Forwarded from UNDERCODE NEWS
Unilever CEO: "Employees will never return to the office five days a week"
#International
#International
Forwarded from UNDERCODE NEWS
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Bug Bounty references :
>>Amazon Web Services(mailto:aws-security@amazon.com)
>>Amazon.com(mailto:security@amazon.com)
>>ANCILE Solutions Inc.(https://bugcrowd.com/ancile)
>>Anghami(https://hackerone.com/anghami)
>>ANXBTC(https://cobalt.io/anxbtc)
>>Apache httpd(https://hackerone.com/ibb-apache)
>>Appcelerator(mailto:Infosec@appcelerator.com)
>>Apple(mailto:product-security@apple.com)
>>Apptentive(https://www.apptentive.com/contact)
>>Aptible(mailto:security@aptible.com)
>>Ardour(http://tracker.ardour.org/my_view_page.php)
>>Arkane(https://go.intigriti.com/arkanenetwork)
>>ARM mbed(mailto:whitehat@polarssl.org)
>>Asana(mailto:security@asana.com)
>>ASP4all(mailto:support@asp4all.nl)
>>AT&T(https://bugbounty.att.com/bugform.php)
>>Atlassian(https://securitysd.atlassian.net/servicedesk/customer/portal/2)
>>Attack-Secure(mailto:admin@attack-secure.com)
>>Authy(mailto:security@authy.com)
>>Automattic(https://hackerone.com/automattic)
>>Avast!(mailto:bugs@avast.com)
>>Avira(mailto:vulnerabilities@avira.com)
>>AwardWallet(https://cobalt.io/awardwallet)
>>Badoo(https://corp.badoo.com/en/security/#send_bid)
>>Barracuda(https://bugcrowd.com/barracuda)
>>Base(https://go.intigriti.com/base)
>>Basecamp(mailto:security@basecamp.com)
>>Beanstalk(https://wildbit.wufoo.com/forms/wildbit-security-response)
>>BillGuard(https://cobalt.io/billguard)
>>Billys Billing(https://cobalt.io/billys-billing)
>>Binary.com(https://hackerone.com/binary)
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Bug Bounty references :
>>Amazon Web Services(mailto:aws-security@amazon.com)
>>Amazon.com(mailto:security@amazon.com)
>>ANCILE Solutions Inc.(https://bugcrowd.com/ancile)
>>Anghami(https://hackerone.com/anghami)
>>ANXBTC(https://cobalt.io/anxbtc)
>>Apache httpd(https://hackerone.com/ibb-apache)
>>Appcelerator(mailto:Infosec@appcelerator.com)
>>Apple(mailto:product-security@apple.com)
>>Apptentive(https://www.apptentive.com/contact)
>>Aptible(mailto:security@aptible.com)
>>Ardour(http://tracker.ardour.org/my_view_page.php)
>>Arkane(https://go.intigriti.com/arkanenetwork)
>>ARM mbed(mailto:whitehat@polarssl.org)
>>Asana(mailto:security@asana.com)
>>ASP4all(mailto:support@asp4all.nl)
>>AT&T(https://bugbounty.att.com/bugform.php)
>>Atlassian(https://securitysd.atlassian.net/servicedesk/customer/portal/2)
>>Attack-Secure(mailto:admin@attack-secure.com)
>>Authy(mailto:security@authy.com)
>>Automattic(https://hackerone.com/automattic)
>>Avast!(mailto:bugs@avast.com)
>>Avira(mailto:vulnerabilities@avira.com)
>>AwardWallet(https://cobalt.io/awardwallet)
>>Badoo(https://corp.badoo.com/en/security/#send_bid)
>>Barracuda(https://bugcrowd.com/barracuda)
>>Base(https://go.intigriti.com/base)
>>Basecamp(mailto:security@basecamp.com)
>>Beanstalk(https://wildbit.wufoo.com/forms/wildbit-security-response)
>>BillGuard(https://cobalt.io/billguard)
>>Billys Billing(https://cobalt.io/billys-billing)
>>Binary.com(https://hackerone.com/binary)
β β β Uππ»βΊπ«Δπ¬πβ β β β
HackerOne
Anghami - Bug Bounty Program | HackerOne
The Anghami Bug Bounty Program enlists the help of the hacker community at HackerOne to make Anghami more secure. HackerOne is the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be criminallyβ¦
Forwarded from UNDERCODE NEWS
Forwarded from DailyCVE
π΅Espressif ESP-IDF buffer error vulnerability:
https://dailycve.com/espressif-esp-idf-buffer-error-vulnerability
https://dailycve.com/espressif-esp-idf-buffer-error-vulnerability
Dailycve
Espressif ESP-IDF buffer error vulnerability | CVE
Details:
Espressif ESP-IDF is a development platform developed by Espressif for the Internet of Things. There is a buffer error flaw in Espressif ESP-IDF, which can be abused by attackers to crash applications. The following products and versions areβ¦
Forwarded from DailyCVE
Dailycve
SaferVPN security vulnerabilities | CVE
Details:
SaferVPN SaferVPN, a VPN alternative, is SaferVPN. SaferVPN 5.0.3.3 to 5.0.4.15 has security bugs that attackers can manipulate to improve their privileges.
Affected Versions:
5.0.3.3 to 5.0.4.15
References:
https://vimeo.com/459654003β¦
Forwarded from UNDERCODE NEWS
Google, "Through four zero-day vulnerabilities, someone attacks Windows and Android"
#Vulnerabilities
#Vulnerabilities
UNDERCODE COMMUNITY
Do you wat this apple script ?
β β β Uππ»βΊπ«Δπ¬πβ β β β
WELL DONE !!!
This program provides further decompiling and decoding of a disassembled run-only AppleScript.
For input, use a text file that is the output of https://github.com/Jinmo/applescript-disassembler
Running this program will create a new file from the input file annotated with:
1) AEVT codes and their human-readable descriptions;
2) Decoded hard-coded strings;
3) Decimal conversions of hard-coded hex numbers;
Names of targeted applications.
Usage: aevt_decompile <file>
4) where <file> is a text file output from the AppleScript-Disassembler.
aevt_decompile writes its output to ~/Desktop/<file>.out. aevt_decompile is non-destructive (i.e., it does not modify the input file).
β β β Uππ»βΊπ«Δπ¬πβ β β β
WELL DONE !!!
This program provides further decompiling and decoding of a disassembled run-only AppleScript.
For input, use a text file that is the output of https://github.com/Jinmo/applescript-disassembler
Running this program will create a new file from the input file annotated with:
1) AEVT codes and their human-readable descriptions;
2) Decoded hard-coded strings;
3) Decimal conversions of hard-coded hex numbers;
Names of targeted applications.
Usage: aevt_decompile <file>
4) where <file> is a text file output from the AppleScript-Disassembler.
aevt_decompile writes its output to ~/Desktop/<file>.out. aevt_decompile is non-destructive (i.e., it does not modify the input file).
β β β Uππ»βΊπ«Δπ¬πβ β β β
GitHub
GitHub - Jinmo/applescript-disassembler: A simple run-only applescript disassembler
A simple run-only applescript disassembler. Contribute to Jinmo/applescript-disassembler development by creating an account on GitHub.
Forwarded from DailyCVE
π΅A dll hijacking vulnerability exists in Odd Games Accelerator (Windows client):
https://dailycve.com/dll-hijacking-vulnerability-exists-odd-games-accelerator-windows-client
https://dailycve.com/dll-hijacking-vulnerability-exists-odd-games-accelerator-windows-client
Dailycve
A dll hijacking vulnerability exists in Odd Games Accelerator (Windows client) | CVE
Details:
Qiyou E-sports Accelerator is an e-sports-level online competitive gaming accelerator.
There is a DLL hijacking flaw in the Unusual Games E-sports accelerator (Windows client). Attackers are able to run malicious code exploiting this loophole.β¦
Forwarded from DailyCVE
π΅Zhejiang Lande Network Technology Co., Ltd. O2OA system has logic flaws and vulnerabilities:
https://dailycve.com/zhejiang-lande-network-technology-co-ltd-o2oa-system-has-logic-flaws-and-vulnerabilities
https://dailycve.com/zhejiang-lande-network-technology-co-ltd-o2oa-system-has-logic-flaws-and-vulnerabilities
Dailycve
Zhejiang Lande Network Technology Co., Ltd. O2OA system has logic flaws and vulnerabilities | CVE
Details:
Zhejiang Lande Network Technology Co., Ltd.'s business scope covers: computer applications, network technology and product creation, professional services, incorporation of computer systems, and technical services for intelligent buildingβ¦
Forwarded from UNDERCODE NEWS
Forwarded from UNDERCODE NEWS
Forwarded from UNDERCODE NEWS
CEO of Twitter: Trump's ban is the right decision, but it sets a troubling precedent.
#International
#International
Forwarded from DailyCVE
π΅File upload vulnerability exists in CatfishCMS:
https://dailycve.com/file-upload-vulnerability-exists-catfishcms
https://dailycve.com/file-upload-vulnerability-exists-catfishcms
Dailycve
File upload vulnerability exists in CatfishCMS | CVE
Details:
Catfish CMS is a PHP content management framework which is free and open source.
CatfishCMS has a weakness for file transfer, which can be used to access server access permissions by attackers.
References:
http://www.catfish-cms.com/
Forwarded from DailyCVE
π΅Mblog open source Java blog system has logic flaws:
https://dailycve.com/mblog-open-source-java-blog-system-has-logic-flaws
https://dailycve.com/mblog-open-source-java-blog-system-has-logic-flaws
Dailycve
Mblog open source Java blog system has logic flaws | CVE
Details:
Mblog is an open source and free blog system built in the Java language, using spring-boot, jpa, shiro, bootstrap and other common frameworks to support the mysql/h2 database.
The Mblog open source Java blog framework has a weakness with aβ¦
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Hack with ss7 :
Researchers are easily able to hack WhatsApp and Telegram using the known telecom flaw
We continuously receive queries from readers about how to hack WhatsApp. The worldβs most popular cross platform messaging App is seen to be ultimate hack by many because it has recently enabled 256-bit encryption.
For ordinary souls this encryption would take days and months to decode a sentence or a complete message. Ditto with another secure messaging service called Telegram. Though Telegram is not as popular as WhatsApp, it has its ardent group of followers who use it for its encryption as well as snooping free service.
Though both of these Apps are end-to-end encrypted both of them suffer from hardware side vulnerability which can be exploited to hack and hijack both WhatsApp and Telegram.
The vulnerability lies in Signalling System 7, or SS7, the technology used by telecom operators, on which the highly secure messaging system and telephone calls rely. SS7 is a set of telephony signalling protocols developed in 1975, which is used to set up and tear down most of the worldβs public switched telephone network (PSTN) telephone calls. It also performs number translation, local number portability, prepaid billing, Short Message Service (SMS), and other mass market services.
SS7 is vulnerable to hacking and this has been known since 2008. In 2014, the media reported a protocol vulnerability of SS7 by which both government agencies and non-state actors can track the movements of cell phone users from virtually anywhere in the world with a success rate of approximately 70%. In addition, eavesdropping is possible by using the protocol to forward calls and also facilitate decryption by requesting that each callerβs carrier release a temporary encryption key to unlock the communication after it has been recorded. Researchers created a tool (SnoopSnitch) which can warn when certain SS7 attacks occur against a phone and detect IMSI-catchers.
You can view how researchers managed to hack WhatsApp and Telegram using the SS7 flaw below:
WhatsApp Hack:
https://youtu.be/fDJ-88e_06A
Telegram Hack:
https://youtu.be/dkvQqatURdM
Both the hacks exploit the SS7 vulnerability by tricking the telecom network into believing the attackerβs phone has the same number as the victimβs phone. Once the network has been fooled, anybody, even a newbie can spy on the legitimate WhatsApp and Telegram user by creating a new WhatsApp or Telegram account using the secret code.
Once complete, the attacker now controls the account, including the ability to send and receive messages. Even more horrific is the fact that the hacker can also send messages on behalf of the victim, and read confidential messages intended for the victim without ever having to try to break strong encryption protocols.
See how easily you can hack WhatsApp and Telegram by fooling the network into believing your are the victim.
git source
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Hack with ss7 :
Researchers are easily able to hack WhatsApp and Telegram using the known telecom flaw
We continuously receive queries from readers about how to hack WhatsApp. The worldβs most popular cross platform messaging App is seen to be ultimate hack by many because it has recently enabled 256-bit encryption.
For ordinary souls this encryption would take days and months to decode a sentence or a complete message. Ditto with another secure messaging service called Telegram. Though Telegram is not as popular as WhatsApp, it has its ardent group of followers who use it for its encryption as well as snooping free service.
Though both of these Apps are end-to-end encrypted both of them suffer from hardware side vulnerability which can be exploited to hack and hijack both WhatsApp and Telegram.
The vulnerability lies in Signalling System 7, or SS7, the technology used by telecom operators, on which the highly secure messaging system and telephone calls rely. SS7 is a set of telephony signalling protocols developed in 1975, which is used to set up and tear down most of the worldβs public switched telephone network (PSTN) telephone calls. It also performs number translation, local number portability, prepaid billing, Short Message Service (SMS), and other mass market services.
SS7 is vulnerable to hacking and this has been known since 2008. In 2014, the media reported a protocol vulnerability of SS7 by which both government agencies and non-state actors can track the movements of cell phone users from virtually anywhere in the world with a success rate of approximately 70%. In addition, eavesdropping is possible by using the protocol to forward calls and also facilitate decryption by requesting that each callerβs carrier release a temporary encryption key to unlock the communication after it has been recorded. Researchers created a tool (SnoopSnitch) which can warn when certain SS7 attacks occur against a phone and detect IMSI-catchers.
You can view how researchers managed to hack WhatsApp and Telegram using the SS7 flaw below:
WhatsApp Hack:
https://youtu.be/fDJ-88e_06A
Telegram Hack:
https://youtu.be/dkvQqatURdM
Both the hacks exploit the SS7 vulnerability by tricking the telecom network into believing the attackerβs phone has the same number as the victimβs phone. Once the network has been fooled, anybody, even a newbie can spy on the legitimate WhatsApp and Telegram user by creating a new WhatsApp or Telegram account using the secret code.
Once complete, the attacker now controls the account, including the ability to send and receive messages. Even more horrific is the fact that the hacker can also send messages on behalf of the victim, and read confidential messages intended for the victim without ever having to try to break strong encryption protocols.
See how easily you can hack WhatsApp and Telegram by fooling the network into believing your are the victim.
git source
β β β Uππ»βΊπ«Δπ¬πβ β β β