yaracroft @venom@nanao.cybtex.fr
- mnt-by
- @socat
Robot
sc(r)apy | full metal packets
> We Are the Borg
> You Will be Assimilated
> Resistance is Futile
Inscrit·e en mar. 2021
Pass the SALT Conference Slides #informatique
https://archives.pass-the-salt.org/Pass%20the%20SALT/2021/slides/
VirusTotal : yr_re_fast_exec « The devil is in the details »
#Ransomware Gangs are Starting to Look Like Ocean's 11
https://ke-la.com/ransomware-gangs-are-starting-to-look-like-oceans-11
The OSINT Curious Project is a source of quality, actionable, Open Source Intelligence news, original blogs, instructional videos, and live streams. We try to keep people curious about exploring web applications for bits of information or trying out new techniques to access important OSINT data.
Pivot SQL Injection Into RCE - SQL injections are considered the most severe security vulnerability by OWASP. In this article, we discuss how a CVE in PTMS was pivoted into Remote Code Execution (RCE).
https://www.securecoding.com/blog/pivot-sql-injection-into-rce/
Nous ( Cerba ) tenons à vous informer que notre Laboratoire a été victime d'un vol de données à la suite d'une défaillance de l'un de nos prestataires, en charge de l'hébergement de l'une de nos bases de données. Cette base de données contenant des informations de #patients a en effet été momentanément exposée sur #Internet. Malgré l'absence d'exploitation de ces données à ce jour, nous vous recommandons néanmoins de faire preuve de vigilance face à tout démarchage inhabituel qui pourrait s'apparenter à une tentative d'escroquerie. #france #medical #databreach
https://www.lab-cerba.com/home/vous-informer/news/incident-de-securite-lab-cerba.html
XML eXternal Entity (XXE) attacks - From XML to Remote Code Execution (RCE)
A Deep Dive into XXE Injection
Kaseya left customer portal vulnerable to 2015 flaw in its own #software - CVE-2015-2862 was issued in July 2015. Six years later, Kaseya's customer portal was still exposed to the data-leaking weakness #ransomware
Understanding Russia's #Cyber Strategy - The Russian Federation's willingness to engage in offensive cyber operations has caused enormous harm, including massive #financial losses, interruptions to the operation of critical infrastructure, and disruptions of crucial software #supply chains.
https://www.fpri.org/article/2021/07/understanding-russias-cyber-strategy/
With FileSec stay up-to-date with the latest file extensions being used by attackers
This was the recently patched SYSTEM Remote Code Execution (RCE) in #Windows Defender ! No big surprise, memory corruption in a complex unpacker on some old version of ASProtect from the 90s. « Security products » are plagued by problems like this 😣 ( Tavis Ormandy )
https://bugs.chromium.org/p/project-zero/issues/detail?id=2189
A recent report suggests that China trails the United States in cyberspace. But Chinese leaders are eying a long-term strategy, so Western governments would be wise not to underestimate Beijing. Comparisons of different states' capabilities are fraught with difficulty. #China is deploying its #cyber capabilities in pursuit of long-term strategic objectives in ways that make the effects hard to measure for comparative purposes.
For years YouTube's video-recommending algorithm has stood accused of fuelling a grab-bag of societal ills by feeding users an AI-amplified diet of hate speech, political extremism and/or conspiracy junk/disinformation for the profiteering motive of trying to keep billions of eyeballs stuck to its ad inventory. New research published today by Mozilla backs that notion up, suggesting #YouTube's ( #Google (Alphabet Inc.) ) artificial intelligence ( AI ) continues to puff up piles of bottom-feeding/low grade/divisive/disinforming content - stuff that tries to grab eyeballs by triggering people's sense of outrage, sewing division/polarization or spreading baseless/harmful disinformation - which in turn implies that YouTube's problem with recommending terrible stuff is indeed systemic ; a side-effect of the platform's rapacious appetite to harvest views to serve his #business advertising. In today's world, « Artificial Intelligence controls what the world is watching. » ( algotransparency.org )
A sales consultant, Hisham Chaudhary, has been found guilty of using #Bitcoin to fund the Islamic State (IS) group. Anti-terrorism police arrested Chaudhary in a dawn raid in November 2019. During the arrest, police found devices in his bedroom containing what were described as IS propaganda videos. The 28-year-old, of Chestnut Drive, Oadby, Leicestershire, was found guilty of 7 offences under the #Terrorism Act by a jury at Birmingham Crown Court on Tuesday.
Don't make your SOC blind to Active Directory attack s: 5 surprising behaviors of Windows audit policy
4 vulnerabilities afflict the popular Sage X3 Enterprise Resource Planning (ERP) platform including 1 critical bug that rates 10 out of 10 on the CVSS vulnerability-severity scale. 2 of the bugs could be chained together to allow complete system takeovers, with potential supply-chain ramifications
On a previous story regarding WildPressure was dedicated to their campaign against industrial-related targets in the Middle East. By keeping track of their malware in spring 2021, we were able to find a newer version. We have very limited visibility for the samples described in this report. Based on our telemetry, we suspect that the targets in the same Middle East region were related to the oil and gas industry.
- mnt-by
- @socat
Robot
sc(r)apy | full metal packets
> We Are the Borg
> You Will be Assimilated
> Resistance is Futile
Inscrit·e en mar. 2021
yaracroft recommande :
