4906
Security news, exploits, vulnerabilities, leaks.. canyoupwn.me twitter.com/canyoupwnme fb.me/canyoupwnme
DETECTION OF CRIMINALS IN CYBER ATTACKS AND LEGAL PERSPECTIVE @berk_imran
https://berkimran.com/detection-of-criminals-in-cyber-attacks-and-legal-perspective/
🔒 Hacktrick 2024'e katılmaya hazır mısınız? Siber güvenlik sektörünün önde gelen isimleriyle buluşmak için geri sayım başladı! 💻
📅 Tarih: 17-18-19 Mayıs 2024
📍 Lokasyon: BTK, Türkiye
🌟 Yerinizi şimdiden ayırın ➡️ https://eu1.hubs.ly/H08Bl980
https://twitter.com/hacktrickconf/status/1779858965175689671
SwaggerParser-BurpExtension
https://github.com/Trendyol/swagger-parser-burp-extension
ThreatIngestor
https://github.com/InQuest/ThreatIngestor
Dynamic Linq Injection Remote Code Execution Vulnerability (CVE-2023-32571)
https://research.nccgroup.com/2023/06/13/dynamic-linq-injection-remote-code-execution-vulnerability-cve-2023-32571/
GreenTunnel is an anti-censorship utility designed to bypass the DPI system that is put in place by various ISPs to block access to certain websites.
https://github.com/SadeghHayeri/GreenTunnel
Security Bulletin: IBM WebSphere Application Server is vulnerable to a remote code execution vulnerability (CVE-2023-23477)
https://www.ibm.com/support/pages/node/6891111
Jira Service Management Server and Data Center Advisory (CVE-2023-22501)
https://confluence.atlassian.com/jira/jira-service-management-server-and-data-center-advisory-2023-02-01-1188786458.html
A Vulnerability in vBulletin Could Allow for Remote Command Execution
https://www.cisecurity.org/advisory/a-vulnerability-in-vbulletin-could-allow-for-remote-command-execution_2023-013
PHP Development Server <= 7.4.21 - Remote Source Disclosure
https://blog.projectdiscovery.io/php-http-server-source-disclosure/
2022 Microsoft Teams RCE
https://blog.pksecurity.io/2023/01/16/2022-microsoft-teams-rce.html
CVE-2023-22602: Apache Shiro Authentication Bypass Vulnerability
https://securityonline.info/cve-2023-22602-apache-shiro-authentication-bypass-vulnerability/
Microsoft's first Patch Tuesday of 2023 delivers a massive 98 fixes
https://www.zdnet.com/article/microsofts-first-patch-tuesday-of-2023-delivers-a-massive-98-fixes/#ftag=RSSbaffb68
https://www.computerweekly.com/news/252529073/Microsoft-fixes-EoP-zero-day-on-January-Patch-Tuesday
Disclosing a New Vulnerability in JWT Secret Poisoning (CVE-2022-23529)
https://unit42.paloaltonetworks.com/jsonwebtoken-vulnerability-cve-2022-23529/
CVE-2022-47523: ManageEngine Password Manager Pro, PAM360 and Access Manager Plus SQL Injection Vulnerability
https://www.tenable.com/blog/cve-2022-47523-manageengine-password-manager-pro-pam360-and-access-manager-plus-sql-injection
Prompt Firewall
https://promptfirewall.com/index.html
Security checklist app for your Mac
https://github.com/paretoSecurity/pareto-mac/
Microsoft June “Patch Tuesday” Addresses 73 Vulnerabilities
https://securityboulevard.com/2023/06/microsoft-june-patch-tuesday-addresses-73-vulnerabilities/
Российские хакеры анонсировали мощную атаку на западную финансовую систему в ближайшие 48 часов. Задача номер один — парализовать работу SWIFT.
По нашей информации, ради этой кампании объединились ребята из группировок KillNet, Revil и Anonymous Sudan. Планируют "дать отпор безумцам по формуле «нет денег — нет оружия — нет киевского режима»". Среди целей: банки Европы и США, Swift и Федеральная резервная система США (аналог нашего Центрального банка).
Для справки: Revil считается одним из самых активных мобов среди хакеров по всему миру. Ребята прославились тем, что похищали схемы будущих продуктов Apple, взламывали органы местного управления Техаса и атаковали крупнейшего поставщика мяса в мире — JBS. Теперь они будут работать с ребятами из KillNet, которые в августе прошлого года сломали сайт ведущей американской оборонной корпорации Lockheed Martin и доказали, что агенты ФБР любят куколд-порно. Ну а про "анонимусов" вы слышали.
Deus Vult 1001100
😋 Подписывайся на Mash
GoodbyeDPI — Deep Packet Inspection circumvention utility (for Windows)
https://github.com/ValdikSS/GoodbyeDPI
High-Severity Privilege Escalation Vulnerability Patched in VMware Workstation
https://www.securityweek.com/high-severity-privilege-escalation-vulnerability-patched-in-vmware-workstation/
https://www.vmware.com/security/advisories/VMSA-2023-0003.html
Django contains Uncontrolled Resource Consumption via cached header
https://github.com/advisories/GHSA-q2jf-h9jm-m7p4
Exploitation attempts for Oracle E-Business Suite flaw observed after PoC release
https://securityaffairs.com/141782/hacking/oracle-e-business-suite-flaw-poc.html
CVE-2020-36109 PoC causing DoS
https://github.com/sunn1day/CVE-2020-36109-POC
GTA Online New Hack allows Remotely Modify Users PC Data
https://www.cyberkendra.com/2023/01/gta-online-new-hack-allows-remotely.html
Bad things come in large packages: .pkg signature verification bypass on macOS
https://sector7.computest.nl/post/2023-01-xar/
#apple #macOS
Unpatchable Hardware Vulnerability Allows Hacking of Siemens PLCs
https://nationalcybersecurity.com/unpatchable-hardware-vulnerability-allows-hacking-of-siemens-plcs-hacking-cybersecurity-infosec-comptia-pentest-hacker/
SIEM Training
https://gist.github.com/isaqueprofeta/d14f394d8679fce0a11d7961d514fcdd
USN-5788-1: curl vulnerabilities
https://ubuntu.com/security/notices/USN-5788-1