Tapping into a telecommunications company's office cameras
https://ift.tt/9q4Hs57
Submitted November 15, 2023 at 12:40AM by EatonZ
via reddit https://ift.tt/E5JHDWh
https://ift.tt/9q4Hs57
Submitted November 15, 2023 at 12:40AM by EatonZ
via reddit https://ift.tt/E5JHDWh
Eaton-Works
Tapping into a telecommunications company’s office cameras
API flaw enabled livestreaming of a telecommunications company’s office cameras.
Critical bug bounty reports in Microsoft & GitHub, with publication of CVE-2023-36052: "All the Small Things: Azure CLI Leakage and Problematic Usage Patterns".
https://ift.tt/a56K3hM
Submitted November 15, 2023 at 02:04AM by Hefty_Knowledge_7449
via reddit https://ift.tt/2dGsX8R
https://ift.tt/a56K3hM
Submitted November 15, 2023 at 02:04AM by Hefty_Knowledge_7449
via reddit https://ift.tt/2dGsX8R
Palo Alto Networks Blog
All the Small Things: Azure CLI Leakage and Problematic Usage Patterns
Developer usage patterns with Azure CLI may leak sensitive data in CI/CD logs when used in public repositories, potentially exposing critical information.
Reptar
https://ift.tt/NmdchfU
Submitted November 15, 2023 at 03:52AM by moviuro
via reddit https://ift.tt/oyNtnqi
https://ift.tt/NmdchfU
Submitted November 15, 2023 at 03:52AM by moviuro
via reddit https://ift.tt/oyNtnqi
Cmpxchg8B
Reptar
Summer 2023 Study on Wi-Fi 6 & WPA3 Popularity
https://ift.tt/QZATCVm
Submitted November 15, 2023 at 05:08AM by wirelessbits
via reddit https://ift.tt/sKB5brq
https://ift.tt/QZATCVm
Submitted November 15, 2023 at 05:08AM by wirelessbits
via reddit https://ift.tt/sKB5brq
Medium
Summer 2023 Study on Wi-Fi AP PHY & Security Adoption
In summer 2023 for a graduate program class I worked with an excellent team made up of Elvis Maese, Parth Joshi, Scott Randall, & Chris…
Static Code Injections in OpenCart (CVE-2023-47444)
https://ift.tt/0CmQE7A
Submitted November 15, 2023 at 05:03AM by UsedSite2578
via reddit https://ift.tt/gAm07Pu
https://ift.tt/0CmQE7A
Submitted November 15, 2023 at 05:03AM by UsedSite2578
via reddit https://ift.tt/gAm07Pu
0xbro
Static Code Injections in OpenCart (CVE-2023-47444)
In OpenCart versions 4.0.0.0 to 4.0.2.3, authenticated backend users having common/security access and modify privileges can write arbitrary untrusted data inside config.php and admin/config.php, resulting in remote code execution on the underlying server.
Microsoft Edge VR - Escaping the sandbox: A bug that speaks for itself
https://ift.tt/jobA6uZ
Submitted November 15, 2023 at 02:52PM by poltess0
via reddit https://ift.tt/Ve62h3D
https://ift.tt/jobA6uZ
Submitted November 15, 2023 at 02:52PM by poltess0
via reddit https://ift.tt/Ve62h3D
Microsoft Browser Vulnerability Research
Escaping the sandbox: A bug that speaks for itself
Introduction
Reptar: an Intel Ice Lake CPU vulnerability, by Tavis Ormandy
https://ift.tt/NmdchfU
Submitted November 15, 2023 at 02:42PM by poltess0
via reddit https://ift.tt/YyVUNXm
https://ift.tt/NmdchfU
Submitted November 15, 2023 at 02:42PM by poltess0
via reddit https://ift.tt/YyVUNXm
Cmpxchg8B
Reptar
Executing from Memory Using ActiveMQ CVE-2023-46604
https://ift.tt/Pb0lhs1
Submitted November 15, 2023 at 08:15PM by chicksdigthelongrun
via reddit https://ift.tt/810Y2Kq
https://ift.tt/Pb0lhs1
Submitted November 15, 2023 at 08:15PM by chicksdigthelongrun
via reddit https://ift.tt/810Y2Kq
VulnCheck
Executing from Memory Using ActiveMQ CVE-2023-46604 - Blog - VulnCheck
VulnCheck finds a new way to exploit ActiveMQ CVE-2023-46604 that allows the attacker to hide in memory and avoid process-based detections.
windows arbitrary MSR write and kernel-memory write
https://ift.tt/Onl1eEZ
Submitted November 15, 2023 at 07:42PM by meowerguy
via reddit https://ift.tt/NVD6azm
https://ift.tt/Onl1eEZ
Submitted November 15, 2023 at 07:42PM by meowerguy
via reddit https://ift.tt/NVD6azm
GitHub
CVE-2023-36427/report.md at main · tandasat/CVE-2023-36427
Report and exploit of CVE-2023-36427. Contribute to tandasat/CVE-2023-36427 development by creating an account on GitHub.
A Simple Python Redirection Container for Red Team Operations
https://ift.tt/23MjSx8
Submitted November 15, 2023 at 09:27PM by RoseSec_
via reddit https://ift.tt/g0czPAk
https://ift.tt/23MjSx8
Submitted November 15, 2023 at 09:27PM by RoseSec_
via reddit https://ift.tt/g0czPAk
GitHub
Red-Teaming-TTPs/Redirection_Containers.md at main · RoseSecurity/Red-Teaming-TTPs
Useful Techniques, Tactics, and Procedures for red teamers and defenders, alike! - RoseSecurity/Red-Teaming-TTPs
Ransomware group breaches company, reports them to SEC for failure to disclose
https://ift.tt/AEfIlDa
Submitted November 16, 2023 at 07:51AM by AviN456
via reddit https://ift.tt/T4yolzG
https://ift.tt/AEfIlDa
Submitted November 16, 2023 at 07:51AM by AviN456
via reddit https://ift.tt/T4yolzG
www.databreaches.net
AlphV files an SEC complaint against MeridianLink for not disclosing a breach to the SEC (2)
Earlier today, AlphV added MeridianLink to their leak site. MeridianLink (MLNK) is the provider of a loan origination system and digital lending platform for...
Accessing Azure Kubernetes Service as Guest and Cross-Tenant
https://ift.tt/EDS946p
Submitted November 16, 2023 at 08:11PM by cbagdude
via reddit https://ift.tt/5xtWZTB
https://ift.tt/EDS946p
Submitted November 16, 2023 at 08:11PM by cbagdude
via reddit https://ift.tt/5xtWZTB
Binary Security AS
Accessing Azure Kubernetes Service as Guest and Cross-Tenant
In our research, Binary Security found a weakness in Azure Kubernetes Service (AKS) that allows Guest users or third-party apps to access the AKS API without getting assigned any specific roles. Microsoft originally responded that it “does not meet the definition…
From email to phone number, a new OSINT approach - Martin Vigo
https://ift.tt/iZwpGNW
Submitted November 16, 2023 at 09:40PM by n3w57ake
via reddit https://ift.tt/CYyUS7s
https://ift.tt/iZwpGNW
Submitted November 16, 2023 at 09:40PM by n3w57ake
via reddit https://ift.tt/CYyUS7s
Martin Vigo
From email to phone number, a new OSINT approach - Martin Vigo
How to find out someone's phone number if you just know their email address and how it can be automated using a new OSINT tool: email2phonenumber
AI-Exploits: Repo of exploits for multiple critical unauth'd RCEs in AI tools
https://ift.tt/hypLiu2
Submitted November 16, 2023 at 10:16PM by FlyingTriangle
via reddit https://ift.tt/cHrYXQd
https://ift.tt/hypLiu2
Submitted November 16, 2023 at 10:16PM by FlyingTriangle
via reddit https://ift.tt/cHrYXQd
GitHub
GitHub - protectai/ai-exploits: A collection of real world AI/ML exploits for responsibly disclosed vulnerabilities
A collection of real world AI/ML exploits for responsibly disclosed vulnerabilities - GitHub - protectai/ai-exploits: A collection of real world AI/ML exploits for responsibly disclosed vulnerabil...
I analyzed Stack Overflow for leaks
https://ift.tt/NjhHxFA
Submitted November 16, 2023 at 09:51PM by matan-h
via reddit https://ift.tt/isCHd6J
https://ift.tt/NjhHxFA
Submitted November 16, 2023 at 09:51PM by matan-h
via reddit https://ift.tt/isCHd6J
Matan-h
I analyzed stackoverflow
I analyzed stackoverflow for secrets and leaks.
Plundering Postman with Porch Pirate
https://ift.tt/8NXPEak
Submitted November 17, 2023 at 12:01AM by EffectiveEmpty5618
via reddit https://ift.tt/7GsRZHB
https://ift.tt/8NXPEak
Submitted November 17, 2023 at 12:01AM by EffectiveEmpty5618
via reddit https://ift.tt/7GsRZHB
CrushFTP - CVE-2023-43177 - Unauthenticated Root-Level RCE Chain
https://ift.tt/9rSfbh2
Submitted November 16, 2023 at 08:14PM by After_Performer7638
via reddit https://ift.tt/Jcwdfkg
https://ift.tt/9rSfbh2
Submitted November 16, 2023 at 08:14PM by After_Performer7638
via reddit https://ift.tt/Jcwdfkg
Pellera Technologies
CrushFTP Critical Vulnerability CVE-2023-43177 Unauthenticated Remote Code Execution
Zero-day vulnerabilities chain in CrushFTP (CVE-20-23-43177) uncovered by Converge Red Team requires immediate attention with these remediation steps.
Analyzing the security posture of thousands of AWS, Azure and Google Cloud environments
https://ift.tt/GPS9gI3
Submitted November 17, 2023 at 12:58AM by thorn42
via reddit https://ift.tt/KqFrl6c
https://ift.tt/GPS9gI3
Submitted November 17, 2023 at 12:58AM by thorn42
via reddit https://ift.tt/KqFrl6c
Datadog
State of Cloud Security | Datadog
We analyzed data from thousands of organizations to understand the latest trends in cloud security posture.
HavocC2 Exploit
https://ift.tt/0GAWCSl
Submitted November 17, 2023 at 07:05AM by syncwithali
via reddit https://ift.tt/4HczSsR
https://ift.tt/0GAWCSl
Submitted November 17, 2023 at 07:05AM by syncwithali
via reddit https://ift.tt/4HczSsR
GitHub
GitHub - syncwithali/HavocExploit: A remote unauthenticated DOS POC exploit that targets the authentication implementation of Havoc.
A remote unauthenticated DOS POC exploit that targets the authentication implementation of Havoc. - syncwithali/HavocExploit
DIALStranger: my research about DIAL protocol vulnerabilities is public after 4 years
https://ift.tt/pEvxC15
Submitted November 17, 2023 at 11:51PM by ynscdrc
via reddit https://ift.tt/f25mW6Z
https://ift.tt/pEvxC15
Submitted November 17, 2023 at 11:51PM by ynscdrc
via reddit https://ift.tt/f25mW6Z
GitHub
GitHub - yunuscadirci/DIALStranger: details about DIAL protocol vulnerabilities
details about DIAL protocol vulnerabilities . Contribute to yunuscadirci/DIALStranger development by creating an account on GitHub.
Visual Studio Code Security: Markdown Vulnerabilities in Third-Party Extensions (2/3)
https://ift.tt/Qzmfgcy
Submitted November 18, 2023 at 08:10PM by monoimpact
via reddit https://ift.tt/IaKziVt
https://ift.tt/Qzmfgcy
Submitted November 18, 2023 at 08:10PM by monoimpact
via reddit https://ift.tt/IaKziVt
Sonarsource
Visual Studio Code Security: Markdown Vulnerabilities in Third-Party Extensions (2/3)
We took a look at the security of the most popular code editor, Visual Studio Code! This blog post covers vulnerabilities our researchers discovered in third-party extensions.