π Hashcat Advanced Password Recovery 6.2.5 Source Code π
π Read
via "Packet Storm Security".
Hashcat is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more. This is the source code release.π Read
via "Packet Storm Security".
Packetstormsecurity
Hashcat Advanced Password Recovery 6.2.5 Source Code β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π¦Ώ Mozilla has released a new platform for privacy-focused email communications π¦Ώ
π Read
via "Tech Republic".
When you don't want to give out your personal or work email address, but still need to sign up for an account, Mozilla might have an answer for you with Firefox Relay.π Read
via "Tech Republic".
TechRepublic
Mozilla has released a new platform for privacy-focused email communications
When you don't want to give out your personal or work email address, but still need to sign up for an account, Mozilla might have an answer for you with Firefox Relay.
βΌ CVE-2021-23673 βΌ
π Read
via "National Vulnerability Database".
This affects all versions of package pekeupload. If an attacker induces a user to upload a file whose name contains javascript code, the javascript code will be executed.π Read
via "National Vulnerability Database".
βΌ CVE-2021-23732 βΌ
π Read
via "National Vulnerability Database".
This affects all versions of package docker-cli-js. If the command parameter of the Docker.command method can at least be partially controlled by a user, they will be in a position to execute any arbitrary OS commands on the host system.π Read
via "National Vulnerability Database".
βΌ CVE-2021-23718 βΌ
π Read
via "National Vulnerability Database".
The package ssrf-agent before 1.0.5 are vulnerable to Server-side Request Forgery (SSRF) via the defaultIpChecker function. It fails to properly validate if the IP requested is private.π Read
via "National Vulnerability Database".
βΌ CVE-2019-5640 βΌ
π Read
via "National Vulnerability Database".
Rapid7 Nexpose versions prior to 6.6.114 suffer from an information exposure issue whereby, when the user's session has ended due to inactivity, an attacker can use the inspect element browser feature to remove the login panel and view the details available in the last webpage visited by previous userπ Read
via "National Vulnerability Database".
β Imunify360 Bug Leaves Linux Web Servers Open to Code Execution, Takeover β
π Read
via "Threat Post".
CloudLinux' security platform for Linux-based websites and web servers contains a high-severity PHP deserialization bug.π Read
via "Threat Post".
Threat Post
Imunify360 Bug Leaves Linux Web Servers Open to Code Execution, Takeover
CloudLinux's security platform for Linux-based websites and web servers contains a high-severity PHP deserialization bug.
β Attackers Hijack Email Threads Using ProxyLogon/ProxyShell Flaws β
π Read
via "Threat Post".
Exploiting Microsoft Exchange ProxyLogon & ProxyShell vulnerabilities, attackers are malspamming replies in existing threads and slipping past malicious-email filters.π Read
via "Threat Post".
Threat Post
Attackers Hijack Email Threads Using ProxyLogon/ProxyShell Flaws
Exploiting ProxyLogon and ProxyShell vulnerabilities, attackers have been malspamming replies in existing threads and slipping past malicious-email filters.
π¦Ώ Leaders agree that cybersecurity is a business risk, but are they acting on that belief? π¦Ώ
π Read
via "Tech Republic".
Despite nearly unanimous agreement, there's still a lack of clarity on who is accountable for security incidents and whether previous security investments have paid off, a Gartner survey finds.π Read
via "Tech Republic".
TechRepublic
Leaders agree that cybersecurity is a business risk, but are they acting on that belief?
Despite nearly unanimous agreement, there's still a lack of clarity on who is accountable for security incidents and whether previous security investments have paid off, a Gartner survey finds.
β Online Merchants: Prevent Fraudsters from Becoming Holiday Grinches β
π Read
via "Threat Post".
Black Friday and Cyber Monday approach! Saryu Nayyar, CEO at Gurucul, discusses concerning statistics about skyrocketing online fraud during the festive season.π Read
via "Threat Post".
Threat Post
Online Merchants: Prevent Fraudsters from Becoming Holiday Grinches
Black Friday and Cyber Monday approach! Saryu Nayyar, CEO at Gurucul, discusses concerning statistics about skyrocketing online fraud during the festive season.
π΄ 10 Stocking Stuffers for Security Geeks π΄
π Read
via "Dark Reading".
Check out our list of gifts with a big impact for hackers and other techie security professionals.π Read
via "Dark Reading".
Dark Reading
10 Stocking Stuffers for Security Geeks
Check out our list of gifts with a big impact for hackers and other techie security professionals.
π What's the Biggest Healthcare Security Threat for 2021 And Beyond? π
π Read
via "".
We asked 21 cybersecurity experts and healthcare executives what the biggest security threat they're facing in 2021 and beyond is.π Read
via "".
βΌ CVE-2021-42707 βΌ
π Read
via "National Vulnerability Database".
PLC Editor Versions 1.3.8 and prior is vulnerable to an out-of-bounds write while processing project files, which may allow an attacker to execute arbitrary code.π Read
via "National Vulnerability Database".
βΌ CVE-2021-42705 βΌ
π Read
via "National Vulnerability Database".
PLC Editor Versions 1.3.8 and prior is vulnerable to a stack-based buffer overflow while processing project files, which may allow an attacker to execute arbitrary code.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38448 βΌ
π Read
via "National Vulnerability Database".
The affected controllers do not properly sanitize the input containing code syntax. As a result, an attacker could craft code to alter the intended controller flow of the software.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44143 βΌ
π Read
via "National Vulnerability Database".
A flaw was found in mbsync in isync 1.4.0 through 1.4.3. Due to an unchecked condition, a malicious or compromised IMAP server could use a crafted mail message that lacks headers (i.e., one that starts with an empty line) to provoke a heap overflow, which could conceivably be exploited for remote code execution.π Read
via "National Vulnerability Database".
π¦Ώ GoDaddy security breach impacts more than 1 million WordPress users π¦Ώ
π Read
via "Tech Republic".
The hosting company has revealed a security incident that exposed the email addresses and customer numbers of 1.2 million Managed WordPress customers.π Read
via "Tech Republic".
TechRepublic
GoDaddy security breach impacts more than 1 million WordPress users
The hosting company has revealed a security incident that exposed the email addresses and customer numbers of 1.2 million Managed WordPress customers.
βοΈ Arrest in βRansom Your Employerβ Email Scheme βοΈ
π Read
via "Krebs on Security".
In August, KrebsOnSecurity warned that scammers were contacting people and asking them to unleash ransomware inside their employer's network, in exchange for a percentage of any ransom amount paid by the victim company. This week, authorities in Nigeria arrested a suspect in connection with the scheme -- a young man who said he was trying to save up money to help fund a new social network.π Read
via "Krebs on Security".
Krebsonsecurity
Arrest in βRansom Your Employerβ Email Scheme
In August, KrebsOnSecurity warned that scammers were contacting people and asking them to unleash ransomware inside their employer's network, in exchange for a percentage of any ransom amount paid by the victim company. This week, authorities in Nigeria arrestedβ¦
β GoDaddyβs Latest Breach Affects 1.2M Customers β
π Read
via "Threat Post".
The kingpin domain registrar has logged its fifth cyber-incident since 2018, after an attacker with a compromised password stole email addresses, SSH keys and database logins.π Read
via "Threat Post".
Threat Post
GoDaddyβs Latest Breach Affects 1.2M Customers
The kingpin domain registrar has logged its fifth cyber-incident since 2018, after an attacker with a compromised password stole email addresses, SSH keys and database logins.
π¦Ώ How to install and use InVID, a plugin to debunk fake news and verify videos and images π¦Ώ
π Read
via "Tech Republic".
You can make sure you aren't seeing fake news, edited photos or deepfakes with this software. Here's how to install and use it.π Read
via "Tech Republic".
TechRepublic
How to install and use InVID, a plugin to debunk fake news and verify videos and images
You can make sure you aren't seeing fake news, edited photos or deepfakes with this software. Here's how to install and use it.
π΄ Bug Bounties Surge as Firms Compete for Talent π΄
π Read
via "Dark Reading".
Companies such as GItLab, which today increased its payment for critical bugs by 75%, are raising bounties and bonuses to attract top-notch researchers.π Read
via "Dark Reading".
Dark Reading
Bug Bounties Surge as Firms Compete for Talent
Companies such as GItLab, which today increased its payment for critical bugs by 75%, are raising bounties and bonuses to attract top-notch researchers.