Security News

Morningstar Security News gathers all the most popular infosec and cyber security news headlines into a single page that auto-updates 24/7.

Vulnerabilities

Reversing/I like ASM

Locks/Social Engineering

Mainstream Media

Thirsty for more

Security Twitterverse

Most Popular Security News

PacketStorm

900 US Schools Impacted By MOVEit Hack At National Student Clearinghouse new

Government Of Bermuda Links Cyberattacks To Russian Hackers new

City Of Dallas Details Ransomware Attack Impact, Costs new

New Sandman APT Group Hitting Telcos With Rare LuaJIT Malware

TransUnion Thinks Dump Of Stolen Customer Data Came From Someone Else

Apple Patches 3 Zero Days Likely Exploited By Spyware Vendor To Hack iPhones

Incomplete Disclosures By Apple And Google Create Huge Blindspot For 0-Day Hunters

US Govt IT Help Desk Techie Leaked Top Secrets To Foreign Nation

MGM Resorts Operations Resume 10 Days After Cyberattack

Poland Investigates OpenAI Over Privacy Concerns

Cisco Beefs Up Cybersecurity Play With $28 Billion Splunk Deal

Feds Issue Snatch Ransomware Warning

The Register

Mixin suspends deposits and withdrawals after $200m cryptocurrency heist new

T-mobile US exposes some customer data – but don't call it a breach new

Apple squashes security bugs after iPhone flaws exploited by Predator spyware

ESA gets the job of building Europe's secure satcomms network

US govt IT help desk techie 'leaked top secrets' to foreign nation

TransUnion reckons big dump of stolen customer data came from someone else

Cisco spends $28B on data cruncher Splunk in cybersecurity push

Menacing marketeers fined by ICO for 1.9M cold calls

India's biggest tech centers named as cyber crime hotspots

Data breach reveals distressing info: people who order pineapple on pizza

Feds raise alarm over Snatch ransomware as extortion crew brags of Veterans Affairs hit

Signal adopts new alphabet jumble to protect chats from quantum computers

Reddit - NetSec

Bleeping Computer

The Hacker News

Ukrainian Military Targeted in Phishing Campaign Leveraging Drone Manuals new

Webinar — AI vs. AI: Harnessing AI Defenses Against AI-Powered Risks new

Are You Willing to Pay the High Cost of Compromised Credentials? new

From Watering Hole to Spyware: EvilBamboo Targets Tibetans, Uyghurs, and Taiwanese new

New Report Uncovers 3 Distinct Clusters of China-Nexus Attacks on Southeast Asian Government new

Deadglyph: New Advanced Backdoor with Distinctive Malware Tactics

New Apple Zero-Days Exploited to Target Egyptian ex-MP with Predator Spyware

New Variant of Banking Trojan BBTok Targets Over 40 Latin American Banks

How to Interpret the 2023 MITRE ATT&CK Evaluation Results

Iranian Nation-State Actor OilRig Targets Israeli Organizations

High-Severity Flaws Uncovered in Atlassian Products and ISC BIND Server

Apple Rushes to Patch 3 New Zero-Day Flaws: iOS, macOS, Safari, and More Vulnerable

Threat Wire

Exploits

Packet Storm Exploits

RoyalTSX 6.0.1 RTSZ File Handling Heap Memory Corruption new

OPNsense 23.1.11_1 / 23.7.3 / 23.7.4 Cross Site Scripting / Privilege Escalation new

LogoBee CMS 0.2 Cross Site Scripting new

Lamano LMS 0.1 Insecure Settings new

Elasticsearch 8.5.3 Stack Overflow

Taskhub 2.8.8 Cross Site Scripting

TOTOLINK Wireless Routers Remote Command Execution

Luxcal Event Calendar 3.2.3 Cross Site Request Forgery

Lamano CMS 2.0 Cross Site Request Forgery

WordPress Theme My Login 2FA Brute Force

Apache Airflow 1.10.10 Remote Code Execution

Lexmark Device Embedded Web Server Remote Code Execution

Exploit-DB Webapps

[webapps] SPA-Cart eCommerce CMS 1.9.0.3 - SQL Injection

[webapps] Jorani v1.0.3-(c)2014-2023 - XSS Reflected & Information Disclosure

[webapps] Wordpress Plugin Elementor 3.5.5 - Iframe Injection

[webapps] Wp2Fac - OS Command Injection

[webapps] soosyze 2.0.0 - File Upload

[webapps] Axigen < 10.3.3.47, 10.2.3.12 - Reflected XSS

[webapps] Drupal 10.1.2 - web-cache-poisoning-External-service-interaction

[webapps] Member Login Script 3.3 - Client-side desync

[webapps] WP Statistics Plugin 13.1.5 current_page_id - Time based SQL injection (Unauthenticated)

[webapps] Blood Donor Management System v1.0 - Stored XSS

[webapps] SPA-Cart eCommerce CMS 1.9.0.3 - Reflected XSS

[webapps] Hyip Rio 2.1 - Arbitrary File Upload

Exploit-DB Local and Privilege Escalation

[local] GOM Player 2.3.90.5360 - Buffer Overflow (PoC)

[local] NVClient v5.0 - Stack Buffer Overflow (DoS)

[local] Freefloat FTP Server 1.0 - 'PWD' Remote Buffer Overflow

[local] Kingo ROOT 1.5.8 - Unquoted Service Path

[local] Inosoft VisiWin 7 2022-2.1 - Insecure Folders Permissions

[local] systemd 246 - Local Privilege Escalation

[local] OutSystems Service Studio 11.53.30 - DLL Hijacking

[local] General Device Manager 2.5.2.2 - Buffer Overflow (SEH)

[local] mRemoteNG v1.77.3.1784-NB - Cleartext Storage of Sensitive Information in Memory

[local] Keeper Security desktop 16.10.2 & Browser Extension 16.5.4 - Password Dumping

[local] GreenShot 1.2.10 - Insecure Deserialization Arbitrary Code Execution

[local] RaidenFTPD 2.4.4005 - Buffer Overflow (SEH)

Exploit-DB DoS

[dos] SyncBreeze 15.2.24 - 'login' Denial of Service

[dos] Xlight FTP Server 3.9.3.6 - 'Stack Buffer Overflow' (DOS)

[dos] TP-Link TL-WR940N V4 - Buffer OverFlow

Exploit-DB Shellcode

Exploit-DB Papers

Exploit-DB Remote

[remote] GOM Player 2.3.90.5360 - Remote Code Execution (RCE)

[remote] Techview LA-5570 Wireless Gateway Home Automation Controller - Multiple Vulnerabilities

[remote] Ivanti Avalanche <v6.4.0.0 - Remote Code Execution

[remote] TSplus 16.0.2.14 - Remote Access Insecure Files and Folders Permissions

[remote] TSplus 16.0.0.0 - Remote Work Insecure Files and Folders

[remote] TSPlus 16.0.0.0 - Remote Work Insecure Credential storage

[remote] EuroTel ETL3100 - Transmitter Unauthenticated Config/Log Download

[remote] EuroTel ETL3100 - Transmitter Default Credentials

[remote] EuroTel ETL3100 - Transmitter Authorization Bypass (IDOR)

[remote] TP-Link Archer AX21 - Unauthenticated Command Injection

[remote] ReyeeOS 1.204.1614 - MITM Remote Code Execution (RCE)

[remote] Shelly PRO 4PM v0.11.0 - Authentication Bypass

LiveOverflow

Bug Bounties

HackerOne Blog

Why This Moment In Cybersecurity Needs Hackers To Protect All Software

Ethical Hacking: Unveiling the Power of Hacking for Good in Cybersecurity

The Hacker Perspective on Generative AI and Cybersecurity

You're Doing Pentesting Wrong

VDPs Are Good For the Government — and Good For Business

Reddit - BugBounty

Open redirect or not new

Deductible expenses and Bug Bounties new

Google Bug Hunters "Sorry there was an error" new

do u think securitytrials worth the money for full time bb hunter? which api plan u prefer or do u pay for surface browser

Any way to read android file system structure ?

Haylxon: Take screenshots of urls/websites from terminal new release 🦊

What tools do you use for recon?

I used to help run a large bug bounty program. AMA if you’d like

CSRF token generation

Origin Ip Found Vulnerability of 2023 ( Full Tutorial ) | bug bounty POC 2023

Pentester Land

Portswigger

DOM Invader and the case of direct eval vs indirect eval new

New learning paths, from the Web Security Academy

Supporting Sprocket Security's offensive security testing with BChecks, from Burp Suite

New techniques and tools for web race conditions

The top 10 community-created BChecks, so far ...

Implementing Tic Tac Toe with 170mb of HTML - no JS or CSS

Burp Suite roadmap update: July 2023

Find GraphQL API vulnerabilities, with Burp Suite Professional

We want to check out your BChecks ...

BChecks: Houston, we have a solution!

HackerOne Hacktivity

Vulnerabilities

Full Disclosure

[tool] WatchGuard Firebox Web Update Unpacker new

APPLE-SA-2023-09-21-6 macOS Ventura 13.6

APPLE-SA-2023-09-21-7 macOS Monterey 12.7

APPLE-SA-2023-09-21-5 watchOS 9.6.3

APPLE-SA-2023-09-21-4 watchOS 10.0.1

APPLE-SA-2023-09-21-3 iOS 16.7 and iPadOS 16.7

APPLE-SA-2023-09-21-2 iOS 17.0.1 and iPadOS 17.0.1

APPLE-SA-2023-09-21-1 Safari 16.6.1

Advisory X41-2023-001: Two Vulnerabilities in OPNsense

SEC Consult SA-20230918-0 :: Authenticated Remote Code Execution and Missing Authentication in Atos Unify OpenScape

SEC Consult SA-20230829-0 :: Reflected Cross-Site Scripting (XSS) in PTC - Codebeamer (ALM Solution)

APPLE-SA-2023-09-11-3 macOS Big Sur 11.7.10

NIST National Vulnerability Database

CVE-2023-43278 new

CVE-2023-38907 new

CVE-2023-4258 new

CVE-2023-43326 new

CVE-2023-43457 new

CVE-2023-43132 new

CVE-2023-5129 new

CVE-2023-42426 new

CVE-2023-42753 new

CVE-2023-43458 new

CVE-2023-43642 new

CVE-2023-43644 new

Tools

Packet Storm Tools

Global Socket 1.4.41 new

GNUnet P2P Framework 0.20.0 new

BDS FreeBSD KLD Rootkit

BDS Linux LKM Ftrace-Based Rootkit

BDS Linux Userland Rootkit

BDS Linux LKM Rootkit

TOR Virtual Network Tunneling Tool 0.4.8.6

Suricata IDPE 7.0.1

OpenSSL Toolkit 1.1.1w

tc Tor Chat Client

Darknet

AgentSmith HIDS – Host Based Intrusion Detection

Exploit Dev

Reddit - Exploit Dev

How To Land a Job as a CNO Developer? new

"Basic" Buffer Overflow Questions

Is it possible to hack Android via PDF

CVE-2023-4047 Root Cause Analysis

Comp eng or Comp sci?

Memory Leak Exploitability?

From Terminal Output to Arbitrary Remote Code Execution

Dynamic malware analysis tools for Kali Linux

Help with firmadyne

I wrote an exploit for OpenTSDB <= 2.4.1 cmd injection (CVE-2023-36812) in modern Fortran.

#NoFilter - Abusing Windows Filtering Platform for Privilege Escalation | Deep Instinct

Source Incite

Google Project Zero

Analyzing a Modern In-the-wild Android Exploit

Summary: MTE As Implemented

MTE As Implemented, Part 1: Implementation Testing

MTE As Implemented, Part 2: Mitigation Case Studies

MTE As Implemented, Part 3: The Kernel

Security Researchers

PREDATOR IN THE WIRES: Ahmed Eltantawy Targeted with Predator Spyware After Announcing Presidential Ambitions

Reconstructing an invalid TPM event log

Unix sockets, Cygwin, SSH agents, and sadness

Reversing/I like ASM

Reddit - Reverse Engineering

Tip: Open with IDA Pro context menu new

Release BinDiff 8 Open Source new

We're Hiring! Software Reverse Engineer Position at Caesar Creek Software. 4 Locations: Miamisburg (OH), Atlanta (GA), Woburn (MA) and Fredericksburg (VA). new

ImHex v1.31.0 has been released! Including a full command line interface, a .NET Script loader and a built-in tutorial in the form of Achievements

Computer System Interrupts: Details how hardware and software components interact to handle interrupts efficiently. Flowchart, Code, and Real-world Example.

New blog post on C Socket Programming! Essential functions, error handling, and practical examples.

Beginner's Guide to Disassembling 6502 Binaries

Software Reverse Engineer Position at Caesar Creek Software

Finding Deserialization Vulnerabilities in the SolarWinds Platform

New ways to inject system CA certificates in Android 14

reverse engineering nrf51 firmware

Reddit - Game Hacks

AimAce And Aboslute Warthunder cheat! Best 2 on the market! Dominate like no one else! almost 3 Years Undetected 0 Bans new

Help finding hacks for a game new

PAYDAY3 CHEATS x STERN new

Removing a HWID Ban on Rust - HyperThread new

Escape From Tarkov CHEAT!, best on the market by far, best for closet cheating! Shop at https://www.ownagesoftware.com/

Escape From Tarkov CHEAT!, best on the market by far, best for closet cheating!

How do you test files for malware?

Removing a HWID Ban on Apex Legends - HyperThread

Removing a HWID Ban on R6 - HyperThread

Removing a HWID Ban on Fortnite - HyperThread

Help Have A Nice Death

Any hackers that can help? [bo3]

Reddit - REGames

Assetstudio is not working for the same _data file. new

Repacking LZMA compressed files? new

Unlocking the developer console in Call of Duty: Modern Warfare 2 (2009) new

Cracking an old DOS game

Can't see methods when opening Csharp-assembly.dll (32-bit IOS game)

Best practice to create a GitHub repo for Ghidra Metadata for a PSX game?

A Compact Linux & Windows Detours Library (x86_64)

how can i make a minecraft cube in Chivalry1 SDK

Beginner's Guide to Disassembling 6502 Binaries -- Commodore PET Space Invaders

Seeking Guidance on Reverse Engineering Tokyo Ghoul Dark War - Need Advice and Tools to Transform It into an Offline Game

Legality of re-building a 20 year old MMORPG where the company has gone out of business?

Street Fighter 6 PC/Steam

StackExchange - ReverseEngineering

Reverse Android native lib new

Extracting obj-c class list from a machO new

Want to Install Google TV Home Android 10 App in Android 9 new

Cutter shows addresses relative to stack but not rbp. How to change it? new

How to decode lua files and resource files that are protected from Frida and IDA64?

Reverse engineering JCALG/LZ?? compression

vivisect get assembly instructions

Anyone familiar with this "AceDB" file format?

IDA Pro Version 5 Free Not displaying Text Correctly in Dissembled File

Searching for signal calls in a Mach-O multiarch binary

Unable to decompile .pyc file

IDA Pro: JDWP error:ABSENT_INFORMATION desired information is not avaiable

Guided Hacking

Malware/APT

Reddit - Malware

Good free antivirus for Android that doesn't drain battery new

Wasn’t expecting that last part… new

malware identification issue new

Samples come as clean by AV but have hundreds of malicious & suspicious indicators new

Malware opening Powershell every minute. Can any one please decode and analyse this new

False positive or not

HijackLoader Targets Hotels: A Technical Analysis

I've started making Malware review videos, to follow in danooct1's footsteps since he only records twice a year now.

Windows shadowcopy tool used in malware

Malvare that opens everything in Temp files

Inside The Ransomware Attack That Shut Down MGM Resorts

Malware distributor Storm-0324 facilitates ransomware access

Unit42

Rare Backdoors Suspected to be Tied to Gelsemium APT Found in Targeted Attack in Southeast Asian Government

Cyberespionage Attacks Against Southeast Asian Government Linked to Stately Taurus, Aka Mustang Panda

Persistent Attempts at Cyberespionage Against Southeast Asian Government Target Have Links to Alloy Taurus

Unit 42 Researchers Discover Multiple Espionage Operations Targeting Southeast Asian Government

Fake CVE-2023-40477 Proof of Concept Leads to VenomRAT

Threat Group Assessment: Turla (aka Pensive Ursa)

Threat Group Assessment: Muddled Libra (Updated)

Unit 42 Attack Surface Threat Research: Constant Change in Cloud Contributes to 45% of New High/Critical Exposures Per Month

Wireshark Tutorial: Display Filter Expressions

RedLine Stealer: Answers to Unit Wireshark Quiz

Wireshark Tutorial: Changing Your Column Display

Why LaZagne Makes D-Bus API Vigilance Crucial

Crypto

Reddit - Crypto

StackExchange - Crypto

What is new math worth? new

How to add Crypto++ library to NS3 using waf build system? [migrated] new

48-bit nonce reuse with ChaCha20 new

Is there any cheaper way for multiplying a plaintext scalar to a vector? new

Group secret agreement for clients do not have connection to each other

Textbook RSA using multiple low public exponent e

solve for encryption matrix [closed]

Client authentication: only talk to trusted clients?

PAGE 2: Can I move elements from cyclic subgroup to its cyclic parent group?

Transmit a password to inheritors

Could Yao's Millionaires' problem be used as a problem of binary search?

RSA encryption two characters at a time

Seytonic

Podcasts

Security Weekly

AI Attacks and LLM Security Matters - Nathan Hamiel - PSW #799

Ransomware Infection Vectors - Ryan Chapman - PSW #798

Interview with Dr. Gene Spafford - Eugene Spafford - PSW Vault

Incident Response: Clouds, SMBs, & More! - Amanda Berlin - PSW #797

Managing Bug Bounty Programs At Scale - Dr. Jared DeMott - PSW #796

Defending Public Infrastructure While At War - Antranig Vartanian - PSW #795

Incident Response Readiness - Gerard Johansen - PSW #794

Incident Response Stories - Bill Swearingen - PSW #793

Post-Breach: The Hardening Continues - Sean Metcalf - PSW #792

Post-Breach: The Hardening Continues - Sean Metcalf - PSW #792

Security Certification - Rohit Misuriya, Sumit Siddharth - PSW #791

Getting Control Of Your Security Data Pipeline - JP Bourget - PSW #790

Risky.Biz

Snake Oilers: Sublime Security, Vulncheck and Devicie

Risky Business #722 -- Microsoft embraces Zero Trust... Authentication?

Risky Business #721 -- Why Storm-0558's Microsoft hack should have failed

Snake Oilers: ConductorOne, Bloodhound Enterprise and Zero Networks

Risky Business #720 -- How cloud identity provider federation features can get you mega-owned

Risky Business #719 -- FBI vapes 700,000 Qakbot infections

Risky Business #718 -- Chaos and carnage, business as usual

Feature Interview: How Sandworm prepared Ukraine for a cyber war

Risky Business #717 -- The kids are okay. At ripping your face off.

Risky Business #716 -- This ain't your grandma's cloud

Risky Business #715 -- Pressure mounts on Microsoft to explain itself

Feature interview: Australia's Cyber Security Minister Clare O'Neil

The CyberWire

Cyberespionage in East and Southeast Asia, for both intelligence collection and domestic security, Spyware tools tracked. Shifting cyber targets in Russia’s hybrid war. Securing the… new

Threat intelligence discussion with Chris Krebs. [Special Edition] new

Merritt Baer: No one has to go down for you to go up. [CISO] [Career Notes]

Behind the Google shopping ad masks. [Research Saturday]

Enter the Sandman. A look at an initial access broker. Iran’s OilRig hits Israeli targets. Cyber ops and soft power. Update on casino ransomware attacks.…

Don’t get snatched. Trends in phishing, cyber insurance claims, and threats to academic institutions. Hacktivism in the hybrid war. Updates on the ICC attack. MGM…

Hacking the ICC. ShroudedSnooper active, simple, and novel. New criminal malware used against Chinese-speakers. More on the materiality of cyberattacks.

Ransomware in Colombia. An accidental data exposure. Cyberespionage hits unpatched systems. An attack on IT systems disrupts industrial production. Bots and bad actors.

A quick look at some threats from China and North Korea, some engaged in collection, some in theft. BlackCat and other ransomware operators. And a…

Karl Mattson: Defer gratification. (CISO) [Career Notes]

A look into the emotions and anxieties of the highest levels of decision-making. [Research Saturday]

Peach Sandstorm cyberespionage. Criminal attacks against a Colombian telco and two major US casino firms. A thief in the browser. And the Greater Manchester Police…

Cyber Security Interviews

#127 – Douglas Brush (Part 5): Analysis Paralysis new

ISC Daily Stormcast

ISC StormCast for Monday, September 25th, 2023 new

ISC StormCast for Friday, September 22nd, 2023

ISC StormCast for Thursday, September 21st, 2023

ISC StormCast for Wednesday, September 20th, 2023

ISC StormCast for Tuesday, September 19th, 2023

ISC StormCast for Monday, September 18th, 2023

ISC StormCast for Friday, September 15th, 2023

ISC StormCast for Thursday, September 14th, 2023

ISC StormCast for Wednesday, September 13th, 2023

ISC StormCast for Tuesday, September 12th, 2023

Darknet Diaries

136: Team Xecuter

135: The D.R. Incident

Threat Intel

Reddit - Onions

going to order for the first time on a cad-cad vendor. does anyone know if it’s too heat to order to my canada post flex… new

I have a few questions about archetyp new

Can browser native p2p integrated with Tor (Rust + WASM + DHT + WebRTC) ? new

Archetype exit scam?

Reddit - Pwned

HaveIBeenPwned

ApexSMS - 23,246,481 breached accounts

dBforums - 363,468 breached accounts

MalindoAir - 4,328,232 breached accounts

Viva Air - 932,232 breached accounts

Dymocks - 836,120 breached accounts

Phished Data via CERT Poland - 67,943 breached accounts

Pampling - 383,468 breached accounts

PlayCyberGames - 3,681,753 breached accounts

SevenRooms - 1,205,385 breached accounts

Duolingo - 2,676,696 breached accounts

Atmeltomo - 580,177 breached accounts

iMenu360 - 3,425,860 breached accounts

Privacy/VPNs

Slashdot - Rights

JPEX Appears To Be a $178 Million Fraud new

New York City Deploys 420-Pound RoboCop to Patrol Subway Station

Did Teens Ally with Ransomware Gangs for MGM Breach?

China's Quest for Human Genetic Data Spurs Fears of a DNA Arms Race

White House Could Force Cloud Companies To Disclose AI Customers

Google Sued Over Fatal Google Maps Error After Man Drove Off Broken Bridge

New Revelations From the Snowden Archive Surface

FCC Plays Whack-a-Mole With Telcos Accused of Profiting From Robocalls

Sysadmin, Spouse Admit To Part in 'Massive' Pirated Avaya Licenses Scam

John Grisham, George RR Martin, Other Top US Authors Sue OpenAI Over Copyrights

The International Criminal Court In The Hague Says It Has Been Hacked

FTX Sues Sam Bankman-Fried's Parents

Reddit - Privacy

So confused on how to send emails from SL aliases?? new

Reddit - VPN

YouTube blocking content when VPN off new

Does a VPN protect against a compromised modem and ISP trying to surveil your activities?

looking for a VPN with a big amount of config files

Netflix detecting the wrong country through VPN.

Want to set up remote access, router or host?

Sending TCP traffic through a UDP VPN

Snapchat still finding me

Cheap Apple Music - $0.80/mo through Turkey method

VPN while working remotely is against company policy.

PrivacyTools.io

EFF

EFF at FIFAfrica 2023 new

The U.S. Government’s Database of Immigrant DNA Has Hit Scary, Astronomical Proportions new

Don’t Fall for the Intelligence Community’s Monster of the Week Justifications

This Bill Would Revive The Worst Patents On Software—And Human Genes

Today The UK Parliament Undermined The Privacy, Security, And Freedom Of All Internet Users

We Want YOU (U.S. Federal Employees) to Stand for Digital Freedoms

New Privacy Badger Prevents Google From Mangling More of Your Links and Invading Your Privacy

UN Cybercrime Treaty Talks End Without Consensus on Scope And Deep Divides About Surveillance Powers

UN's Cybercrime Convention Draft: A Slippery Slope for LGBTQ+ and Gender Rights

EFF to Michigan Court: Governments Shouldn’t Be Allowed to Use a Drone to Spy on You Without a Warrant

Apple and Google Are Introducing New Ways to Defeat Cell Site Simulators, But Is it Enough?

Appeals Court Upholds Public.Resource.Org’s Right to Post Public Laws and Regulations Online

Help Wanted

Reddit - AskNetSec

Is my phone hacked new

Which is the best unified(SIEMS, XDR) solution? new

HTB Mantis. How to identify MS14-068?

What can we do with a hostname?

Reddit - Netsec Students

Looking Web App Pen Tester resources new

Top 3 Data Breaches This Week new

Stackoverflow - Security

ZAP Proxy scanme.namp.org [closed] new

Paramiko and ssh2-python3 not working as expected in high threads new

Securely Hosting an ML Model [closed] new

varnish backend server to azure blob connection with access key new

Best Practise to maintain KMS in multi-account AWS environment? [closed] new

Google Maps displays on interior website pages, but not home page due to "ERR_BLOCKED_BY_CLIENT" new

Docker Scout CVEs have incorrect severity levels for base Microsoft .NET docker images new

SecKeyCreateWithData always returns nil in iOS 17 new

SAGE - ODBC via IIS - minimum required folder permissions for ACCDATA folder new

Best Practices for JWT Management in a Multi-Tenant System with User-Tenant Flexibility? new

Is there a standardized approach of retrievening credentials for Neovim Lua plugins new

how to implement a custom secure handshake for a p2p network? [closed] new

Stack Exchange

What kind of USB-based attacks can be prevented by a VM? new

Problems with phone [closed] new

Shor's algorithm and encryption [closed] new

What security issues could my system be exposed to via an unsecure memory card? new

How is the TLS PSK derived? [closed] new

crt.sh shows certificates for domains I don't recognize new

How do I stop my CentOS 8 machine getting infected with Kinseng Malware [closed] new

How to ignore asterisk characters in sqlmap? new

What are the security risks associated with hosting a web application that does not handle sensitive data without HTTPS? new

Security implication of loading untrusted private keys new

What's an example of a good uninjection in Node.js? (mySQL)

LUKS: How many iterations are enough?

Locks/Social Engineering

Reddit - Lockpicking

Help with Medeco 72s cam lock new

Picking a Masterlock 150 new

Deep false set? new

Covert Instruments Echelon Pick Set new

I found an abloy 330 on the ground new

Canadian sources for cylinders new

I made a stand for the CI Locksport Trainer! new

Another Road Treasure to add to the bucket!

The kit so far, I'm gonna need a bigger boat.

Master lock 140 picked

I'm hooked 😆 just started a few days ago and I've picked this over a dozen times now , just waiting on new locks to…

Reddit - Social Engineering

Darkpid worth it?

Recommendation for books on Social Engineering.

Why You feel Sad for No Reason

What stage of relationships should you avoid using self deprecation?

Advice Needed: Getting Google Reviews

Unmarked cop car debate with police officer.

Is it possible to reverse social engineer someone that you suspect is social engineering you?

Social Engineering in the Age of AI-Assistence

Need Email Address for a Company

Changing perceptions is better than changing reality

Searching for basic training to prepare you mental

How an Illusion of Choice Is Created To Control Group Behavior

Hak5

Security Blogs

Kaspersky Blog

Back-to-school threats: social networking | Kaspersky official blog new

Are Electron-based desktop applications secure? | Kaspersky official blog

What is the Fediverse, and how does it work? | Kaspersky official blog

Transatlantic Cable podcast, episode 316 | Kaspersky official blog

HR phishing: self-evaluation questionnaire | Kaspersky official blog

How to boost the performance of the whole infosec team | Kaspersky official blog

Top apps for encrypted, private videocalls | Kaspersky official blog

Transatlantic Cable podcast, episode 315 | Kaspersky official blog

How to manage subscription costs | Kaspersky official blog

Back-to-school threats: virtual classrooms and videoconferencing | Kaspersky official blog

Spyware versions of Telegram and Signal on Google Play | Kaspersky official blog

System time jumps in Windows: possible cause | Kaspersky official blog

Adam Shostack & friends

Graham Cluley

“The good and the bad that comes with the growth of AI” – watch this series of webinars with Abnormal, OpenAI, and others new

iOS 17 update secretly changed your privacy settings; here’s how to set them back new

Snatch ransomware – what you need to know

Donald Trump Jr’s hacked Twitter account announces his father has died

Smashing Security podcast #340: Heated seats, car privacy, and Graham’s porn video

What a mess! Clorox warns of “material impact” to its financial results following cyberattack

The Expel Quarterly Threat Report distills the threats and trends the Expel SOC saw in Q2. Download it now.

Yikes! My sex video has been uploaded to YouPorn, apparently

BLASTPASS: Government agencies told to secure iPhones against spyware attacks

Greater Manchester Police latest force to suffer serious data breach

Automation is key to effective and efficient pentest reporting

Car companies are collecting data on your sex life, and apparently you’re fine with that

Security Bloggers Network

Axiad and Okta Partner to Revolutionize Authentication with Phishing Resistant MFA new

Cyber Week 2023 & The Israel National Cyber Directorate Presents – Watch Live: Cyber – Week 2023 – Main Plenary, Day 2 new

Data Breaches from MOVEit Zero-Day Still Piling Up new

Unlock Cyber Security as a Service: 2023 Insights! new

More iOS Zero Days, More Mercenary Spyware — This Time: Cytrox Predator new

Randall Munroe’s XKCD ‘Urban Planning Opinion Progression’ new

Takeaways for Businesses in the Rapidly Evolving Data Security and Privacy Landscape new

What is digital trust, and why is it at risk new

Cyber Week 2023 & The Israel National Cyber Directorate Presents – Securing the ICT Supply Chain from Cybersecurity Threats new

The ROI of Microsegmentation new

SCCM Hierarchy Takeover new

Data Security Posture Management: What’s Fact and What’s Fiction? new

Rapid7

CVE-2023-42793: Critical Authentication Bypass in JetBrains TeamCity CI/CD Servers new

Rapid7 Delivers Visibility Across All 19 Steps of Attack in 2023 MITRE Engenuity ATT&CK® Evaluations: Enterprise

Rapid7 doubles down on a platform approach for Vulnerability Risk Management

Patch Tuesday - September 2023

A Look at Our Development Process of the Cloud Resource Enrichment API

CVE-2023-4528: Java Deserialization Vulnerability in JSCAPE MFT (Fixed)

Metasploit Weekly Wrap-Up

Fake Update Utilizes New IDAT Loader To Execute StealC and Lumma Infostealers

Exploitation of Juniper Networks SRX Series and EX Series Devices

PenTales: What It’s Like on the Red Team

Velociraptor 0.7.0 Release: Dig Deeper With Enhanced Client Search, Server Improvements and Expanded VQL Library

Under Siege: Rapid7-Observed Exploitation of Cisco ASA SSL VPNs

ThreatPost

Hacker News (YCombinator) - Security

Ultra-processed food linked to higher risk of depression, research finds new

Leaks Can Make Natural Gas as Bad for the Climate as Coal, a Study Says new

Pixel 8 leak promises 7 years of OS updates new

Customization for the Forensic Police (2018) new

US Government IT contractor could face death penalty over espionage charges new

The SEC Wants to Spy on Your Portfolio new

JDK 21 Security Enhancements new

Apple will charge you way less to fix cracked back glass on an iPhone 15 Pro new

Mercenary mayhem: A technical analysis of Intellexa's PREDATOR spyware

Habitually Skipping Breakfast Is Associated with the Risk of GI Cancers

Valley Fever Is a Growing Fungal Threat to Outdoor Workers

Bus Pirate 5 Firmware

digitalmunition

Hacker Noon #Security

Wired - Security

Satellite Images Show the Devastating Cost of Sudan’s Aerial War new

Your Boss’s Spyware Could Train AI to Replace You new

A Tricky New Way to Sneak Past Repressive Internet Censorship new

The Shocking Data on Kia and Hyundai Thefts in the US

Chinese Spies Infected Dozens of Networks With Thumb Drive Malware

You Need to Update Google Chrome or Whatever Browser You Use

Massive MGM and Caesars Hacks Epitomize a Vicious Ransomware Cycle

The US Congress Has Trust Issues. Generative AI Is Making It Worse

The Twisted Eye in the Sky Over Buenos Aires

China-Linked Hackers Breached a Power Grid—Again

AI Chatbots Are Invading Your Local Government—and Making Everyone Nervous

Mozilla: Your New Car Is a Data Privacy Nightmare

Control C

Convert plaintext to QR code on Linux

Krebs on Security

Who’s Behind the 8Base Ransomware Website?

Adobe, Apple, Google & Microsoft Patch 0-Day Bugs

U.S. Hacks QakBot, Quietly Removes Botnet Infections

Kroll Employee SIM-Swapped for Crypto Investor Data

Tourists Give Themselves Away by Looking Up. So Do Most Network Intruders.

Karma Catches Up to Global Phishing Service 16Shop

Diligere, Equity-Invest Are New Firms of U.K. Con Man

Microsoft Patch Tuesday, August 2023 Edition

Meet the Brains Behind the Malware-Friendly AI Chat Service ‘WormGPT’

Teach a Man to Phish and He’s Set for Life

How Malicious Android Apps Slip Into Disguise

Russia Sends Cybersecurity CEO to Jail for 14 Years

Elttam

Abusing Amazon VPC CNI plugin for Kubernetes

PwnAssistant - Controlling /home’s via a Home Assistant RCE

Naked Security

Mom’s Meals issues “Notice of Data Event”: What to know and what to do

Schneier on Security

Friday Squid Blogging: New Squid Species

New Revelations from the Snowden Documents

On the Cybersecurity Jobs Shortage

Detecting AI-Generated Text

Using Hacked LastPass Keys to Steal Cryptocurrency

Friday Squid Blogging: Cleaning Squid

LLM Summary of My Book Beyond Fear

On Technologies for Automatic Facial Recognition

Upcoming Speaking Engagements

Fake Signal and Telegram Apps in the Google Play Store

Zero-Click Exploit in iPhones

Cars Have Terrible Data Privacy

Linux Security

LinuxSecurity.com Migrates to Joomla 4 and PHP 8: Our Experience & Key Takeaways new

Mitigations for Critical c-ares DoS, Code Execution Bug Released

Harden Ubuntu Server to Secure Your Container and Other Deployments

Ubuntu 23.04 & 22.04.3 Installs Haven't Been Following Their Own Security Best Practices

APT36 Using Customized Malware to Attack Indian Government Linux and Windows Servers

Critical OpenDMARC DoS Bug Fixed

Linux Malware! Read This If You Use Free Download Manager

TCP Authentication Option "TCP-AO" Support Nears For The Linux Kernel

RISC-V With Linux 6.6 Offers Better Kernel Security With KASLR

Expanded Platform Support For AMD Dynamic Boost Control Being Worked On For Linux

The Great CentOS Linux Migration: How We Got Here and Whats Next

Hackers Using BlueShell Malware to Attack Windows, Linux, and Mac Systems

Dark Reading

Xenomorph Android Malware Targets Customers of 30 US Banks new

MOVEit Flaw Leads to 900 University Data Breaches new

UAE-Linked 'Stealth Falcon' APT Mimics Microsoft in Homoglyph Attack new

The Hot Seat: CISO Accountability in a New Era of SEC Regulation new

ASPM Is Good, but It's Not a Cure-All for App Security

Recast Software Acquires Liquit, Consolidating the Endpoint and Application Management Markets

ClassLink Provides Cybersecurity Training Course to Help Schools Protect Public Directory Data

Wing Security Launches Compliance-Grade SaaS Security Solution for Just $1.5K

Latest Acquisition Powers AI-based Network Detection and Response and Open XDR Capabilities for WatchGuard

TikTok API Rules Stymie User Data Analysis

Hackers Let Loose on Voting Gear Ahead of US Election Season

Akira Ransomware Mutates to Target Linux Systems

Securelist

Overview of IoT threats in 2023

Whitehat Security Blog

HITB News

Incomplete disclosures by Apple and Google create “huge blindspot” for 0-day hunters

'Power, influence, notoriety': The hackers who struck MGM, Caesars

Your Fingerprints Might Change the Color of Your iPhone 15 Pro

3 iOS 0-days, a cellular network compromise, and HTTP used to infect an iPhone

Worm that jumps from rats to slugs to human brains has invaded Southeast US

Middle East telcos targeted by new malware with suspected nation-state backing

DeepMind’s New AI Can Predict Genetic Diseases

Chinese hackers have unleashed a never-before-seen Linux backdoor

Archaeologists find 500-year-old board game carved in ruins of Polish castle

Millions of cheap Android TV boxes come pre-infected with botnet malware

FDA approves and authorizes updated COVID boosters for everyone 6 months and up

Yes, There’s a New Covid Variant. No, You Shouldn’t Panic

The RISKS Digest

ChatGPT Can Now Generate Images

Driverless Car Company Using Chatbots to Make Its Vehicles Smarter

Bitcoin conspiracy theory

Google accused of directing motorist to drive off collapsed bridge

Typeface trolls shaking down users of Adobe's font platform

It's 2030, and digital wallets have replaced every card in our purses and pockets

Misinformation research is buckling under GOP legal attacks

Google Search first result for "Tank Man" is e fake AI image rather than actual image from China

What politicians are doing about the Internet, RIGHT NOW

Cryptocurrency Startup Loses Encryption Key for Electronice Wallet

Bots are Better than Humans at CAPCHAS

Security in Mainstream Media

Google News Hacking

Hong Kong cannot be secure enough from hackers - South China Morning Post new

HTX Loses $7.9 Million To Hacker, Asks For Money Back - Decrypt new

Hackers steal $200M from crypto company Mixin - TechCrunch new

Russian news outlet in Latvia believes European state behind phone hack - The Guardian new

Blueface Claims Phone & Twitter Hacked In Response To Baby Genital Pics - TMZ new

Larry Hacker Obituary - Meyer Brothers Colonial Chapel - 2023 - Legacy.com new

Smells like teen hackers - POLITICO - POLITICO new

Hong Kong crypto business Mixin says hackers stole $200 million in ... - The Record from Recorded Future News new

Alert! Patch your TeamCity instance to avoid server hack - Security Affairs new

Hackers breach 2 Las Vegas casino systems - Wisconsin Law Journal new

How To Download Hacked Games For iOS - Robots.net new

Twitter Is Destroying Donald Trump Jr. After His Account Was Hacked: ‘Stop The Whining’ - SheFinds new

Google Cyber Security

Haryana police ramps up cyber security - The Tribune India new

Aviation Cyber Security Market Size and Regional Outlook Analysis 2023-2030 - Benzinga new

Embedded Cyber Security Market Recent Trends | Global Forecast From 2024 To 2031 - Benzinga new

New SEC cybersecurity disclosure rules: What you need to know to ... - TechCrunch new

Father of Jordan DeMay speaks at Cybersecurity Symposium - WLUC new

Unlock Cyber Security as a Service: 2023 Insights! - Security Boulevard new

By 2030 Cyber Security for Space Market Business Expansion | Exclusive Analysis - Benzinga new

Dallas doles out $8.5M to remediate May ransomware attack - TechTarget new

Cybersecurity Threats Affecting Businesses in September 2023 - Marcum LLP new

Cybersecurity and Infrastructure Security Agency curbs telework policy - Federal Times new

Cybersecurity and Infrastructure Security Agency curbs telework - Federal Times new

DHS unveils one common platform for reporting cyber incidents - CSO Online new

Thirsty for more

Hacker News (YCombinator)

The United States of Bed Bath & Beyond new

Burkey Belser, designer of the nutrition facts label, has died new

ChatGPT can now see, hear, and speak new

Kids’ Competitive Activities Lead to Debt for 79% of Parents new

Kids’ competitive activities lead to debt for parents new

Bosses won’t like it but WFH is a happier way to work new

‘All of Sony Systems’ Allegedly Hacked by New Ransomware Group new

Rich Sutton joins John Carmack's Keen Technologies new

Distinguishing features of Long Covid identified through immune profiling new

Is math real? new

Is Math Real? new

The SR-71 Blackbird Astro-Nav System worked by tracking the stars new

Reddit - Cyberpunk

The cinematography of this scene from Blade Runner 2049. new

weird audio bug since 2.0 new

This shot speaks to my cyberpunk soul in such a strong way. And I'm not really sure why. new

Meet Gladys new

Where's the Cyber in current Cyberpunk? new

Reddit - Security CTF