BugBounty platforms
(sites where researchers can help companies identify security problems and make money from it)
https://hackerone.com
https://yeswehack.com/programs
https://bugcrowd.com
https://bugbounty.jp
https://bugbounty.ch
https://yogosha.com
https://immunefi.com
https://firebounty.com
https://bugv.io
https://intigriti.com
https://huntr.dev
https://hckrt.com
https://safehats.com
https://bugsbounty.com
https://plugbounty.com
https://openbugbounty.org
https://zerodayinitiative.com
(sites where researchers can help companies identify security problems and make money from it)
https://hackerone.com
https://yeswehack.com/programs
https://bugcrowd.com
https://bugbounty.jp
https://bugbounty.ch
https://yogosha.com
https://immunefi.com
https://firebounty.com
https://bugv.io
https://intigriti.com
https://huntr.dev
https://hckrt.com
https://safehats.com
https://bugsbounty.com
https://plugbounty.com
https://openbugbounty.org
https://zerodayinitiative.com
HackerOne
HackerOne | Global leader in offensive security | Security for AI | Crowdsourced Security
HackerOne combines AI with the ingenuity of the largest community of security researchers to find and fix security, privacy, and AI vulnerabilities across the SDLC. HackerOne offers AI red teaming, crowdsourced security, bug bounty, vulnerability disclosure…
CÓMO EVITAR LOS ATAQUES INFORMÁTICOS EN LOS COCHES
https://motor.elpais.com/tecnologia/como-evitar-los-ataques-informaticos-en-los-coches/
https://motor.elpais.com/tecnologia/como-evitar-los-ataques-informaticos-en-los-coches/
El Motor
Cómo evitar los ataques informáticos en los coches
Los modernos automóviles son susceptibles de ser alterados por terceros sin autorización de forma remota y se deben tomar medidas para minimizar los riesgos.
Domain Persistence – Machine Account https://pentestlab.blog/2022/01/17/domain-persistence-machine-account/
Penetration Testing Lab
Domain Persistence – Machine Account
Machine accounts play a role in red team operations as in a number of techniques are utilized for privilege escalation, lateral movement and domain escalation. However, there are also cases which a…
[webapps] OpenBMCS 2.4 - SQLi (Authenticated)
OpenBMCS 2.4 - SQLi (Authenticated)
https://www.exploit-db.com/exploits/50668
OpenBMCS 2.4 - SQLi (Authenticated)
https://www.exploit-db.com/exploits/50668
Exploit Database
OpenBMCS 2.4 - SQLi (Authenticated)
OpenBMCS 2.4 - SQLi (Authenticated).. webapps exploit for PHP platform
[webapps] OpenBMCS 2.4 - Cross Site Request Forgery (CSRF)
OpenBMCS 2.4 - Cross Site Request Forgery (CSRF)
https://www.exploit-db.com/exploits/50667
OpenBMCS 2.4 - Cross Site Request Forgery (CSRF)
https://www.exploit-db.com/exploits/50667
Exploit Database
OpenBMCS 2.4 - Cross Site Request Forgery (CSRF)
OpenBMCS 2.4 - Cross Site Request Forgery (CSRF).. webapps exploit for PHP platform
📃 "Datos que se pueden obtener de las aplicaciones de mensajería cifradas" https://blog.segu-info.com.ar/2021/12/datos-que-se-pueden-obtener-de-las.html
Segu-Info - Ciberseguridad desde 2000
Datos que se pueden obtener de las aplicaciones de mensajería cifradas
Un ciberataque masivo deja inoperativos varios sitios webs del Gobierno de Ucrania
https://unaaldia.hispasec.com/2022/01/un-ciberataque-masivo-deja-inoperativos-varios-sitios-webs-del-gobierno-de-ucrania.html
https://unaaldia.hispasec.com/2022/01/un-ciberataque-masivo-deja-inoperativos-varios-sitios-webs-del-gobierno-de-ucrania.html
Una al Día
Un ciberataque masivo deja inoperativos varios sitios webs del Gobierno de Ucrania
El gobierno de Ucrania han recibido "un ciberataque masivo" con texto amenazante y alegan que su información personal ha sido pirateada.
Los NFTs y el registro mundial de los dueños de activos digitales en el Metaverso
http://www.elladodelmal.com/2022/01/los-nfts-y-el-registro-mundial-de-los.html
http://www.elladodelmal.com/2022/01/los-nfts-y-el-registro-mundial-de-los.html
Elladodelmal
Los NFTs y el registro mundial de los dueños de activos digitales en el Metaverso
Blog personal de Chema Alonso (CDO Telefónica, 0xWord, MyPublicInbox, Singularity Hackers) sobre seguridad, hacking, hackers y Cálico Electrónico.
[webapps] OpenBMCS 2.4 - Create Admin / Remote Privilege Escalation
OpenBMCS 2.4 - Create Admin / Remote Privilege Escalation
https://www.exploit-db.com/exploits/50669
OpenBMCS 2.4 - Create Admin / Remote Privilege Escalation
https://www.exploit-db.com/exploits/50669
Exploit Database
OpenBMCS 2.4 - Create Admin / Remote Privilege Escalation
OpenBMCS 2.4 - Create Admin / Remote Privilege Escalation.. webapps exploit for PHP platform
Medios de comunicación noruegos son hackeados https://unaaldia.hispasec.com/2022/01/medios-de-comunicacion-noruegos-son-hackeados.html
Una al Día
Medios de comunicación noruegos son hackeados
Los datos personales de clientes podrían haberse filtrado tras un ciberataque a un medio de comunicación noruego.
Multiple Cisco Products Snort Modbus Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-dos-9D3hJLuj?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Multiple%20Cisco%20Products%20Snort%20Modbus%20Denial%20of%20Service%20Vulnerability&vs_k=1
A vulnerability in the Modbus preprocessor of the Snort detection engine could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
This vulnerability is due to an integer overflow while processing Modbus traffic. An attacker could exploit this vulnerability by sending crafted Modbus traffic through an affected device. A successful exploit could allow the attacker to cause the Snort process to hang, causing traffic inspection to stop.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-dos-9D3hJLuj
Security Impact Rating: High
CVE: CVE-2022-20685
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-dos-9D3hJLuj?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Multiple%20Cisco%20Products%20Snort%20Modbus%20Denial%20of%20Service%20Vulnerability&vs_k=1
A vulnerability in the Modbus preprocessor of the Snort detection engine could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
This vulnerability is due to an integer overflow while processing Modbus traffic. An attacker could exploit this vulnerability by sending crafted Modbus traffic through an affected device. A successful exploit could allow the attacker to cause the Snort process to hang, causing traffic inspection to stop.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-dos-9D3hJLuj
Security Impact Rating: High
CVE: CVE-2022-20685
Cisco
Cisco Security Advisory: Multiple Cisco Products Snort Modbus Denial of Service Vulnerability
A vulnerability in the Modbus preprocessor of the Snort detection engine could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
This vulnerability is due to an integer overflow while processing…
This vulnerability is due to an integer overflow while processing…
[webapps] Rocket LMS 1.1 - Persistent Cross Site Scripting (XSS)
Rocket LMS 1.1 - Persistent Cross Site Scripting (XSS)
https://www.exploit-db.com/exploits/50677
Rocket LMS 1.1 - Persistent Cross Site Scripting (XSS)
https://www.exploit-db.com/exploits/50677
Exploit Database
Rocket LMS 1.1 - Persistent Cross Site Scripting (XSS)
Rocket LMS 1.1 - Persistent Cross Site Scripting (XSS).. webapps exploit for PHP platform