser Stored Credentials
https://ift.tt/Zv5hreV
Submitted August 20, 2024 at 07:09PM by netbiosX
via reddit https://ift.tt/B6denkj
https://ift.tt/Zv5hreV
Submitted August 20, 2024 at 07:09PM by netbiosX
via reddit https://ift.tt/B6denkj
Penetration Testing Lab
Web Browser Stored Credentials
Microsoft introduced Data Protection Application Programming Interface (DPAPI) in Windows environments as a method to encrypt and decrypt sensitive data such as credentials using the CryptProtectDa…
SSRFing the Web with the help of Copilot Studio (Critical Vuln in Microsoft Copilot Studio)
https://ift.tt/45VBU9N
Submitted August 20, 2024 at 06:43PM by dinobyt3s
via reddit https://ift.tt/oTWmrbG
https://ift.tt/45VBU9N
Submitted August 20, 2024 at 06:43PM by dinobyt3s
via reddit https://ift.tt/oTWmrbG
Tenable®
SSRFing the Web with the Help of Copilot Studio
Tenable Research discovered a critical information-disclosure vulnerability in Microsoft’s Copilot Studio via a server-side request forgery (SSRF), which allowed researchers access to potentially sensitive information regarding service internals with potential…
Protecting Your User’s Data from AI Training Crawlers | Permit
https://ift.tt/0GymEpV
Submitted August 20, 2024 at 10:18PM by Permit_io
via reddit https://ift.tt/C35ZDBb
https://ift.tt/0GymEpV
Submitted August 20, 2024 at 10:18PM by Permit_io
via reddit https://ift.tt/C35ZDBb
www.permit.io
Protecting Your Users' Data from AI Training Crawlers
Learn how to protect user data from AI crawlers with Fine-Grained Authorization (FGA) by Identifying bots, classifying data, and empowering users with control.
Hacking as a pathway to building better Products
https://ift.tt/GbphVPx
Submitted August 20, 2024 at 10:29PM by thinkst
via reddit https://ift.tt/JjYk5fS
https://ift.tt/GbphVPx
Submitted August 20, 2024 at 10:29PM by thinkst
via reddit https://ift.tt/JjYk5fS
Thinkst Thoughts
Hacking as a pathway to building better Products
Most security products are terrible. For years our industry has managed to get by because our products were mandated by someone or some regulation, and users were trained to accept that security an…
Passive decryption of 2G communications, GSM and GPRS impacted
https://ift.tt/aEVvdg9
Submitted August 20, 2024 at 05:40PM by Pure-Benefit-3593
via reddit https://ift.tt/imdJQy8
https://ift.tt/aEVvdg9
Submitted August 20, 2024 at 05:40PM by Pure-Benefit-3593
via reddit https://ift.tt/imdJQy8
SpringerLink
Time-Memory Trade-Offs Sound the Death Knell for GPRS and
This paper introduces a practical TMTO-based attack against GSM (A5/3) and GPRS (GEA-3), which are both technologies used in 2G mobile networks. Although designed in the 80 s, these networks are still quite active today, especially for embedded systems. While...
Sploitify - GTFOBins-like tool for exploits
https://ift.tt/yKwM7AB
Submitted August 19, 2024 at 04:39PM by haxxm0nkey
via reddit https://ift.tt/wE7YJ9V
https://ift.tt/yKwM7AB
Submitted August 19, 2024 at 04:39PM by haxxm0nkey
via reddit https://ift.tt/wE7YJ9V
Realizing Continuous Threat Exposure Management (CTEM) automatically. Security is not about remediating every issue and risk but rather focusing on those that are more likely to be exploited against the organization and bear more impact. The article explores how can this be implemented.
https://ift.tt/xXLmgp6
Submitted August 21, 2024 at 03:58PM by PutApart5987
via reddit https://ift.tt/QFnGNEx
https://ift.tt/xXLmgp6
Submitted August 21, 2024 at 03:58PM by PutApart5987
via reddit https://ift.tt/QFnGNEx
Securityscouter
Realizing Automated Continuous Threat Exposure Management
Following the new coined CTEM term, vendors have started appropriating the use-case to their offering. Exploring solutions and naming a new emerging market.
Call For Papers - Hackfest 2024 - Quebec City, Canada
https://ift.tt/L6ygEOT
Submitted August 21, 2024 at 07:56PM by pathetiq
via reddit https://ift.tt/Ld5kP8K
https://ift.tt/L6ygEOT
Submitted August 21, 2024 at 07:56PM by pathetiq
via reddit https://ift.tt/Ld5kP8K
cfp.hackfest.ca
Hackfest 2024 - 16-bit Edition
Schedule, talks and talk submissions for Hackfest 2024 - 16-bit Edition
BLUUID: Firewallas, Diabetics, And… Bluetooth
https://ift.tt/bjV01Km
Submitted August 22, 2024 at 04:15AM by netsecfriends
via reddit https://ift.tt/5p2uglU
https://ift.tt/bjV01Km
Submitted August 22, 2024 at 04:15AM by netsecfriends
via reddit https://ift.tt/5p2uglU
GreyNoise Labs
GreyNoise Labs - BLUUID: Firewallas, Diabetics, And… Bluetooth
Where I introduce the subject of remotely identifying bluetooth devices, propose that healthcare device oversight is lacking, and exploit a firewall for no reason other than to prove a point.
Best MFA Tools for 2024: Top Picks for Stronger Security
https://ift.tt/ZCSue2f
Submitted August 22, 2024 at 01:27PM by Kapildev_Arulmozhi
via reddit https://ift.tt/zwYlkFJ
https://ift.tt/ZCSue2f
Submitted August 22, 2024 at 01:27PM by Kapildev_Arulmozhi
via reddit https://ift.tt/zwYlkFJ
www.infisign.ai
9 Best Multi-Factor Authentication (MFA) Software in 2024
In today's increasingly digital world, where cyber threats lurk around every corner, securing your online accounts is more important than ever. While passwords remain a cornerstone of security, they're no longer enough. This is where Multi-Factor Authentication…