CVE-2020-0968:
IE 9, 11 - Scripting Engine Memory Corruption Vulnerability/Operation Domino (PoC)
https://ti.dbappsecurity.com.cn/blog/index.php/2020/09/18/cve-2020-0968/
Attack overview:
https://ti.dbappsecurity.com.cn/blog/index.php/2020/09/18/operation-domino/

Alien: el nuevo malware bancario para Android

https://unaaldia.hispasec.com/2020/09/alien-el-nuevo-malware-bancario-para-android.html

National Vulnerability Database
CVE-2020-4607

IBM Security Secret Server (IBM Security Verify Privilege Vault Remote 1.2 ) could allow a local user to bypass security restrictions due to improper input validation. IBM X-Force ID: 184884.

Obtener conversaciones de Whatsapp desde la nube
https://blog.segu-info.com.ar/2020/09/obtener-conversaciones-de-whatsapp.html

Threat Research:
Taking down the SSO, Account Takeover in the Websites
of Kolesa due to Insecure JSONP Call (PoC)
https://medium.com/bugbountywriteup/taking-down-the-sso-account-takeover-in-3-websites-of-kolesa-due-to-insecure-jsonp-call-facd79732e45

National Vulnerability Database
CVE-2020-9491

In Apache NiFi 1.2.0 to 1.11.4, the NiFi UI and API were protected by mandating TLS v1.2, as well as listening connections established by processors like ListenHTTP, HandleHttpRequest, etc. However intracluster communication such as cluster request replication, Site-to-Site, and load balanced queues continued to support TLS v1.0 or v1.1.

Pentesting Mobile 101: Controlando de manera remota un Dispositivo Android con Scrcpy

http://feedproxy.google.com/~r/snifer/~3/B5gK-mc0sT4/srcpy-screen-mirroring-android-sin-root.html

Fortinet's Fortigate VPN solution running default settings leave over 200,000 businesses vulnerable to man-in-the-middle (MitM) attacks.

Learn how: https://thehackernews.com/2020/09/fortigate-vpn-security.html

CVE-2020-15702:
Race Condition vulnerability in handling of PID by apport in Ubuntu (PoC)
https://flattsecurity.hatenablog.com/entry/2020/09/30/130844

Fingerprintig de exploits

https://unaaldia.hispasec.com/2020/10/fingerprintig-de-exploits.html

Malware analysis:
1. Ttint: An IoT Remote Access Trojan spread through two Tenda router 0-day vulnerabilities
https://blog.netlab.360.com/ttint-an-iot-remote-control-trojan-spread-through-2-0-day-vulnerabilities/
2. Top Alexa Sites Infected With Malicious Coinminers
and Web Skimmer
https://unit42.paloaltonetworks.com/malicious-coinminers-web-skimmer/

National Vulnerability Database
CVE-2020-5989

NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin, in which it can dereference a NULL pointer, which may lead to denial of service. This affects vGPU version 8.x (prior to 8.5), version 10.x (prior to 10.4) and version 11.0.

⚡️ Pentester Academy
Courses ⚡️


🖇 Download Link https://mega.nz/#F!ZA8x3KjL!aOhch9x--wvKoO8SgmmFng

Tus chats de WhatsApp no son seguros: un nuevo «fallo» permite espiarlos
https://www.adslzone.net/noticias/whatsapp/chats-espiar-cifrado-copia-seguridad-nube/

#Whatsapp #Privacidad #Ciberseguridad

Windows Hacking tutorials and tools :

1) Windows-Post-Exploitation:


https://github.com/emilyanncr/Windows-Post-Exploitation


2) Windows Post Exploitation Shells and File Transfer with Netcat for Windows:


https://medium.com/p/a2ddc3557403

3) Windows Privilege Escalation Fundamentals:

https://www.fuzzysecurity.com/tutorials/16.html


4) Windows Privilege Escalation Guide:

www.absolomb.com/2018-01-26-Windows-Privilege-Escalation-Guide/

5) https://github.com/LazoCoder/Windows-Hacks


6) https://github.com/D4Vinci/Dr0p1t-Framework

IoT-Pentest-devices-and-purpose
https://github.com/IoTSecurity101/IoT-Pentest-devices-and-purpose

Vídeo de demostración que enseña cómo un spyware roba los mensajes de WhatsApp de las notificaciones recibidas

https://www.instagram.com/reel/CFwz9wMAwuL/

Ya que estamos por aquí...

📃 "Privacidad de Telegram y todas las opciones que debes conocer" https://tecnonucleous.com/2020/06/30/privacidad-de-telegram-todas-las-opciones/

Título: *H4ck1ng - El Curso más COMPLETO de TODOS*

Sinopsis: He aquí el mejor curso para que aprendas a ser el h4cker que llevas dentro.
Este curso trae 13 módulos totalmente completos en los que aprenderás:
Introducción a

- Meta3xplo*its
- Hack1ng Ético
- H4ck1ng con Python
- Reconocimiento y enumeraciones
- Anonimato en la red
- Escaneo de M3ta*Expl0*its
- Estructura de Datos y Secuencia de Control
- Recolección de información
- Análisis de Vulnerabilidades
Y mucho pero mucho más.

Peso: 5.88 GB

Link:
https://mega.nz/folder/gwhiRL7T#mRKqYm3Wf6D3PzEGfQgxfw

National Vulnerability Database
CVE-2020-26934

phpMyAdmin before 4.9.6 and 5.x before 5.0.3 allows XSS through the transformation feature via a crafted link.