Moomins Arrive on Xbox: Snufkin's Musical Adventure

https://undercodenews.com/moomins-arrive-on-xbox-snufkins-musical-adventure/

@Undercode_News

🦑All Free: Useful payloads and bypass for Web Application Security and Pentest/CTF:

https://github.com/swisskyrepo/PayloadsAllTheThings

📱 The Subtle Revolution: Understanding #Apple Intelligence

https://undercodenews.com/the-subtle-revolution-understanding-apple-intelligence/

@Undercode_News

🔋 Infinix: 2024 - A Year of Power, Partnerships, and Innovation

https://undercodenews.com/infinix-2024-a-year-of-power-partnerships-and-innovation/

@Undercode_News

🎮 Streamlining the #iPhone 16's Camera Control Button

https://undercodenews.com/streamlining-the-iphone-16s-camera-control-button/

@Undercode_News

⚡️ RedHawk GIOT #Update: Releasing Hawk-Eye v0.3.23

https://undercodenews.com/redhawk-giot-update-releasing-hawk-eye-v0-3-23/

@Undercode_News

⚡️ Bolstering Federal Cloud Security: CISA Issues New Directive for Agencies

https://undercodenews.com/bolstering-federal-cloud-security-cisa-issues-new-directive-for-agencies/

@Undercode_News

🦑Network Protocols: The Unsung Heroes of Communication

Think of networking protocols as the secret language that devices use to talk to each other on a network. They're essential for everything from browsing the web (DNS, TCP/IP, HTTPS) to sending emails (SMTP) and having real-time chats (WebSocket).

Here's a quick rundown of some key protocols:

DNS: Turns website names into computer addresses (IP addresses).
TCP/IP: The power couple of the internet. TCP chops data into packets and ensures reliable delivery, while IP addresses and routes them.
HTTPS: Secures your web browsing with encryption.
SMTP: Delivers your emails efficiently.
WebSocket: Enables real-time chat and data exchange.
DHCP: Assigns IP addresses to devices on a network automatically.
UDP: Prioritizes speed for streaming, gaming, and voice calls.

Understanding these protocols gives you a deeper appreciation for how the digital world works.

Ref: Rocky Bhatia
@UndercodeCommunity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

⚡️ Undercode News with #AI Fact Checker Reaches 160 Posts Today: Your Hub for Cyber and Tech News

https://undercodenews.com/undercode-news-with-ai-fact-checker-reaches-160-posts-today-your-hub-for-cyber-and-tech-news/

@Undercode_News

🖥️ Gaining Control of Your API Ecosystem with Apigee API Hub

https://undercodenews.com/gaining-control-of-your-api-ecosystem-with-apigee-api-hub/

@Undercode_News

🦑Hack Together: The Microsoft Fabric Global AI Hack

Official Repo:
https://github.com/microsoft/Hack-Together-Fabric-AI

📊 Combating Global Disinformation: #Google's Q4 2024 Action Report

https://undercodenews.com/combating-global-disinformation-googles-q4-2024-action-report/

@Undercode_News

🚨 The Surveillance Industry: A Threat to Freedom

https://undercodenews.com/the-surveillance-industry-a-threat-to-freedom/

@Undercode_News

⚠️ Bitter Group Targets Turkish Defense with Novel MiyaRAT #Malware

https://undercodenews.com/bitter-group-targets-turkish-defense-with-novel-miyarat-malware/

@Undercode_News

🦑𝐍𝐞𝐭𝐰𝐨𝐫𝐤 𝐀𝐭𝐭𝐚𝐜𝐤𝐬 𝐄𝐱𝐩𝐥𝐚𝐢𝐧𝐞𝐝
🔹 𝐌𝐈𝐓𝐌 (𝐌𝐚𝐧-𝐢𝐧-𝐭𝐡𝐞-𝐌𝐢𝐝𝐝𝐥𝐞) 𝐀𝐭𝐭𝐚𝐜𝐤: Interception of communication between two parties by a third party, potentially altering messages (e.g., an attacker intercepts messages between Alice and Bob).

🔹𝐑𝐨𝐨𝐭𝐤𝐢𝐭𝐬: Malicious software that provides privileged access to a computer while hiding the attacker's presence (e.g., an attacker installs a rootkit on a server to avoid detection).

🔹 𝐁𝐨𝐭𝐧𝐞𝐭𝐬: Networks of compromised devices controlled by a central entity, used for malicious activities like DDoS attacks (e.g., thousands of infected computers flood a website).

🔹𝐈𝐏 𝐒𝐩𝐨𝐨𝐟𝐢𝐧𝐠: Sending packets with a fake source IP address to impersonate another device or mask traffic origin (e.g., an attacker tricks a server into thinking a request is from a trusted source).

🔹 𝐃𝐃𝐨𝐒 (𝐃𝐢𝐬𝐭𝐫𝐢𝐛𝐮𝐭𝐞𝐝 𝐃𝐞𝐧𝐢𝐚𝐥 𝐨𝐟 𝐒𝐞𝐫𝐯𝐢𝐜𝐞): Overwhelming a server with traffic from multiple sources, making it unavailable to legitimate users (e.g., using a botnet to crash a website).

🔹𝐃𝐍𝐒 𝐒𝐩𝐨𝐨𝐟𝐢𝐧𝐠: Providing false DNS responses to redirect victims to malicious sites, often to steal information (e.g., redirecting users to a fake bank website).

Ref: Praveen Singh
@UndercodeCommunity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🛡️ #AI Goes Business-Friendly: Waldai Launches Contextual Data Loss Protection for Secure Workflows

https://undercodenews.com/ai-goes-business-friendly-waldai-launches-contextual-data-loss-protection-for-secure-workflows/

@Undercode_News

🛡️ Enhancing #GitHub Actions Security with Code Scanning

https://undercodenews.com/enhancing-github-actions-security-with-code-scanning/

@Undercode_News

🦑You've probably heard of JWT - Json Web Tokens.
It is a format designed to securely transfer information between two parties, so it is mainly used to authenticate and transmit information in an encrypted way by using different algorithms when it consists of three parts (Header, Payload, and Signature).

I recently visited a website that manages couriers since I myself am waiting for delivery. He is vulnerable, he is not secure, he is "weak." A weakness that I was able to locate was expressed in the fact that the server stores information about couriers (scheduling) for that courier in JWT format. The information inside is by "x" (identifier) and "y" (shipping). There is no defense mechanism in place, which leads to security weakness and damage to credibility.

It turns out (unfortunately) that anyone can edit the payload content (change a shipping ID to data belonging to another user), and without verifying the signature, the server will receive the edited token as valid, which leads to data tampering, exposing details, and also Rxss because it turns out that there is no filtering on user input.

What's more, it's not normal!
The problem with the JWT header is that it contains information such as id and num, for example, while it does not store information about the encryption type (alg) and the type of token (typ) at all. Using a header to store such data is a security weakness because the header is both unsigned and can be easily modified.

Platforms like Portswigger have modules that focus on attacks on jwt that can also be used to learn about secure development
JWT (Algorithm confusion, Header Injections, etc.)

Ref: Adam Kahlon
@UndercodeCommunity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁