ThreatChat ThreatHistory Video Feed

S2 Ep42: Apple auth attack, Octopus Scanner, Escobar escapades – podcast – Link to post -- NakedSecurity

Botnet blasts WordPress sites with configuration download attacks – Link to post -- NakedSecurity

You DID change your password after that data breach, didn’t you? – Link to post -- NakedSecurity

Nuclear missile contractor hacked in Maze ransomware attack – Link to post -- NakedSecurity

Google deletes Indian app that deleted Chinese apps – Link to post -- NakedSecurity

Firefox fixes cryptographic data leakage in latest security update – Link to post -- NakedSecurity

VMware flaw allows takeover of multiple private clouds – Link to post -- NakedSecurity

The mystery of the expiring Sectigo web certificate – Link to post -- NakedSecurity

Hacker posts database stolen from Dark Net free hosting provider DH – Link to post -- NakedSecurity

Crime agency turns to Google ads to deter teen DDoS hackers – Link to post -- NakedSecurity

No password required! “Sign in with Apple” account takeover flaw patched – Link to post -- NakedSecurity

Amtrak breached, some customers’ logins and PII potentially exposed – Link to post -- NakedSecurity

We won! scoops “Legends of security” award – Link to post -- NakedSecurity

WhatsApp Phone Numbers Pop Up in Google Search Results — But is it a Bug? Link to post -- ThreatPost

Electrolux, Others Conned Out of Big Money by BEC Scammer Link to post -- ThreatPost

News Wrap: Fake Minneapolis Police Breach, Zoom End-To-End Encryption Debate Link to post -- ThreatPost

FTC Slams Children’s App Developer for COPPA Violations Link to post -- ThreatPost

Tycoon Ransomware Banks on Unusual Image File Tactic Link to post -- ThreatPost

Trump, Biden Campaign Staffers Targeted By APT Phishing Emails Link to post -- ThreatPost

Understanding the Payload-Less Email Attacks Evading Your Security Team Link to post -- ThreatPost

Zoom Restricts End-to-End Encryption to Paid Users Link to post -- ThreatPost

U.S. Nuclear Contractor Hit with Maze Ransomware, Data Leaked Link to post -- ThreatPost

Minneapolis Police Department Hack Likely Fake, Says Researcher Link to post -- ThreatPost

Severe Cisco DoS Flaw Can Cripple Nexus Switches Link to post -- ThreatPost

Critical SAP ASE Flaws Allow Complete Control of Databases Link to post -- ThreatPost

Octopus Scanner Sinks Tentacles into GitHub Repositories Link to post -- ThreatPost

Verizon DBIR: Web App Attacks and Security Errors Surge Link to post -- ThreatPost

Katie Moussouris: The Bug Bounty Conflict of Interest Link to post -- ThreatPost

Google Discloses Android Camera Hijack Hack Link to post -- ThreatPost

No 'Silver Bullet' Fix for Alexa, Google Smart Speaker Hacks Link to post -- ThreatPost

Marc Rogers: Success of Anonymous Bug Submission Program 'Takes A Village' Link to post -- ThreatPost

ThreatList: People Know Reusing Passwords Is Dumb, But Still Do It Link to post -- ThreatPost

70 Percent of Mobile, Desktop Apps Contain Open-Source Bugs Link to post -- ThreatPost

ThreatList: Human-Mimicking Bots Spike, Targeting e-Commerce and Travel Link to post -- ThreatPost

ThreatList: Skype-Themed Apps Hide a Raft of Malware Link to post -- ThreatPost

ThreatList: Ransomware Costs Double in Q4, Sodinokibi Dominates Link to post -- ThreatPost

Podcast: Why Identity Access Management is the New Perimeter Link to post -- ThreatPost

News Wrap: Ransomware Extortion Tactics, Contact-Tracing App Security Worries Link to post -- ThreatPost

Podcast: Shifting Cloud Security Left With Infrastructure-as-Code Link to post -- ThreatPost

News Wrap: Microsoft Sway Phish, Malicious GIF and Spyware Attacks Link to post -- ThreatPost

Troves of Zoom Credentials Shared on Hacker Forums Link to post -- ThreatPost

News Wrap: Nintendo Account Hacks, Apple Zero Days, NFL Security Link to post -- ThreatPost

Malware Risks Triple on WFH Networks: Experts Offer Advice Link to post -- ThreatPost

BEC Gang Exploits G Suite, Long Domain Names in Cyberattacks Link to post -- ThreatPost

Fake Skype, Signal Apps Used to Spread Surveillanceware Link to post -- ThreatPost

Tokyo Olympics Postponed, But 5G Security Lessons Shine Link to post -- ThreatPost

Cloud Misconfig Mistakes Show Need For DevSecOps Link to post -- ThreatPost

Akamai Talks Massive Uptick in Credential-Stuffing Attacks Against Bank APIs Link to post -- ThreatPost

Chris Eng: Patch Management Challenges Drive 'Security Debt' Link to post -- ThreatPost

Cobalt Ulster Strikes Again With New ForeLord Malware Link to post -- ThreatPost

Forrester: Keeping Smart Cities Safe From Hacks Link to post -- ThreatPost

Patrick Wardle: Apple Devices Hit With Recycled macOS Malware Link to post -- ThreatPost

2020 Cybersecurity Trends to Watch Link to post -- ThreatPost

Top Mobile Security Stories of 2019 Link to post -- ThreatPost

Facebook Security Debacles: 2019 Year in Review Link to post -- ThreatPost

Biggest Malware Threats of 2019 Link to post -- ThreatPost

Top 10 IoT Disasters of 2019 Link to post -- ThreatPost

2019 Malware Trends to Watch Link to post -- ThreatPost

Top 2018 Security and Privacy Stories Link to post -- ThreatPost

2019: The Year Ahead in Cybersecurity Link to post -- ThreatPost

2018: A Banner Year for Breaches Link to post -- ThreatPost

Q&A;: Eugene Spafford on the Risks of Internet Voting Link to post -- DarkReading

Spear-Phishing Campaign Hits Developer ... Link to post -- DarkReading

Name That Toon: Sign of the Tides Link to post -- DarkReading

Local, State Governments Face Cybersecurity Crisis Link to post -- DarkReading

The Privacy & Security Outlook for Businesses ... Link to post -- DarkReading

COVID-19: Latest Security News & Commentary Link to post -- DarkReading

New 'Tycoon' Ransomware Strain Targets Windows, Linux Link to post -- DarkReading

Malware Campaign Hides in Resumes and Medical Leave ... Link to post -- DarkReading

Strengthening Secure Information Sharing Through ... Link to post -- DarkReading

Microsoft Office Files Most Popular for Exploit Tests Link to post -- DarkReading

Could Automation Kill the Security Analyst? Link to post -- DarkReading

Slideshows - Dark Reading Link to post -- DarkReading

Kaspersky IDs Sophisticated New Malware Targeted at ... Link to post -- DarkReading

RATs 101: The Grimy Trojans That Scurry Through ... Link to post -- DarkReading

Google Faces $5B Lawsuit for Tracking Users in ... Link to post -- DarkReading

Chasing RobbinHood: Up Close with an Evolving Threat Link to post -- DarkReading

Old Spreadsheet Macro Tech Newly Popular with Criminals Link to post -- DarkReading

What Government Contractors Need to Know About ... Link to post -- DarkReading

Many Exchange Servers Are Still Vulnerable to ... Link to post -- DarkReading

Social Distancing for Healthcare's IoT Devices Link to post -- DarkReading

ZEE5 allegedly hacked by 'Korean hackers', customer info at risk Link to post -- BleepingComputer

Windows 10 SMBGhost bug gets public proof-of-concept RCE exploit Link to post -- BleepingComputer

Windows 10 Start Menu promo for Microsoft Edge can't be disabled Link to post -- BleepingComputer

US aerospace services provider breached by Maze Ransomware Link to post -- BleepingComputer

Fake ransomware decryptor double-encrypts desperate victims' files Link to post -- BleepingComputer

How to free up space after Windows 10 May 2020 Update Link to post -- BleepingComputer

The Week in Ransomware - June 5th 2020 - Threat actors team up Link to post -- BleepingComputer

Fitness Depot hit by data breach after ISP fails to 'activate the antivirus' Link to post -- BleepingComputer

Microsoft dev fixes major annoyance in Chromium browser Link to post -- BleepingComputer

Kupidon is the latest ransomware targeting your data Link to post -- BleepingComputer

Microsoft Teams to queue offline messages until back online Link to post -- BleepingComputer

Ongoing eCh0raix ransomware campaign targets QNAP NAS devices Link to post -- BleepingComputer

100,000 company inboxes hit with voice message phishing Link to post -- BleepingComputer

Microsoft fixes admin mode bugs affecting Windows 10 PowerToys Link to post -- BleepingComputer

CPA Canada discloses data breach affecting 329,000 individuals Link to post -- BleepingComputer

Mozilla Firefox to let you export saved passwords in plain text Link to post -- BleepingComputer

Hackers tried to steal database logins from 1.3M WordPress sites Link to post -- BleepingComputer

Business services giant Conduent hit by Maze Ransomware Link to post -- BleepingComputer

New Tycoon ransomware targets both Windows and Linux systems Link to post -- BleepingComputer

USBCulprit malware targets air-gapped systems to steal govt info Link to post -- BleepingComputer

North Dakota Contact Tracing App Ends Data Share with Foursquare Link to post -- InfoSec-Magazine

Florida Student Discovers Flaws in Leading Doorbell Security Cameras Link to post -- InfoSec-Magazine

Maine Community College Becomes First in State to Offer Cybersecurity Program Link to post -- InfoSec-Magazine

Sophos Confirms Restructuring Plans, Denies Blog Closure Link to post -- InfoSec-Magazine

Facebook Labels State-Controlled Media Ahead of US Elections Link to post -- InfoSec-Magazine

A Country in Crisis: Data Privacy in the US Link to post -- InfoSec-Magazine

Chinese and Iranian State Hackers Target Trump/Biden Campaigns Link to post -- InfoSec-Magazine

Avoiding the Security Pitfalls of Digital Transformation Link to post -- InfoSec-Magazine

Role of the CISO During a Turbulent Year Link to post -- InfoSec-Magazine

Infosecurity Magazine's Women In Cybersecurity - Virtual Event Link to post -- InfoSec-Magazine

#WFH and Network Security – Lessons Learned So Far Link to post -- InfoSec-Magazine

Protecting your Organization Against Phishing Attacks Link to post -- InfoSec-Magazine

Safeguarding Your Digital Transformation with Detection and Response Link to post -- InfoSec-Magazine

The Power of Continuous AppSec and How to Achieve It Link to post -- InfoSec-Magazine

Remotely Manage Secure File Transfers Amid COVID-19 and Beyond Link to post -- InfoSec-Magazine

Why Remediation Needs to be Part of Your Vulnerability Management Program Link to post -- InfoSec-Magazine

Using SIEM to Protect Against Top Cybersecurity Threats Link to post -- InfoSec-Magazine

How to Build a Program to Manage Your Third Parties and Supply Chain Link to post -- InfoSec-Magazine

Zero Trust: A Cybersecurity Essential and the Key to Success Link to post -- InfoSec-Magazine

Cyber-Attack Hits US Nuclear Missile Sub-Contractor Link to post -- InfoSec-Magazine

Chicago Police Scanner Jammed by Hackers Amid Riots Link to post -- InfoSec-Magazine

DDoS-ers Target Black Lives Matter Groups Link to post -- InfoSec-Magazine

CISSP Qualification Given Cert Status Equivalent to Master’s Degree Level Link to post -- InfoSec-Magazine

ISO 27701: The New Privacy Standard, and How You Can Get Certified and Compliant Link to post -- InfoSec-Magazine

Advanced Protection Against Zero Day Threats and Malware Link to post -- InfoSec-Magazine

Mitigating the Spear-Phishing Attack Threat Link to post -- InfoSec-Magazine

Who is Responsible for End-of-Life Data Destruction? Link to post -- InfoSec-Magazine

#Infosec20: Best Cybersecurity Practices for SMEs Link to post -- InfoSec-Magazine

Japan to Review Cyber-Bullying Laws Following Wrestler's Suicide Link to post -- InfoSec-Magazine

NATO Condemns Cyber-Attacks Link to post -- InfoSec-Magazine

Netizens Urged Not to Use Name as Password Link to post -- InfoSec-Magazine

Personal Data of 74,000 Members of San Francisco Retirement System Exposed Link to post -- InfoSec-Magazine

Google Adds YubiKey Support for Apple Devices Link to post -- InfoSec-Magazine

Fraudulent iOS VPN Apps Attempt to Scam Users Link to post -- InfoSec-Magazine

Phishing campaign targets remote workers with fake voicemail notifications Link to post -- SCMagazine

Work from home survey finds major security lapses as workers share devices, reuse passwords Link to post -- SCMagazine

States' lack of DMARC adoption ups risk of Covid-19 email spoofing scams Link to post -- SCMagazine

High-severity bugs patched in Chrome, Firefox browsers Link to post -- SCMagazine

Cisco security advisories address 47 flaws, three critical Link to post -- SCMagazine

UCSF, Conduent are latest to suffer the slings and arrows of ransomware Link to post -- SCMagazine

Attack targeted database credentials on 1.3 million WordPress sites Link to post -- SCMagazine

Chinese, Iranian phishing campaigns target Biden, Trump campaigns Link to post -- SCMagazine

'Enterprise-grade' BazarBackdoor malware delivered via spear phishing emails Link to post -- SCMagazine

Achieving an audacious goal by treating cybersecurity like a science Link to post -- SCMagazine

The price of bad compromises: Enterprises face critical trust gaps Link to post -- SCMagazine

5 Steps organizations should take to ensure CCPA compliance Link to post -- SCMagazine

New Tycoon ransomware leverages JIMAGE files, steals PII, encrypts Linux and Windows systems Link to post -- SCMagazine

San Francisco benefits program breach exposes PII on 74,000 Link to post -- SCMagazine

Twitter getting better at detecting fraudulent accounts Link to post -- SCMagazine

New ransomware trends: Auctioning stolen files, adversaries joining forces Link to post -- SCMagazine

DOJ asks Supreme Court to scuttle lower court order to turn over redacted Mueller grand jury docs Link to post -- SCMagazine

Apple security update patches iOS jailbreak vulnerability Link to post -- SCMagazine

U.S. Nuclear Contractor Hit with Maze Ransomware, Data Leaked Link to post -- PacketStorm

QNAP NAS devices targeted in another wave of ransomware attacks Link to post -- PacketStorm

Iran- and China-backed phishers try to hook the Trump and Biden campaigns Link to post -- PacketStorm

Combat drone to compete against piloted plane Link to post -- PacketStorm

Ubuntu Security Notice USN-4383-1 Link to post -- PacketStorm

WinGate 9.4.1.5998 Insecure Permissions / Privilege Escalation Link to post -- PacketStorm

Avaya IP Office 11 Insecure Transit / Password Disclosure Link to post -- PacketStorm

Faraday 3.11.1 Link to post -- PacketStorm

Cisco UCS Director Cloupia Script Remote Code Execution Link to post -- PacketStorm

Castel NextGen DVR 1.0.0 Bypass / CSRF / Disclosure Link to post -- PacketStorm

Online Course Registration 1.0 SQL Injection Link to post -- PacketStorm

Quick Player 1.3 Denial Of Service Link to post -- PacketStorm

WordPress Drag And Drop Multi File Uploader Remote Code Execution Link to post -- PacketStorm

WebLogic Server Deserialization Remote Code Execution Link to post -- PacketStorm

Ubuntu Security Notice USN-4382-1 Link to post -- PacketStorm

Cayin Digital Signage System xPost 2.5 Code Execution / SQL Injection Link to post -- PacketStorm

VMWare vCloud Director 9.7.0.15498291 Remote Code Execution Link to post -- PacketStorm

Cayin Content Management Server 11.0 Root Remote Command Injection Link to post -- PacketStorm

Navigate CMS 2.8.7 Cross Site Request Forgery Link to post -- PacketStorm

Cayin Signage Media Player 3.0 Root Remote Command Injection Link to post -- PacketStorm

NeonLMS Learning Management System PHP Laravel Script 4.6 XSS Link to post -- PacketStorm

NeonLMS Learning Management System PHP Laravel Script 4.6 File Download Link to post -- PacketStorm

Ubuntu Security Notice USN-4381-2 Link to post -- PacketStorm

Navigate CMS 2.8.7 Directory Traversal Link to post -- PacketStorm

Secure Computing SnapGear Management Console SG560 3.1.5 Arbitrary File Read / Write Link to post -- PacketStorm

Online Marriage Registration System 1.0 Remote Code Execution Link to post -- PacketStorm

Secure Computing SnapGear Management Console SG560 3.1.5 CSRF Link to post -- PacketStorm

D-Link DIR-615 T1 20.10 CAPTCHA Bypass Link to post -- PacketStorm

Underconstructionpage Cross Site Scripting Link to post -- PacketStorm

Twitter accuses President Trump of making 'false claims' Link to post -- PacketStorm

San Francisco benefits program breach exposes PII on 74,000 Link to post -- PacketStorm

Google Faces Privacy Lawsuit Over Tracking Users in Incognito Mode Link to post -- PacketStorm

The Pentagon’s hand-me-downs helped militarize police. Here’s how Link to post -- PacketStorm

Google opens up Advanced Protection Program to Nest devices Link to post -- PacketStorm

Zoom won't add end-to-end encryption to free calls so it can keep aiding police Link to post -- PacketStorm

US cop hits Australian cameraman live on national television Link to post -- PacketStorm

Enterprise Mobile Phishing Attacks Skyrocket Amidst Pandemic Link to post -- PacketStorm

Facebook's Zuckerberg accused of setting dangerous precedent over Trump Link to post -- PacketStorm

G Suite Marketplace primed for a privacy scandal, researchers warn Link to post -- PacketStorm

Machine Learning-based Digital Fraud Detection - The Startup Link to post -- Medium

Why Code Snippets From Stack Overflow Can Break Your Project Link to post -- Medium

The Social Justice Conversation Is Part of Leadership Link to post -- Medium

How to Create a Culture of Cybersecurity at Your Company Link to post -- Medium

Turning Virtue Signaling Into Actual Virtue - Inc Magazine Link to post -- Medium

RobbinHood ransomware and the Merry Men | Medium Link to post -- Medium

Detecting Lateral Movement by Data Analysis - The Startup Link to post -- Medium

How to Create a Culture of Cybersecurity at Your Company Link to post -- Medium

Zoom Sprints to Improve Security and Privacy - The Startup Link to post -- Medium

General Data Protection Regulation (GDPR) from the Information Security Perspective Link to post -- Medium

5 Circular Phases of Sec in DevSecOps - Can Bilgin Link to post -- Medium

5 Must-Do To Protect Your Privacy Online - The Startup Link to post -- Medium

A Computer Spying Method You’ve Probably Never Heard Of Link to post -- Medium

Stealing Secrets from Developers using Websockets - Steve Stagg Link to post -- Medium

React Authentication: How to Store JWT in a Cookie - Ryan Chenkie Link to post -- Medium

Top US aerospace services provider suffers breach, loses 1.5 TB of data Link to post

Hack Alert - US aerospace services provider breached by Maze Ransomware | MalwareTips Community Link to post

George Floyd: Anonymous hackers re-emerge amid US unrest - EntornoInteligente Link to post

University Students Discover Access Flaws in 16 IoT Cameras | TechNadu Link to post

Critical flaw could have allowed attackers to control traffic lightsSecurity Affairs Link to post -- Medium

Exploit code for wormable flaw on unpatched Windows devices published online Link to post

Ireland coronavirus lockdown: Shops to reopen and people to be allowed visitors in their homes | UK News | Sky News Link to post

France declares coronavirus 'under control' and won't impose new lockdown even if second wave strikes Link to post

India overtakes Italy’s coronavirus tally as lockdown easing looms | National Post Link to post

Iran records surge in Covid-19, raising fears of a second wave Link to post

Ireland hopes to restart international travel later in the summer | National Post Link to post

Pakistan shuts shops and markets to check COVID-19 - GulfToday Link to post

Venice flooded by high tides two days after Italy reopened | Daily Mail Online Link to post

Subscribe to read | Financial Times Link to post

Letters: Scottish Government must take responsibility for what has gone wrong | HeraldScotland Link to post

Martin Rowson on the UK government's face mask policy – cartoon | Opinion Link to post

Government to tackle structural inequalities affecting Covid-19 deaths - BelfastTelegraph.co.uk Link to post

UK Government's Proposed 14-Day Quarantine Rule Widely Panned By Airlines, Tories, Business Groups Link to post

"Seeding Event" For Fresh COVID-19 Explosion: CDC Chief Urges Protesters To Get Tested | Zero Hedge Link to post

California says film and TV production can resume as early as June 12 | National Post Link to post

Coronavirus in Colorado, June 5: A look at the latest updates on COVID-19 Link to post

Employment numbers improve for Hawaii, nation as businesses reopen | Honolulu Star-Advertiser Link to post

Some people are engaging in ‘high-risk’ practices in misguided effort to combat coronavirus, CDC says - The Boston Globe Link to post

Education Department claims invalid addresses preventing halt of wage garnishment - The Washington Post Link to post -- Medium

COVID-19 situation reports

Link to post

Fake ransomware decryptor double-encrypts desperate victims' files Link to post

Ebay is port scanning visitors to their website - and they aren't the only ones - nem.ec Link to post

Defeating Stack Canary, PIE and DEP on remote 64 bit server with byte wise bruteforce Link to post

AES cipher internals in Excel Link to post

25 million user records leak online from popular math app Mathway | ZDNet Link to post

Coding an ADVANCED BACKDOOR | PART 1 - YouTube Link to post

New Resources Available for Password Manager Apps - News - Apple Developer Link to post

Friday Squid Blogging: Shark vs. Squid - Schneier on Security Link to post

House leadership is trying to ram through a reauthorization of FISA and PATRIOT Act surveillance authorities using an obscure Congressional mechanism Link to post

Threat Intel | Cyber Attacks Leveraging the COVID-19/CoronaVirus Pandemic - SentinelLabs Link to post

New Research: "Privacy Threats in Intimate Relationships" - Schneier on Security Link to post

The State of Secure Software: Past, Present, and Future Link to post

Coding an ADVANCED BACKDOOR | PART 1 - YouTube Link to post

Detailed Audit of Voatz' Voting App Confirms Security Flaws Link to post

IBM Releases Fully Homomorphic Encryption Toolkit for MacOS and iOS; Linux and Android Coming Soon | IBM Research Blog Link to post

Hack The Box: Nest – Khaotic Developments Link to post

Cisco NX-OS Software Unexpected IP in IP Packet Processing Vulnerability Link to post

Fake ransomware decryptor double-encrypts desperate victims' files Link to post

Defeating Stack Canary, PIE and DEP on remote 64 bit server with byte wise bruteforce Link to post

Best Password Manager Reviews - Consumer Reports Link to post

COVID-19 Cyber Attacks - WebARX Security Link to post

Introduction - Secure Rust Guidelines Link to post

The Espionage Act Reform Bill Addresses Key Press Concerns Link to post

Security Love Languages: 8 Tips to Win Friends and Influence People in Security Link to post

Analyzing Honeypot Data with Azure Sentinel Link to post

Why Citizen is the unofficial social network for protests Link to post

GitHub - veeral-patel/learn-security-engineering: How I'm learning to build secure systems Link to post

Coding an ADVANCED BACKDOOR | PART 3 - YouTube Link to post

Reassembling a Mul-T-Lock C-Series Padlock with Split Core - YouTube Link to post

Analyzing Honeypot Data with Azure Sentinel Link to post

Russian Hackers Attack US Nuclear Missile Contractor, Demand Ransom for Stolen Data | forklog.media Link to post

Coding an ADVANCED BACKDOOR | PART 2 - YouTube Link to post

The Plan - Finding a program - Bug Bounty - Ep - 01 - YouTube Link to post

This new ransomware is targeting Windows and Linux PCs with a 'unique' attack | ZDNet Link to post

Firefox to remove support for the FTP protocol | ZDNet Link to post

Incident: Big Footy data breach exposed private details of up to 100,000 users | WAtoday - Australian Information Security Awareness and Advisory Link to post

Coding an ADVANCED BACKDOOR | PART 3 - YouTube Link to post

Nest - Hack The Box · Sabe Barker Link to post

HackTheBox - Blocky | Noob To OSCP Episode #29 - YouTube Link to post

Defeating Stack Canary, PIE and DEP on remote 64 bit server with byte wise bruteforce Link to post

Google exploring using location info to slow coronavirus spread Link to post

DIY Intruder Alarm | Arduino Projects - YouTube Link to post

The U.S. wants smartphone location data to fight coronavirus. Privacy advocates are worried. Link to post

Protect our Speech and Security Online: Reject the Graham-Blumenthal Bill | EFF Action Center Link to post

Zoom's Commitment to User Security Depends on Whether you Pay It or Not - Schneier on Security Link to post

----Vulners.com High Sev. Last Day----

----NVD Last 3 Days----

CVE#: CVE-2018-21235 Published Date: 2020-06-04 CVSS: NO CVSS
Description: An issue was discovered in Foxit E-mail advertising system before September 2018. It allows authentication bypass and information disclosure, related to Interspire Email Marketer.

CVE#: CVE-2018-21236 Published Date: 2020-06-04 CVSS: NO CVSS
Description: An issue was discovered in Foxit Reader before 2.4.4. It has a NULL pointer dereference.

CVE#: CVE-2018-21237 Published Date: 2020-06-04 CVSS: NO CVSS
Description: An issue was discovered in Foxit PhantomPDF before 8.3.7. It allows NTLM credential theft via a GoToE or GoToR action.

CVE#: CVE-2018-21238 Published Date: 2020-06-04 CVSS: NO CVSS
Description: An issue was discovered in Foxit PhantomPDF before 8.3.7. It allows memory consumption via an ArrayBuffer(0xfffffffe) call.

CVE#: CVE-2018-21239 Published Date: 2020-06-04 CVSS: NO CVSS
Description: An issue was discovered in Foxit Reader and PhantomPDF before 9.2. It allows NTLM credential theft via a GoToE or GoToR action.

CVE#: CVE-2018-21240 Published Date: 2020-06-04 CVSS: NO CVSS
Description: An issue was discovered in Foxit Reader and PhantomPDF before 9.2. It allows memory consumption via an ArrayBuffer(0xfffffffe) call.

CVE#: CVE-2018-21241 Published Date: 2020-06-04 CVSS: NO CVSS
Description: An issue was discovered in Foxit PhantomPDF before 8.3.6. It has an untrusted search path that allows a DLL to execute remote code.

CVE#: CVE-2018-21242 Published Date: 2020-06-04 CVSS: NO CVSS
Description: An issue was discovered in Foxit PhantomPDF before 8.3.6. It allows Remote Code Execution via a GoToE or GoToR action.

CVE#: CVE-2018-21243 Published Date: 2020-06-04 CVSS: NO CVSS
Description: An issue was discovered in Foxit PhantomPDF before 8.3.6. It has COM object mishandling when Microsoft Word is used.

CVE#: CVE-2018-21244 Published Date: 2020-06-04 CVSS: NO CVSS
Description: An issue was discovered in Foxit PhantomPDF before 8.3.6. It allows arbitrary application execution via an embedded executable file in a PDF portfolio, aka FG-VD-18-029.

CVE#: CVE-2019-16150 Published Date: 2020-06-04 CVSS: NO CVSS
Description: Use of a hard-coded cryptographic key to encrypt security sensitive data in local storage and configuration in FortiClient for Windows prior to 6.4.0 may allow an attacker with access to the local storage or the configuration backup file to decrypt the sensitive data via knowledge of the hard-coded key.

CVE#: CVE-2019-16384 Published Date: 2020-06-04 CVSS: 3.6
Description: Cybele Thinfinity VirtualUI 2.5.17.2 allows ../ path traversal that can be used for data exfiltration. This enables files outside of the web directory to be retrieved if the exact location is known and the user has permissions.

CVE#: CVE-2019-16385 Published Date: 2020-06-04 CVSS: 2.7
Description: Cybele Thinfinity VirtualUI 2.5.17.2 allows HTTP response splitting via the mimetype parameter within a PDF viewer request, as demonstrated by an example.pdf?mimetype= substring. The victim user must load an application request to view a PDF, containing the malicious payload. This results in a reflected XSS payload being executed.

CVE#: CVE-2019-20813 Published Date: 2020-06-04 CVSS: 3.6
Description: An issue was discovered in Foxit PhantomPDF before 8.3.12. It has a NULL pointer dereference.

CVE#: CVE-2019-20814 Published Date: 2020-06-04 CVSS: 3.6
Description: An issue was discovered in Foxit PhantomPDF before 8.3.12. It allows memory consumption because data is created for each page of an application level.

CVE#: CVE-2019-20815 Published Date: 2020-06-04 CVSS: 3.6
Description: An issue was discovered in Foxit PhantomPDF before 8.3.12. It allows stack consumption via nested function calls for XML parsing.

CVE#: CVE-2019-20816 Published Date: 2020-06-04 CVSS: 3.6
Description: An issue was discovered in Foxit PhantomPDF before 8.3.12. It has a NULL pointer dereference.

CVE#: CVE-2019-20817 Published Date: 2020-06-04 CVSS: 3.6
Description: An issue was discovered in Foxit Reader and PhantomPDF before 9.7. It has a NULL pointer dereference.

CVE#: CVE-2019-20818 Published Date: 2020-06-04 CVSS: 3.6
Description: An issue was discovered in Foxit Reader and PhantomPDF before 9.7. It allows memory consumption because data is created for each page of an application level.

CVE#: CVE-2019-20819 Published Date: 2020-06-04 CVSS: 3.6
Description: An issue was discovered in Foxit Reader and PhantomPDF before 9.7. It allows stack consumption via nested function calls for XML parsing.

CVE#: CVE-2019-20820 Published Date: 2020-06-04 CVSS: 3.6
Description: An issue was discovered in Foxit Reader and PhantomPDF before 9.7. It has a NULL pointer dereference.

CVE#: CVE-2019-20821 Published Date: 2020-06-04 CVSS: NO CVSS
Description: An issue was discovered in Foxit PhantomPDF Mac before 3.4. It has a NULL pointer dereference.

CVE#: CVE-2019-20822 Published Date: 2020-06-04 CVSS: NO CVSS
Description: An issue was discovered in the 3D Plugin Beta for Foxit Reader and PhantomPDF before 9.7.0.29430. It has an out-of-bounds write via incorrect image data.

CVE#: CVE-2019-20823 Published Date: 2020-06-04 CVSS: NO CVSS
Description: An issue was discovered in Foxit PhantomPDF before 8.3.11. It has a buffer overflow because a looping correction does not occur after JavaScript updates Field APs.

CVE#: CVE-2019-20824 Published Date: 2020-06-04 CVSS: NO CVSS
Description: An issue was discovered in Foxit PhantomPDF before 8.3.11. It has a NULL pointer dereference via FXSYS_wcslen in an Epub file.

CVE#: CVE-2019-20825 Published Date: 2020-06-04 CVSS: NO CVSS
Description: An issue was discovered in Foxit PhantomPDF before 8.3.11. It has an out-of-bounds write when Internet Explorer is used.

CVE#: CVE-2019-20826 Published Date: 2020-06-04 CVSS: NO CVSS
Description: An issue was discovered in Foxit PhantomPDF Mac 3.3 and Foxit Reader for Mac before 3.3. It has a NULL pointer dereference.

CVE#: CVE-2019-20827 Published Date: 2020-06-04 CVSS: NO CVSS
Description: An issue was discovered in Foxit PhantomPDF Mac 3.3 and Foxit Reader for Mac before 3.3. It allows stack consumption because of interaction between ICC-Based color space and Alternate color space.

CVE#: CVE-2019-20828 Published Date: 2020-06-04 CVSS: 3.6
Description: An issue was discovered in Foxit Reader and PhantomPDF before 9.6. It has a buffer overflow because a looping correction does not occur after JavaScript updates Field APs.

CVE#: CVE-2019-20829 Published Date: 2020-06-04 CVSS: 3.6
Description: An issue was discovered in Foxit Reader and PhantomPDF before 9.6. It has a NULL pointer dereference via FXSYS_wcslen in an Epub file.

CVE#: CVE-2019-20830 Published Date: 2020-06-04 CVSS: 5.9
Description: An issue was discovered in Foxit Reader and PhantomPDF before 9.6. It has an out-of-bounds write when Internet Explorer is used.

CVE#: CVE-2019-20831 Published Date: 2020-06-04 CVSS: NO CVSS
Description: An issue was discovered in the 3D Plugin Beta for Foxit Reader and PhantomPDF before 9.5.0.20733. It has void data mishandling, causing a crash.

CVE#: CVE-2019-20832 Published Date: 2020-06-04 CVSS: NO CVSS
Description: An issue was discovered in Foxit PhantomPDF before 8.3.10. It has homograph mishandling.

CVE#: CVE-2019-20833 Published Date: 2020-06-04 CVSS: NO CVSS
Description: An issue was discovered in Foxit PhantomPDF before 8.3.10. It has mishandling of cloud credentials, as demonstrated by Google Drive.

CVE#: CVE-2019-20834 Published Date: 2020-06-04 CVSS: NO CVSS
Description: An issue was discovered in Foxit PhantomPDF before 8.3.10. It allows signature validation bypass via a modified file or a file with non-standard signatures.

CVE#: CVE-2019-20835 Published Date: 2020-06-04 CVSS: 1.4
Description: An issue was discovered in Foxit Reader and PhantomPDF before 9.5. It has homograph mishandling.

CVE#: CVE-2019-20836 Published Date: 2020-06-04 CVSS: 3.6
Description: An issue was discovered in Foxit Reader and PhantomPDF before 9.5. It has mishandling of cloud credentials, as demonstrated by Google Drive.

CVE#: CVE-2019-20837 Published Date: 2020-06-04 CVSS: 3.6
Description: An issue was discovered in Foxit Reader and PhantomPDF before 9.5. It allows signature validation bypass via a modified file or a file with non-standard signatures.

CVE#: CVE-2020-10061 Published Date: 2020-06-05 CVSS: NO CVSS
Description: Improper handling of the full-buffer case in the Zephyr Bluetooth implementation can result in memory corruption. This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions, and version 1.14.0 and later versions.

CVE#: CVE-2020-10062 Published Date: 2020-06-05 CVSS: NO CVSS
Description: An off-by-one error in the Zephyr project MQTT packet length decoder can result in memory corruption and possible remote code execution. NCC-ZEP-031 This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions.

CVE#: CVE-2020-10063 Published Date: 2020-06-05 CVSS: NO CVSS
Description: A remote adversary with the ability to send arbitrary CoAP packets to be parsed by Zephyr is able to cause a denial of service. This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions.

CVE#: CVE-2020-10068 Published Date: 2020-06-05 CVSS: NO CVSS
Description: In the Zephyr project Bluetooth subsystem, certain duplicate and back-to-back packets can cause incorrect behavior, resulting in a denial of service. This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions, and version 1.14.0 and later versions.

CVE#: CVE-2020-10070 Published Date: 2020-06-05 CVSS: NO CVSS
Description: In the Zephyr Project MQTT code, improper bounds checking can result in memory corruption and possibly remote code execution. NCC-ZEP-031 This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions.

CVE#: CVE-2020-10071 Published Date: 2020-06-05 CVSS: NO CVSS
Description: The Zephyr MQTT parsing code performs insufficient checking of the length field on publish messages, allowing a buffer overflow and potentially remote code execution. NCC-ZEP-031 This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions.

CVE#: CVE-2020-10543 Published Date: 2020-06-05 CVSS: NO CVSS
Description: Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow.

CVE#: CVE-2020-10546 Published Date: 2020-06-04 CVSS: 5.9
Description: rConfig 3.9.4 and previous versions has unauthenticated compliancepolicies.inc.php SQL injection. Because, by default, nodes' passwords are stored in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices.

CVE#: CVE-2020-10547 Published Date: 2020-06-04 CVSS: 5.9
Description: rConfig 3.9.4 and previous versions has unauthenticated compliancepolicyelements.inc.php SQL injection. Because, by default, nodes' passwords are stored in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices.

CVE#: CVE-2020-10548 Published Date: 2020-06-04 CVSS: 5.9
Description: rConfig 3.9.4 and previous versions has unauthenticated devices.inc.php SQL injection. Because, by default, nodes' passwords are stored in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices.

CVE#: CVE-2020-10549 Published Date: 2020-06-04 CVSS: 5.9
Description: rConfig 3.9.4 and previous versions has unauthenticated snippets.inc.php SQL injection. Because, by default, nodes' passwords are stored in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices.

CVE#: CVE-2020-10702 Published Date: 2020-06-04 CVSS: NO CVSS
Description: A flaw was found in QEMU in the implementation of the Pointer Authentication (PAuth) support for ARM introduced in version 4.0 and fixed in version 5.0.0. A general failure of the signature generation process caused every PAuth-enforced pointer to be signed with the same signature. A local attacker could obtain the signature of a protected pointer and abuse this flaw to bypass PAuth protection for all programs running on QEMU.

CVE#: CVE-2020-10878 Published Date: 2020-06-05 CVSS: NO CVSS
Description: Perl before 5.30.3 has an integer overflow related to mishandling of a "PL_regkind[OP(n)] == NOTHING" situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction injection.

CVE#: CVE-2020-11094 Published Date: 2020-06-04 CVSS: NO CVSS
Description: The October CMS debugbar plugin before version 3.1.0 contains a feature where it will log all requests (and all information pertaining to each request including session data) whenever it is enabled. This presents a problem if the plugin is ever enabled on a system that is open to untrusted users as the potential exists for them to use this feature to view all requests being made to the application and obtain sensitive information from those requests. There even exists the potential for account takeovers of authenticated users by non-authenticated public users, which would then lead to a number of other potential issues as an attacker could theoretically get full access to the system if the required conditions existed. Issue has been patched in v3.1.0 by locking down access to the debugbar to all users; it now requires an authenticated backend user with a specifically enabled permission before it is even usable, and the feature that allows access to stored request information is restricted behind a different permission that's more restrictive.

CVE#: CVE-2020-11492 Published Date: 2020-06-05 CVSS: NO CVSS
Description: An issue was discovered in Docker Desktop through 2.2.0.5 on Windows. If a local attacker sets up their own named pipe prior to starting Docker with the same name, this attacker can intercept a connection attempt from Docker Service (which runs as SYSTEM), and then impersonate their privileges.

CVE#: CVE-2020-11679 Published Date: 2020-06-04 CVSS: NO CVSS
Description: Castel NextGen DVR v1.0.0 is vulnerable to privilege escalation through the Adminstrator/Users/Edit/:UserId functionality. Adminstrator/Users/Edit/:UserId fails to check that the request was submitted by an Administrator. This allows a normal user to escalate their privileges by adding additional roles to their account.

CVE#: CVE-2020-11680 Published Date: 2020-06-04 CVSS: NO CVSS
Description: Castel NextGen DVR v1.0.0 is vulnerable to authorization bypass on all administrator functionality. The application fails to check that a request was submitted by an administrator. Consequently, a normal user can perform actions including, but not limited to, creating/modifying the file store, creating/modifying alerts, creating/modifying users, etc.

CVE#: CVE-2020-11681 Published Date: 2020-06-04 CVSS: NO CVSS
Description: Castel NextGen DVR v1.0.0 stores and displays credentials for the associated SMTP server in cleartext. Low privileged users can exploit this to create an administrator user and obtain the SMTP credentials.

CVE#: CVE-2020-11682 Published Date: 2020-06-04 CVSS: NO CVSS
Description: Castel NextGen DVR v1.0.0 is vulnerable to CSRF in all state-changing request. A __RequestVerificationToken is set by the web interface, and included in requests sent by web interface. However, this token is not verified by the application: the token can be removed from all requests and the request will succeed.

CVE#: CVE-2020-11696 Published Date: 2020-06-05 CVSS: NO CVSS
Description: In Combodo iTop a menu shortcut name can be exploited with a stored XSS payload. This is fixed in all iTop packages (community, essential, professional) in version 2.7.0 and iTop essential and iTop professional in version 2.6.4.

CVE#: CVE-2020-11697 Published Date: 2020-06-05 CVSS: NO CVSS
Description: In Combodo iTop, dashboard ids can be exploited with a reflective XSS payload. This is fixed in all iTop packages (community, essential, professional) for version 2.7.0 and in iTop essential and iTop professional packages for version 2.6.4.

CVE#: CVE-2020-11975 Published Date: 2020-06-05 CVSS: NO CVSS
Description: Apache Unomi allows conditions to use OGNL scripting which offers the possibility to call static Java classes from the JDK that could execute code with the permission level of the running Java process.

CVE#: CVE-2020-12723 Published Date: 2020-06-05 CVSS: NO CVSS
Description: regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls.

CVE#: CVE-2020-12847 Published Date: 2020-06-04 CVSS: NO CVSS
Description: Pydio Cells 2.0.4 web application offers an administrative console named “Cells Console” that is available to users with an administrator role. This console provides an administrator user with the possibility of changing several settings, including the application’s mailer configuration. It is possible to configure a few engines to be used by the mailer application to send emails. If the user selects the “sendmail” option as the default one, the web application offers to edit the full path where the sendmail binary is hosted. Since there is no restriction in place while editing this value, an attacker authenticated as an administrator user could force the web application into executing any arbitrary binary.

CVE#: CVE-2020-12848 Published Date: 2020-06-05 CVSS: NO CVSS
Description: In Pydio Cells 2.0.4, once an authenticated user shares a file selecting the create a public link option, a hidden shared user account is created in the backend with a random username. An anonymous user that obtains a valid public link can get the associated hidden account username and password and proceed to login to the web application. Once logged into the web application with the hidden user account, some actions that were not available with the public share link can now be performed.

CVE#: CVE-2020-12849 Published Date: 2020-06-05 CVSS: NO CVSS
Description: Pydio Cells 2.0.4 allows any user to upload a profile image to the web application, including standard and shared user roles. These profile pictures can later be accessed directly with the generated URL by any unauthenticated or authenticated user.

CVE#: CVE-2020-12851 Published Date: 2020-06-04 CVSS: NO CVSS
Description: Pydio Cells 2.0.4 allows an authenticated user to write or overwrite existing files in another user’s personal and cells folders (repositories) by uploading a custom generated ZIP file and leveraging the file extraction feature present in the web application. The extracted files will be placed in the targeted user folders.

CVE#: CVE-2020-12852 Published Date: 2020-06-04 CVSS: NO CVSS
Description: The update feature for Pydio Cells 2.0.4 allows an administrator user to set a custom update URL and the public RSA key used to validate the downloaded update package. The update process involves downloading the updated binary file from a URL indicated in the update server response, validating its checksum and signature with the provided public key and finally replacing the current application binary. To complete the update process, the application’s service or appliance needs to be restarted. An attacker with administrator access can leverage the software update feature to force the application to download a custom binary that will replace current Pydio Cells binary. When the server or service is eventually restarted the attacker will be able to execute code under the privileges of the user running the application. In the Pydio Cells enterprise appliance this is with the privileges of the user named “pydio”.

CVE#: CVE-2020-12853 Published Date: 2020-06-04 CVSS: NO CVSS
Description: Pydio Cells 2.0.4 allows XSS. A malicious user can either upload or create a new file that contains potentially malicious HTML and JavaScript code to personal folders or accessible cells.

CVE#: CVE-2020-13646 Published Date: 2020-06-05 CVSS: NO CVSS
Description: In the cheetah free wifi 5.1 driver file liebaonat.sys, local users are allowed to cause a denial of service (BSOD) or other unknown impact due to failure to verify the value of a specific IOCTL.

CVE#: CVE-2020-13692 Published Date: 2020-06-04 CVSS: NO CVSS
Description: PostgreSQL JDBC Driver (aka PgJDBC) before 42.2.13 allows XXE.

CVE#: CVE-2020-13765 Published Date: 2020-06-04 CVSS: NO CVSS
Description: rom_copy() in hw/core/loader.c in QEMU 4.1.0 does not validate the relationship between two addresses, which allows attackers to trigger an invalid memory copy operation.

CVE#: CVE-2020-13768 Published Date: 2020-06-04 CVSS: NO CVSS
Description: In MiniShare before 1.4.2, there is a stack-based buffer overflow via an HTTP PUT request, which allows an attacker to achieve arbitrary code execution, a similar issue to CVE-2018-19861, CVE-2018-19862, and CVE-2019-17601. NOTE: this product is discontinued.

CVE#: CVE-2020-13777 Published Date: 2020-06-04 CVSS: NO CVSS
Description: GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography for encrypting a session ticket (a loss of confidentiality in TLS 1.2, and an authentication bypass in TLS 1.3). The earliest affected version is 3.6.4 (2018-09-24) because of an error in a 2018-09-18 commit. Until the first key rotation, the TLS server always uses wrong data in place of an encryption key derived from an application.

CVE#: CVE-2020-13791 Published Date: 2020-06-04 CVSS: NO CVSS
Description: hw/pci/pci.c in QEMU 4.2.0 allows guest OS users to trigger an out-of-bounds access by providing an address near the end of the PCI configuration space.

CVE#: CVE-2020-13800 Published Date: 2020-06-04 CVSS: NO CVSS
Description: ati-vga in hw/display/ati.c in QEMU 4.2.0 allows guest OS users to trigger infinite recursion via a crafted mm_index value during an ati_mm_read or ati_mm_write call.

CVE#: CVE-2020-13803 Published Date: 2020-06-04 CVSS: 3.6
Description: An issue was discovered in Foxit PhantomPDF Mac and Foxit Reader for Mac before 4.0. It allows signature validation bypass via a modified file or a file with non-standard signatures.

CVE#: CVE-2020-13804 Published Date: 2020-06-04 CVSS: 5.9
Description: An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It allows information disclosure of a hardcoded username and password in the DocuSign plugin.

CVE#: CVE-2020-13805 Published Date: 2020-06-04 CVSS: 5.9
Description: An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It has brute-force attack mishandling because the CAS service lacks a limit on login failures.

CVE#: CVE-2020-13806 Published Date: 2020-06-04 CVSS: 3.6
Description: An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It has a use-after-free because of JavaScript execution after a deletion or close operation.

CVE#: CVE-2020-13807 Published Date: 2020-06-04 CVSS: 3.6
Description: An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It has circular reference mishandling that causes a loop.

CVE#: CVE-2020-13808 Published Date: 2020-06-04 CVSS: 3.6
Description: An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It allows resource consumption via crafted cross-reference stream data.

CVE#: CVE-2020-13809 Published Date: 2020-06-04 CVSS: 3.6
Description: An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It allows resource consumption via long strings in the content stream.

CVE#: CVE-2020-13810 Published Date: 2020-06-04 CVSS: NO CVSS
Description: An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It allows signature validation bypass via a modified file or a file with non-standard signatures.

CVE#: CVE-2020-13811 Published Date: 2020-06-04 CVSS: NO CVSS
Description: An issue was discovered in Foxit Studio Photo before 3.6.6.922. It has an out-of-bounds write via a crafted TIFF file.

CVE#: CVE-2020-13812 Published Date: 2020-06-04 CVSS: NO CVSS
Description: An issue was discovered in Foxit Studio Photo before 3.6.6.922. It allows local users to gain privileges via a crafted DLL in the current working directory.

CVE#: CVE-2020-13813 Published Date: 2020-06-04 CVSS: NO CVSS
Description: An issue was discovered in Foxit Studio Photo before 3.6.6.922. It allows local users to gain privileges via a crafted DLL in the current working directory when FoxitStudioPhoto366_3.6.6.916.exe is used.

CVE#: CVE-2020-13814 Published Date: 2020-06-04 CVSS: NO CVSS
Description: An issue was discovered in Foxit Reader and PhantomPDF before 9.7.1. It has a use-after-free via a document that lacks a dictionary.

CVE#: CVE-2020-13815 Published Date: 2020-06-04 CVSS: NO CVSS
Description: An issue was discovered in Foxit Reader and PhantomPDF before 9.7.1. It allows stack consumption via a loop of an indirect object reference.

CVE#: CVE-2020-13816 Published Date: 2020-06-05 CVSS: NO CVSS
Description: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2020-13817. Reason: This candidate is a reservation duplicate of CVE-2020-13817. Notes: All CVE users should reference CVE-2020-13817 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.

CVE#: CVE-2020-13817 Published Date: 2020-06-04 CVSS: NO CVSS
Description: ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of service (daemon exit or system time change) by predicting transmit timestamps for use in spoofed packets. The victim must be relying on unauthenticated IPv4 time sources. There must be an off-path attacker who can query time from the victim's ntpd instance.

CVE#: CVE-2020-13818 Published Date: 2020-06-04 CVSS: 3.6
Description: In Zoho ManageEngine OpManager before 125144, when is used, directory traversal validation can be bypassed.

CVE#: CVE-2020-13822 Published Date: 2020-06-04 CVSS: NO CVSS
Description: The Elliptic package 6.5.2 for Node.js allows ECDSA signature malleability via variations in encoding, leading '\0' bytes, or integer overflows. This could conceivably have a security-relevant impact if an application relied on a single canonical signature.

CVE#: CVE-2020-13827 Published Date: 2020-06-04 CVSS: 2.7
Description: phpList before 3.5.4 allows XSS via /lists/admin/user.php and /lists/admin/users.php.

CVE#: CVE-2020-13829 Published Date: 2020-06-04 CVSS: NO CVSS
Description: An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) software. Attackers can disable the SEAndroid protection mechanism in the RKP. The Samsung ID is SVE-2019-15998 (June 2020).

CVE#: CVE-2020-13830 Published Date: 2020-06-04 CVSS: NO CVSS
Description: An issue was discovered on Samsung mobile devices with P(9.0) software. One UI HOME logging can leak information. The Samsung ID is SVE-2019-16382 (June 2020).

CVE#: CVE-2020-13831 Published Date: 2020-06-04 CVSS: NO CVSS
Description: An issue was discovered on Samsung mobile devices with O(8.x) and P(9.0) (Exynos 7570 chipsets) software. The Trustonic Kinibi component allows arbitrary memory mapping. The Samsung ID is SVE-2019-16665 (June 2020).

CVE#: CVE-2020-13832 Published Date: 2020-06-04 CVSS: NO CVSS
Description: An issue was discovered on Samsung mobile devices with Q(10.0) (with TEEGRIS on Exynos chipsets) software. The Widevine Trustlet allows arbitrary code execution because of memory disclosure, The Samsung IDs are SVE-2020-17117, SVE-2020-17118, SVE-2020-17119, and SVE-2020-17161 (June 2020).

CVE#: CVE-2020-13833 Published Date: 2020-06-04 CVSS: NO CVSS
Description: An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. The system area allows arbitrary file overwrites via a symlink attack. The Samsung ID is SVE-2020-17183 (June 2020).

CVE#: CVE-2020-13834 Published Date: 2020-06-04 CVSS: NO CVSS
Description: An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (with TEEGRIS) software. Secure Folder does not properly restrict use of Android Debug Bridge (adb) for arbitrary installations. The Samsung ID is SVE-2020-17369 (June 2020).

CVE#: CVE-2020-13835 Published Date: 2020-06-04 CVSS: NO CVSS
Description: An issue was discovered on Samsung mobile devices with O(8.x) (with TEEGRIS) software. The Gatekeeper Trustlet allows a brute-force attack on user credentials. The Samsung ID is SVE-2020-16908 (June 2020).

CVE#: CVE-2020-13836 Published Date: 2020-06-04 CVSS: NO CVSS
Description: An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. HWRResProvider allows path traversal for data exposure. The Samsung ID is SVE-2020-16954 (June 2020).

CVE#: CVE-2020-13837 Published Date: 2020-06-04 CVSS: NO CVSS
Description: An issue was discovered on Samsung mobile devices with Q(10.0) software. The Lockscreen feature does not block Quick Panel access to Music Share. The Samsung ID is SVE-2020-17145 (June 2020).

CVE#: CVE-2020-13838 Published Date: 2020-06-04 CVSS: NO CVSS
Description: An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) software. The DeX Lockscreen feature does not block access to Quick Panel and notifications. The Samsung ID is SVE-2020-17187 (June 2020).

CVE#: CVE-2020-13839 Published Date: 2020-06-05 CVSS: NO CVSS
Description: An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 (MTK chipsets). Code execution can occur via a custom AT command handler buffer overflow. The LG ID is LVE-SMP-200007 (June 2020).

CVE#: CVE-2020-13840 Published Date: 2020-06-05 CVSS: NO CVSS
Description: An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 (MTK chipsets). Code execution can occur via an MTK AT command handler buffer overflow. The LG ID is LVE-SMP-200008 (June 2020).

CVE#: CVE-2020-13841 Published Date: 2020-06-05 CVSS: NO CVSS
Description: An issue was discovered on LG mobile devices with Android OS 9 and 10 (MTK chipsets). An AT command handler allows attackers to bypass intended access restrictions. The LG ID is LVE-SMP-200009 (June 2020).

CVE#: CVE-2020-13842 Published Date: 2020-06-05 CVSS: NO CVSS
Description: An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 (MTK chipsets). A dangerous AT command was made available even though it is unused. The LG ID is LVE-SMP-200010 (June 2020).

CVE#: CVE-2020-13843 Published Date: 2020-06-05 CVSS: NO CVSS
Description: An issue was discovered on LG mobile devices with Android OS software before 2020-06-01. Local users can cause a denial of service because checking of the userdata partition is mishandled. The LG ID is LVE-SMP-200014 (June 2020).

CVE#: CVE-2020-13848 Published Date: 2020-06-04 CVSS: NO CVSS
Description: Portable UPnP SDK (aka libupnp) 1.12.1 and earlier allows remote attackers to cause a denial of service (crash) via a crafted SSDP message due to a NULL pointer dereference in the functions FindServiceControlURLPath and FindServiceEventURLPath in genlib/service_table/service_table.c.

CVE#: CVE-2020-13849 Published Date: 2020-06-04 CVSS: NO CVSS
Description: The MQTT protocol 3.1.1 requires a server to set a timeout value of 1.5 times the Keep-Alive value specified by a client, which allows remote attackers to cause a denial of service (loss of the ability to establish new connections), as demonstrated by SlowITe.

CVE#: CVE-2020-13864 Published Date: 2020-06-05 CVSS: NO CVSS
Description: The Elementor Page Builder plugin before 2.9.9 for WordPress suffers from a stored XSS vulnerability. An author user can create posts that result in a stored XSS by using a crafted payload in custom links.

CVE#: CVE-2020-13865 Published Date: 2020-06-05 CVSS: NO CVSS
Description: The Elementor Page Builder plugin before 2.9.9 for WordPress suffers from multiple stored XSS vulnerabilities. An author user can create posts that result in stored XSS vulnerabilities, by using a crafted link in the custom URL or by applying custom attributes.

CVE#: CVE-2020-13867 Published Date: 2020-06-05 CVSS: NO CVSS
Description: Open-iSCSI targetcli-fb through 2.1.52 has weak permissions for /etc/target (and for the backup directory and backup files).

CVE#: CVE-2020-13868 Published Date: 2020-06-05 CVSS: NO CVSS
Description: An issue was discovered in the Comments plugin before 1.5.5 for Craft CMS. CSRF affects comment integrity.

CVE#: CVE-2020-13869 Published Date: 2020-06-05 CVSS: NO CVSS
Description: An issue was discovered in the Comments plugin before 1.5.6 for Craft CMS. There is stored XSS via a guest name.

CVE#: CVE-2020-13870 Published Date: 2020-06-05 CVSS: NO CVSS
Description: An issue was discovered in the Comments plugin before 1.5.5 for Craft CMS. There is stored XSS via an asset volume name.

CVE#: CVE-2020-13871 Published Date: 2020-06-06 CVSS: NO CVSS
Description: SQLite 3.32.2 has a use-after-free in resetAccumulator in select.c because the parse tree rewrite for window functions is too late.

CVE#: CVE-2020-13881 Published Date: 2020-06-06 CVSS: NO CVSS
Description: In support.c in pam_tacplus 1.3.8 through 1.5.1, the TACACS+ shared secret gets logged via syslog if the DEBUG loglevel and journald are used.

CVE#: CVE-2020-13883 Published Date: 2020-06-06 CVSS: NO CVSS
Description: In WSO2 API Manager 3.0.0 and earlier, WSO2 API Microgateway 2.2.0, and WSO2 IS as Key Manager 5.9.0 and earlier, Management Console allows XXE during addition or update of a Lifecycle.

CVE#: CVE-2020-13889 Published Date: 2020-06-06 CVSS: NO CVSS
Description: showAlert() in the administration panel in Bludit 3.12.0 allows XSS.

CVE#: CVE-2020-13890 Published Date: 2020-06-06 CVSS: NO CVSS
Description: The Neon theme 2.0 before 2020-06-03 for Bootstrap allows XSS via an Add Task Input operation in a dashboard.

CVE#: CVE-2020-13894 Published Date: 2020-06-07 CVSS: NO CVSS
Description: handler/upload_handler.jsp in DEXT5 Editor through 3.5.1402961 allows an attacker to download arbitrary files via the savefilepath field.

CVE#: CVE-2020-13895 Published Date: 2020-06-07 CVSS: NO CVSS
Description: Crypt::Perl::ECDSA in the Crypt::Perl (aka p5-Crypt-Perl) module before 0.32 for Perl fails to verify correct ECDSA signatures when r and s are small and when s = 1. This happens when using the curve secp256r1 (prime256v1). This could conceivably have a security-relevant impact if an attacker wishes to use public r and s values when guessing whether signature verification will fail.

CVE#: CVE-2020-13897 Published Date: 2020-06-07 CVSS: NO CVSS
Description: HESK before 3.1.10 allows reflected XSS.

CVE#: CVE-2020-1883 Published Date: 2020-06-05 CVSS: NO CVSS
Description: Huawei products NIP6800;Secospace USG6600;USG9500 have a memory leak vulnerability. An attacker with high privileges exploits this vulnerability by continuously performing specific operations. Successful exploitation of this vulnerability can cause service abnormal.

CVE#: CVE-2020-4183 Published Date: 2020-06-04 CVSS: 2.7
Description: IBM Security Guardium 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 174739.

CVE#: CVE-2020-4191 Published Date: 2020-06-04 CVSS: 3.6
Description: IBM Security Guardium 11.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 174852.

CVE#: CVE-2020-4193 Published Date: 2020-06-04 CVSS: 5.9
Description: IBM Security Guardium 11.1 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 174857.

CVE#: CVE-2020-4229 Published Date: 2020-06-05 CVSS: NO CVSS
Description: IBM Worklight/MobileFoundation 8.0.0.0 does not properly invalidate session cookies when a user logs out of a session, which could allow another user to gain unauthorized access to a user's session. IBM X-Force ID: 175211.

CVE#: CVE-2020-4448 Published Date: 2020-06-05 CVSS: NO CVSS
Description: IBM WebSphere Application Server Network Deployment 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to execute arbitrary code on the system with a specially-crafted sequence of serialized objects from untrusted sources. IBM X-Force ID: 181228.

CVE#: CVE-2020-4449 Published Date: 2020-06-05 CVSS: NO CVSS
Description: IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional could allow a remote attacker to obtain sensitive information with a specially-crafted sequence of serialized objects. IBM X-Force ID: 181230.

CVE#: CVE-2020-4450 Published Date: 2020-06-05 CVSS: NO CVSS
Description: IBM WebSphere Application Server 8.5 and 9.0 traditional could allow a remote attacker to execute arbitrary code on the system with a specially-crafted sequence of serialized objects. IBM X-Force ID: 181231.

CVE#: CVE-2020-4509 Published Date: 2020-06-04 CVSS: 4.7
Description: IBM QRadar SIEM 7.3 and 7.4 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 182364.

CVE#: CVE-2020-5591 Published Date: 2020-06-05 CVSS: NO CVSS
Description: XACK DNS 1.11.0 to 1.11.4, 1.10.0 to 1.10.8, 1.8.0 to 1.8.23, 1.7.0 to 1.7.18, and versions before 1.7.0 allow remote attackers to cause a denial of service condition resulting in degradation of the recursive resolver's performance or compromising the recursive resolver as a reflector in a reflection attack.

CVE#: CVE-2020-6640 Published Date: 2020-06-04 CVSS: NO CVSS
Description: An improper neutralization of input vulnerability in the Admin Profile of FortiAnalyzer may allow a remote authenticated attacker to perform a stored cross site scripting attack (XSS) via the Description Area.

CVE#: CVE-2020-7030 Published Date: 2020-06-04 CVSS: 3.6
Description: A sensitive information disclosure vulnerability was discovered in the web interface component of IP Office that may potentially allow a local user to gain unauthorized access to the component. Affected versions of IP Office include: 9.x, 10.0 through 10.1.0.7 and 11.0 though 11.0.4.3.

CVE#: CVE-2020-7661 Published Date: 2020-06-04 CVSS: NO CVSS
Description: all versions of url-regex are vulnerable to Regular Expression Denial of Service. An attacker providing a very long string in String.test can cause a Denial of Service.

CVE#: CVE-2020-8103 Published Date: 2020-06-05 CVSS: NO CVSS
Description: A vulnerability in the improper handling of symbolic links in Bitdefender Antivirus Free can allow an unprivileged user to substitute a quarantined file, and restore it to a privileged location. This issue affects Bitdefender Antivirus Free versions prior to 1.0.17.178.

CVE#: CVE-2020-8555 Published Date: 2020-06-05 CVSS: NO CVSS
Description: The Kubernetes kube-controller-manager in versions v1.0-1.14, versions prior to v1.15.12, v1.16.9, v1.17.5, and version v1.18.0 are vulnerable to a Server Side Request Forgery (SSRF) that allows certain authorized users to leak up to 500 bytes of arbitrary information from unprotected endpoints within the master's host network (such as link-local or loopback services).

CVE#: CVE-2020-9074 Published Date: 2020-06-05 CVSS: NO CVSS
Description: Huawei Smartphones HONOR 20 PRO;Honor View 20;HONOR 20 have an improper handling of exceptional condition Vulnerability. A component cannot deal with an exception correctly. Attackers can exploit this vulnerability by sending malformed message. This could compromise normal service of affected phones.

CVE#: CVE-2020-9292 Published Date: 2020-06-04 CVSS: NO CVSS
Description: An unquoted service path vulnerability in the FortiSIEM Windows Agent component may allow an attacker to gain elevated privileges via the AoWinAgt executable service path.

CVE#: CVE-2020-9462 Published Date: 2020-06-04 CVSS: NO CVSS
Description: An issue was discovered in all Athom Homey and Homey Pro devices up to the current version 4.2.0. An attacker within RF range can obtain a cleartext copy of the network configuration of the device, including the Wi-Fi PSK, during device setup. Upon success, the attacker is able to further infiltrate the target's Wi-Fi networks.

CVE#: CVE-2020-9859 Published Date: 2020-06-05 CVSS: NO CVSS
Description: A memory consumption issue was addressed with improved memory handling. This issue is fixed in iOS 13.5.1 and iPadOS 13.5.1, macOS Catalina 10.15.5 Supplemental Update, tvOS 13.4.6, watchOS 6.2.6. An application may be able to execute arbitrary code with kernel privileges.

----Hacking Updates----

Ultimate-Hosts-Blacklist updated The-Big-List-of-Hacked-Malware-Web-Sites. This repo has 4 stars and 4 watchers. This repo was created on 2018-04-04. --- Test of https://github.com/mitchellkrogza/The-Big-List-of-Hacked-Malware-Web-Sites/blob/master/hacked-domains.list Link to Repo

avhidalamsyah updated Facebook. This repo has 0 stars and 1 watchers. This repo was created on 2020-06-07. --- Online Tool for Hacking Facebook Account Link to Repo

krxdev-kaan updated AqHax-CSGO. This repo has 10 stars and 0 watchers. This repo was created on 2019-06-28. --- Simple CSGO Hack Link to Repo

bioinf-stuff updated bio_at_home-hacking_and_bio_hardware. This repo has 0 stars and 0 watchers. This repo was created on 2020-03-11. --- Chapter on analyzing sequences and information from biological hardware at home (outside the lab), eg openPCR, mini sequencers Link to Repo

WebReflection updated hn. This repo has 12 stars and 1 watchers. This repo was created on 2020-06-03. --- Isomorphic Hacker News Link to Repo

AlexJalkanen updated StudBud-HTNE. This repo has 0 stars and 1 watchers. This repo was created on 2020-06-06. --- Hack the North East Hackathon Project Link to Repo

42Bastian updated lynx_hacking. This repo has 0 stars and 0 watchers. This repo was created on 2019-07-07. --- Collection of Lynx demos, trial. Link to Repo

kulshekhar updated next-hnpwa. This repo has 39 stars and 2 watchers. This repo was created on 2017-09-23. --- A PWA made using Next.js and the Hacker News API https://next-fb-hnpwa.firebaseapp.com/ Link to Repo

andrewdimmer updated cards-ar. This repo has 0 stars and 1 watchers. This repo was created on 2020-06-06. --- An augmented reality hack created for Hack The Northeast 2020. Link to Repo

Matthew-Forster updated Hack-the-Northeast-2020. This repo has 0 stars and 1 watchers. This repo was created on 2020-06-07. --- My submission for the "Best Gaming Hack" 🎮 Link to Repo

SturdyFool10 updated Escape-from-SARS-CoV. This repo has 0 stars and 1 watchers. This repo was created on 2020-06-07. --- Hack the northeast challenge Link to Repo

akashmodak97 updated Competitive-Coding-and-Interview-Problems. This repo has 2 stars and 1 watchers. This repo was created on 2020-01-10. --- This repo contains some problem solutions from different popular coding platforms like Code Chef, Leet Code, Hacker Blocks,etc. Link to Repo

mohanram123 updated Registration-Form. This repo has 0 stars and 1 watchers. This repo was created on 2020-06-06. --- Hack-stack 1 Link to Repo

vinh-le updated asl. This repo has 0 stars and 1 watchers. This repo was created on 2020-06-06. --- A game developed for Hack the Northeast 2020 that challenges you to beat your high score while learning the ASL alphabet. Link to Repo

Iggy-o updated cAeSAR-cIPHeR. This repo has 0 stars and 1 watchers. This repo was created on 2020-06-07. --- Gotta keep those passwords safe, there's hackers out there Link to Repo

Likj128 updated articulatedordains. This repo has 0 stars and 1 watchers. This repo was created on 2020-06-07. --- Project hack for carp in inanity Link to Repo

dretax updated GarHal_CSGO. This repo has 19 stars and 8 watchers. This repo was created on 2020-04-25. --- A project that demonstrates how to screw with CSGO from Kernel Space. (CSGO Cheat/Hack) All cleaned up, and with updated offsets. Link to Repo

repo3 updated Jhs. This repo has 0 stars and 1 watchers. This repo was created on 2019-10-24. --- The source specializes in hack programs and games of lan and online and tic rickets paid to become free for you developer source JHS Link to Repo

Tool-DK updated Phinix. This repo has 0 stars and 1 watchers. This repo was created on 2020-06-07. --- Phinx is a fb id hacking toolkit coded by Nirob Islam Rahad Link to Repo

CyberDemon-crypto updated matrix. This repo has 0 stars and 1 watchers. This repo was created on 2020-06-04. --- Customizable bit matrix Link to Repo

Likj128 updated provablystinger. This repo has 0 stars and 1 watchers. This repo was created on 2020-06-07. --- Project abdomen's for hacked in nissan Link to Repo

ameenmaali updated urldedupe. This repo has 8 stars and 3 watchers. This repo was created on 2020-06-02. --- Pass in a list of URLs with query strings, get back a unique list of URLs and query string combinations Link to Repo

Amyh102 updated vibe-check. This repo has 0 stars and 1 watchers. This repo was created on 2020-06-06. --- Hack the Northeast 2020 Link to Repo

yz-ogeb updated dark.yz. This repo has 0 stars and 0 watchers. This repo was created on 2019-07-16. --- Hack Facebook Link to Repo

yz-ogeb updated darkcorona. This repo has 1 stars and 1 watchers. This repo was created on 2020-04-09. --- Hack Facebook, DarkFb, Versi Corona Link to Repo

----Security Updates----

keeweb updated keeweb. This repo has 8879 stars and 226 watchers. This repo was created on 2015-10-17. --- Free cross-platform password manager compatible with KeePass Link to Repo

unchase updated awesome-russian-it. This repo has 223 stars and 30 watchers. This repo was created on 2020-01-23. --- :book: :headphones: :tv: :calendar: Список полезных русскоязычных ресурсов, связанных с ИТ Link to Repo

ricequant updated rqalpha. This repo has 3772 stars and 435 watchers. This repo was created on 2016-07-20. --- A extendable, replaceable Python algorithmic backtest && trading framework supporting multiple securities Link to Repo

gro1m updated AZ-500-Microsoft-Azure-Security-Technologies. This repo has 0 stars and 1 watchers. This repo was created on 2020-05-11. --- None Link to Repo

ivan-sincek updated invoker. This repo has 124 stars and 5 watchers. This repo was created on 2019-07-11. --- Penetration testing utility. Link to Repo

UtilWork updated utilwork.github.io. This repo has 0 stars and 1 watchers. This repo was created on 2020-06-07. --- About Web, Java, Security, AI and son on... Link to Repo

Shinpachi8 updated learnJavaSec. This repo has 0 stars and 1 watchers. This repo was created on 2020-05-17. --- this is my java security learn program. Link to Repo

lw-92 updated spring-security-demo. This repo has 0 stars and 1 watchers. This repo was created on 2020-06-04. --- spring security 的相关使用分析 Link to Repo

cyberphor updated scallion. This repo has 0 stars and 1 watchers. This repo was created on 2020-05-11. --- My custom plugins and tool integrations for enhancing Security Onion 16. Link to Repo

toulousain79 updated MySB. This repo has 86 stars and 16 watchers. This repo was created on 2014-06-17. --- MySB (MySeedBox) is more than a simplified installation script of a multi-users Seedbox. There are many solutions to install a Seedbox, but we never talk about safety and regular operations. MySB could be renamed MySSB (MySecuredSeedBox). Link to Repo

google updated syzkaller. This repo has 2964 stars and 171 watchers. This repo was created on 2015-10-12. --- syzkaller is an unsupervised coverage-guided kernel fuzzer Link to Repo

radareorg updated cutter. This repo has 7108 stars and 255 watchers. This repo was created on 2017-09-25. --- Free and Open Source Reverse Engineering Platform powered by radare2 Link to Repo

tomervoro updated WIND_Project_Security. This repo has 0 stars and 1 watchers. This repo was created on 2020-05-22. --- None Link to Repo

DeanNevan updated JNU19IS. This repo has 49 stars and 4 watchers. This repo was created on 2020-03-04. --- 暨大19信安(IS,Information Security),包括电子版的作业、实验报告、程序等。 Link to Repo

sergKononovich updated simplSpringBootApp. This repo has 0 stars and 1 watchers. This repo was created on 2020-06-07. --- simple application for experiments, used: Spring boot,Spring Boot JPA (Hibernate), Spring Security and others Link to Repo

apapiccio updated cyb6004. This repo has 0 stars and 1 watchers. This repo was created on 2020-05-04. --- ECU Cyber Security - Scripting Languages Link to Repo

Lylio updated Pollster. This repo has 0 stars and 1 watchers. This repo was created on 2019-09-03. --- A Spring Boot & React polling app which includes Spring Security, JWT and MySQL. Link to Repo

Marekgr7 updated role-based-security-for-web-apps. This repo has 0 stars and 1 watchers. This repo was created on 2019-12-16. --- security template configured for web applications with two tables User and Role Link to Repo

M66B updated FairEmail. This repo has 1053 stars and 78 watchers. This repo was created on 2018-08-02. --- Fully featured, open source, privacy friendly email app for Android Link to Repo

wKovacs64 updated hibp. This repo has 62 stars and 3 watchers. This repo was created on 2016-04-08. --- A Promise-based client for the 'Have I been pwned?' service. Link to Repo

Marekgr7 updated security-step-by-step. This repo has 0 stars and 1 watchers. This repo was created on 2019-12-15. --- None Link to Repo

yangzongzhuan updated RuoYi-Vue-Oracle. This repo has 7 stars and 3 watchers. This repo was created on 2020-05-31. --- 基于SpringBoot,Spring Security,JWT,Vue & Element 的前后端分离权限管理系统 Link to Repo

ilkinbayram updated SecurityEntrance-National-Aviation-Academy. This repo has 0 stars and 1 watchers. This repo was created on 2020-06-07. --- Created For Preventing All Unlawful Attacks by Illegal Passports' reasons. Link to Repo

alexmurray updated ubuntu-security-podcast. This repo has 1 stars and 2 watchers. This repo was created on 2018-08-13. --- None Link to Repo

genjisan46 updated MotorBike-ShowRoom-System. This repo has 0 stars and 0 watchers. This repo was created on 2019-06-06. --- C++ language that apply class and object,linked list,searching and sorting. This program have several function such as insert,delete,search,refresh and delete.This program also have computer security technique when try to insert password, the word of password was encrypt using coding technique. This program about model of motorbike and learning process in data structure and algorithm. Link to Repo

----PoC Updates----

shiibaryu updated poc_txdr_on_nic. This repo has 0 stars and 1 watchers. This repo was created on 2020-05-26. --- proof of concept of nic architecture that have tx descriptor rings Link to Repo

purplebugs updated elastic-kibana-node. This repo has 0 stars and 1 watchers. This repo was created on 2019-12-04. --- Proof of concept of elasticsearch kibana and a node.js app working together Link to Repo

liuxiaotong15 updated e2e_public. This repo has 0 stars and 1 watchers. This repo was created on 2020-03-16. --- For paper 'Artificial intuition for solving chemistry problems via an End-to-End approach: a proof of concept' Link to Repo

JasonEtco updated rss-to-readme. This repo has 2 stars and 1 watchers. This repo was created on 2020-05-28. --- A little proof-of-concept for @brianlovin! Link to Repo

adpolican updated accessible-typing. This repo has 0 stars and 1 watchers. This repo was created on 2020-06-07. --- Proof of concept for a typing scheme using only the keys that your fingers rest upon in the home row Link to Repo

james2doyle updated project-splitting. This repo has 0 stars and 1 watchers. This repo was created on 2019-09-01. --- Experiments and proof-of-concepts for how to share code across projects locally Link to Repo

org-pivotal updated org-pivotal. This repo has 10 stars and 2 watchers. This repo was created on 2018-10-27. --- Proof of concept for extending org-mode with Pivotal Tracker abilities Link to Repo

sul-dlss-labs updated rdf2marc. This repo has 2 stars and 13 watchers. This repo was created on 2020-05-06. --- A proof-of-concept RDF to MARC converter for use within the Sinopia ecosystem. Link to Repo

jherr updated wp5-cms-poc. This repo has 0 stars and 1 watchers. This repo was created on 2020-05-25. --- Webpack 5 CMS Proof Of Concept Link to Repo

87andrewh updated CornerCulling. This repo has 0 stars and 1 watchers. This repo was created on 2020-06-04. --- Culling Method Proof of Concept in Unreal Engine 4 Link to Repo

Gustavo6046 updated sensetrack. This repo has 0 stars and 1 watchers. This repo was created on 2020-06-06. --- Simple dynamic interactive music AI proof-of-concept. Written in TypeScript, supports multiple backends. Link to Repo

hackerhouse-opensource updated exploits. This repo has 100 stars and 8 watchers. This repo was created on 2019-03-23. --- exploits and proof-of-concept vulnerability demonstration files from the team at Hacker House Link to Repo

JoanPedro updated Angular-PoCs. This repo has 0 stars and 1 watchers. This repo was created on 2020-05-31. --- Angular Proof of Concepts. [PoCs] Link to Repo

boettiger-lab updated data-tracker. This repo has 0 stars and 0 watchers. This repo was created on 2020-02-21. --- Proof of concept for Content-Identifier Based Registry for streaming data sources Link to Repo

lammarco updated backspin-flying. This repo has 0 stars and 1 watchers. This repo was created on 2020-06-04. --- proof-of-concept for a endless scroller Link to Repo

darksylinc updated EnumIterator. This repo has 0 stars and 1 watchers. This repo was created on 2020-04-11. --- Proof of Concept for C++ enum iterators. See http://www.yosoygames.com.ar/wp/2017/03/c-iterable-enums/ Link to Repo

steven-michaud updated PatchBug1576767. This repo has 0 stars and 0 watchers. This repo was created on 2020-04-28. --- Proof of concept workaround for Mozilla bug 1576767 Link to Repo

vvatanabe updated grpc-proxyd. This repo has 0 stars and 1 watchers. This repo was created on 2020-06-05. --- just a proof of concept Link to Repo

LuisGustavoSchevenin updated poc-sqs. This repo has 0 stars and 1 watchers. This repo was created on 2020-06-04. --- Proof of concept using Amazon Simple Queue Service (SQS) and other tools/libraries Link to Repo

PramodKumarYadav updated PesterCI. This repo has 0 stars and 1 watchers. This repo was created on 2020-06-05. --- This repository is to do a proof of concept for running Powershell Pester tests in GitHub-Actions CI Link to Repo

vjain143 updated wikipoc. This repo has 1 stars and 1 watchers. This repo was created on 2015-09-27. --- This repository contain java technology and framework related project. In other words proof of concept of the different framework. Link to Repo

ByteZ1337 updated Kotlin-Obfuscator. This repo has 3 stars and 1 watchers. This repo was created on 2020-06-01. --- Proof of concept Kotlin Obfuscator Link to Repo

Denperidge updated media-raspberry-pie. This repo has 0 stars and 1 watchers. This repo was created on 2020-06-02. --- A set of tools that allow a Raspberry Pie to become the cheapest downloading + streaming platform. More proof of concept than anything. Still watch official releases if possible. Link to Repo

CERTCC updated PoC-Exploits. This repo has 36 stars and 8 watchers. This repo was created on 2020-03-20. --- Select proof-of-concept exploits for software vulnerabilities to aid in identifying and testing vulnerable systems. Link to Repo

Dejvino updated pinephone-sway-poc. This repo has 1 stars and 1 watchers. This repo was created on 2020-05-26. --- Sway UI configured for PinePhone (Proof Of Concept) Link to Repo

----#MALWARE----

cybersec_feeds --> RT @bamitav: Cyber Crime on a Roll, CyberSecurity still catching up..!! https://t.co/EmXPmoSHzU

#InfoSec #Security #CyberSecurity #DataBr… Link with Tweet

chidambara09 --> RT @bamitav: #Iranian cyberattacks on #Israeli facilities thwarted for a year - The Jerusalem Post https://t.co/uu9pJH92ba

#InfoSec #Secu… Link with Tweet

Applsci --> Read free full-text at: https://t.co/NIQXZ3MO84

A New Proposal on the Advanced Persistent Threat: A Survey… https://t.co/XUXiqREw5q Link with Tweet Link with Tweet

chidambara09 --> RT @bamitav: Cyber Crime on a Roll, CyberSecurity still catching up..!! https://t.co/EmXPmoSHzU

#InfoSec #Security #CyberSecurity #DataBr… Link with Tweet

chidambara09 --> RT @MaltrakN: Shining a light on “Silent Night” Zloader/Zbot - Malwarebytes Labs https://t.co/bY09YuQ5ri #malware #bot #InfomationSecurity… Link with Tweet

sectest9 --> RT @bamitav: Cyber Crime on a Roll, CyberSecurity still catching up..!! https://t.co/EmXPmoSHzU

#InfoSec #Security #CyberSecurity #DataBr… Link with Tweet

CyberSecurityN8 --> RT @bamitav: Cyber Crime on a Roll, CyberSecurity still catching up..!! https://t.co/EmXPmoSHzU

#InfoSec #Security #CyberSecurity #DataBr… Link with Tweet

bamitav --> Cyber Crime on a Roll, CyberSecurity still catching up..!! https://t.co/EmXPmoSHzU

#InfoSec #Security… https://t.co/Z1apSGdUQF Link with Tweet Link with Tweet

WebSecurityIT --> RT @bamitav: #Iranian cyberattacks on #Israeli facilities thwarted for a year - The Jerusalem Post https://t.co/uu9pJH92ba

#InfoSec #Secu… Link with Tweet

bamitav --> #Iranian cyberattacks on #Israeli facilities thwarted for a year - The Jerusalem Post https://t.co/uu9pJH92ba… https://t.co/5k5B7g9PXP Link with Tweet Link with Tweet

Berman_J --> RT @SemperisTech: “The fact that #malware explicitly targets domain controllers underscores how critical it is to properly configure, monit…

chidambara09 --> RT @HeliosCert: Sample submitted

2020-06-07 08:35:02

Dionaea Honeypot

Protocol: smbd

Sources: ::ffff:112.199.102.58

2f69f421886a52ef8a58…

chidambara09 --> RT @EMahmoudSoliman: New phishing campaign disguises malware as CV attachments

Organizations are being warned about bogus CVs being sent t…

josoriomx --> RT @EMahmoudSoliman: New phishing campaign disguises malware as CV attachments

Organizations are being warned about bogus CVs being sent t…

vishne0 --> RT @JosephSteinberg: A Guide To Choosing The Best Antivirus Software For Your Computer And Phone

https://t.co/Gr0x5EzIUF

#CyberSecurity… Link with Tweet

----#PHISHING----

chidambara09 --> RT @DC_CyberProtect: This week’s #NCSC’s weekly threat report features software and server vulnerabilities, and #phishing #scams targeting…

chidambara09 --> RT @BadrUAE: Why your voice is your new #password

#BiometricsID #passwordsecurity #biometrics #privacy #security #phishing #cybersecurity…

cybersec_feeds --> RT @antgrasso_IT: Il phishing è una pratica spregevole che tende a carpire informazioni confidenziali attraverso l'inganno e/o la simulazio…

AnBenji --> RT @SocEngineerInc: Expert Insight: ZLoader Malware Returns As A Coronavirus Phishing Scam https://t.co/l25cLWK1nf #Phishing ⠀ https://t.c… Link with Tweet

fraabye --> RT @CurtBraz: I'm thrilled to announce a new research blog post on a subject I'm very passionate about! I found and demonstrate an effectiv…

NewsAt20 --> RT Ultrascan419 "Walter: No proof of extensive voter fraud: Clearly, election mail-in fraud is possible. Most recen… https://t.co/RQywtOzNMA Link with Tweet

NewsAt20 --> RT Ultrascan419 "Another victim of credit card fraud: Mohammad Nazim has become a victim of credit card fraud. The… https://t.co/moNQryznaN Link with Tweet

mickaelruau --> #cybersecurite

Parents d'enfants passionnés de #dessin, faites attention :

le site https://t.co/mUTloURkp7 est act… https://t.co/9Wg9QWiTw1 Link with Tweet Link with Tweet

cybersec_feeds --> RT @PhishStats: https://t.co/MAuIXRvYiq detected 10 new websites hosting #phishing | new today: 112 | #infosec #cybersecurity #malware http… Link with Tweet

_xpn_ --> RT @CurtBraz: I'm thrilled to announce a new research blog post on a subject I'm very passionate about! I found and demonstrate an effectiv…

BadrUAE --> Why your voice is your new #password

#BiometricsID #passwordsecurity #biometrics #privacy #security #phishing… https://t.co/dYGjfyrfyO Link with Tweet

NyMataguilera --> RT @policia: ¿En serio? ¿De verdad crees que te pedirían confirmar tu cuenta de esta forma?

La respuesta es👉NO

Los cibermalos están inten…

cybersec_feeds --> RT @DC_CyberProtect: This week’s #NCSC’s weekly threat report features software and server vulnerabilities, and #phishing #scams targeting…

ISABELROMEROM11 --> RT @policia: Se hacen pasar por Endesa para hacerte creer que te han cobrado dos veces la factura... 🤔

Pues va a ser que NO☝ te van a reem…

Ultrascan419 --> Walter: No proof of extensive voter fraud: Clearly, election mail-in fraud is possible. Most recently, this was dem… https://t.co/x0CINyNWj9 Link with Tweet

----#OSINT----

chidambara09 --> RT @RedPacketSec: Conduent's European Operations Hit by Maze Ransomware, Data Stolen - https://t.co/kEM4ccXHIp

#OSINT #Security #Threatinte… Link with Tweet

WebSecurityIT --> RT @arocse: Github Recon Tools:

https://t.co/JbXarkue91

https://t.co/p2dCpfjZeR

https://t.co/JbXarkue91

https://t.co/gRjHA5Xk8G

https://t.c… Link with Tweet Link with Tweet Link with Tweet Link with Tweet

Gartzen72 --> RT @0x3c7: Just pushed https://t.co/qq12sbwf6l to github - a first draft for a common data model + conversion tools across @censysio and @s… Link with Tweet

TheBugBot --> RT @arocse: Github Recon Tools:

https://t.co/JbXarkue91

https://t.co/p2dCpfjZeR

https://t.co/JbXarkue91

https://t.co/gRjHA5Xk8G

https://t.c… Link with Tweet Link with Tweet Link with Tweet Link with Tweet

Rana97821367 --> RT @aadilbrar: New #OSINT video of PLA and Indian soldiers. The video seems to have been recorded by the Indian side. Notice all soldiers a…

RDSWEB --> RT @RedPacketSec: Conduent's European Operations Hit by Maze Ransomware, Data Stolen - https://t.co/kEM4ccXHIp

#OSINT #Security #Threatinte… Link with Tweet

WebSecurityIT --> RT @RedPacketSec: Conduent's European Operations Hit by Maze Ransomware, Data Stolen - https://t.co/kEM4ccXHIp

#OSINT #Security #Threatinte… Link with Tweet

fox_anarc --> RT @three_cube: OSINT: Tracking Flight and Aircraft Data with Open Source Tools #osint #radarbox #cybersecurity #cyberwarrior

https://t.c…

cybersec_feeds --> RT @RedPacketSec: Conduent's European Operations Hit by Maze Ransomware, Data Stolen - https://t.co/kEM4ccXHIp

#OSINT #Security #Threatinte… Link with Tweet

BookWyvern --> RT @0xBanana: Want to work on and help a #protest2020 & #BlackLivesMatter project?

Have #OSINT skills you want to sharpen or put to the te…

christiantoon --> RT @Digit4lbytes: #Osint Challenge

#quiztime #challenge

let's see how you can do, rules are

◇ Post location & method 👍

◇ locations with…

GanbaruTobi --> RT @TheCyberViking: I will be with @rag_sec, @AlanTheBlank, and @cybersecstu hosting an #OSINT workshop for finding missing people tomorro…

LiteOlika --> RT @V3rbaal: 📢Looking for new opportunities! I'm a Senior Intelligence Analyst, Investigator and Polygrapher. I specialize in Open Source I…

RedPacketSec --> Conduent's European Operations Hit by Maze Ransomware, Data Stolen - https://t.co/kEM4ccXHIp

#OSINT #Security #Threatintel #cybersecurity Link with Tweet

WebSecurityIT --> RT @_IntelligenceX: We just launched our new free service: https://t.co/bNhevz4MzZ 🎉

Need to find email addresses for a domain? All subdom… Link with Tweet

----#THREATINTEL----

chidambara09 --> RT @cyberreport_io: An agile national vision - JP Fabri and Nicky Gouder https://t.co/1LA6tvzK3a #cybersecurity #threatintelligence #cybern… Link with Tweet

chidambara09 --> RT @RedPacketSec: Conduent's European Operations Hit by Maze Ransomware, Data Stolen - https://t.co/kEM4ccXHIp

#OSINT #Security #Threatinte… Link with Tweet

chidambara09 --> RT @AshwiniKumar1_: On demand Indian Video platform @ZEE5India got breached. https://t.co/uahpptYsSh

It includes

> Recent transaction dat… Link with Tweet

cyberreport_io --> An agile national vision - JP Fabri and Nicky Gouder https://t.co/1LA6tvzK3a #cybersecurity #threatintelligence… https://t.co/kgBIp4UPhf Link with Tweet Link with Tweet

DamskyIrena --> RT @DamskyIrena: I've republished my "The Cyber Threat Intelligence Cycle" blog post - have fun! https://t.co/thsy9kSLuM

#ThreatIntelligen… Link with Tweet

gh0std4ncer --> RT @SentinelOne: 🕵️ #SentinelLabs | Updates to Sarwent malware show a continued interest in backdoor functionality, and a preference for us…

RDSWEB --> RT @RedPacketSec: Conduent's European Operations Hit by Maze Ransomware, Data Stolen - https://t.co/kEM4ccXHIp

#OSINT #Security #Threatinte… Link with Tweet

CyberspaceAsia --> RT @happygeek: By me @Forbes and @ForbesEurope: A three-month-old #Windows10 vulnerability is back to haunt #Windows users who haven't patc…

sectest9 --> RT @AshwiniKumar1_: On demand Indian Video platform @ZEE5India got breached. https://t.co/uahpptYsSh

It includes

> Recent transaction dat… Link with Tweet

CyberSecurityN8 --> RT @AshwiniKumar1_: On demand Indian Video platform @ZEE5India got breached. https://t.co/uahpptYsSh

It includes

> Recent transaction dat… Link with Tweet

WebSecurityIT --> RT @RedPacketSec: Conduent's European Operations Hit by Maze Ransomware, Data Stolen - https://t.co/kEM4ccXHIp

#OSINT #Security #Threatinte… Link with Tweet

SusPotato --> RT @bad_packets: Mass scanning activity detected from 45.249.91.205 (🇭🇰) and 161.35.69.78 (🇺🇸) targeting Fortinet VPN servers vulnerable to…

AshwiniKumar1_ --> On demand Indian Video platform @ZEE5India got breached. https://t.co/uahpptYsSh

It includes

> Recent transaction… https://t.co/HElaFZyrHv Link with Tweet Link with Tweet

cybersec_feeds --> RT @RedPacketSec: Conduent's European Operations Hit by Maze Ransomware, Data Stolen - https://t.co/kEM4ccXHIp

#OSINT #Security #Threatinte… Link with Tweet

RedPacketSec --> Conduent's European Operations Hit by Maze Ransomware, Data Stolen - https://t.co/kEM4ccXHIp

#OSINT #Security #Threatintel #cybersecurity Link with Tweet

----#RANSOMWARE----

secure_blink --> Amidst the Pandemic, NetWalker Ransomeware has become one of the major cyberspace threats. Here's an elaborated art… https://t.co/MNO1ebfPYy Link with Tweet

cybersec_feeds --> RT @bamitav: Cyber Crime on a Roll, CyberSecurity still catching up..!! https://t.co/EmXPmoSHzU

#InfoSec #Security #CyberSecurity #DataBr… Link with Tweet

Felwin_546 --> RT @Cohesity: #Ransomware prevention/detection is critical, and keeping patient data secured is more important than ever. Learn how Cohesit…

chidambara09 --> RT @bamitav: #Iranian cyberattacks on #Israeli facilities thwarted for a year - The Jerusalem Post https://t.co/uu9pJH92ba

#InfoSec #Secu… Link with Tweet

chidambara09 --> RT @bamitav: Cyber Crime on a Roll, CyberSecurity still catching up..!! https://t.co/EmXPmoSHzU

#InfoSec #Security #CyberSecurity #DataBr… Link with Tweet

cybersec_feeds --> RT @QueenRex: Fake #ransomware #decryptor double-encrypts desperate victims' files. #Cybersecurity https://t.co/GNrvzITyVi Link with Tweet

sectest9 --> RT @bamitav: Cyber Crime on a Roll, CyberSecurity still catching up..!! https://t.co/EmXPmoSHzU

#InfoSec #Security #CyberSecurity #DataBr… Link with Tweet

CyberSecurityN8 --> RT @bamitav: Cyber Crime on a Roll, CyberSecurity still catching up..!! https://t.co/EmXPmoSHzU

#InfoSec #Security #CyberSecurity #DataBr… Link with Tweet

bamitav --> Cyber Crime on a Roll, CyberSecurity still catching up..!! https://t.co/EmXPmoSHzU

#InfoSec #Security… https://t.co/Z1apSGdUQF Link with Tweet Link with Tweet

WebSecurityIT --> RT @bamitav: #Iranian cyberattacks on #Israeli facilities thwarted for a year - The Jerusalem Post https://t.co/uu9pJH92ba

#InfoSec #Secu… Link with Tweet

chidambara09 --> RT @CyberSecDN: Revealed: Advanced Java-Based #Ransomware PonyFinal https://t.co/8pdM7LpVbR #InfoSecMag via @SecurityNewsbot Link with Tweet

bamitav --> #Iranian cyberattacks on #Israeli facilities thwarted for a year - The Jerusalem Post https://t.co/uu9pJH92ba… https://t.co/5k5B7g9PXP Link with Tweet Link with Tweet

elliot__liber --> RT @PMProuk: ReddyyZ/DeathRansom #Education #ransomware https://t.co/IEW2TD3tUa Link with Tweet

cybersec_feeds --> RT @AcidTec: Fake #ransomware decryptor double-encrypts desperate victims' files - #hacking #cybersecurity https://t.co/kBOcK1JCcW Link with Tweet

vishne0 --> RT @JosephSteinberg: A Guide To Choosing The Best Antivirus Software For Your Computer And Phone

https://t.co/Gr0x5EzIUF

#CyberSecurity… Link with Tweet

-----#OPENDIR----

reachtonikhil --> RT @ReBensk: #Android #Banking #Trojan #Malware

@Spam404 @malwrhunterteam #opendir

@abuse_ch #opendir

From http[:]//krazyfoxx9.xyz/Input/ h…

BongphilKim --> RT @ReBensk: #Android #Banking #Trojan #Malware

@Spam404 @malwrhunterteam #opendir

@abuse_ch #opendir

From http[:]//krazyfoxx9.xyz/Input/ h…

Do0g77 --> RT @ReBensk: #Android #Banking #Trojan #Malware

@Spam404 @malwrhunterteam #opendir

@abuse_ch #opendir

From http[:]//krazyfoxx9.xyz/Input/ h…

fiasco_07 --> RT @ReBensk: #Android #Banking #Trojan #Malware

@Spam404 @malwrhunterteam #opendir

@abuse_ch #opendir

From http[:]//krazyfoxx9.xyz/Input/ h…

ANeilan --> RT @ReBensk: #Android #Banking #Trojan #Malware

@Spam404 @malwrhunterteam #opendir

@abuse_ch #opendir

From http[:]//krazyfoxx9.xyz/Input/ h…

0x4d_ --> RT @ReBensk: #Android #Banking #Trojan #Malware

@Spam404 @malwrhunterteam #opendir

@abuse_ch #opendir

From http[:]//krazyfoxx9.xyz/Input/ h…

WiFi_NY --> RT @ReBensk: #Android #Banking #Trojan #Malware

@Spam404 @malwrhunterteam #opendir

@abuse_ch #opendir

From http[:]//krazyfoxx9.xyz/Input/ h…

CryoPerSea --> RT @ReBensk: #Android #Banking #Trojan #Malware

@Spam404 @malwrhunterteam #opendir

@abuse_ch #opendir

From http[:]//krazyfoxx9.xyz/Input/ h…

malwrhunterteam --> RT @ReBensk: #Android #Banking #Trojan #Malware

@Spam404 @malwrhunterteam #opendir

@abuse_ch #opendir

From http[:]//krazyfoxx9.xyz/Input/ h…

ReBensk --> #Android #Banking #Trojan #Malware

@Spam404 @malwrhunterteam #opendir

@abuse_ch #opendir

From http[:]//krazyfoxx9.x… https://t.co/Mg6l6rpybR Link with Tweet

KanbeWorks --> RT @luc4m: fresh #mirai #opendir

/185.172.111.214/bins/

@bad_packets @HazMalware @CapeSandbox

(old MVPower DVR rce) https://t.co/4AHzEf0…

Mohamme74571174 --> RT @anyrun_app: New tutorial video about #opendir's and detecting malware through them using ANYRUN service is out!

Get more IOCs using ne…

HazMalware --> RT @luc4m: fresh #mirai #opendir

/185.172.111.214/bins/

@bad_packets @HazMalware @CapeSandbox

(old MVPower DVR rce) https://t.co/4AHzEf0…

andsyn1 --> #phishing #phishkit #opendir

hxxps://mythree-ltd.com/THREEBANKS2020.zip https://t.co/QymVOej1Rf

YourAnonRiots --> RT @xxdesmus: hXXp://139[.]99[.]134[.]248/5311qjmikurawepedalnqmashrabotatuk61119123c/

Binaries: "infn"

https://t.co/TivuKX0HLf

New IP:… Link with Tweet

-----#MALSPAM----

stefan47162232 --> RT @DynamicAnalysis: #ZLoader #malspam recently reported downloader URLs:

hxxps://placanemcourri.ga/wp-keys.php

hxxps://naorietenderpver.g…

gh0std4ncer --> RT @DynamicAnalysis: #ZLoader #malspam recently reported downloader URLs:

hxxps://placanemcourri.ga/wp-keys.php

hxxps://naorietenderpver.g…

Andre3Verzaal --> RT @DynamicAnalysis: #ZLoader #malspam recently reported downloader URLs:

hxxps://placanemcourri.ga/wp-keys.php

hxxps://naorietenderpver.g…

Prahladjha20091 --> RT @DynamicAnalysis: #ZLoader #malspam recently reported downloader URLs:

hxxps://placanemcourri.ga/wp-keys.php

hxxps://naorietenderpver.g…

cybersec_feeds --> RT @FBussoletti: #Cybercrime: arriva #Metamorfo, #Malware diffuso via #malspam. Esperti #CyberSecurity di @Bitdefender: Si sfrutta la tecni…

kilijanek --> RT @DynamicAnalysis: #ZLoader #malspam recently reported downloader URLs:

hxxps://placanemcourri.ga/wp-keys.php

hxxps://naorietenderpver.g…

fmquasi --> RT @DynamicAnalysis: #ZLoader #malspam recently reported downloader URLs:

hxxps://placanemcourri.ga/wp-keys.php

hxxps://naorietenderpver.g…

ReiMichie99 --> RT @DynamicAnalysis: #ZLoader #malspam recently reported downloader URLs:

hxxps://placanemcourri.ga/wp-keys.php

hxxps://naorietenderpver.g…

DynamicAnalysis --> #ZLoader #malspam recently reported downloader URLs:

hxxps://placanemcourri.ga/wp-keys.php

hxxps://naorietenderpve… https://t.co/U6MU6F6viF Link with Tweet

zlab_team --> RT @_antoniopirozzi: @58_158_177_102 @luc4m related: MALLEABLE #MALSPAM

Fattura_31250.xlsm.mal -> 1d7d64d36d37449e514add9baa34139b

Fattura…

luc4m --> RT @58_158_177_102: #malspam targeted to Italy start to spread

Subject:Sollecito di Pagamento del 26-mag-2020 - Vs. Cod. Cliente 115669200…

cybersec_feeds --> RT @euroinformatica: #Cybercrime: arriva #Metamorfo, #malware diffuso via #malspam

Per diffondersi sfrutta la tecnica del Dynamic-link libr…

reachtonikhil --> RT @smica83: #Malspam #stealer

URL(https): /onedrive.live.com/download?cid=F3DBF2820CCE619A&resid=F3DBF2820CCE619A%21108&authkey=ACqBAGrNXL…

Kn1ghtRdr --> RT @malware_traffic: 2020-06-03 - #Valak (soft_sig: mad29) infection with #IcedID (#Bokbot) - one #malspam example, #pcap of infection traf…

CyberSecHub0 --> RT @euroinformatica: #Cybercrime: arriva #Metamorfo, #malware diffuso via #malspam

Per diffondersi sfrutta la tecnica del Dynamic-link libr…

----#EMOTET----

YourAnonRiots --> RT @Cryptolaemus1: #emotet binary C2 update ~19:10 UTC 20200604

minor C2 changes (additions to E2 only)

no spamming observed

https://t.co…

SBenato --> #EMOTET è la principale e più pericolosa minaccia oggi in circolazione, un #trojan avanzatissimo modulare e che si… https://t.co/hqRPVJ9iiG Link with Tweet

marcogovoni --> Virtualcaffe: Emotet (by @SBenato) https://t.co/dHEo6YDc4K #virtualcaffe #emotet #malware #firewallumano #formazione Link with Tweet

HazMalware --> RT @Cryptolaemus1: #emotet binary C2 update ~19:10 UTC 20200604

minor C2 changes (additions to E2 only)

no spamming observed

https://t.co…

maldatabase --> #Emotet malware indicators.

#Malware #ThreatIntelligence #threatintel #IOC

https://t.co/gmky7qPojY Link with Tweet

CyberSecInt --> ~ Fake News Uses Coronavirus To Spread Malware: Cybercriminals are using fake email messages about the coronavirus… https://t.co/rnoIRpACH9 Link with Tweet

mosaique_inc --> Bromiumは、Emotet対策にも有効!

検出を回避し増殖を続けるEmotetには、従来の検知型マルウェア対策製品では対処できません。

#マルウェア #Emotet #サイバーセキュリティ

https://t.co/TBTzYTXo9R Link with Tweet

reachtonikhil --> RT @Cryptolaemus1: #emotet binary C2 update ~19:10 UTC 20200604

minor C2 changes (additions to E2 only)

no spamming observed

https://t.co…

McAfee_Help --> Are you prepared to defend against #Emotet?

Watch our Emotet Trojan #webcast, where we covered behavioral analysi… https://t.co/oI0MsOn2o0 Link with Tweet

wavellan --> RT @Cryptolaemus1: #emotet binary C2 update ~19:10 UTC 20200604

minor C2 changes (additions to E2 only)

no spamming observed

https://t.co…

ValeryMarchive --> RT @Cryptolaemus1: #emotet binary C2 update ~19:10 UTC 20200604

minor C2 changes (additions to E2 only)

no spamming observed

https://t.co…

JAMESWT_MHT --> RT @Cryptolaemus1: #emotet binary C2 update ~19:10 UTC 20200604

minor C2 changes (additions to E2 only)

no spamming observed

https://t.co…

thlnk3r --> RT @Cryptolaemus1: #emotet binary C2 update ~19:10 UTC 20200604

minor C2 changes (additions to E2 only)

no spamming observed

https://t.co…

edurojas69 --> RT @Cryptolaemus1: #emotet binary C2 update ~19:10 UTC 20200604

minor C2 changes (additions to E2 only)

no spamming observed

https://t.co…

shotgunner101 --> RT @Cryptolaemus1: #emotet binary C2 update ~19:10 UTC 20200604

minor C2 changes (additions to E2 only)

no spamming observed

https://t.co…

-----#BUGBOUNTY----

tectjay --> RT @hackerscrolls: You asked for something about OAuth — we did.

Here is a mindmap about hacking OAuth 2.0. We tried to cover all possibl…

vijay_chari --> RT @hackerscrolls: You asked for something about OAuth — we did.

Here is a mindmap about hacking OAuth 2.0. We tried to cover all possibl…

Se7en_5_Sec --> RT @hackerscrolls: You asked for something about OAuth — we did.

Here is a mindmap about hacking OAuth 2.0. We tried to cover all possibl…

MarcelBilal --> RT @akita_zen: Curl + Parallels OneLiner (http_code + size + url)

cat alive-subdomains.txt | parallel -j50 -q curl -w 'Status:%{http_code}…

kushalveer000 --> RT @manas_hunter: Got a "forgot password" page? Apply these tips, these might be handy. If you get a bounty from it, don't forget to mentio…

nyrbte --> RT @hackerscrolls: You asked for something about OAuth — we did.

Here is a mindmap about hacking OAuth 2.0. We tried to cover all possibl…

WebSecurityIT --> RT @gren_siahaan: [INFO] Curl + Parallels OneLiner (http_code + size + url)

cat alive-subdomains.txt | parallel -j50 -q curl -w 'Status:%{…

gren_siahaan --> [INFO] Curl + Parallels OneLiner (http_code + size + url)

cat alive-subdomains.txt | parallel -j50 -q curl -w 'Sta… https://t.co/pDFcxzEOVf Link with Tweet

motaz88_88 --> RT @zer0pwn: Using proxychains, you can proxy all traffic from an application on linux.

I often use this to forward traffic thru Burpsuite…

rudra16t --> RT @khushbhatt: Kudos to all the Winners of BATPWN CTF @bsidesahmedabad.

@DefConUA @liuhackse @alcapwnctf @InfoSecIITR and Young

#Bsides #…

a_pandurangi --> RT @lordjerry0x01: I just shared one of my finding "Local file read via XSS using PDF file generate functionality": https://t.co/TZ3rlZ3k61… Link with Tweet

rudra16t --> RT @bsidesahmedabad: BatPwn Winners:

1. @DefConUA

2. Young

3. @liuhackse

4. @alcapwnctf

5. @InfoSecIITR

Our team will be reaching out to…

rudra16t --> RT @bsidesahmedabad: Lauds & praises to all the BSides Ahmedabad team members for their immense support in making BatPwn a huge success! 👏…

Riveck --> RT @akita_zen: Curl + Parallels OneLiner (http_code + size + url)

cat alive-subdomains.txt | parallel -j50 -q curl -w 'Status:%{http_code}…

IsecEmAll --> RT @lordjerry0x01: I just shared one of my finding "Local file read via XSS using PDF file generate functionality": https://t.co/TZ3rlZ3k61… Link with Tweet

----#CYBERCRIME----

chidambara09 --> RT @CallMeSam_____: This is very serious,our main admin detected a massive movement through WA,Telegram,Facebook to make a fandalism moveme…

sectest9 --> RT @oliveriogabriel: 👉 ATENCION: ESTAFA EN INTERNET 👇

#ciberseguridad #CiberPatrullaje #CiberPatrullaje #ciberdefensa #CyberSecurity #Cyber…

CyberSecurityN8 --> RT @oliveriogabriel: 👉 ATENCION: ESTAFA EN INTERNET 👇

#ciberseguridad #CiberPatrullaje #CiberPatrullaje #ciberdefensa #CyberSecurity #Cyber…

cybersec_feeds --> RT @oliveriogabriel: 👉 ATENCION: ESTAFA EN INTERNET 👇

#ciberseguridad #CiberPatrullaje #CiberPatrullaje #ciberdefensa #CyberSecurity #Cyber…

chidambara09 --> RT @avdrst: @NATO condemns #Cyberattacks

https://t.co/qVNG7uDtFs via @InfosecurityMag #cybercrime #CyberSecurity Link with Tweet

i_zeeray --> RT @cybercrimefia: ✅Cybercrime FIA busts Nigerian Gang

#Nigerianfraud

#cybercrime https://t.co/Nzu9YIbs6v

wellytanoto --> RT @CallMeSam_____: This is very serious,our main admin detected a massive movement through WA,Telegram,Facebook to make a fandalism moveme…

mohamadharis251 --> RT @CallMeSam_____: This is very serious,our main admin detected a massive movement through WA,Telegram,Facebook to make a fandalism moveme…

sectest9 --> RT @AghiathChbib: AI: The New Cyber Crime Solution… and Threat

by: @aghiathchbib

#Cybersecurity #Cyberattacks #Cyberthreats #Cybercrime

👉h…

CyberSecurityN8 --> RT @AghiathChbib: AI: The New Cyber Crime Solution… and Threat

by: @aghiathchbib

#Cybersecurity #Cyberattacks #Cyberthreats #Cybercrime

👉h…

cybersec_feeds --> RT @AghiathChbib: AI: The New Cyber Crime Solution… and Threat

by: @aghiathchbib

#Cybersecurity #Cyberattacks #Cyberthreats #Cybercrime

👉h…

cybersec_feeds --> RT @cybersec2030: 9 أهداف رئيسية للمخترقين #Hackers ومرتكبي الجرائم السيبرانيه

تؤثر على قيمة الشركات في الإندماج و الإستحواذ.

(#Mergers a…

yousufisbpk --> RT @cybercrimefia: ✅Cybercrime FIA busts Nigerian Gang

#Nigerianfraud

#cybercrime https://t.co/Nzu9YIbs6v

FaisalIqbalCric --> RT @cybercrimefia: ✅Cybercrime FIA busts Nigerian Gang

#Nigerianfraud

#cybercrime https://t.co/Nzu9YIbs6v

G8Maq --> RT @cybercrimefia: ✅Cybercrime FIA busts Nigerian Gang

#Nigerianfraud

#cybercrime https://t.co/Nzu9YIbs6v

cyb3rops: sudo apt install --install-recommends winehq-stable https://t.co/RM0VIUWeoJ Link to Tweet

cyb3rops: @r0bre I don’t think so Link to Tweet

cyb3rops: Yet another C2/„implant“ framework https://t.co/hGRtIa8DJh Link to Tweet

cyb3rops: @jenschm @JohnHultquist @cglyer @anthomsec @RidT @taosecurity @WylieNewmark @ChicagoCyber @PJ47596176 @Viking_Sec @cnoanalysis @bread08 GOSSIPGIRL — because I‘d like to fill some missing links and talk to experts, not apprentices Link to Tweet

cyb3rops: @CyberWarship @3mm4h3ff Yesterday - I got this new issue. Should I recommend him Wine? https://t.co/p2xyIg4mH8 Link to Tweet

inj3ct0r: #0daytoday #vBulletin 5.6.1 SQL Injection #Exploit https://t.co/mYFrzdViPl Link to Tweet

inj3ct0r: #0daytoday #Microsoft #Windows - (#SMBGhost) Remote Code Execution #Exploit #RCE #SMB https://t.co/GLjTluSTDd Link to Tweet

inj3ct0r: #0daytoday #macOS/x64 zsh RickRolling #Shellcode (198 bytes) https://t.co/UZ3bXebV69 Link to Tweet

inj3ct0r: #0daytoday #QuickBox Pro 2.1.8 - Authenticated Remote Code Execution #Exploit #RCE https://t.co/QNbzLBZOtu Link to Tweet

inj3ct0r: #0daytoday #VMware vCenter Server 6.7 - Authentication #Bypass #Exploit https://t.co/3zuBt8PlLe Link to Tweet

0dayDB: #WordPress Drag And Drop Multi File Uploader Remote Code Execution

#0day #Zeroday #Exploit #Exploits #Security Link to Tweet

0dayDB: #WebLogic Server Deserialization – Remote Code Execution

#0day #Zeroday #Exploit #Exploits #Security Link to Tweet

0dayDB: #VMWare vCloud Director 9.7.0.15498291 – Remote Code Execution

#0day #Zeroday #Exploit #Exploits #Security Link to Tweet

0dayDB: @GroupAnon Anonymous China Link to Tweet

0dayDB: @YourAnonNews Anonymous China Link to Tweet

malwrhunterteam: And the file is still there...

😫 Link to Tweet

malwrhunterteam: @cosshack @VK_Intel If it was that, it was a very poor attempt... Link to Tweet

malwrhunterteam: Not much detected "defensor-digital_1.1.apk": 440e1cdafcbf3e18ee99fa84b54d72b5351e0fc9c81032025847dd457fbd9c05

cc @JAMESWT_MHT https://t.co/Kz6RSVuvkD Link to Tweet

blackorbird: @cyb3rops @VK_Intel @JohnLaTwC @craiu @cglyer @ItsReallyNick @RedDrip7 @hasherezade @Cyb3rWard0g @olafhartong @neu5ron @SBousseaden Thanks Florian! #FF @cyb3rops Link to Tweet

blackorbird: Who is "Robot Karll"

https://t.co/DXllwoW8YW https://t.co/f6luJoL8dW Link to Tweet

blackorbird: 👍

https://t.co/0DX9kcX5UD https://t.co/gOUZpSZ8Rh Link to Tweet

wugeej: [Tool] GhostShell-Malware indetectable, with AV bypass techniques, anti-disassembly, etc.

https://t.co/6BigLmltLs https://t.co/ICzJhGLKuA Link to Tweet

wugeej: [Tool] Inject Macro and DDE code into Excel and Word documents (reverse shell)

https://t.co/vKMgSq7kLP https://t.co/CVzdlpj1yK Link to Tweet

wugeej: HP Support Site Directory Indexing

cc @ExploitWareLabs https://t.co/yUhA7IPwZE Link to Tweet

int0x33: @kevinriggle Cheers 🍻Enjoy! Link to Tweet

int0x33: @unfoldmybrain The cost in both time and skill to do this well is high which is why I think the great ones never get shared and the public ones stay pretty average, in addition to good attackers map the public ones for indicators of honeypot. Link to Tweet

int0x33: @unfoldmybrain None of the out of the box ones imo, you’ll only get flakes who aren’t even worth the attention if you’re well defended. You have to make custom ones for certain use cases to be truly effective, and put a lot of work into making the honeypot feel real, fully interactive. Link to Tweet

hyp3rlinx: CVE-2020-7030 Avaya IP Office v9.1.8.0 - 11 / Insecure Transit Password Disclosure

https://t.co/cHtnGZSDHt Link to Tweet

hyp3rlinx: CVE-2020-13866 WinGate v9.4.1.5998 / Insecure Permissions EoP

https://t.co/sxng8MO51y Link to Tweet

malware_traffic: More info on #Valak (soft_sig: mad29) dated Wednesday 2020-06-03 - Paste of info: https://t.co/cI4Mno8iVk - Pastebin raw: https://t.co/snnzUIIg75 - Had to try different source IPs before finding one where I could download the Valak DLLs. https://t.co/HaxQgfQPkP Link to Tweet

malware_traffic: 2020-06-03 - #Valak (soft_sig: mad29) infection with #IcedID (#Bokbot) - one #malspam example, #pcap of infection traffic, malware/artifacts, and the associated IOCs available at: https://t.co/w8LMup78X5 https://t.co/XPKfVCUxWR Link to Tweet

malware_traffic: 2020-06-03 - #malspam pushing #Dridex - 10 email examples, a #pcap of infection traffic, some malware/artifacts, and some IOCs available at: https://t.co/LZHpR0ZZWV https://t.co/y6GRicWPRb Link to Tweet

malware_traffic: @NinjaNull I figure if it's important, they'll leave a message. Link to Tweet

James_inthe_box: @maciekkotowicz @AdamTheAnalyst Thanks Mak! Link to Tweet

James_inthe_box: @cocaman @abuse_ch Beautiful...thank you! Link to Tweet

James_inthe_box: Skills I've acquired since the #pandemic:

I can now open doors using just my pinky. 💪 Link to Tweet