[Network tarpit] Scanners Beware: Welcome to the Network from Hell
https://ift.tt/kt2x3nR
Submitted December 16, 2024 at 07:01PM by oherrala
via reddit https://ift.tt/zyHDe8d
https://ift.tt/kt2x3nR
Submitted December 16, 2024 at 07:01PM by oherrala
via reddit https://ift.tt/zyHDe8d
Medium
Scanners Beware: Welcome to the Network from Hell
We’ve crafted a bold defense strategy that not only slows scans but actively disrupts and deceives attackers.
Mozilla Firefox removes "Do Not Track" Feature support
https://ift.tt/UpcgtNl
Submitted December 16, 2024 at 08:02PM by towtoo893
via reddit https://ift.tt/ljTxNRu
https://ift.tt/UpcgtNl
Submitted December 16, 2024 at 08:02PM by towtoo893
via reddit https://ift.tt/ljTxNRu
Windows Report
Mozilla Firefox removes "Do Not Track" Feature support: Here's what it means for your Privacy
Firefox is removing the Do Not Track setting from version 135 onwards. Mozilla recommends using Global Privacy Control setting as alternative,
Finding Bugs in Chrome with CodeQL
https://ift.tt/wb6O7qs
Submitted December 16, 2024 at 07:51PM by rawion363
via reddit https://ift.tt/TLRhOb5
https://ift.tt/wb6O7qs
Submitted December 16, 2024 at 07:51PM by rawion363
via reddit https://ift.tt/TLRhOb5
Google
Blog: Finding Bugs in Chrome with CodeQL
Want to learn about using a static analysis tool called CodeQL to search for vulnerabilities in Google Chrome? Then this blog post is for you!
Platform.sh team finds auth bypass in Go SSH package
https://ift.tt/GC56EFW
Submitted December 16, 2024 at 07:38PM by rawion363
via reddit https://ift.tt/3gBC7JV
https://ift.tt/GC56EFW
Submitted December 16, 2024 at 07:38PM by rawion363
via reddit https://ift.tt/3gBC7JV
Upsun
Security vulnerability uncovered and patched in the golang.org/x/crypto /ssh package
Misimplementation of PublicKeyCallback leads to authorization bypass in Go's x/crypto/sshPlatform.
“DeceptionAds” — Fake Captcha Driving Infostealer Infections and a Glimpse to the Dark Side of Internet Advertising
https://ift.tt/bTlWFwZ
Submitted December 16, 2024 at 08:27PM by towtoo893
via reddit https://ift.tt/L9hsCNl
https://ift.tt/bTlWFwZ
Submitted December 16, 2024 at 08:27PM by towtoo893
via reddit https://ift.tt/L9hsCNl
Medium
“DeceptionAds” — Fake Captcha Driving Infostealer Infections and a Glimpse to the Dark Side of Internet Advertising
By Nati Tal (Head of Guardio Labs)
Hacking Kerio Control via CVE-2024-52875: from CRLF Injection to 1-click RCE
https://ift.tt/bQ7aKcV
Submitted December 16, 2024 at 09:34PM by eg1x
via reddit https://ift.tt/zX2ipG3
https://ift.tt/bQ7aKcV
Submitted December 16, 2024 at 09:34PM by eg1x
via reddit https://ift.tt/zX2ipG3
Karmainsecurity
Hacking Kerio Control via CVE-2024-52875: from CRLF Injection to 1-click RCE | Karma(In)Security
This is the personal website of Egidio Romano, a very curious guy from Sicily, Italy. He's a computer security enthusiast, particularly addicted to webapp security.
Unsafe Archive Unpacking: Labs and Semgrep Rules
https://ift.tt/rdYgBk2
Submitted December 17, 2024 at 01:52AM by nibblesec
via reddit https://ift.tt/RPvx01S
https://ift.tt/rdYgBk2
Submitted December 17, 2024 at 01:52AM by nibblesec
via reddit https://ift.tt/RPvx01S
The Full Story of CVE-2024-6386: Remote Code Execution in WPML
https://ift.tt/OVe1Nnj
Submitted December 17, 2024 at 01:21PM by jonas02
via reddit https://ift.tt/FAbZ1l4
https://ift.tt/OVe1Nnj
Submitted December 17, 2024 at 01:21PM by jonas02
via reddit https://ift.tt/FAbZ1l4
WPSec
The Full Story of CVE-2024-6386: Remote Code Execution in WPML - WPSec
The WordPress Multilingual Plugin (WPML), with over 1,000,000 active installations, was vulnerable to Remote Code Execution (RCE) via a Server-Side Template Injection (SSTI) vulnerability in the Twig template engine. WPML is a premium plugin that provides…
LLM for ABAP Code Scanner
https://ift.tt/ncHrpmE
Submitted December 17, 2024 at 01:47PM by vah_13
via reddit https://ift.tt/ApCta92
https://ift.tt/ncHrpmE
Submitted December 17, 2024 at 01:47PM by vah_13
via reddit https://ift.tt/ApCta92
owasp.org
RedRays ABAP Code Scanner | OWASP Foundation
A Python tool for scanning offline SAP ABAP source code to detect security vulnerabilities
Attackers Exploit Microsoft Teams and AnyDesk to Deploy DarkGate Malware
https://ift.tt/MZ8R0f1
Submitted December 18, 2024 at 04:13AM by Glad_Ad534
via reddit https://ift.tt/jDsKR9b
https://ift.tt/MZ8R0f1
Submitted December 18, 2024 at 04:13AM by Glad_Ad534
via reddit https://ift.tt/jDsKR9b
Authentication Bypass Vulnerability in Philips IntelliSpace Cardiovascular
https://ift.tt/OUtD0QH
Submitted December 18, 2024 at 08:37AM by panicnot42
via reddit https://ift.tt/rCPZtlD
https://ift.tt/OUtD0QH
Submitted December 18, 2024 at 08:37AM by panicnot42
via reddit https://ift.tt/rCPZtlD
Understanding Logits And Their Possible Impacts On Large Language Model Output Safety
https://ift.tt/qs59VTv
Submitted December 19, 2024 at 01:24AM by 0xRaindrop
via reddit https://ift.tt/t9GvjlI
https://ift.tt/qs59VTv
Submitted December 19, 2024 at 01:24AM by 0xRaindrop
via reddit https://ift.tt/t9GvjlI
HubPhish Exploits HubSpot Tools to Target 20,000 European Users for Credential Theft
https://ift.tt/1U5XDyF
Submitted December 19, 2024 at 02:36AM by Glad_Ad534
via reddit https://ift.tt/DIbXK61
https://ift.tt/1U5XDyF
Submitted December 19, 2024 at 02:36AM by Glad_Ad534
via reddit https://ift.tt/DIbXK61
APT29 Hackers Target High-Value Victims Using Rogue RDP Servers and PyRDP
https://ift.tt/q1pL3se
Submitted December 19, 2024 at 03:30AM by Glad_Ad534
via reddit https://ift.tt/7Ifsodn
https://ift.tt/q1pL3se
Submitted December 19, 2024 at 03:30AM by Glad_Ad534
via reddit https://ift.tt/7Ifsodn
How an obscure PHP footgun led to RCE in Craft CMS
https://ift.tt/H1R64CV
Submitted December 19, 2024 at 07:53AM by Mempodipper
via reddit https://ift.tt/PwATV6t
https://ift.tt/H1R64CV
Submitted December 19, 2024 at 07:53AM by Mempodipper
via reddit https://ift.tt/PwATV6t
www.assetnote.io
How an obscure PHP footgun led to RCE in Craft CMS
Craft CMS is one of the most popular PHP-based CMSes globally, boasting over 150,000 sites worldwide. This blog post details a pre-authentication RCE vulnerability affecting Craft CMS versions below 4.13.1 and 5.5.1.
Exploiting reflected input via the Range header
https://ift.tt/fTMAu97
Submitted December 19, 2024 at 03:12PM by 6W99ocQnb8Zy17
via reddit https://ift.tt/zW3hJxN
https://ift.tt/fTMAu97
Submitted December 19, 2024 at 03:12PM by 6W99ocQnb8Zy17
via reddit https://ift.tt/zW3hJxN
attackshipsonfi.re
Exploiting Reflected Input Via the Range Header
TL;DR Reflected input is often unexploitable because the attack ends up in a place which stops it working, such as inside a quoted attribute.
I'm Lovin' It: Exploiting McDonald's APIs to hijack deliveries and order food for a penny
https://ift.tt/ncFhMLJ
Submitted December 19, 2024 at 06:42PM by EatonZ
via reddit https://ift.tt/BdJjEUC
https://ift.tt/ncFhMLJ
Submitted December 19, 2024 at 06:42PM by EatonZ
via reddit https://ift.tt/BdJjEUC
Eaton-Works
I’m Lovin’ It: Exploiting McDonald’s APIs to hijack deliveries and order food for a penny
A series of API flaws in McDelivery India made it possible to order food for a penny, hijack other people’s delivery orders, view user information, and more.
New Windows Privilege Escalation Vulnerability!
https://ift.tt/Mv8Xho7
Submitted December 19, 2024 at 10:02PM by SSDisclosure
via reddit https://ift.tt/K0PA2W3
https://ift.tt/Mv8Xho7
Submitted December 19, 2024 at 10:02PM by SSDisclosure
via reddit https://ift.tt/K0PA2W3
SSD Secure Disclosure
SSD Advisory - cldflt Heap-based Overflow (PE) - SSD Secure Disclosure
Summary A vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. To exploit this vulnerability, an attacker must first obtain the ability to execute low-privileged code on the target system. The specific…
CISA Mandates Cloud Security for Federal Agencies by 2025 Under Binding Directive 25-01
https://ift.tt/z0HhKk1
Submitted December 20, 2024 at 03:19AM by Glad_Ad534
via reddit https://ift.tt/Vc0Y87n
https://ift.tt/z0HhKk1
Submitted December 20, 2024 at 03:19AM by Glad_Ad534
via reddit https://ift.tt/Vc0Y87n
techacademy.online
CISA Mandates Cloud Security for Federal Agencies by 2025 Under Binding Directive 25-01
CISA's new directive mandates federal agencies secure cloud environments by 2025, introducing SCuBA tools for monitoring and reducing cyberattack surf
Fortinet Warns of Critical FortiWLM Flaw That Could Lead to Admin Access Exploits
https://ift.tt/kgKLXiC
Submitted December 20, 2024 at 02:58AM by Glad_Ad534
via reddit https://ift.tt/5YOurn7
https://ift.tt/kgKLXiC
Submitted December 20, 2024 at 02:58AM by Glad_Ad534
via reddit https://ift.tt/5YOurn7
techacademy.online
Fortinet Warns of Critical FortiWLM Flaw That Could Lead to Admin Access Exploits
Fortinet patches critical flaws in FortiWLM and FortiManager. CVE-2023-34990 risks sensitive data, while CVE-2024-48889 enables command injection.
CVE-2024-44825 - Invesalius Arbitrary File Write and Directory Traversal
https://ift.tt/71fMsRc
Submitted December 20, 2024 at 03:17PM by AlbatrossMaximum4489
via reddit https://ift.tt/Qu7Hfxa
https://ift.tt/71fMsRc
Submitted December 20, 2024 at 03:17PM by AlbatrossMaximum4489
via reddit https://ift.tt/Qu7Hfxa