Major cyber-security incident may have occurred in Israel as anonymous hacks amid Jewish ✡️ genocide and extermination of Muslims ☪️ in Gaza and West Bank.
The information was shared by Israeli media.
》Hackers infiltrating Dimona nuclear reactor, stealing data.
https://twitter.com/anonymous_opil/status/1769756815560990746
https://www.i24news.tv/en/news/israel/defense/artc-hackers-claim-infiltrating-dimona-nuclear-reactor
The information was shared by Israeli media.
》Hackers infiltrating Dimona nuclear reactor, stealing data.
We have targeted some servers of the baby killer regime's nuclear organisations. In this operation, while wiping and destroying the data, we saved a part of it which includes 7GB data that we will disclose them to the people of the world.
https://twitter.com/anonymous_opil/status/1769756815560990746
https://www.i24news.tv/en/news/israel/defense/artc-hackers-claim-infiltrating-dimona-nuclear-reactor
i24NEWS
Hackers claim infiltrating Dimona nuclear reactor, stealing data - i24NEWS
The 'Anonymous' group said the attack is its response to the war in Gaza - Click the link for more.
cKure Red
Major cyber-security incident may have occurred in Israel as anonymous hacks amid Jewish ✡️ genocide and extermination of Muslims ☪️ in Gaza and West Bank. The information was shared by Israeli media. 》Hackers infiltrating Dimona nuclear reactor, stealing…
This media is not supported in your browser
VIEW IN TELEGRAM
Video 📹 shared earlier by the group where they warn the local civilians at Dimona to take precautions.
Security researchers have released a proof-of-concept (PoC) exploit for a critical vulnerability in Fortinet's FortiClient Enterprise Management Server (EMS) software, which is now actively exploited in attacks.
Tracked as CVE-2023-48788, this security flaw is an SQL injection in the DB2 Administration Server (DAS) component discovered and reported by the UK's National Cyber Security Centre (NCSC).
https://www.bleepingcomputer.com/news/security/exploit-released-for-fortinet-rce-bug-used-in-attacks-patch-now/
Tracked as CVE-2023-48788, this security flaw is an SQL injection in the DB2 Administration Server (DAS) component discovered and reported by the UK's National Cyber Security Centre (NCSC).
https://www.bleepingcomputer.com/news/security/exploit-released-for-fortinet-rce-bug-used-in-attacks-patch-now/
BleepingComputer
Exploit released for Fortinet RCE bug used in attacks, patch now
Security researchers have released a proof-of-concept (PoC) exploit for a critical vulnerability in Fortinet's FortiClient Enterprise Management Server (EMS) software, which is now actively exploited in attacks.
Chaining N-days to Compromise All: Part 1 — Chrome Renderer RCE.
https://blog.theori.io/chaining-n-days-to-compromise-all-part-1-chrome-renderer-rce-1afccf56721b
https://blog.theori.io/chaining-n-days-to-compromise-all-part-1-chrome-renderer-rce-1afccf56721b
theori.io
Chaining N-days to Compromise All: Part 1 — Chrome Renderer RCE - Theori BLOG
This post begins our series on the 1-day exploit chain demoed on X, focusing on a Chrome renderer exploit, CVE-2023-3079, a type confusion bug in V8. | Vulnerability Research
The new cs.github.com search allows for regex, new GitHub Dorks are possible!
Example: For getting SSH and FTP passwords via connection strings with:
Example: For getting SSH and FTP passwords via connection strings with:
/ssh:\/\/.*:.*@.*target\.com/
/ftp:\/\/.*:.*@.*target\.com/
Inside the failed attempt to backdoor SSH globally — that got caught by chance.
https://doublepulsar.com/inside-the-failed-attempt-to-backdoor-ssh-globally-that-got-caught-by-chance-bbfe628fafdd
https://doublepulsar.com/inside-the-failed-attempt-to-backdoor-ssh-globally-that-got-caught-by-chance-bbfe628fafdd
Medium
Inside the failed attempt to backdoor SSH globally — that got caught by chance
Why the threat actor rushed deployment.
Running 'cat' command to read a script is not safe. As a researcher points out. An interesting thread!
https://twitter.com/0xAsm0d3us/status/1774534241084445020
https://twitter.com/0xAsm0d3us/status/1774534241084445020
X (formerly Twitter)
Devansh (⚡, 🥷) (@0xAsm0d3us) on X
If you, like many, think relying just on `cat` command's output is enough to be sure about the integrity of a bash file. Think twice, you could get hacked. Read below 👇
Is the frequency of posts?
Final Results
66%
Good
22%
Less (increase the no. of posts)
12%
More (reduce the no. of posts)
Secator: The swiss army knife 🔪
https://docs.freelabz.com/
It is a task and workflow runner used for security assessments. It supports dozens of well-known security tools and is designed to improve productivity for pentesters and security researchers.
https://docs.freelabz.com/
Iran 🇮🇷 Israel 🇮🇱 Cyber-War: Israel has jammed GPS at the highest levels on its territory for fear of Iranian missile strikes, though Iran is familiar with the use of Russian GLONASS.
https://t.me/cKure/13785
The attack anticipation is based on the intel by the United States's 🇺🇸 CIA about an imminent attack on Israel in the upcoming 48 hours. It has been a day since. So, the attack anticipation is today.
https://t.me/cKure/13785
😃 A new class of vulnerability (on a lighter note). An interesting thread on watching police body cam footages.
https://twitter.com/vxunderground/status/1777121604574560462
https://twitter.com/vxunderground/status/1777121604574560462
X (formerly Twitter)
vx-underground (@vxunderground) on X
For example, based on his understanding of hundreds or possibly thousands of police body cam footage, he has learned that Walmart employee usernames are in the format of https://t.co/TyHsnV1fVs_number
https://twelvesec.com/2023/10/10/bypassing-anti-reversing-defences-in-ios-applications/
Please open Telegram to view this post
VIEW IN TELEGRAM
Twelvesec
Bypassing anti-reversing defences in iOS applications - Twelvesec
A walktrough on dynamically bypassing anti-debugging and anti-reversing defences in iOS applications.
Please open Telegram to view this post
VIEW IN TELEGRAM
🔚 Telegram fixes Windows app zero-day used to launch Python scripts. Filing link from XSS.is forum.
http://xssforumv3isucukbxhdhwz67hoa5e2voakcfkuieq4ch257vsburuid.onion/
PoC video: https://player.vimeo.com/video/932147196
https://www.bleepingcomputer.com/news/security/telegram-fixes-windows-app-zero-day-used-to-launch-python-scripts/
http://xssforumv3isucukbxhdhwz67hoa5e2voakcfkuieq4ch257vsburuid.onion/
PoC video: https://player.vimeo.com/video/932147196
https://www.bleepingcomputer.com/news/security/telegram-fixes-windows-app-zero-day-used-to-launch-python-scripts/
https://github.com/hakaioffsec/CVE-2024-21338
https://hakaisecurity.io/cve-2024-21338-from-admin-to-kernel-through-token-manipulation-and-windows-kernel-exploitation/research-blog/
Please open Telegram to view this post
VIEW IN TELEGRAM
GitHub
GitHub - hakaioffsec/CVE-2024-21338: Local Privilege Escalation from Admin to Kernel vulnerability on Windows 10 and Windows 11…
Local Privilege Escalation from Admin to Kernel vulnerability on Windows 10 and Windows 11 operating systems with HVCI enabled. - hakaioffsec/CVE-2024-21338
Widely-Used PuTTY SSH Client Found Vulnerable to Key Recovery Attack
The maintainers of the PuTTY Secure Shell (SSH) and Telnet client are alerting users of a critical vulnerability impacting versions from 0.68 through 0.80 that could be exploited to achieve full recovery of NIST P-521 (ecdsa-sha2-nistp521) private keys.
https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-p521-bias.html
https://nvd.nist.gov/vuln/detail/CVE-2024-31497
https://thehackernews.com/2024/04/widely-used-putty-ssh-client-found.html
Please open Telegram to view this post
VIEW IN TELEGRAM