Forwarded from UNDERCODE NEWS (Copyright & Fact Checker)
π‘οΈ Enhancing #GitHub Actions Security with Code Scanning
https://undercodenews.com/enhancing-github-actions-security-with-code-scanning/
@Undercode_News
https://undercodenews.com/enhancing-github-actions-security-with-code-scanning/
@Undercode_News
UNDERCODE NEWS
Enhancing GitHub Actions Security with Code Scanning - UNDERCODE NEWS
Undercode News was founded in order to provide the most useful information in the world of hacking and technology. Staffed 24/24 hours, seven days a week by a dedicated team in undercode around the world, so it can provide an environment of information andβ¦
Forwarded from UNDERCODE TESTING
π¦You've probably heard of JWT - Json Web Tokens.
It is a format designed to securely transfer information between two parties, so it is mainly used to authenticate and transmit information in an encrypted way by using different algorithms when it consists of three parts (Header, Payload, and Signature).
I recently visited a website that manages couriers since I myself am waiting for delivery. He is vulnerable, he is not secure, he is "weak." A weakness that I was able to locate was expressed in the fact that the server stores information about couriers (scheduling) for that courier in JWT format. The information inside is by "x" (identifier) and "y" (shipping). There is no defense mechanism in place, which leads to security weakness and damage to credibility.
It turns out (unfortunately) that anyone can edit the payload content (change a shipping ID to data belonging to another user), and without verifying the signature, the server will receive the edited token as valid, which leads to data tampering, exposing details, and also Rxss because it turns out that there is no filtering on user input.
What's more, it's not normal!
The problem with the JWT header is that it contains information such as id and num, for example, while it does not store information about the encryption type (alg) and the type of token (typ) at all. Using a header to store such data is a security weakness because the header is both unsigned and can be easily modified.
Platforms like Portswigger have modules that focus on attacks on jwt that can also be used to learn about secure development
JWT (Algorithm confusion, Header Injections, etc.)
Ref: Adam Kahlon
@UndercodeCommunity
β β β Uππ»βΊπ«Δπ¬πβ β β β
It is a format designed to securely transfer information between two parties, so it is mainly used to authenticate and transmit information in an encrypted way by using different algorithms when it consists of three parts (Header, Payload, and Signature).
I recently visited a website that manages couriers since I myself am waiting for delivery. He is vulnerable, he is not secure, he is "weak." A weakness that I was able to locate was expressed in the fact that the server stores information about couriers (scheduling) for that courier in JWT format. The information inside is by "x" (identifier) and "y" (shipping). There is no defense mechanism in place, which leads to security weakness and damage to credibility.
It turns out (unfortunately) that anyone can edit the payload content (change a shipping ID to data belonging to another user), and without verifying the signature, the server will receive the edited token as valid, which leads to data tampering, exposing details, and also Rxss because it turns out that there is no filtering on user input.
What's more, it's not normal!
The problem with the JWT header is that it contains information such as id and num, for example, while it does not store information about the encryption type (alg) and the type of token (typ) at all. Using a header to store such data is a security weakness because the header is both unsigned and can be easily modified.
Platforms like Portswigger have modules that focus on attacks on jwt that can also be used to learn about secure development
JWT (Algorithm confusion, Header Injections, etc.)
Ref: Adam Kahlon
@UndercodeCommunity
β β β Uππ»βΊπ«Δπ¬πβ β β β
Forwarded from UNDERCODE NEWS (Copyright & Fact Checker)
π± Music Legend Paul McCartney Warns of #AI Takeover, Calls for Balanced Approach
https://undercodenews.com/music-legend-paul-mccartney-warns-of-ai-takeover-calls-for-balanced-approach/
@Undercode_News
https://undercodenews.com/music-legend-paul-mccartney-warns-of-ai-takeover-calls-for-balanced-approach/
@Undercode_News
UNDERCODE NEWS
Music Legend Paul McCartney Warns of AI Takeover, Calls for Balanced Approach - UNDERCODE NEWS
Undercode News was founded in order to provide the most useful information in the world of hacking and technology. Staffed 24/24 hours, seven days a week by a dedicated team in undercode around the world, so it can provide an environment of information andβ¦
Forwarded from UNDERCODE TESTING
π¦AWS Cloud #tips : The Backbone of Modern Technology!π
π What is AWS (Amazon Web Services)?
AWS is the worldβs most comprehensive and widely adopted cloud platform, offering 200+ fully featured services across compute, storage, databases, networking, AI, IoT, and more. Trusted by millions, AWS enables businesses of all sizes to innovate faster and scale effortlessly.
π Why AWS Stands Out:
1οΈβ£ Global Infrastructure:
β’ Operates across 31 geographic regions and 99 Availability Zones, ensuring low latency, reliability, and scalability.
β’ Plans for 15 more regions are underway, making AWS one of the largest global networks.
2οΈβ£ Cost Optimization:
β’ AWS follows a pay-as-you-go model, meaning you only pay for what you use.
β’ Tools like AWS Cost Explorer and Savings Plans help optimize your cloud spend.
3οΈβ£ Unmatched Security:
β’ Industry-leading security protocols, compliance with over 140 global standards, and data encryption ensure peace of mind.
β’ AWS also provides IAM (Identity and Access Management) for granular security control.
4οΈβ£ Innovation-Driven:
β’ AWS offers cutting-edge tools for AI/ML (SageMaker), Big Data (EMR), and Serverless Computing (Lambda).
β’ Pioneering advancements in Edge Computing with services like AWS Outposts and Wavelength.
5οΈβ£ Ease of Use for Developers:
β’ A user-friendly console, SDKs, APIs, and CLI make building and managing applications seamless.
β’ Offers templates via CloudFormation for infrastructure automation.
π» Most Popular AWS Services
β’ EC2: Scalable compute power for running applications.
β’ S3: Highly durable object storage for backups, data lakes, and archives.
β’ RDS & DynamoDB: Managed relational and NoSQL databases.
β’ CloudFront: Fast and secure content delivery network.
β’ Lambda: Event-driven serverless computing without infrastructure management.
π AWS Certification Pathway
AWS certifications validate your skills and open doors to career opportunities. Popular certifications include:
β’ AWS Certified Solutions Architect (Associate)
β’ AWS Certified Cloud Practitioner
β’ AWS Certified DevOps Engineer
π Who Uses AWS?
β’ Startups: Accelerate development with low upfront costs.
β’ Enterprises: Achieve agility and scale globally.
β’ Developers & IT Professionals: Innovate and build cutting-edge solutions.
π Getting Started:
β’ Try AWS Free Tier to explore its services risk-free.
β’ Explore AWS tutorials, documentation, and online courses to boost your skills.
Ref: Mahesh GirheMahesh Girhe
@UndercodeCommunity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π What is AWS (Amazon Web Services)?
AWS is the worldβs most comprehensive and widely adopted cloud platform, offering 200+ fully featured services across compute, storage, databases, networking, AI, IoT, and more. Trusted by millions, AWS enables businesses of all sizes to innovate faster and scale effortlessly.
π Why AWS Stands Out:
1οΈβ£ Global Infrastructure:
β’ Operates across 31 geographic regions and 99 Availability Zones, ensuring low latency, reliability, and scalability.
β’ Plans for 15 more regions are underway, making AWS one of the largest global networks.
2οΈβ£ Cost Optimization:
β’ AWS follows a pay-as-you-go model, meaning you only pay for what you use.
β’ Tools like AWS Cost Explorer and Savings Plans help optimize your cloud spend.
3οΈβ£ Unmatched Security:
β’ Industry-leading security protocols, compliance with over 140 global standards, and data encryption ensure peace of mind.
β’ AWS also provides IAM (Identity and Access Management) for granular security control.
4οΈβ£ Innovation-Driven:
β’ AWS offers cutting-edge tools for AI/ML (SageMaker), Big Data (EMR), and Serverless Computing (Lambda).
β’ Pioneering advancements in Edge Computing with services like AWS Outposts and Wavelength.
5οΈβ£ Ease of Use for Developers:
β’ A user-friendly console, SDKs, APIs, and CLI make building and managing applications seamless.
β’ Offers templates via CloudFormation for infrastructure automation.
π» Most Popular AWS Services
β’ EC2: Scalable compute power for running applications.
β’ S3: Highly durable object storage for backups, data lakes, and archives.
β’ RDS & DynamoDB: Managed relational and NoSQL databases.
β’ CloudFront: Fast and secure content delivery network.
β’ Lambda: Event-driven serverless computing without infrastructure management.
π AWS Certification Pathway
AWS certifications validate your skills and open doors to career opportunities. Popular certifications include:
β’ AWS Certified Solutions Architect (Associate)
β’ AWS Certified Cloud Practitioner
β’ AWS Certified DevOps Engineer
π Who Uses AWS?
β’ Startups: Accelerate development with low upfront costs.
β’ Enterprises: Achieve agility and scale globally.
β’ Developers & IT Professionals: Innovate and build cutting-edge solutions.
π Getting Started:
β’ Try AWS Free Tier to explore its services risk-free.
β’ Explore AWS tutorials, documentation, and online courses to boost your skills.
Ref: Mahesh GirheMahesh Girhe
@UndercodeCommunity
β β β Uππ»βΊπ«Δπ¬πβ β β β
Forwarded from UNDERCODE NEWS (Copyright & Fact Checker)
#Tesla's Cybercab: A Golden Ride to the Future of Transportation
https://undercodenews.com/teslas-cybercab-a-golden-ride-to-the-future-of-transportation/
@Undercode_News
https://undercodenews.com/teslas-cybercab-a-golden-ride-to-the-future-of-transportation/
@Undercode_News
UNDERCODE NEWS
Tesla's Cybercab: A Golden Ride to the Future of Transportation - UNDERCODE NEWS
Undercode News was founded in order to provide the most useful information in the world of hacking and technology. Staffed 24/24 hours, seven days a week by a dedicated team in undercode around the world, so it can provide an environment of information andβ¦
Forwarded from Exploiting Crew (Pr1vAt3)
1734278140921.pdf
15.6 MB
Forwarded from Exploiting Crew (Pr1vAt3)
π¦Protect Your Inbox Like a Pro! π
Your email is a goldmine for cybercriminals, containing personal, professional, and financial information. But fear notβhereβs how to safeguard it effectively:
π‘οΈ Top Email Security Tips:
1οΈβ£ Enable Multi-Factor Authentication (MFA): A strong password isnβt enough. MFA adds an extra layer of security.
2οΈβ£ Beware of Phishing Emails: Donβt click on suspicious links or attachments. Verify the sender before taking action.
3οΈβ£ Use Strong Passwords: Avoid predictable passwords like βpassword123.β Use a combination of upper/lowercase letters, numbers, and symbols.
4οΈβ£ Encrypt Your Emails: Protect sensitive information by using email encryption tools.
5οΈβ£ Keep Software Updated: Ensure your email client and antivirus software are always up-to-date.
6οΈβ£ Educate Yourself and Your Team: Awareness is your first line of defense. Share best practices with colleagues.
π¨ Common Email Security Threats:
πΈ Phishing: Fake emails designed to steal your information.
πΈ Spoofing: Attackers pretending to be trusted contacts.
πΈ Ransomware: Malicious attachments locking you out of your data.
πΈ BEC (Business Email Compromise): Fraudulent emails targeting businesses.
π Remember: A secure inbox equals a secure life. Take action now to protect your data and privacy!
Ref: Mahech Girhe
@UndercodeCommunity
β β β Uππ»βΊπ«Δπ¬πβ β β β
Your email is a goldmine for cybercriminals, containing personal, professional, and financial information. But fear notβhereβs how to safeguard it effectively:
π‘οΈ Top Email Security Tips:
1οΈβ£ Enable Multi-Factor Authentication (MFA): A strong password isnβt enough. MFA adds an extra layer of security.
2οΈβ£ Beware of Phishing Emails: Donβt click on suspicious links or attachments. Verify the sender before taking action.
3οΈβ£ Use Strong Passwords: Avoid predictable passwords like βpassword123.β Use a combination of upper/lowercase letters, numbers, and symbols.
4οΈβ£ Encrypt Your Emails: Protect sensitive information by using email encryption tools.
5οΈβ£ Keep Software Updated: Ensure your email client and antivirus software are always up-to-date.
6οΈβ£ Educate Yourself and Your Team: Awareness is your first line of defense. Share best practices with colleagues.
π¨ Common Email Security Threats:
πΈ Phishing: Fake emails designed to steal your information.
πΈ Spoofing: Attackers pretending to be trusted contacts.
πΈ Ransomware: Malicious attachments locking you out of your data.
πΈ BEC (Business Email Compromise): Fraudulent emails targeting businesses.
π Remember: A secure inbox equals a secure life. Take action now to protect your data and privacy!
Ref: Mahech Girhe
@UndercodeCommunity
β β β Uππ»βΊπ«Δπ¬πβ β β β
Forwarded from UNDERCODE NEWS (Copyright & Fact Checker)
π€ The Rise of Intelligent Robots: How #AI is Revolutionizing Industrial Automation
https://undercodenews.com/the-rise-of-intelligent-robots-how-ai-is-revolutionizing-industrial-automation/
@Undercode_News
https://undercodenews.com/the-rise-of-intelligent-robots-how-ai-is-revolutionizing-industrial-automation/
@Undercode_News
UNDERCODE NEWS
The Rise of Intelligent Robots: How AI is Revolutionizing Industrial Automation - UNDERCODE NEWS
Undercode News was founded in order to provide the most useful information in the world of hacking and technology. Staffed 24/24 hours, seven days a week by a dedicated team in undercode around the world, so it can provide an environment of information andβ¦
Forwarded from UNDERCODE NEWS (Copyright & Fact Checker)
π€ The Rise of #AI Agents: Automation and Anxiety
https://undercodenews.com/the-rise-of-ai-agents-automation-and-anxiety/
@Undercode_News
https://undercodenews.com/the-rise-of-ai-agents-automation-and-anxiety/
@Undercode_News
UNDERCODE NEWS
The Rise of AI Agents: Automation and Anxiety - UNDERCODE NEWS
Undercode News was founded in order to provide the most useful information in the world of hacking and technology. Staffed 24/24 hours, seven days a week by a dedicated team in undercode around the world, so it can provide an environment of information andβ¦
Forwarded from UNDERCODE NEWS (Copyright & Fact Checker)
π€ Sierra Leverages #AI Supervisors to Tame Unruly #Chatbots
https://undercodenews.com/sierra-leverages-ai-supervisors-to-tame-unruly-chatbots/
@Undercode_News
https://undercodenews.com/sierra-leverages-ai-supervisors-to-tame-unruly-chatbots/
@Undercode_News
UNDERCODE NEWS
Sierra Leverages AI Supervisors to Tame Unruly Chatbots - UNDERCODE NEWS
Undercode News was founded in order to provide the most useful information in the world of hacking and technology. Staffed 24/24 hours, seven days a week by a dedicated team in undercode around the world, so it can provide an environment of information andβ¦
Forwarded from UNDERCODE NEWS (Copyright & Fact Checker)
π§ Infosys HackWithInfy 2024: IIT Dhanbad Team Wins with Geospatial #AI Solution
https://undercodenews.com/infosys-hackwithinfy-2024-iit-dhanbad-team-wins-with-geospatial-ai-solution/
@Undercode_News
https://undercodenews.com/infosys-hackwithinfy-2024-iit-dhanbad-team-wins-with-geospatial-ai-solution/
@Undercode_News
UNDERCODE NEWS
Infosys HackWithInfy 2024: IIT Dhanbad Team Wins with Geospatial AI Solution - UNDERCODE NEWS
Undercode News was founded in order to provide the most useful information in the world of hacking and technology. Staffed 24/24 hours, seven days a week by a dedicated team in undercode around the world, so it can provide an environment of information andβ¦
Forwarded from UNDERCODE NEWS (Copyright & Fact Checker)
Bridging the #Digital Divide: Nagaland Embraces #Technology
https://undercodenews.com/bridging-the-digital-divide-nagaland-embraces-technology/
@Undercode_News
https://undercodenews.com/bridging-the-digital-divide-nagaland-embraces-technology/
@Undercode_News
UNDERCODE NEWS
Bridging the Digital Divide: Nagaland Embraces Technology - UNDERCODE NEWS
Undercode News was founded in order to provide the most useful information in the world of hacking and technology. Staffed 24/24 hours, seven days a week by a dedicated team in undercode around the world, so it can provide an environment of information andβ¦
Forwarded from UNDERCODE NEWS (Copyright & Fact Checker)
π US Boosts Domestic EV Battery Production with 6 Billion Loan to Ford and SK On
https://undercodenews.com/us-boosts-domestic-ev-battery-production-with-6-billion-loan-to-ford-and-sk-on/
@Undercode_News
https://undercodenews.com/us-boosts-domestic-ev-battery-production-with-6-billion-loan-to-ford-and-sk-on/
@Undercode_News
UNDERCODE NEWS
US Boosts Domestic EV Battery Production with 6 Billion Loan to Ford and SK On - UNDERCODE NEWS
Undercode News was founded in order to provide the most useful information in the world of hacking and technology. Staffed 24/24 hours, seven days a week by a dedicated team in undercode around the world, so it can provide an environment of information andβ¦
Forwarded from UNDERCODE NEWS (Copyright & Fact Checker)
Thai Police Targeted by Yokai Backdoor: A Blend of Sophistication and Sloppiness
https://undercodenews.com/thai-police-targeted-by-yokai-backdoor-a-blend-of-sophistication-and-sloppiness/
@Undercode_News
https://undercodenews.com/thai-police-targeted-by-yokai-backdoor-a-blend-of-sophistication-and-sloppiness/
@Undercode_News
Forwarded from UNDERCODE NEWS (Copyright & Fact Checker)
Understanding Cookie Types and Their Functions
https://undercodenews.com/understanding-cookie-types-and-their-functions/
@Undercode_News
https://undercodenews.com/understanding-cookie-types-and-their-functions/
@Undercode_News
Forwarded from UNDERCODE NEWS (Copyright & Fact Checker)
π Shein's Indian Comeback: Conditional on Data Localization and Reliance Partnership
https://undercodenews.com/sheins-indian-comeback-conditional-on-data-localization-and-reliance-partnership/
@Undercode_News
https://undercodenews.com/sheins-indian-comeback-conditional-on-data-localization-and-reliance-partnership/
@Undercode_News
Forwarded from UNDERCODE NEWS (Copyright & Fact Checker)
Japanese Auto Giants, Honda and #Nissan, Eye Potential Merger to Take on EV Frontrunners
https://undercodenews.com/japanese-auto-giants-honda-and-nissan-eye-potential-merger-to-take-on-ev-frontrunners/
@Undercode_News
https://undercodenews.com/japanese-auto-giants-honda-and-nissan-eye-potential-merger-to-take-on-ev-frontrunners/
@Undercode_News
UNDERCODE NEWS
Japanese Auto Giants, Honda and Nissan, Eye Potential Merger to Take on EV Frontrunners - UNDERCODE NEWS
Undercode News was founded in order to provide the most useful information in the world of hacking and technology. Staffed 24/24 hours, seven days a week by a dedicated team in undercode around the world, so it can provide an environment of information andβ¦
Forwarded from UNDERCODE TESTING
π¦Detection of teams convoC2 Mainly used by Red Teamers recent days.
Basically it causes out bound requests to C2 Server, exfiltrates command outputs from Adaptive Cards images URLs and inserting data into hidden span tags in Microsoft teams conservations.
The fact that the victim only sends http queries to Microsoft servers and the antivirus doesn't examine MS teams log files and in absence of direct connection between the victim and attacker in this case its very difficult to detect.
Here is the custom KQL to Detect.
CloudAppEvents
| where Timestamp > ago(1h)
| where Application contains "Microsoft Teams"
| where ActionType contains "AppInstalled"
| where parse_json(RawEventData)["AddOnName"] == 'Workflows'
Ref: Kintali Sai Dinesh
@UndercodeCommunity
β β β Uππ»βΊπ«Δπ¬πβ β β β
Basically it causes out bound requests to C2 Server, exfiltrates command outputs from Adaptive Cards images URLs and inserting data into hidden span tags in Microsoft teams conservations.
The fact that the victim only sends http queries to Microsoft servers and the antivirus doesn't examine MS teams log files and in absence of direct connection between the victim and attacker in this case its very difficult to detect.
Here is the custom KQL to Detect.
CloudAppEvents
| where Timestamp > ago(1h)
| where Application contains "Microsoft Teams"
| where ActionType contains "AppInstalled"
| where parse_json(RawEventData)["AddOnName"] == 'Workflows'
Ref: Kintali Sai Dinesh
@UndercodeCommunity
β β β Uππ»βΊπ«Δπ¬πβ β β β