Apple Pay vs. Google Wallet https://www.investopedia.com/articles/personal-finance/010215/apple-pay-vs-google-wallet-how-they-work.asp
Investopedia
Apple Pay vs Google Wallet: How They Work
Apple Pay and Google Wallet are mostly identical offerings. Apple may be to be easier to use, but Google has a more features.
A universal EDR bypass built in Windows 10 https://www.riskinsight-wavestone.com/en/2023/10/a-universal-edr-bypass-built-in-windows-10/
RiskInsight
A universal EDR bypass built in Windows 10 - RiskInsight
A security design failure in Windows 10 allows a malware to disable some telemetry used by EDR, thus to perform actions without raising alerts
Google mitigated the largest DDoS attack to date, peaking above 398 million rps https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/
Google Cloud Blog
Google Cloud mitigated largest DDoS attack, peaking above 398 million rps | Google Cloud Blog
Google Cloud stopped the largest known DDoS attack to date, which exploited HTTP/2 stream multiplexing using the new “Rapid Reset” technique.
An Algorithm to Detect Hosting Providers
and their IP Ranges https://ipapi.is/blog/detecting-hosting-providers.html
and their IP Ranges https://ipapi.is/blog/detecting-hosting-providers.html
ipapi.is
ipapi.is - An Algorithm to Detect Hosting Providers and their IP Ranges
ipapi.is offers precise IP data via a user-friendly API, encompassing geolocation, ASN data, hosting detection, VPN detection, and proxy detection.
👍1
Security Tips & Devices for Digital Nomads https://officercia.mirror.xyz/GX0LvoKDcC12ACXzhT3F_3PVRSfEyhE8cJYMZnoia9U
How I made a heap overflow in curl https://daniel.haxx.se/blog/2023/10/11/how-i-made-a-heap-overflow-in-curl/
daniel.haxx.se
How I made a heap overflow in curl
In association with the release of curl 8.4.0, we publish a security advisory and all the details for CVE-2023-38545. This problem is the worst security problem found in curl in a long time. We set it to severity HIGH. While the advisory contains all the…
SOCKS5 heap buffer overflow https://curl.se/docs/CVE-2023-38545.html
👌1
HTTP/2 Rapid Reset Attack Impacting F5 NGINX Products https://www.f5.com/company/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products
F5, Inc.
HTTP/2 Rapid Reset Attack Impacting F5 NGINX Products
Update your NGINX configuration to mitigate a possible denial-of-service attack implemented on the server-side portion of the HTTP/2 specification.
IoT Bug Hunting - Part 2 - Walkthrough of discovering command injections in firmware binaries https://bugprove.com/knowledge-hub/iot-bug-hunting-part-2-walkthrough-of-discovering-command-injections-in-firmware-binaries/
Bugprove
IoT Bug Hunting - Part 2 - Walkthrough of discovering command injections in firmware binaries
We present the steps that can lead you to another variation of an OS command injection vulnerability (CVE-2023-4249) in multiple Zavio IP camera models.
[Crypto] Length extension attack + HMAC explained https://yurichev.org/LEA/
An analysis of an in-the-wild iOS Safari WebContent to GPU Process exploit https://googleprojectzero.blogspot.com/2023/10/an-analysis-of-an-in-the-wild-ios-safari-sandbox-escape.html
Blogspot
An analysis of an in-the-wild iOS Safari WebContent to GPU Process exploit
By Ian Beer A graph representation of the sandbox escape NSExpression payload In April this year Google's Threat Analysis Group, in ...
Looking for CVE-2023-43261 in the Real World https://vulncheck.com/blog/real-world-cve-2023-43261
VulnCheck
VulnCheck - Outpace Adversaries
Vulnerability intelligence that predicts avenues of attack with speed and accuracy.
Building Micro-CGC Events - Art of The Flag https://www.battleofthebots.net/building_micro_cgc_events.html
Battle of The Bots
Building Micro-CGC Events - Art of The Flag
Battle of The Bots Website
“EtherHiding” — Hiding Web2 Malicious Code in Web3 Smart Contracts https://labs.guard.io/etherhiding-hiding-web2-malicious-code-in-web3-smart-contracts-65ea78efad16
guard.io
“EtherHiding” — Hiding Web2 Malicious Code in Web3 Smart Contracts
Multiple Vulnerabilities in Cisco IOS XE Software Web UI Feature https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-webui-privesc-j22SaA4z
Cisco
Cisco Security Advisory: Multiple Vulnerabilities in Cisco IOS XE Software Web UI Feature
Cisco is providing an update for the ongoing investigation into observed exploitation of the web UI feature in Cisco IOS XE Software. We are updating the list of fixed releases and adding the Software Checker.
Fix information can be found in the Fixed Software…
Fix information can be found in the Fixed Software…
PsMapExec: A PowerShell tool that takes strong inspiration from CrackMapExec. https://github.com/The-Viper-One/PsMapExec
GitHub
GitHub - The-Viper-One/PsMapExec: Dominate Active Directory with PowerShell.
Dominate Active Directory with PowerShell. . Contribute to The-Viper-One/PsMapExec development by creating an account on GitHub.
Synology NAS DSM Account Takeover: When Random is not Secure https://claroty.com/team82/research/synology-nas-dsm-account-takeover-when-random-is-not-secure
Claroty
Synology NAS DSM Account Takeover: When Random is not Secure
Claroty discovers the use of a weak random number generator in Synology’s DiskStation Manager (DSM) Linux-based operating system. Learn more.