4906
Security news, exploits, vulnerabilities, leaks.. canyoupwn.me twitter.com/canyoupwnme fb.me/canyoupwnme
Uncovering a Bug I Found in Outlook: How Could an Account Has Been Compromised?
https://cems.fun/2022/12/26/CVE-2017-8758.html
Check Point response to CVE-2021-26414 - "Windows DCOM Server Security Feature Bypass"
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk176148
Multiple vulnerabilities in Trend Micro Apex One and Apex One as a Service
https://jvn.jp/en/vu/JVNVU96679793/
Zerobot botnet upgrade targets unpatched Apache servers
https://siliconangle.com/2022/12/22/zerobot-botnet-upgrade-targets-unpatched-apache-servers/
Ghost CMS vulnerable to critical authentication bypass flaw
https://www.bleepingcomputer.com/news/security/ghost-cms-vulnerable-to-critical-authentication-bypass-flaw/
Announcing OSV-Scanner: Vulnerability Scanner for Open Source
https://security.googleblog.com/2022/12/announcing-osv-scanner-vulnerability.html?m=1
Crash Monitor
https://github.com/talha/crash_monitor
Fenrir
Simple Bash IOC Scanner
https://github.com/Neo23x0/Fenrir
ClamAV 1.0.0 release candidate now available
https://blog.clamav.net/2022/10/clamav-100-release-candidate-now.html?m=1
CVE-2022-40684
https://github.com/secunnix/CVE-2022-40684
Burp Extension Yazma ve Kullanımı — Özel Bir Başlık Alanı Ekleme
https://medium.com/bilişim-hareketi/burp-extension-yazma-ve-kullanımı-özel-bir-başlık-alanı-ekleme-64712e2665f1
HermeticWiper Technical Analysis Report
http://docs.brandefense.io/HermeticWiper-Technical-Analysis-Report.pdf
Dynamite Panda APT Group
https://brandefense.io/dynamite-panda-apt-group/
Hyper Service Transfer Protocol on EVM
https://github.com/cagataycali/HSTP
ATT&CK Powered Suit
https://chrome.google.com/webstore/detail/attck-powered-suit/gfhomppaadldngjnmbefmmiokgefjddd
CVE-2022-46175: JSON5 Prototype Pollution Vulnerability
https://securityonline.info/cve-2022-46175-json5-prototype-pollution-vulnerability/
Linux Kernel ksmbd RCE
https://seclists.org/oss-sec/2022/q4/228
https://securityonline.info/critical-remote-code-execution-vulnerability-in-linux-kernel/
CVE-2021-32692 Detail
https://nvd.nist.gov/vuln/detail/CVE-2021-32692
Threat Brief: OWASSRF Vulnerability Exploitation
https://unit42.paloaltonetworks.com/threat-brief-owassrf/
ImgBackdoor
Hide your payload into .jpg file
https://github.com/Tsuyoken/ImgBackdoor
OWASP KubeLight
https://owasp.org/www-project-kubernetes-scanner/
FortiOS - heap-based buffer overflow in sslvpnd
https://www.fortiguard.com/psirt/FG-IR-22-398
teler
Real-time HTTP Intrusion Detection
https://github.com/kitabisa/teler
Microsoft fixes driver blocklist placing users at risk from BYOVD attacks
https://www.malwarebytes.com/blog/news/2022/10/microsoft-fixes-driver-blocklist-placing-users-at-risk-from-byovd-attacks
Critical 0-Day Alarm in Microsoft Exchange Server
https://brandefense.io/security-news/critical-0-day-alarm-in-microsoft-exchange-server/
Multiple Vulnerabilities Detected in Solarwinds Orion
https://brandefense.io/security-news/multiple-vulnerabilities-detected-in-solarwinds-orion
Vulnerable-Soap-Service
https://github.com/anil-yelken/Vulnerable-Soap-Service
Multiple Critical Vulnerabilities Detected in Jenkins
https://brandefense.io/multiple-critical-vulnerabilities-detected-in-jenkins/
New MS Office zero-click code execution vulnerability
https://fourcore.io/blogs/follina-ms-office-msdt-code-execution-zero-day-vulnerability