/ flatpak CVE-2024-32462 : Sandbox escape via RequestBackground

https://www.openwall.com/lists/oss-security/2024/04/18/5

/ Blind Spot: how I get from Docker Registry To RCE

https://medium.com/@red.whisperer/blind-spot-from-docker-registry-to-rce-b0d46e043798

MagicDot

A set of rootkit-like abilities for unprivileged users, and vulnerabilities based on the DOT-to-NT path conversion known issue:

https://github.com/SafeBreach-Labs/MagicDot

/ The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to
crash an application or overwrite a neighbouring variable.

https://sourceware.org/pipermail/libc-announce/2024/000040.html

a new exploitation technique that affects the whole PHP ecosystem, and the compromission of several applications.

CVE-2024-2961

https://security-tracker.debian.org/tracker/CVE-2024-2961

CVE-2024-20356: Jailbreaking a Cisco appliance to run DOOM

https://labs.nettitude.com/blog/cve-2024-20356-jailbreaking-a-cisco-appliance-to-run-doom/

P.S. Thx for the link dear subscriber ✌️

50 penetration testing tools and not only:

1. Nmap 🌐
2. Metasploit 🛠️
3. Burp Suite 🐛
4. Wireshark 🖥️
5. OWASP ZAP (Zed Attack Proxy) 🛡️
6. Nikto 🕵️‍♂️
7. SQLMap 🗺️
8. Acunetix 🕷️
9. Nessus 🚀
10. OpenVAS 🚪
11. BeEF (Browser Exploitation Framework) 🐄
12. Shodan 🔍
13. Wfuzz 🌀
14. DirBuster 🚪
15. XSStrike 💥
16. Sublist3r 🎯
17. Hydra 🐍
18. Skipfish 🐟
19. Recon-ng 🕵️‍♂️
20. Masscan 🛰️
21. Gitrob 🕵️‍♂️
22. Gobuster 🔦
23. Joomscan 🕵️‍♂️
24. WPScan 🔍
25. EyeWitness 👀
26. Fiddler 🎻
27. sqlninja 🥷
28. Vega 🌟
29. Arachni 🕷️
30. DirSearch 🔍
31. httrack 🏃‍♂️
32. CMSmap 🗺️
33. DVWA (Damn Vulnerable Web Application) 😈
34. Docker Bench for Security 🐋
35. Amass 📈
36. Zed Attack Proxy 🛡️
37. SonarQube 🛡️
38. ClamAV 🦪
39. OSSEC 🔐
40. Tripwire 🛡️
41. AIDE (Advanced Intrusion Detection Environment) 🛡️
42. Fail2Ban 🚫
43. Lynis 🐧
44. Snort 🐽
45. Suricata 🦈
46. Security Onion 🧅
47. Maltego 🔄
48. Cobalt Strike 🌩️
49. BloodHound 🩸
50. Empire 🏰

Analyzing Forest Blizzard’s

Custom post-compromise tool for exploiting CVE-2022-38028 to obtain credentials... Forest Blizzard’s objective in deploying GooseEgg is to gain elevated access to target systems and steal credentials and information..:

- Read Full Article

Cyber Security Incident
Response Planning -
Practitioner Guidance

CVE-2024-3400-RCE. Cyberspace Mapping Dorks

https://github.com/W01fh4cker/CVE-2024-3400-RCE-Scan

System Hacking: Common Windows, Linux & Web Server Hacking Techniques

Playing Possum: What's the Wpeeper Backdoor Up To?

https://blog.xlab.qianxin.com/playing-possum-whats-the-wpeeper-backdoor-up-to/

Dissecting REMCOS RAT: An in- depth analysis of a widespread 2024 malware

Introduction about the REMCOS threat and dive into the first half of its execution flow, from loading its configuration to cleaning the infected machine web browsers:

https://www.elastic.co/security-labs/dissecting-remcos-rat-part-two

/ DNS traffic can leak outside the VPN tunnel on Android

https://mullvad.net/en/blog/dns-traffic-can-leak-outside-the-vpn-tunnel-on-android

/ Android.Click.414.origin

Среди инфицированных приложений в магазине Google Play встречаются Love Spouse (для управления товарами для взрослых) и QRunning (трекер физической активности). Суммарное количество устройств, на которые установлены приложения, составляет 1,5 миллиона.:

https://vms.drweb.ru/virus/?i=28241868

Malware: Cuckoo Behaves Like Cross Between Infostealer and Spyware

..that can run on Intel or ARM-based Mac computers.

Technical analysys:

https://blog.kandji.io/malware-cuckoo-infostealer-spyware

Detecting Brute Force
Attacks

CCTV - Close-Circuit Telegram Vision revolutionizes location tracking with its open-source design and Telegram API integration.

https://github.com/IvanGlinkin/CCTV?tab=readme-ov-file

VULNERABILITIES IN NEXT-GEN BIG-IP

https://eclypsium.com/blog/big-vulnerabilities-in-next-gen-big-ip/