🛡️ How Art Appreciation Can Enhance Cybersecurity Skills

https://undercodenews.com/how-art-appreciation-can-enhance-cybersecurity-skills/

@Undercode_News

This is a beautiful malicous BadUSB implant photo. One of the best parts of #RedTeaming is going into an office and secretly swapping out USB cables on folks desks.

⬇️ 💻 Thanks to Lumafield’s Neptune industrial x-ray CT scanner, we can see the O.MG USB-C Cable isn’t just a regular USB cable. At its core, the O.MG Cable uses an ultra compact ESP32 Pico allow for keystroke injection attacks, remote control via wifi, hardware keylogging, ID/PID spoofing as well as remote command and control.

These are not really that new, and have existed in various forms and lesser capabilities at higher prices for almost ten years now.

Source: Linkedin

⚡️ #Apple Expands Radio Offerings with New Live Stations

https://undercodenews.com/apple-expands-radio-offerings-with-new-live-stations/

@Undercode_News

🦑Hack with 1 Plug:

Duckyspark v.0.4.1
Translator from USB-Rubber-Ducky payloads (Ducky script) to a Digispark code.

Usage:

python3 Duckyspark_translator.py [payload.txt] [output_file]
or
python3 Duckyspark_translator.py [payload.txt]

in this case the translated payload will be saved in the file "digipayload.ino"

Ducky payloads you can find here: https://github.com/hak5darren/USB-Rubber-Ducky/wiki/Payloads

or here: https://github.com/CedArctic/DigiSpark-Scripts

Or, you can simply write your own payloads using Ducky script

Ducky script syntax: https://github.com/hak5darren/USB-Rubber-Ducky/wiki/Duckyscript

Recently we found the video "Digispark Flashing Guide & Ducky Payload Converters" that shows how to flash Digispark using the payloads generated by our script: https://www.youtube.com/watch?v=Lrn_hgckhGw&lc

Our site: https://awake.pro/

Upd: added 3d models of USB flesh drive to hide Digispark.

You could edit 3d model, or just print on 3d printer ready-for-print .stl models

🔋 A Cellular MacBook: A Long-Awaited Dream?

https://undercodenews.com/a-cellular-macbook-a-long-awaited-dream/

@Undercode_News

Commands

🦑 Example of sFTP Credentials Leak in Private Program

Target Sub-Domain: trc[•]example[•]com

Impact: Full FTP Server Access Obtained

Details: sftp-config.json exposed sensitive credentials.

Severity: 🔴 Critical (9.6)

💡 Stay vigilant for exposed configuration files!

🚨 Lessons from the Largest #Software Supply Chain Incidents

https://undercodenews.com/lessons-from-the-largest-software-supply-chain-incidents/

@Undercode_News

📱 #Apple Maps: A More Seamless Experience with Yelp Integration

https://undercodenews.com/apple-maps-a-more-seamless-experience-with-yelp-integration/

@Undercode_News

🦑Top ChatGPT extensions for enhancing your productivity and web browsing experience:

1. Monica AI Copilot: A versatile assistant powered by GPT-4, offering functionalities like email drafting, web summaries, PDF chatting, and AI image generation, all while integrating with real-time web browsing.

2. AIPRM for ChatGPT: A powerful tool for marketers and content creators, featuring over 4,500 professional prompts for generating blog titles, ad copy, SEO strategies, and more.

3. Superpower ChatGPT: Adds features like organizing chat folders, custom prompt saving, and downloadable conversations. It’s a great organizational tool for frequent ChatGPT users.

4. Wiseone: Designed for readers, this extension simplifies complex text by providing definitions, context, and summaries directly within your browser.

5. YouTube Summary with ChatGPT & Claude: Summarizes YouTube videos and supports multilingual summaries, complete with timestamps for key points.

6. ChatGPT Writer: Specializes in creating emails and messages based on context, perfect for streamlining communication tasks.

7. Compose AI: Assists with sentence completion, rephrasing, and email replies, making it ideal for improving your writing speed and clarity.

These extensions are available on the Chrome Web Store and are useful for professionals, students, and casual users alike. Let me know if you'd like help with installation or exploring any of these!

🟠 #Linux Kernel Vulnerability: #CVE-2024-50177 (Medium)

https://dailycve.com/linux-kernel-vulnerability-cve-2024-50177-medium/

@DailyCVE

🔴 SourceCodester Simple Online Bidding System 10 - SQL Injection (#CVE-2024-4930) - Critical

https://dailycve.com/sourcecodester-simple-online-bidding-system-10-sql-injection-cve-2024-4930-critical/

@Daily_CVE

🟠 SourceCodester Simple Online Bidding System 10 - Cross-Site Request Forgery (#CVE-2024-4929) - MEDIUM

https://dailycve.com/sourcecodester-simple-online-bidding-system-10-cross-site-request-forgery-cve-2024-4929-medium/

@Daily_CVE

🔴 SourceCodester Simple Online Bidding System 10 - SQL Injection (#CVE-2024-4931 - Critical)

https://dailycve.com/sourcecodester-simple-online-bidding-system-10-sql-injection-cve-2024-4931-critical/

@Daily_CVE

🟠 #Linux Kernel, mptcp: handle consistently DSS corruption, #CVE-2024-50185 (Medium)

https://dailycve.com/linux-kernel-mptcp-handle-consistently-dss-corruption-cve-2024-50185-medium/

@Daily_CVE

🦑Easiest XSS Testing!! [Basic Recon Tips]

✅Tip: Use Inspect Element to find how the input is handled by the server. i.e. if it is enclosed as ''<your_payload>'' try to escape the closing '' '' by adding ''<your_payload> in the input field. This will break the filters in most cases.
This tip is just a very basic method to bypass filters. There are numerous other ways to bypass the filters and having a little knowledge on javascript will be a advantage for you guys...

I will be sharing next levels of bypassing on my coming posts✅

Source

🔐 Global Insurance Agency Suffers from #Ransomware Attack

https://undercodenews.com/global-insurance-agency-suffers-from-ransomware-attack/

@Undercode_News

🦑Google Dorks basics:


site:.edu “phone number”– This Dork searches for websites on .edu domains that contain the words “phone number”. student “phone number” – This Dork searches for websites on .edu domains that contain the words “student” and “phone number”.

inurl:edu “login” – This Dork searches for websites on .edu domains that contain the words “login”. This Dork searches for school websites that contain student login information.

“powered by Undercode” site:.edu – This Dork searches for websites on .edu domains that contain the words “powered by Undercode”. This Dork searches for school websites that are running on the Undercode forum software.

“powered by Undercode” site:.gov – This Dork searches for websites on .gov domains that contain the words “powered by Undercode”. This Dork searches for governmental websites that are running on the Undercode forum software.

“powered by Undercode” site:.mil – This Dork searches for websites on .mil domains that contain the words “powered by Undercode”. This Dork searches for military websites that are running on the Undercode forum software.

“powered by Undercode” inurl:.edu – This Dork searches for websites on .edu domains that contain the words “powered by Undercode”. This Dork searches for school websites that are running on the Undercode forum software.

“powered by Undercode” inurl:.mil – This Dork searches for websites on .mil domains that contain the words “powered by Undercode”. This Dork searches for military websites that are running on the Undercode forum software.

inurl:.com “powered by Undercode” – This Dork searches for websites on .com domains that contain the words “powered by Undercode”. This Dork searches for websites that are running on the Undercode forum software.

inurl:.edu “register forum” – This Dork searches for websites on .edu domains that contain the words “register forum”. This Dork searches for school websites that allow you to register for a forum.
inurl:.gov “register forum” – This Dork searches for websites on .gov domains that contain the words “register forum”. This Dork searches for governmental websites that allow you to register for a forum

🚨 Phishing Gets Personal: Clever Attack Exploits Trusted Senders and Cloud Platforms

https://undercodenews.com/phishing-gets-personal-clever-attack-exploits-trusted-senders-and-cloud-platforms/

@Undercode_News

⚡️ SAP Patches Critical Vulnerabilities in December 2024 Security #Update

https://undercodenews.com/sap-patches-critical-vulnerabilities-in-december-2024-security-update/

@Undercode_News

CDK Hack Highlights SEC's Murky Cyber Disclosure Rules

https://undercodenews.com/cdk-hack-highlights-secs-murky-cyber-disclosure-rules/

@Undercode_News