🔵Linux outlook expose a new bug could crash the service and leak the password:

https://dailycve.com/linux-outlook-expose-new-bug-could-crash-service-and-leak-password

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑What is BuiltWith?

BuiltWith is a technology search or profiler.

It provides real-time target information to pentesters through the domain API and domain live API .

The domain API provides technical information such as analytics service, built-in plugins, frameworks, libraries, etc. to penetration testers.

The domain API relies on BuiltWith database to provide current and historical technology information about the target.

The Lookup pane retrieves the same information that the domain API provides.

On the other hand, the domain live API does extensive searches on a domain or URL.

It is possible to integrate both APIs into a security product to provide technical information to end users.

1) BuiltWith Domain API

The BuiltWith Domain API provides XML and JSON access to the technology information of a website which includes all technical information as found on detailed lookups at builtwith.com and additional meta data where available.

3) The general access method is as follows -
https://api.builtwith.com/v18/api.[xml|json]?KEY=[YOUR KEY]&LOOKUP=[DOMAIN]

4) Authentication
You must provide your API key in each lookup. See the examples for how this works.

Login or Create a Free Account to get your API key.

5) Client SDK
A Client SDK for C# is available at https://github.com/builtwith/BuiltWith-C-Client-API and can be installed via NuGet package 'BuiltWith'.

6) Get Domain Example
XML Get Single Domain
https://api.builtwith.com/v18/api.xml?KEY=[YOUR KEY]&LOOKUP=hotelscombined.com

7) JSON Get Single Domain
https://api.builtwith.com/v18/api.json?KEY=[YOUR KEY]&LOOKUP=builtwith.com

8)Get Multiple Domains Example
Provide multiple LOOKUP domains as a CSV (up to 16)
https://api.builtwith.com/v18/api.xml?KEY=[YOUR KEY]&LOOKUP=hotelscombined.com,builtwith.com

9) High Throughput Lookups
For ultra fast high performance API lookups use the following syntax.
https://api.builtwith.com/v18/api.json?KEY=[YOUR KEY]&HIDETEXT=yes&NOMETA=yes&NOPII=yes&NOLIVE=yes&NOATTR=yes&LOOKUP=site1.com,site2.com,site3.com,site4.com,site5.com,site6.com,site7.com,site8.com,site9.com,site10.com,site11.com,site12.com,site13.com,site14.com,site15.com,site16.com

10) 16 Root Domains or Subdomains Only Per Lookup - alphabetically random for performance improvements
Text, Meta, Attributes, Contacts all removed
Removes live lookup of results if not in our database
For even higher throughput contact us about dedicated endpoint solutions.

11) Get Specific Page Profile Example
Providing an internal URL or subdomain will get that specific page technology profile. Ensure you encode the LOOKUP parameter.
https://api.builtwith.com/v18/api.json?KEY=[YOUR KEY]&LOOKUP=hotelscombined.com%2FPlace%2FHawaii.htm


Reference: https://api.builtwith.com/domain-api
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🔵Digisol Systems DG-HR3400 cross-site scripting vulnerability:

https://dailycve.com/digisol-systems-dg-hr3400-cross-site-scripting-vulnerability

After the day the "falls" of the US Congress, Trump's social media grew by almost 200,000 followers.
#International

Cryptocurrencies are set to record their biggest weekly gains since the Bitcoin bubble peaked about three years ago, but the market crashed that year.
#Analytiques

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑A cheat sheet that contains common enumeration and attack methods for Windows Active Directory:

Get Domain Policy:

Get-DomainPolicy

#Will show us the policy configurations of the Domain about system access or kerberos
(Get-DomainPolicy)."system access"
(Get-DomainPolicy)."kerberos policy"
Get Domain Controllers:

Get-NetDomainController
Get-NetDomainController -Domain <DomainName>
Enumerate Domain Users:

Get-NetUser
Get-NetUser -SamAccountName <user>
Get-NetUser | select cn
Get-UserProperty

#Check last password change
Get-UserProperty -Properties pwdlastset

#Get a spesific "string" on a user's attribute
Find-UserField -SearchField Description -SearchTerm "wtver"

#Enumerate user logged on a machine
Get-NetLoggedon -ComputerName <ComputerName>

#Enumerate Session Information for a machine
Get-NetSession -ComputerName <ComputerName>

#Enumerate domain machines of the current/specified domain where specific users are logged into
Find-DomainUserLocation -Domain <DomainName> | Select-Object UserName, SessionFromName
Enum Domain Computers:

Get-NetComputer -FullData
Get-DomainGroup

#Enumerate Live machines
Get-NetComputer -Ping
Enum Groups and Group Members:

Get-NetGroupMember -GroupName "<GroupName>" -Domain <DomainName>

#Enumerate the members of a specified group of the domain
Get-DomainGroup -Identity <GroupName> | Select-Object -ExpandProperty Member

#Returns all GPOs in a domain that modify local group memberships through Restricted Groups or Group Policy Preferences
Get-DomainGPOLocalGroup | Select-Object GPODisplayName, GroupName


More & source:
https://github.com/S1ckB0y1337/Active-Directory-Exploitation-Cheat-Sheet

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🔵Hitachi ABB Power Grids FOX615 Multiservice-Multiplexer improper authentication vulnerability:

https://dailycve.com/hitachi-abb-power-grids-fox615-multiservice-multiplexer-improper-authentication-vulnerability

Unstoppable R&D, telecommunications manufacturing sector Disaster declaration again.
#Technologies

LG announces a new update: Bringing a deadly improuvements to Remote.
#Updates

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Linux security tips:

1) Beware of the emergence of Linux virus at the beginning of Linux. Because of its original excellent design, it seems to have innate virus immunity. At that time, many people believed that there would not be a virus against Linux, but Linux is no exception. In the fall of 1996, an organization called VLAD in Australia wrote Staog, which was said to be the first virus under the Linux system, in assembly language.

2) It specifically infected binary files and tried to obtain root permissions in three ways. Of course, the Staog virus is designed to demonstrate and prove that Linux is potentially dangerous to be infected by the virus. It does not perform any damage to the infected system.

3) In 2001, a Linux worm named Ramen appeared. Ramen virus can spread automatically without manual intervention. Although it does not cause any damage to the server, its scanning behavior while spreading will consume a lot of network bandwidth. Ramen virus is spread by exploiting two security vulnerabilities, rpc.statd and wu-ftp, in some versions of Linux (Redhat6.2 and 7.0).

4) In the same year, Lion, another worm against Linux, caused actual harm. At that time, Lion spread rapidly through the Internet and caused serious damage to the computer systems of some users. Lion virus can send some passwords and configuration files to a mailbox on the Internet via email. After collecting these files, the attacker may enter the entire system again through the gap in the first breakthrough, and further damage Activities, such as obtaining confidential information, installing backdoors, etc. When the user's Linux system is infected with this virus, it is very likely that they may choose to reformat the hard drive because they cannot determine how the intruder has changed the system. Moreover, after a Linux host is infected with the Lion virus, it will automatically start searching for other victims on the Internet. The feedback after the event showed that the Lion virus caused serious losses to many Linux users.

5) Other viruses on Linux platforms include OSF.8759, Slapper, Scalper, Unux.Svat, BoxPoison, etc. Of course, most ordinary Linux users have hardly encountered them. This is because until now, there are very few viruses on Linux and the scope of their impact is very small. However, with the increase of Linux users, more and more Linux systems are connected to the LAN and WAN, which naturally increases the possibility of being attacked. It is foreseeable that more and more Linux viruses will appear, so how to prevent Linux viruses Become something that every Linux user should start paying attention to now.

6) Grasp the weaknesses. Everyone who breaks
Linux may have heard of or even encountered some Linux viruses. The principles and symptoms of these Linux viruses are different, so the prevention methods they take are also different. In order to better prevent Linux viruses, we first classify some known Linux viruses.

7) From the current appearance of Linux viruses, it can be summarized into the following virus types:
1. Viruses that infect ELF format files
This type of virus uses files in the ELF format as the main target of infection. A virus that can infect ELF files can be written through compilation or C. Lindose virus is a virus that can infect ELF files. When it finds an ELF file, it will check whether the infected machine type is Intel80386. If it is, check whether there is a part of the file with a size greater than 2784 bytes (or hexadecimal AEO). If there is, the virus will overwrite it with its own code and add the code of the corresponding part of the host file, and the host The entry point of the file points to the virus code part.

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🔵GitLab: Multiple vulnerabilities:

https://dailycve.com/gitlab-multiple-vulnerabilities

It is confirmed that an investigation into Google's "Privacy Sandbox" initiative was undertaken by the British antitrust regulator.
#International

We know this bug since long time, and now exposed to public ! Through Telegram, you can find out the location of a person.
#Vulnerabilities

🔵OpenJPEG Multiple vulnerabilities in ubuntu:

https://dailycve.com/openjpeg-multiple-vulnerabilities-ubuntu

TikTok also excludes the inciting video of Trump claiming that disinformation is not tolerated.
#Ban

Huawei appealed that Sweden had been exempt from 5G building.
#International

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Some pdfs related to tracking


https://www.diva-portal.org/smash/get/diva2:678371/FULLTEXT01.pdf

https://www.oakton.edu/user/2/rjtaylor/cis101/Google%20Hacking%20101.pdf

https://higherlogicdownload.s3.amazonaws.com/ISACA/a085a583-e841-4dbe-a215-60cf6d98e036/UploadedImages/WOW-2019-Presentations/Chanel_Suggs.pdf

https://www.markey.senate.gov/imo/media/doc/2015-02-06_MarkeyReport-Tracking_Hacking_CarSecurity%202.pdf


https://www.sans.org/security-resources/GoogleCheatSheet.pdf

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🔵The Vital Signs Monitor VC150 provided by Innokas Yhtymä Oy contains multiple vulnerabilities:

https://dailycve.com/vital-signs-monitor-vc150-provided-innokas-yhtyma-oy-contains-multiple-vulnerabilities

Today, AMD officially announced that Dr. Su Zifeng, AMD President and CEO, will give a keynote speech at CES 2021.
#International