CVE-2022-33980: Apache Commons Configuration RCE VulnerabilityOn July 5, 2022, Apache Commons Configuration released version 2.8 to fix a remote code execution vulnerability. Tracked as CVE-2022-33980,... The...
Year: 2022
crawlergo v0.4.3 releases: powerful browser crawler for web vulnerability scanners
crawlergo v0.4.3 releases: powerful browser crawler for web vulnerability scannerscrawlergo crawlergo is a browser crawler that uses chrome headless mode for URL collection. It hooks key...
tofu: modular tool for hacking offline Windows filesystems and bypassing login screens
tofu: modular tool for hacking offline Windows filesystems and bypassing login screenstofu A modular tool for hacking offline Windows filesystems and bypassing login screens. Can do...
Haxx – Untethered + Unsandboxed Code Execution Haxx As Root On iOS 14 – iOS 14.8.1
Haxx – Untethered + Unsandboxed Code Execution Haxx As Root On iOS 14 – iOS 14.8.1Untethered + Unsandboxed code execution haxx as root on iOS 14...
Researcher released CVE-2022-34265 PoC for Django SQL Injection flaw
Researcher released CVE-2022-34265 PoC for Django SQL Injection flawCVE-2022-34265 PoC (proof-of-concept) exploit code is about to be published for a vulnerability that allows an attacker to...
kubeaudit: audit Kubernetes clusters for various different security concerns
kubeaudit: audit Kubernetes clusters for various different security concernskubeaudit kubeaudit is a command-line tool and a Go package to audit Kubernetes clusters for various different security concerns,...
Ohio Man Sentenced for Buying Jewelry with Stolen Credit Cards
Ohio Man Sentenced for Buying Jewelry with Stolen Credit CardsFraudster sentenced to prison for more than six years for buying stolen credit cards on the darkweb...
Packer Fuzzer v1.4.8 releases: fast and efficient security detection of websites constructed
Packer Fuzzer v1.4.8 releases: fast and efficient security detection of websites constructedPacker Fuzzer With the popularity of web front-end packaging tools, have you encountered more and...
Pamspy – Credentials Dumper For Linux Using eBPF
Pamspy – Credentials Dumper For Linux Using eBPFpamspy leverage eBPF technologies to achieve an equivalent work of 3snake. It will track a particular userland function inside...
juumla v0.1.4 releases: scan for Joomla vulnerabilities
juumla v0.1.4 releases: scan for Joomla vulnerabilitiesjuumla Juumla is a python tool created to identify the Joomla version, scan for vulnerabilities and search for config or......
CVE-2022-32212: Node.js arbitrary code execution vulnerability
CVE-2022-32212: Node.js arbitrary code execution vulnerabilityRecently, Node.js released an advisory to fix seven vulnerabilities including three separate HTTP Request Smuggling, one code execution (CVE-2022-32212), and... The...
0 - CT 0 - CT - CISO Strategics - Cybersecurity Frameworks 0 - CT - CISO Strategics - Privacy BLEEPINGCOMPUTER Haxf4rall Security
Secretflow – A Unified Framework For Privacy-Preserving Data Analysis And Machine Learning
Secretflow – A Unified Framework For Privacy-Preserving Data Analysis And Machine LearningSecretFlow is a unified framework for privacy-preserving data intelligence and machine learning. To achieve this...
Q&A: Here’s why VPNs are likely to remain a valuable DIY security tool for consumers, SMBs
Q&A: Here’s why VPNs are likely to remain a valuable DIY security tool for consumers, SMBsIt is astounding that billions of online accounts have been breached...
Q&A: The lesser role VPNs now play for enterprises, SMBs — in a post-pandemic world
Q&A: The lesser role VPNs now play for enterprises, SMBs — in a post-pandemic worldDuring the first two decades of this century, virtual private networks —VPNs—served...
0 - CT 0 - CT - SOC - CSIRT Operations - Cyber Incidents & Attacks Notepad 0 - CT - SOC - CSIRT Operations - Malware & Ransomware BLEEPINGCOMPUTER MalWare Ransom Ransomware The Last Watchdog
Fireside chat: New ‘SASE’ weapon chokes off ransomware before attack spreads laterally
Fireside chat: New ‘SASE’ weapon chokes off ransomware before attack spreads laterallyIt’s stunning that the ransomware plague persists. Related: ‘SASE’ blends connectivity and security Verizon’s Data...
GUEST ESSAY: New SEC rules aim to help C-levels, board members quantify cyber risks
GUEST ESSAY: New SEC rules aim to help C-levels, board members quantify cyber risksThe U.S. Securities and Exchange Commission (SEC) is taking steps to crack down...
0 - CT 0 - CT - Cybersecurity Architecture - Application Security BLEEPINGCOMPUTER The Last Watchdog
GUEST ESSAY: The many benefits of infusing application security during software ‘runtime’
GUEST ESSAY: The many benefits of infusing application security during software ‘runtime’Vulnerabilities in web applications are the leading cause of high-profile breaches. Related: Log4J’s big lesson...
GUEST ESSAY: The post-pandemic challenges of securely managing employee endpoints
GUEST ESSAY: The post-pandemic challenges of securely managing employee endpointsThe pandemic-driven remote working brought about unforeseen challenges that the pre-pandemic corporate world would have never imagined....
Shelltropy: hiding malicious shellcode via Shannon encoding
Shelltropy: hiding malicious shellcode via Shannon encodingShelltropy A technique of hiding malicious shellcode based on low-entropy via Shannon encoding. Entropy is the measure of the randomness......
awsEnum: Enumerate AWS services
awsEnum: Enumerate AWS servicesawsEnum awsEnum is a python script that enumerates AWS services through the provided credential. It is coded and published to... The post awsEnum:...
Darkweb Oxy Buyer Sentenced for Owning Firearms
Darkweb Oxy Buyer Sentenced for Owning FirearmsA man who admitted purchasing counterfeit oxycodone pills on the darkweb was sentenced to 18 months of probation for possessing......
Gallia – Extendable Pentesting Framework
Gallia – Extendable Pentesting FrameworkGallia is an extendable pentesting framework with the focus on the automotive domain. The scope of gallia is conducting penetration... The post...
pyCobaltHound: Aggressor script extension for Cobalt Strike
pyCobaltHound: Aggressor script extension for Cobalt StrikepyCobaltHound pyCobaltHound is an Aggressor script extension for Cobalt Strike which aims to provide deep integration between Cobalt Strike and Bloodhound. pyCobaltHound strives to......
6 Actionable Fraud Prevention Tips For Your Financial Institution
6 Actionable Fraud Prevention Tips For Your Financial InstitutionConsumers aren’t the only ones who might fall victim to fraud committed online. Because of recent data breaches...
SharpWSUS – CSharp tool for lateral movement through WSUS
SharpWSUS – CSharp tool for lateral movement through WSUSSharpWSUS is a CSharp tool for lateral movement through WSUS. There is a corresponding blog (https://labs.nettitude.com/blog/introducing-sharpwsus/) which has...
WV Man Sentenced to Prison for Buying Meth on the Darkweb
WV Man Sentenced to Prison for Buying Meth on the DarkwebA federal judge sentenced a West Virginian to ten years in prison for ordering hundreds of...
awsEnum – Enumerate AWS Cloud Resources Based On Provided Credential
awsEnum – Enumerate AWS Cloud Resources Based On Provided CredentialEnumrate AWS services! with no nosies awsEnum is a python script enumrate AWS services through the provided...
0 - CT 0 - CT - SOC - CSIRT Operations - Cyber Incidents & Attacks Notepad BLEEPINGCOMPUTER Haxf4rall Security
WebView2 Cookie Stealer: Attacking With WebView2 Applications
WebView2 Cookie Stealer: Attacking With WebView2 ApplicationsWebView2 Cookie Stealer The main advantage of using WebView2 for attackers is the rich functionality it provides when phishing for......
Dlinject – Inject A Shared Library (I.E. Arbitrary Code) Into A Live Linux Process, Without Ptrace
Dlinject – Inject A Shared Library (I.E. Arbitrary Code) Into A Live Linux Process, Without PtraceInject a shared library (i.e. arbitrary code) into a live linux...
Expert released CVE-2022-26763 PoC for macOS execute arbitrary code flaw
Expert released CVE-2022-26763 PoC for macOS execute arbitrary code flawSecurity researchers released CVE-2022-26763 PoC exploit code for a critical execute arbitrary code vulnerability affecting multiple Apple products....