■■■■□ #GoodRead #Windows #LPE; local privilege escalation
https://www.zerodayinitiative.com/blog/2019/11/19/thanksgiving-treat-easy-as-pie-windows-7-secure-desktop-escalation-of-privilege
https://www.zerodayinitiative.com/blog/2019/11/19/thanksgiving-treat-easy-as-pie-windows-7-secure-desktop-escalation-of-privilege
Zero Day Initiative
Zero Day Initiative — Thanksgiving Treat: Easy-as-Pie Windows 7 Secure Desktop Escalation of Privilege
Not much interesting so far, just Yes and No buttons, a password input field, and an X button. You can click the upper-left corner of the window and get the standard, little-used “window menu”, having just Move and Close commands. The password input field…
■■■■□ #GitHub automatic security update
Automated security updates are now available to all developers 🙌
GitHub: We’ll monitor repository dependencies for known security vulnerabilities and then automatically open pull requests to update them. Another step in helping you build and secure your code.
https://github.com/features/security
Automated security updates are now available to all developers 🙌
GitHub: We’ll monitor repository dependencies for known security vulnerabilities and then automatically open pull requests to update them. Another step in helping you build and secure your code.
https://github.com/features/security
GitHub
GitHub Advanced Security · Built-in protection for every repository
Fix vulnerabilities and safeguard your software supply chain with built-in, AI-powered security.
■■□□□ #DataBreach
https://arstechnica.com/information-technology/2019/11/password-data-dumped-online-for-2-2-million-users-of-currency-and-gaming-sites/
https://arstechnica.com/information-technology/2019/11/password-data-dumped-online-for-2-2-million-users-of-currency-and-gaming-sites/
Ars Technica
Password data for ~2.2 million users of currency and gaming sites dumped online
Researcher confirms data belongs to users of Gatehub and EpicBot services.
■■■■□ #Malware #Keylogger #AV #evasion #Phoenix
https://www.zdnet.com/google-amp/article/new-phoenix-keylogger-tries-to-stop-over-80-security-products-to-avoid-detection/
https://www.zdnet.com/google-amp/article/new-phoenix-keylogger-tries-to-stop-over-80-security-products-to-avoid-detection/
ZDNET
New Phoenix Keylogger tries to stop over 80 security products to avoid detection
Phoenix linked to more than 10,000 infections since the malware's launch on a hacking forum in July.
■■■■■ #CPR #CheckPoint #News #Research #Android
This is an example of persistent #ZeroDay which cannot be removed even by the patch. As the libraries derived from open source code (having zeroday) remains vulnerable. Read article for details.
https://research.checkpoint.com/2019/long-known-vulnerabilities-in-high-profile-android-applications/
This is an example of persistent #ZeroDay which cannot be removed even by the patch. As the libraries derived from open source code (having zeroday) remains vulnerable. Read article for details.
https://research.checkpoint.com/2019/long-known-vulnerabilities-in-high-profile-android-applications/
Check Point Research
Long-known Vulnerabilities in High-Profile Android Applications - Check Point Research
Research by: Slava Makkaveev Introduction Most mobile users understandably worry about known vulnerabilities in the core operating system of their devices, which can give an attacker complete control over their mobile phones, and about zero-day vulnerabilities…
■■■■■ #Breaking | #Tool release | #CloudFlare's network vulnerability scanner with user friendly interface.
Supports #docker, cloud implementation.
Supports very large networks.
#Nmap + #Vulners = #FlanScan
Accurate but slower than many scanners. Generates actionable report.
Good for #compliance scans as well.
https://blog.cloudflare.com/introducing-flan-scan/amp/
Supports #docker, cloud implementation.
Supports very large networks.
#Nmap + #Vulners = #FlanScan
Accurate but slower than many scanners. Generates actionable report.
Good for #compliance scans as well.
https://blog.cloudflare.com/introducing-flan-scan/amp/
We have migrated from rotten.co.in to cKure.xyz and added SSL STRIP feature.
If your tool integrations do not support encrypted communications, use plain HTTP.
Want a feature to be added, drop your queries to telegram ID @AamerShah.
This is a free project and you can contribute as well.
If your tool integrations do not support encrypted communications, use plain HTTP.
Want a feature to be added, drop your queries to telegram ID @AamerShah.
This is a free project and you can contribute as well.
■□□□□ #UAE #AbuDhabi police arrest 25 Asians for bank fraud using social engineering.
https://gulfnews.com/uae/29-arrested-for-bank-frauds-across-uae-1.68029836
https://gulfnews.com/uae/29-arrested-for-bank-frauds-across-uae-1.68029836
Gulf News
29 arrested for bank fraud across UAE
Abu Dhabi Police along with Dubai, Ajman police bust four gangs
■■■■■ #Browser #XSS filter bypass.
#CheatSheet
https://github.com/masatokinugawa/filterbypass/wiki/Browser's-XSS-Filter-Bypass-Cheat-Sheet
#CheatSheet
https://github.com/masatokinugawa/filterbypass/wiki/Browser's-XSS-Filter-Bypass-Cheat-Sheet
GitHub
Browser's XSS Filter Bypass Cheat Sheet
Browser's XSS Filter Bypass Cheat Sheet. Contribute to masatokinugawa/filterbypass development by creating an account on GitHub.
■■□□□ #DataBreach of #OnePlus (1+) store yet again.
Leaked data: email, phone number and address.
https://www.livemint.com/technology/tech-news/hackers-hit-oneplus-online-store-again-data-leaked/amp-11574504589382.html
Leaked data: email, phone number and address.
https://www.livemint.com/technology/tech-news/hackers-hit-oneplus-online-store-again-data-leaked/amp-11574504589382.html
mint
Hackers hit OnePlus' online store again, data leaked
OnePlus did not disclose how many users in which parts of the world were affected by the data breach on its website.Users who were hit by the breach may receive spam and phishing emails as a result of this incident