Deepfence ThreatMapper helps you to monitor and secure your running applications, in Cloud, Kubernetes, Docker, and Fargate Serverless.
https://github.com/deepfence/ThreatMapper
https://github.com/deepfence/ThreatMapper
GitHub
GitHub - deepfence/ThreatMapper: Open Source Cloud Native Application Protection Platform (CNAPP)
Open Source Cloud Native Application Protection Platform (CNAPP) - deepfence/ThreatMapper
Old but Gold: Bypassing the Air-Gap system for sensitive info.
Your body reveals your password by interfering with Wi-Fi
https://dl.acm.org/doi/10.1145/2976749.2978397
http://www.theregister.co.uk/2016/11/13/researchers_point_finger_at_handy_smartphone_exploit/
Your body reveals your password by interfering with Wi-Fi
https://dl.acm.org/doi/10.1145/2976749.2978397
http://www.theregister.co.uk/2016/11/13/researchers_point_finger_at_handy_smartphone_exploit/
The Register
Your body reveals your password by interfering with Wi-Fi
Wave goodbye to security if crims can pop a MIMO router
CVE-2021-35052: WinRar remote code execution.
WinRAR’s vulnerable trialware: when free software isn’t free.
https://swarm.ptsecurity.com/winrars-vulnerable-trialware-when-free-software-isnt-free/
https://thehackernews.com/2021/10/bug-in-free-winrar-software-could-let.html
WinRAR’s vulnerable trialware: when free software isn’t free.
https://swarm.ptsecurity.com/winrars-vulnerable-trialware-when-free-software-isnt-free/
https://thehackernews.com/2021/10/bug-in-free-winrar-software-could-let.html
PT SWARM
WinRAR’s vulnerable trialware: when free software isn’t free
In this article we discuss a vulnerability in the trial version of WinRAR which has significant consequences for the management of third-party software. This vulnerability allows an attacker to intercept and modify requests sent to the user of the application.…
CVE-2021-30573 PoC for Google Chrome
Google Chrome Use After Free vulnerability reported by S4E Team.
https://github.com/s4e-lab/CVE-2021-30573-PoC-Google-Chrome
Google Chrome Use After Free vulnerability reported by S4E Team.
https://github.com/s4e-lab/CVE-2021-30573-PoC-Google-Chrome
GitHub
GitHub - s4eio/CVE-2021-30573-PoC-Google-Chrome: Google Chrome Use After Free vulnerability reported by S4E Team
Google Chrome Use After Free vulnerability reported by S4E Team - s4eio/CVE-2021-30573-PoC-Google-Chrome
Breaking from Iran 🇮🇷 as Nationwide Cyber-Attack shuts down "smart fuel network," gas stations across the country rendering them dysfunctional as per state media.
Data-Leak of ~20K personnel of Israel 🇮🇱 defence forces (regular army) leaked by a Cyber-Crime group called Moses-Staff including names, ID, phone number, personal photographs, address and similar.
Refer: https://t.me/cKure/9860
Refer: https://t.me/cKure/9860
cKure Red
Data-Leak of ~20K personnel of Israel 🇮🇱 defence forces (regular army) leaked by a Cyber-Crime group called Moses-Staff including names, ID, phone number, personal photographs, address and similar. Refer: https://t.me/cKure/9860
Data-Leak from Israel 🇮🇱 as threat actor from unknown origin has posted tens of GBs of leaked data from the ministry of defense, Israel.
All Windows versions impacted by new LPE zero-day vulnerability.
A public proof-of-concept (PoC) exploit and technical details for an unpatched Windows zero-day privilege elevation vulnerability has been disclosed that allows users to gain SYSTEM privileges under certain conditions.
https://www.bleepingcomputer.com/news/security/all-windows-versions-impacted-by-new-lpe-zero-day-vulnerability/
A public proof-of-concept (PoC) exploit and technical details for an unpatched Windows zero-day privilege elevation vulnerability has been disclosed that allows users to gain SYSTEM privileges under certain conditions.
https://www.bleepingcomputer.com/news/security/all-windows-versions-impacted-by-new-lpe-zero-day-vulnerability/
BleepingComputer
All Windows versions impacted by new LPE zero-day vulnerability
A security researcher has disclosed technical details for a Windows zero-day privilege elevation vulnerability and a public proof-of-concept (PoC) exploit that gives SYSTEM privileges under certain conditions.
CVE-2021-42574
Researchers devised a new attack method called ‘Trojan Source’ that allows hide vulnerabilities into the source code of a software project.
https://www.trojansource.codes/
Details: https://securityaffairs.co/wordpress/124081/hacking/trojan-source-attack.html
Researchers devised a new attack method called ‘Trojan Source’ that allows hide vulnerabilities into the source code of a software project.
https://www.trojansource.codes/
Details: https://securityaffairs.co/wordpress/124081/hacking/trojan-source-attack.html
Security Affairs
Trojan Source attack method allows hiding flaws in source code
Researchers devised a new attack method called 'Trojan Source' that allows hide vulnerabilities into the source code of a software project.
Signal Unveils How Far US Law Enforcement Will Go To Get Information About People.
https://signal.org/bigbrother/santaclara/
https://signal.org/bigbrother/santaclara/
Signal Messenger
Search warrant for Signal user data, Santa Clara County
Here we are in the second half of 2021, Signal still knows nothing about you, but the government keeps asking.
Pwn2own Austin, United States 🇺🇸 with ~750K USD 💵 rewarded in 2 days.
Day 1 results (21 Zero-Day bugs):
https://youtu.be/jAckZAL5Dos
Day 2 results (14 Zero-Day bugs):
https://youtu.be/V3Xoo8IK0-I
Day 1 results (21 Zero-Day bugs):
https://youtu.be/jAckZAL5Dos
Day 2 results (14 Zero-Day bugs):
https://youtu.be/V3Xoo8IK0-I
Russia 🇷🇺: Ukraine 🇺🇦 has doxed today five members of the Gamaredon APT, which it says it linked to the Sevastopol branch of the FSB in the Crimean Peninsula.
https://therecord.media/ukraine-discloses-identity-of-gamaredon-members-links-it-to-russias-fsb/
https://therecord.media/ukraine-discloses-identity-of-gamaredon-members-links-it-to-russias-fsb/
cKure Red
Pwn2own Austin, United States 🇺🇸 with ~750K USD 💵 rewarded in 2 days. Day 1 results (21 Zero-Day bugs): https://youtu.be/jAckZAL5Dos Day 2 results (14 Zero-Day bugs): https://youtu.be/V3Xoo8IK0-I
Pwn2own Austin, United States 🇺🇸 with ~1.1M USD 💵 rewarded in 4 days with 61 Zero-Day vulnerabilities.
Day 1 results (21 Zero-Day bugs):
https://youtu.be/jAckZAL5Dos
Day 2 results (14 Zero-Day bugs):
https://youtu.be/V3Xoo8IK0-I
Day 3 results (14 Zero-Day bugs):
https://youtu.be/5ap_6F5hxwg
Day 4 results (12 Zero-Day bugs):
https://youtu.be/bURfbHHmMZI
Day 1 results (21 Zero-Day bugs):
https://youtu.be/jAckZAL5Dos
Day 2 results (14 Zero-Day bugs):
https://youtu.be/V3Xoo8IK0-I
Day 3 results (14 Zero-Day bugs):
https://youtu.be/5ap_6F5hxwg
Day 4 results (12 Zero-Day bugs):
https://youtu.be/bURfbHHmMZI
CVE-2021-30869: Cyber-Attack by China 🇨🇳 as a macOS Zero-Day, exploited in watering hole attacks on users in Hong Kong 🇭🇰
Google revealed that threat actors recently exploited a zero-day vulnerability in macOS to deliver malware to users in Hong Kong.
https://blog.google/threat-analysis-group/how-we-protect-users-0-day-attacks/
Google revealed that threat actors recently exploited a zero-day vulnerability in macOS to deliver malware to users in Hong Kong.
https://blog.google/threat-analysis-group/how-we-protect-users-0-day-attacks/
Google
How we protect users from 0-day attacks
Google’s Threat Analysis Group (TAG) actively works to detect hacking attempts and influence operations to protect users from digital attacks, this includes hunting for 0-day vulnerabilities because they can be particularly dangerous when exploited and have…
Data-Leak: Breaking from Israel 🇮🇱 as Unit-8200 (the elite cyber espionage, intelligence agency) of the government is listed on the Moses Staff hacking group's website under breached organizations. If true, this could mean leakage of possible state secrets and international deals. This group is believed to be affiliated to Iran 🇮🇷, possibly state sponsored. Iran never denied these claims.
For reference purposes: Unit-8200 has 10K employees.
For reference purposes: Unit-8200 has 10K employees.