ThreatChat ThreatHistory Video Feed

Bzzzzzzt! How safe is that keenly priced digital doorbell?

S3 Ep8: A conversation with Katie Moussouris [Podcast]

Gift card hack exposed – you pay, they play

Naked Security Live – Beat the Threat!

Facebook patches Messenger audio snooping bug – update now!

S3 Ep7: When ransomware crooks get a big fat zero! [Podcast]

Sophos 2021 Threat Report: Navigating cybersecurity in an uncertain world

Cult videogame company Capcom pays a big round $0.00 to ransomware crooks

Naked Security Live – Don’t get hoaxed (pass it on)!

How to do cybersecurity – join us online for the Sophos Evolve event

Federated Learning: A Therapeutic for what Ails Digital Health

Changing Employee Security Behavior Takes More Than Simple Awareness

Laser-Based Hacking from Afar Goes Beyond Amazon Alexa

Critical MobileIron RCE Flaw Under Active Attack

Major BEC Phishing Ring Cracked Open with 3 Arrests

How to Update Your Remote Access Policy – And Why You Should Now

Post Breach, Peatix Data Reportedly Found on Instagram, Telegram

'Minecraft Mods' Attack More Than 1 Million Android Devices

Smart Doorbells on Amazon, eBay, Harbor Serious Security Issues

Google Services Weaponized to Bypass Security in Phishing, BEC Campaigns

IoT Cybersecurity Improvement Act Passed, Heads to President's Desk

Tesla Hacked and Stolen Again Using Key Fob

Robot Vacuums Suck Up Sensitive Audio in ‘LidarPhone’ Hack

From Triton to Stuxnet: Preparing for OT Incident Response

How the Pandemic is Reshaping the Bug Bounty Landscape

305 CVEs and Counting: Bug-Hunting Stories From a Security Engineer

A Cyber 'Vigilante' is Sabotaging Emotet's Return

Black Hat USA 2020: Critical Meetup.com Flaws Reveal Common AppSec Holes

ThreatList: Pharma Mobile Phishing Attacks Turn to Malware

Cybercrime Moves to the Cloud to Accelerate Attacks Amid Data Glut

APT Groups Finding Success with Mix of Old and New Tools

Survey: Cybersecurity Skills Shortage is ‘Bad,’ But There’s Hope

Cybercriminals Batter Automakers With Ransomware, IP Theft Cyberattacks

Botnet Attackers Turn to Vulnerable IoT Devices

Halloween News Wrap: Zombie Bugs, Hospital Deaths and Other Scary Cyberattack Stories

Holiday Shopping Craze, COVID-19 Spur Retail Security Storm

Phishing Lures Shift from COVID-19 to Job Opportunities

News Wrap: Barnes & Noble Hack, DDoS Extortion Threats and More

Experts Weigh in on E-Commerce Security Amid Snowballing Threats

Cybercriminals Step Up Their Game Ahead of U.S. Elections

Encryption Under ‘Full-Frontal Nuclear Assault’ By U.S. Bills

Chris Vickery: AI Will Drive Tomorrow’s Data Breaches

The Enemy Within: How Insider Threats Are Changing

BEC Gang Exploits G Suite, Long Domain Names in Cyberattacks

2020 Cybersecurity Trends to Watch

Top Mobile Security Stories of 2019

Facebook Security Debacles: 2019 Year in Review

Biggest Malware Threats of 2019

Top 10 IoT Disasters of 2019

2019 Malware Trends to Watch

Top 2018 Security and Privacy Stories

2019: The Year Ahead in Cybersecurity

2018: A Banner Year for Breaches

Do You Know Who's Lurking in Your Cloud Environment?

Look Beyond the 'Big 5' in Cyberattacks

Prevention Is Better Than the Cure When Securing ...

Why Security Awareness Training Should Be Backed by ...

Latest Version of TrickBot Employs Clever New ...

Baidu Apps Leaked Location Data, Machine Learning ...

How Ransomware Defense Is Evolving With Ransomware ...

CISA Warns of Holiday Online Shopping Scams

Alexa, Disarm the Victim's Home Security System

Cloud Security Startup Lightspin Emerges From Stealth

US Treasury's OFAC Ransomware Advisory: Navigating ...

What's in Store for Privacy in 2021

Printers' Cybersecurity Threats Too Often Ignored

Security Researchers Sound Alarm on Smart Doorbells

As 'Anywhere Work' Evolves, Security Will Be Key ...

Ransomware Grows Easier to Spread, Harder to Block

Evidence-Based Trust Gets Black Hat Europe Spotlight

Manchester United Suffers Cyberattack

Chinese APT Group Returns to Target Catholic Church ...

3 Steps CISOs Can Take to Convey Strategy for ...

Warning: Massive Zoom phishing targets Thanksgiving meetings

Canon publicly confirms August ransomware attack, data theft

Ransomware hits largest US fertility network, patient data stolen

Truck routing provider Rand McNally hit by cyberattack

cPanel 2FA bypassed in minutes via brute-force attacks

Sophos alerts customers of info exposure after security breach

Sopra Steria expects €50 million loss after Ryuk ransomware attack

TMT BEC scammers arrested after compromising 50,000 companies

The Best Black Friday 2020 Security, IT, VPN, & Antivirus Deals

Danish news agency Ritzau refuses to pay after ransomware attack

Windows 7 and Server 2008 zero-day bug gets a free patch

Baltimore County Public Schools hit by ransomware attack

Belden networking giant's company data stolen in cyberattack

Passwords exposed for almost 50,000 vulnerable Fortinet VPNs

Black Friday 2020 deal: 20% off Zero2Automated reverse engineering courses

NHS Error Exposes Data on Hundreds of Patients and Staff

#DTX Cybersecurity Mini Summit: How CISOs Can Transform an Organization’s Cyber-Capabilities

GDPR Has Had Successes, Requires Public Knowledge of Data Spread

Defining Codes of Conduct to Enable Post Brexit GDPR Compliance

DDoS Attacks Against Online Retailers Increase Four-Fold During Pandemic

Acronis and World Economic Forum Partner to Combat Global Cybercrime

Email Attacks on the Retail Industry: ‘Tis the Season

New Egregor Ransomware Steps into Maze Group’s Shoes

UK Spies Urge Firms to Patch MobileIron Bug ASAP

Putting People First: Overcome Human Error in Email Security

Tales from the Insider Crypt: The Evolution of Insider Risk Maturity

How to Mitigate Insider Security Risks in the Current Landscape

Enabling Incident Response in a Remote Working Landscape

Behind the Scenes of a Live DDoS and BOT Attack: Launch and Mitigation

No Perimeter, No Problem: Crypto-Strategy for a Zero-Trust Future

Establishing a Successful DevSecOps Program: Lessons Learned

Achieving Compliance with the Cybersecurity Maturity Model Certification (CMMC)

Web App and Portal Protection: Managing File Upload Security Threats

Extended Threat Detection and Response: Critical Steps and a Critical System

Ransomware Defense with Micro-Segmentation

Security in the Cloud - Emerging Threats & the Future

Phishing Most Frequently Reported Cybercrime in US

Louisiana Hospitals Report Data Breach

Sopra Steria: Ryuk Attack May Cost us €50m

Anonymous Hacks Uganda Police Website

Ransomware Suspected in Man United Attack

2020 Cybersecurity Headlines in Review

Solving the Global Cybersecurity Skills Gap in Two Simple Steps

Nigerians Arrested Over International BEC Scam

Medical Officer Speaks Out Against Cyber-Bullying

#DTX Cybersecurity Mini Summit: Awareness Key to Securing a Remote Workforce

How to Apply Individualized Zero-Trust Architecture

Home Depot Settles with US States Over 2014 Data Breach

LOQBOX Appoints Tim Porter as New Chief Risk Officer

Peatix Braces Users for Follow-On Attacks After Breach

GoDaddy scam shows how vishing is more deceptive than an email phish

Cloud security mapping startup Lightspeed comes out of stealth

Home Depot settles with state AGs for 2014 point-of-sale hack

First Look: PrivafyCentral

Biden's DHS nominee Mayorkas offers hope of stability, resilience

Popular apps leak data that adversaries could use to spy on targets

Watch Now: Proactive cybersecurity thwarts bleeding edge threat trends

Managing the competing demands of development velocity and application security

Top four activities trending in application security

Amid high-profile outages, automated certificate management offers a solution

How cybersecurity supports digital transformation in health care

Five ways banks can avoid hefty fines for poor risk management

Ransomware gangs hunt for tax software to ratchet up pressure on victims

CyberArk, Forescout and Phosphorus team to automate IoT device integration and lockdown

Organizations look ahead to 2021 return to office, refocus on hybrid security

Websites requiring security software download opened door to supply chain attack

With Black Friday-Cyber Monday looming, Grelos skimmer tied to Magecart poses threat

FireEye buys Respond Software as security automation market gains momentum

Home Depot agrees to $17.5 million settlement over 2014 data breach

Hackers accidentally expose Spotify user data they stole

Bug Allowed Hackers to Get Anyone’s Email Address on Xbox Live

Laser-Based Hacking from Afar Goes Beyond Amazon Alexa

OpenMediaVault rpc.php Authenticated PHP Code Injection

Kong Gateway Admin API Remote Code Execution

WordPress Simple File List Unauthenticated Remote Code Execution

Ubuntu Security Notice USN-4644-1

SyncBreeze 10.0.28 Remote Buffer Overflow

osCommerce 2.3.4.1 Cross Site Scripting

Wondershare Driver Install Service Help 10.7.1.321 Unquoted Service Path

Ubuntu Security Notice USN-4643-1

nfstream 6.2.4

ZTE MF253V 1.0.0B04 XSS / CSRF / Hardcoded Password

ZeroShell 3.9.0 Remote Command Execution

Seowon 130-SLC 1.0.11 Remote Code Execution

Red Hat Security Advisory 2020-5179-01

Red Hat Security Advisory 2020-5218-01

Red Hat Security Advisory 2020-5118-01

Red Hat Security Advisory 2020-5119-01

Red Hat Security Advisory 2020-5203-01

Ubuntu Security Notice USN-4642-1

Ubuntu Security Notice USN-4641-1

Red Hat Security Advisory 2020-5185-01

Red Hat Security Advisory 2020-5206-01

Ubuntu Security Notice USN-4640-1

Red Hat Security Advisory 2020-5199-01

Red Hat Security Advisory 2020-5201-01

Hacker leaks the user data of event management app Peatix

Critical VMware Zero-Day Bug Allows Command Injection; Patch Pending

Huawei ban: UK networks breaking new law face big fines

Voter fraud: Social media is playing whack-a-mole with a bunch of bogus claims

Tesla Hacked and Stolen Again Using Key Fob

Apple Security Chief Accused of Trading iPads for Gun Permits

Attackers Dupe GoDaddy Into Abetting Cryptocurrency Site Takedowns

GitHub fixes 'high severity' security flaw spotted by Google

TikTok patches reflected XSS bug, one-click account takeover exploit

Smart doorbells 'easy target for hackers' study finds

Team Merlin – Medium

An Easy Way to Protect Data on Your Personal Computer | by Entrespace Group | OfficeFLO | Nov, 2020 | Medium

Becoming Root With Wildcard Injections on Linux | by Vickie Li | Better Programming | Nov, 2020 | Medium

Becoming Root Via a Misconfigured PATH | by Vickie Li | Better Programming | Nov, 2020 | Medium

Becoming Root Through Misconfigured SUDO | by Vickie Li | Better Programming | Nov, 2020 | Medium

This Is How I Hacked My Neighbors Computer | by c0d3x27 | InfoSec Write-ups | Nov, 2020 | Medium

Can Biometric Data Give Rise to Digital Dictatorship? | by abanikanda | Data Driven Investor | Nov, 2020 | Medium

Data Driven Investor – Medium

Canada’s Newly Proposed Bill C-11: a Historic Step For Improved Canadian Privacy | by Naoshin Fariha | Junior Economist | Nov, 2020 | Medium

Junior Economist – Medium

Privacy-Preserving Social Login with Hypersign | by Vishwas Anand Bhushan | Hypersign | Nov, 2020 | Medium

Vishwas Anand Bhushan – Medium

React Authentication: How to Store JWT in a Cookie | by Ryan Chenkie | Medium

Securing applications with JWT Spring Boot | by Ignacio Oliveto | Wolox | Medium

Apple One Needs Apple VPN, Apple Event | Shubh Patni | Data Driven Investor

Personal data of 16 million Brazilian COVID-19 patients exposed online | ZDNet

CyberAlarm: An independent security review... and why you should avoid it.

How attackers use built-in Windows tools for Reconnaissance. - YouTube

Incident: Law In Order hit by ransomware attack | iTnews - Australian Information Security Awareness and Advisory

Nearly 28 million licensed Texas drivers hit by data breach

Upcoming Speaking Engagements - Schneier on Security

Detailed Audit of Voatz' Voting App Confirms Security Flaws

Friday Squid Blogging: Underwater Robot Uses Squid-Like Propulsion - Schneier on Security

Inrupt’s Solid Announcement - Schneier on Security

Audit: WA registry system flaws force auditor to delay findings by 18 months | iTnews - Australian Information Security Awareness and Advisory

Happy Thanksgiving!

COVID-19 Cyber Attacks - WebARX Security

Audit: Major NSW govt agencies still without disaster recovery plans for all systems | iTnews - Australian Information Security Awareness and Advisory

Hindering Threat Hunting, a tale of evasion in a restricted environment - BlackArrow

How to Learn Python for Data Science? The Best Ways - TechBiason

Thankful for picking tips and this community - YouTube

Exposing Sensitive Data in a Website - COMPTIA Pentest+ TryHackMe OWASP - YouTube

SonarSource Blog

Architecture of a ransomware (2/2) | by Security Shenanigans | Nov, 2020 | Medium

SD-PWN Part 4 — VMware VeloCloud — The Last Takeover | by Ariel Tempelhof | Realmode Labs | Nov, 2020 | Medium

Understanding People Part 10: Limiting Beliefs - YouTube

[Fuzzing with WinAFL] Writing Harness for a DLL and fuzzing it with WinAFL - YouTube

Manchester United’s fears over crippling cyberattack | Sport | The Times

Bug bounty program for EFG - ECOchain

Making an unpickable lock. Calling locksmiths - YouTube

Firefox to remove support for the FTP protocol | ZDNet

Amazon sorry for Sidewalk 'confusion' - BBC News

BASI K10 picked and gutted 👌 - YouTube

GitHub - neonify/lessgo: A fast web fuzzer in golang

[7] Keso 2000s 3-Axis 15 Pins Picked and Gutted - YouTube

US Senator calls for better threat identification technologies | Flash News

CyberAlarm: An independent security review... and why you should avoid it.

Tesla Hacked News: Avoid Clickbait, FACTS only [Tesla Hack Fix Coming] - YouTube

ASSA Twin Exclusive Picked and Gutted (Black Belt #2) - YouTube

Google exploring using location info to slow coronavirus spread

Sophos notifies customers of data exposure after database misconfiguration | ZDNet

(ENG-106) Lockpicking - Picking a Burg Wächter Quadra 444 50 SB - YouTube

Protect domains that don’t send email - GOV.UK

New Zealand Election Fraud - Schneier on Security

The U.S. wants smartphone location data to fight coronavirus. Privacy advocates are worried.

Stop the EARN IT Bill Before It Breaks Encryption | EFF Action Center

[2] Picking a Master Lock 410 LOTO - YouTube

virusbtn: Ransomware continues to target victims around the world, with the latest targets including the Baltimore County school district and Danish news agency Ritzau https://t.co/OuPKBBv2uG https://t.co/jS9bq0VROr https://t.co/1QeYq8mOqK

virusbtn: Avanan's @mlandewe writes about a malware attack spreading via Microsoft Teams chat at an infected partner organization https://t.co/vTSsPaOvk0 https://t.co/O1oUEsafJG

virusbtn: A newly found backdoor suggests Operation Lagtime has been targeting Russia, according to @sebdraven https://t.co/iOND2CmT8X https://t.co/3gSHAQxu1E

virusbtn: The Nigerian police have arrested three members of the prominent TMT group, which has been active in business email compromise (BEC) scams https://t.co/O3TXD3wQ9R https://t.co/CdYC3uoDgq

virusbtn: Both Cybereason's @lior_rochberger and SentinelOne's Jim Walter have written brief analyses of the Egregor ransomware that has recently targeted some prominent victims https://t.co/5ua4bPjmeF https://t.co/gfoddnit8V https://t.co/5sEQH7OoAW

TalosSecurity: We expect to see a lot of scams pop up this week around #CyberMonday #BlackFriday and #Thanksgiving. Brush up on your scam senses by looking back at some pasts posts we've published on avoiding holiday shopping scams: https://t.co/z33oI2oh9E https://t.co/RG4w0teJ0U https://t.co/66Trxs4AY0

TalosSecurity: More consumers are expected to shop online than ever for #BlackFriday and #CyberMonday this year as they avoid crowds and lines. In our latest Talos Takes episode, we discuss ways to avoid common scams that we suspect will pop up https://t.co/pQcyjZhqIJ https://t.co/kLSa5etnOq

TalosSecurity: @IgnotumAliquis @adamhotep @WeAreCisco We use remote services and software all day every day. As Adam stated, this position is specifically funded to physically reside in Singapore. 100% of our employees right now have been working from home for some time, and will continue.

TalosSecurity: @DLangille @pchobbit @catehamm Shouldn’t. Should ship from Maryland.

MBThreatIntel: Have you ever paid close attention to the animated GIF performing a fake scan on #browlock pages? The dir /s command is run from a Spanish XP machine with VirtualBox installed. You can grab a copy of the GIF here: 104.236.3[.]116/ched/def.gif https://t.co/NeCLyCsoTE

MBThreatIntel: New #Dridex template via malspam Document: bb3d78bf4f9cb8311cef50b0d9e619bfa7f838d36323987b693167d7202e8c04 Payload: d6a58b721fa87d74561aeaf8175dfc6109300424d94d2e221f2fcd1781e8e458 C2s: 175.126.167[.]148:443 173.249.20[.]233:8043 162.241.204[.]233:4443 138.122.143[.]40:8043 https://t.co/GNQeinlWZG

anyrun_app: Looks like despite all measures against #Trickbot, it is coming back on track! Right now it's using a well-known maldoc and the execution chain is the same after the recent update. https://t.co/yXUuSrgzPW Browse ANYRUN's Public Submissions to find fresh and interesting samples! https://t.co/4VO7sZSPle

anyrun_app: Also, #Dridex is downloaded right now by maldocs with different looking templates. Worth mention that it uses maldoc with almost the same template and an execution chain from the summer 2020 campaign. Those lazy guys just put #Emotet template over theirs https://t.co/43ZbBwTHRa https://t.co/RPwkwoMswp

anyrun_app: Meet the next wave of the #Dridex malspam, fully armed with ANYRUN! Don't waste your time waiting for the end of the task, just look at debug output. Is executable file dropped by EXCEL constantly output gibberish into debug? Wait no more - that's Dridex! https://t.co/g4XIP7Z2kN https://t.co/y4aCJObcdo

anyrun_app: TOP10 last week's threats by uploads ⬇️ #NjRAT 178 (185) ⬇️ #AgentTesla 124 (149) ⬇️ #Emotet 115 (151) 🏖️ ⬇️ #NanoCore 65 (78) ⬆️ #Formbook 63 (43) ⬆️ #Remcos 59 (59) ⬆️ #Ursnif 57 (50) ⬆️ #Redline 51 (49) ⬇️ #AsyncRAT 44 (72) ⬆️ #Quasar 39 (26) https://t.co/98nRpXOxWw

abuse_ch: PROJECT UPDATE: I was able to raise enough funding to start the research project. I'm currently in negotiation with the corresponding university of applied sciences to figure out the details. These talks should (hopefully) be finished end of December. Stay tuned for an update! ⌛️ https://t.co/mUXtPoJzk8

abuse_ch: @ViriBack Seems to be related to ZLoader

QuoIntelligence: Check out our latest report on the #trickbot #botnet that seems to live and evolve despite recent takedown efforts by US & @microsoft and don't miss the upcoming EU #regulations for large #technology companies. This and much more here: https://t.co/fS7eFFTyCe #CybersecurityNews

QuoIntelligence: Happy #Thanksgiving! We’re #thankful for all of our dear followers, clients, and employees. To give back to our amazing community, we currently have up to 25% OFF our products & services - have a look: https://t.co/GYav57WCwH https://t.co/nEC9mNVXkq

JAMESWT_MHT: Another "Logika LLC" #signed #imgur #loader... Sample https://t.co/fL0wKUvIpL https://t.co/gpGLdWu7rS h/t @malwrhunterteam cc @Arkbird_SOLG @Jan0fficial @verovaleros @VK_Intel @sugimu_sec @felixw3000 @58_158_177_102 @hatching_io @arieitan @James_inthe_box https://t.co/SYy0N4o9KO

makflwana: @Bank_Security Banking with Wordpress admin interface 🤪🤔🤔

cyb3rops: @fr0gger_ @yararules - I’d rename “hexadecimal strings” to “hexadecimal byte chains” - I miss a list of usable modules: pe, elf, hash, math .. - I’d would be helpful to add that the xor modifier should in 95% of the cases used as “xor(0x01-0xff)” to avoid matching on the original string https://t.co/EyePdwtCa4

cyb3rops: @fr0gger_ @yararules - entrypoint is deprecated; use pe.entry_point - add an example $s at (filesize-100..filesize) which is a very helpful condition instead of $s at 100 https://t.co/oE74xSCZtP

cyb3rops: @fr0gger_ @yararules Great idea 👍 some comments: - compiling the rules only speeds up the process if you invoke the scan over and over again - xor is an encryption, not an encoding - the most import “pe” functions are: exports(), number_of_signatures, number_of_exports, imphash()

RedDrip7: New sample seems used by #APT-C-23 #AridViper. Once it gets executed, a document relating to infomation about #CIA #Hamas is shown to confuse the victim and meanwhile RAT is executed to perform remote control. https://t.co/p1SQhlrAuM https://t.co/oNRGpy5Q4k

inj3ct0r: #0daytoday #Razer #Chroma SDK Server 3.16.02 - Race Condition Remote File Execution #Exploit #RCE https://t.co/2Fl5JKLNms

inj3ct0r: #0daytoday #PureFTPd 1.0.48 - Remote Denial of Service #Exploit #DoS https://t.co/fuAKrFXqjk

inj3ct0r: #0daytoday #WordPress Simple File List Unauthenticated Remote Code Execution #Exploit #RCE https://t.co/gOjqP3blVx

inj3ct0r: #0daytoday #KongGateway Admin API Remote Code Execution #Exploit #RCE https://t.co/pvh63QOvbd

inj3ct0r: #0daytoday #OpenMediaVault rpc.php Authenticated PHP Code Injection #Exploit https://t.co/CuSj97xwkc

malwrhunterteam: (2/2) https://t.co/9QkLuFM3p6

malwrhunterteam: Virgin Mobile phishing: https://vmedia-personal-update[.]com/ (1/2) https://t.co/MmFtw346gk

malwrhunterteam: For a monkey, maybe. But "Namecheap Legal&Abuse team" is a very different species compared to monkeys. And it not means that the monkeys are that bad compared to them, but the exact opposite... 😂 https://t.co/zbV5jukl1p

malwrhunterteam: This must be fakenews as everyone know they have "strictly zero tolerance for phishing activities". 😂 https://t.co/ObSJQOPJ2V

malwrhunterteam: The mentioned btc-gemini[.]live site is still online... 😂

wugeej: Playground Sessions for Windows, stores the user credentials in plain text allowing anyone with access to C:\Users<USER>\AppData\Roaming\Playground\Local Store#SharedObjects\Playground.swf\UserProfiles.sol to extract the email and password. https://t.co/qjWS8Jkgqe https://t.co/ZLvNcgUadR

malware_traffic: @FamilyDollarPie I generally do it connected live.

malware_traffic: @FamilyDollarPie I have a variety of hosts in my lab environment, including physical and virtual hosts. I rarely use inetsim, though, since I try to capture follow-up malware retrieved by the malware samples during these infections.

malware_traffic: 2020-11-25 (Wednesday) - Another wave of #TA551 (#shathak) Word docs with English template pushing #IcedID - Paste of info: https://t.co/nQgMUuKITh - Pastebin raw: https://t.co/kwXY71iFQv https://t.co/sLyDKxKGeA

malware_traffic: @ffforward @malwrhunterteam @James_inthe_box @JAMESWT_MHT @lazyactivist192 @executemalware 2020-11-25 (Wednesday) - Saw #CobaltStrike from wheredidmarkmakehismoney[.]com as follow-up malware from today's #Hancitor infection - CobaltStrike C2 used HTTPS over 199.217.117[.]184 over TCP ports 443 and 444 https://t.co/biPizv6Yy6

James_inthe_box: @ebotpoloskun #dcrat :)

James_inthe_box: @noottrak Or the site admin dropped acid before creating it..."ya THIS looks about right..."

James_inthe_box: @JohnLaTwC Parler

James_inthe_box: @campuscodi Love the shirt....someone missed "thou shalt not steal" apparently..

pmelson: @ysmithnd https://t.co/2vAFVm00jW

pmelson: @danveloper “You’ve got 9 or more guests over for dinner? That’s different.”

pmelson: @Andrew___Morris Then you have not gone that deep on AMZN. https://t.co/Iaqn0jquMi

pmelson: @anthomsec Also this version: https://t.co/fK7wlir2u3

demonslay335: @namoRdeP New Djvu. Read the FAQ: https://t.co/NORSVwykGo

demonslay335: Why do I get this almost daily: "Your website ID Ransomware says it is impossible to decrypt this #ransomware, NoMoreRansom says it is impossible, and your decryptor tool says it is impossible... can you please decrypt my files?" https://t.co/UmW2WCpj6n

demonslay335: #STOP #Djvu #Ransomware w/ extension ".lisp" (v0267) spotted on ID Ransomware.

demonslay335: @keith8850 Can you DM me an encrypted file and its original? I'd need to verify I can still break your case in order to update the decryptor.

hackerfantastic: @MisterTechBlog Looks interesting, thanks for sharing.

hackerfantastic: @AndrewB60053540 @MayaPosch Rust has memory safety. C++ does not and therefore it has numerous bug types that cannot be found in Rust.

hackerfantastic: @vxunderground https://t.co/OZ2ISWkcjB

hackerfantastic: Apple's Secure Boot private key did NOT leak, it is just a certificate and firmware dump from an iPhone 11 Max (A13). It includes a dump of "iBoot-6723.60.60.0.2-iOS-14.3b2" / "AppleSMCFirmware-2317.60.63.0.1.d43" and "AppleStorageProcessorANS2-1161.60.1.122.1~1.dump" https://t.co/FVHgSqyTmx

Cyb3rWard0g: @subTee Thank you Casey 🍻 I enjoyed it! https://t.co/niIB9O6iCV

VK_Intel: #LightBot cmd ➡️Git✅ 1⃣Enumerate MAC address of the victim 2⃣Caller request 3⃣Reconnaissance net/DC list/trust request ``` nltest.exe /DCLIST:$domain nltest.exe /domain_trusts ``` 4⃣Software installed enum request 5⃣Persistence via 'Task Scheduler' and “marshaling" Stay safe! https://t.co/Qlzy6wKXAw

DrunkBinary: @ChekistMonitor Naryshkin probably used that gemstone to beat to death a HUMINT source that failed him... https://t.co/xLrREBBLem

DrunkBinary: @ydklijnsma @Andrew___Morris "No shit there I was in the data center, I tripped and hit the halon button..."

DrunkBinary: @KorbenD_Intel @jfslowik Except New Zealand, the Aussies gave them the wrong address for the showdown.

DrunkBinary: @cnoanalysis @colemankane Azure right now... https://t.co/6QkubifSr7

Arkbird_SOLG: @malwrhunterteam Seems specifically focus UK and US people since the last two months. https://t.co/099djzH54q

Arkbird_SOLG: cc: @VK_Intel @malwrhunterteam @MeltX0R @ItsReallyNick @_re_fox @DeadlyLynn @James_inthe_box @0xtornado @malz_intel @cyb3rops @faisalusuf @58_158_177_102 @JAMESWT_MHT @cyb3rops @jeromesegura

Arkbird_SOLG: Yara : https://t.co/dP9AqJ2wfT Samples: https://t.co/vZAmsYhury Analysis: https://t.co/AcDDkQWtm5

Arkbird_SOLG: An interesting detail that the group reuse the same certificate for sign the ransomware (and still trusted) and can be use for Yara. This rest experimental but that better than nothing. https://t.co/lpwr9Nerbi

Arkbird_SOLG: As observed in early November 2020, #Ragnarlocker use VMProtect for theirs operations, the problem rest that the code virtualization is random so the code in the section too. https://t.co/GCGn4fivOw

KorbenD_Intel: @jfslowik @DrunkBinary If you look really close, you can see the other FVEY bro's over the fence in the woods.

KorbenD_Intel: @Arkbird_SOLG b23a50c11c918a0a18b0b34432e6699f / p[.]samkdd[.]com https[:]//malshare[.]com/sample.php?action=detail&hash=b23a50c11c918a0a18b0b34432e6699f

KorbenD_Intel: updated http[:]//sparepartiran[.]com/js/2Q/ https://t.co/TCYth43Ekh

KorbenD_Intel: bb98eea4d08d49da0117bd2ccc8624b1 VBA 9/62 VT scan detections --> MSHTA d3727mhevtk2n4[.]cloudfront[.]net https://t.co/Mi0JTIGxzC

ItsReallyNick: @olihough86 @GossiTheDog There def seem to be a disproportionate amount of abusable open redirects in their web services... https://t.co/OtesII3qtt

ItsReallyNick: I’ve been calling it “extortion” for the last 3 years. IMO it’s an important distinction: these disruptive criminals don’t need to use malware to encrypt files, they just want to pressure victims to maximize payment. Deploying ransomware is often the simpler monetization option. https://t.co/MSfrjzaYaB

cyberwar_15: https://t.co/RjvS4wcDPJ

cyberwar_15: #북한 #NorthKorea #APT #국세청 #Firebase hometaxcenter.web[.]app https://t.co/dLpQGCAHXo

cyberwar_15: https://t.co/37TM94idzq

cyberwar_15: https://t.co/ZpSpB0G9nV

cyberwar_15: #북한 #NorthKorea #Thallium #Kimsuky #Konni Special Report https://t.co/DNkuFcNQ3H https://t.co/4xCRfC5MXl

Manu_De_Lucia: unusual silence today.... I don't read about malware campaigns against #Italy I'm afraid it was my turn to tweet about #lokibot, #agenttesla ... 🙂LokiBot fb3def33f3caf6589422e46c27382c94 > exe 43d6527a819fd60a3e715935f90487fe cnc: x2z6c\.xyz @FBussoletti @JAMESWT_MHT

DeadlyLynn: @BaoshengbinCumt RTF MD5:e24e51ec170b2341ef90321640fef797

58_158_177_102: @00001B1A ログ確認と、そのあと、2018年のパッチがあたっていなかった理由の特定と、パッチ適用プロセスの見直しもしてほしい。

58_158_177_102: 国内企業の国外拠点で使われているものでは?と推定されるケースも観測しています。国内だけでなく海外の拠点でも、パッチを適用できているか、不審なログインはないか点検を!! https://t.co/92TUMoSZWf

issuemakerslab: North Korea's RGB-D5 launched a spear-phishing attack on a North Korean defector YouTuber who broadcasts on the subject of North Korea. https://t.co/EX4W65sm3q

IntezerLabs: We have a 🆓 Community Edition. Protect up to 10 assets in runtime against unauthorized code ☁️🛡️https://t.co/9qeY2twBKC

IntezerLabs: 🔥🔥 https://t.co/f9vDhFFmAU

IntezerLabs: 🆕 #Stantinko proxy Trojan identified. The first reported #Linux sample from this group since 2017 is likely part of a broader campaign. Technical analysis by @AbbyMCH https://t.co/x3bp4X0ifL https://t.co/fyZK7iY7Mt

aboutsecurity: Enjoying @MicahZenko: “#RedTeam, How to Succeed by Thinking like The Enemy” Lesson 1: If you can write a how-to manual on it (or a script), it’s not true “red teaming”. Same goes for #ThreatHunting. Both processes must *not* become predictable to be effective #ThinkRedActBlue https://t.co/stP7VC5ls4

aboutsecurity: Talking about #ThreatModeling BloodHound 4.0: The Azure Update | by ⁦@_wald0⁩ “...you can also find attack paths that start in on-prem AD, go up into Azure, and then go back down into on-prem AD to get access to your objective” #redteam #blueteam https://t.co/9Dtxr1SReH

aboutsecurity: @RiaMariaDotCom Thank you Maria! It was great having you in class. Enjoy preparing for the #GDSA and congratulations on winning the #bladerunner #DTF 👏🏼👏🏼

aboutsecurity: Great initiative! https://t.co/alL4hlTwgx

kyleehmke: Possible APT34 / OilRig / Helix Kitten domain careers-ntiva[.]com was registered through THCservers on 11/25 using ivacareer@yandex[.]com and is hosted on a dedicated server at 108.62.118[.]233. In @ThreatConnect: https://t.co/sDoAwwXiYW https://t.co/4UG5Rl8WiZ

kyleehmke: @TechieDaveM Thanks, Dave! Glad to hear the information has been useful!

kyleehmke: Per @censysio, an SSL certificate with subject strings matching previous Ryuk certs was created on 11/24 for the artappartberlin[.]com domain. Additionally, the 209.141.49[.]12 IP also hosts growtancy[.]com which was identified as part of the below set: https://t.co/IDNTDF53Jn https://t.co/L65dseSia6

kyleehmke: Set of at least three most likely Ryuk / Wizard Spider / UNC1878 domains registered on 11/14/20 at essentially the same time: artappartberlin[.]com (209.141.50[.]43) tukunavi[.]com (209.141.49[.]12) vloerplan[.]com (23.108.57[.]108) In @ThreatConnect: https://t.co/XgfcrQzRuH

kyleehmke: Suspicious domain timeframesync[.]com was registered through Njalla on 11/22 and is hosted on a probable dedicated server at 107.191.47[.]9. https://t.co/JdYFtH6g5M

DissectMalware: @campuscodi The same genius that placed the sleep button above thr delete key in old MacBooks. I bet they got a new job...

Hexacorn: Updated appid_calc.pl & https://t.co/ac5NrCgJZ1 kudos to Stuart and @bmmaloney97 https://t.co/Y9KTQirRyU #DFIR

Hexacorn: @SwiftOnSecurity com* *bad keming version

Hexacorn: @thestealthtaco @jerod @Securityblog https://t.co/KOihCtlYNw

Hexacorn: @olafhartong @domchell @MDSecLabs yup; in older version of Office you would have a reg value pointing to vbe7.dll; you could swap it with your own; MS Installer repair was triggering when I was playing with it, maybe because my DLL was unsigned, or some other reason; didn't explore further at that time

Hexacorn: @olafhartong @domchell @MDSecLabs I hypothesized in the past that you could replace vbe7.dll with your own DLL; this is on my TODO list to complete as last time I tried was a few years ago & at that time got MSI involved trying to repair Office maybe someone has interest & spare cycles...

JCyberSec_: Interesting 🤔 The same threat actors used the same host for exfiltration back in 201105 during their first campaign of this type. -- TTP OVERLAP 🔎 This is not the first malicious cred phishing campaign this threat actor group has run ☠️ https://t.co/pmY6JnixC2

JCyberSec_: @ffforward Interesting. The same threat actors used the same host for exfiltration back in 201105 during their first campaign of this type. This is not the first malicious cred phishing campaign this threat actor group has run

nullcookies: @shad0wbits Wise.

nullcookies: @ojacobs2014 Kicked me in the liver and notched my shins.

nullcookies: It’s one of those days where I wish I could still fight Muay Thai.

nullcookies: Anyone targeting healthcare systems during a global pandemic—especially ones with at capacity ICUs—deserves the absolute worst life can offer. Forever.

campuscodi: PT Security report links an attack with the Polar ransomware on a Russian media company to Chinese nation-state group APT27 — with the caveat that "some of the team's researchers are skeptical about attribution of the attacks to APT27" https://t.co/INQ9dulzqG

campuscodi: In its latest quarterly report, CERT-NZ reports a sharp increase in cyber-security incidents this year https://t.co/yGxtaTQThK https://t.co/LYdzA0UABZ

SBousseaden: detection traces added for UAC bypass via hijacking CDSSync scheduled task https://t.co/KYz63z61wc https://t.co/J5baBVOzb0 https://t.co/odHFn7lEbR

SBousseaden: example of execution traces (Sysmon 7, 13) for this recent Print Spooler (Again) Privilege Escalation added to the EVTX repo: DataSet: https://t.co/DQgXSrmvNu Detection: https://t.co/fqNqzvPxJ1 https://t.co/zlbECwm1Pe https://t.co/atK8DVx6d7

SBousseaden: @kareemalhourani yes, except for the deprecated scheduled jobs via AT.exe

SBousseaden: @_xpn_ as always great stuff!

424f424f: @SayaniBh @ohmyzsh JunkFood. I like the time/date format for screenshots. https://t.co/h5zwafrfix

424f424f: @HackingLZ Yes. Even that chart is trending upwards too. Which, is a good sign 📈

lazyactivist192: @hacks4pancakes @TrashPandaFTW That's a show? I just thought it was some company joke I was out of the loop on.

lazyactivist192: Man, I guess you can't have Thanksgiving, without having a turkey fire. In other news, I think one of my neighbors is not having a good time right now.

lazyactivist192: @Ruth_HHopkins I'm so sorry. My sincerest condolences to you and your family :(

FewAtoms: @KodaES @JAMESWT_MHT Don't go there, it's a honeypot

reecdeep: 😈#Gozi #ISFB #Malware #italy 🇮🇹 ⚙️https://t.co/mR0QQJMcv2 1⃣hxxp://89.44.9.160/gr32.rar (/gr64.rar) 🔥 46.21.[153.238 89.45.[4.118 94.198[.40.26 myfoodland[.org stratosferi[.net massonianz[.com volerunoku.[club folerunoku.[club gerometony.[club #infosec #CyberSecurity https://t.co/NgDUW26RT3

reecdeep: 😈#Gozi #ISFB #Malware targets #italy 🇮🇹using fake BRT mail ⚙️https://t.co/O0Bls8KCrs ➡️compagniamaestro.]com 🔥c2: hxxp://marzoom.org @AgidCert @guelfoweb @merlos1977 @Bl4ng3l @VirITeXplorer @Dr_N0b0dyh @fumik0_ @FBussoletti @sugimu_sec @58_158_177_102 #infosec #CyberSecurity https://t.co/zJVK8P247P

reecdeep: 😈#Malware #AgentTesla targeting #italy 🇮🇹using CDP template "Attenzione urgente: avviso" ⚙️https://t.co/FQZRqtXiy9 🔥mail.[qnm[.sg (cherry[@]qnm.]sg ➡️ mylogs456[@[gmail[.com) @guelfoweb @AgidCert @Bl4ng3l @VirITeXplorer @Dr_N0b0dyh @Bank_Security #infosec #cybersecurity https://t.co/E6e8Eppk0M

luc4m: 🤣🤣 https://t.co/h0G1pCAppc

3xp0rtblog: @James_inthe_box @JAMESWT_MHT @malwrhunterteam @0x7fff9 @Arkbird_SOLG @luc4m @struppigel @ViriBack @ItsReallyNick @hexlax @fr0s7_ @pmelson @siri_urz @shotgunner101 @executemalware @FewAtoms @ochsenmeier @Xylit0l @Jan0fficial @Cyber_Bolo @JRoosen

3xp0rtblog: Earlier similar stealer with the same name was found by @ViriBack https://t.co/AGnkyLMnHc. But it's Echelon fork which hasn't posted on any criminal forum.

3xp0rtblog: https://t.co/3gFU7SCffw

3xp0rtblog: Name of the product: Xenon Stealer Price: 80$ - lifetime; 150$ - lifetime, with crypt. Programming language: C# Panel: in telegram Posted on: lolz[.]guru/threads/1911790 bhf[.]im/threads/611765 Telegram: aspersoft Not translated posts attached. https://t.co/fCZRg9tRUj

----Vulners.com High Sev. Last 3 Days----

CVSS: 7.5 Ubuntu 20.10 : Thunderbird vulnerabilities (USN-4647-1)

CVSS: 6.8 Ubuntu 16.04 LTS / 18.04 LTS : poppler vulnerabilities (USN-4646-1)

CVSS: 7.5 WebKitGTK vulnerabilities

CVSS: 6.5 FreeRDP vulnerabilities

CVSS: 9.3 Critical MobileIron RCE Flaw Under Active Attack

CVSS: 6.8 phpMyAdmin 4.7.x < 4.7.7 XSRF (PMASA-2017-9)

CVSS: 6.8 Debian DSA-4797-1 : webkit2gtk - security update

CVSS: 6.8 poppler vulnerabilities

CVSS: 10.0 VMware ESXi SLP Use-After-Free Privilege Escalation Vulnerability

CVSS: 7.5 Fedora 32 : libexif (2020-0aa0fc1b0c)

CVSS: 8.5 EulerOS 2.0 SP8 : librepo (EulerOS-SA-2020-2480)

CVSS: 7.5 Thunderbird vulnerabilities

CVSS: 9.0 OpenMediaVault rpc.php Authenticated PHP Code Injection

CVSS: 7.8 (RHSA-2020:5179) Low: Red Hat Virtualization security, bug fix, and enhancement update

CVSS: 7.2 (RHSA-2020:5118) Moderate: OpenShift Container Platform 4.5.20 bug fix and golang security update

CVSS: 6.8 (RHSA-2020:5206) Moderate: kernel security and bug fix update

CVSS: 7.2 (RHSA-2020:5201) Important: net-snmp security and bug fix update

CVSS: 7.2 (RHSA-2020:5199) Important: kernel security update

CVSS: 6.8 Fedora 32 : chromium (2020-3e005ce2e0)

CVSS: 7.5 SaltStack Salt rest_cherrypy tgt Command Injection Remote Code Execution Vulnerability

CVSS: 10.0 Cisco IoT Field Network Director Unauthenticated REST API (cisco-sa-FND-BCK-GHkPNZ5F)

CVSS: 7.2 RHEL 8 : kernel (RHSA-2020:5199)

CVSS: 10.0 EulerOS 2.0 SP2 : mercurial (EulerOS-SA-2020-2367)

CVSS: 7.2 Scientific Linux Security Update : net-snmp on SL6.x i686/x86_64 (2020:5129)

CVSS: 6.8 RHEL 7 : kernel (RHSA-2020:5206)

CVSS: 6.8 RHEL 8 : Red Hat Virtualization (RHSA-2020:5179)

CVSS: 6.8 Ubuntu 16.04 LTS : libextractor vulnerabilities (USN-4641-1)

CVSS: 7.5 Ubuntu 16.04 LTS : atftp vulnerabilities (USN-4643-1)

CVSS: 7.2 RHEL 8 : net-snmp (RHSA-2020:5201)

CVSS: 6.8 Ubuntu 16.04 LTS : PDFResurrect vulnerability (USN-4642-1)

CVSS: 7.5 SaltStack Salt rest_cherrypy ssh_options Command Injection Remote Code Execution Vulnerability

CVSS: 7.8 openSUSE Security Update : rmt-server (openSUSE-2020-2000)

CVSS: 6.8 Photon OS 3.0: Postgresql PHSA-2020-3.0-0164

CVSS: 7.5 atftp vulnerabilities

CVSS: 6.8 PDFResurrect vulnerability

CVSS: 7.2 Cisco SD-WAN Software Privilege Escalation (cisco-sa-vepeshlg-tJghOQcA)

CVSS: 7.5 Cisco IoT Field Network Director SOAP API Authorization Bypass Vulnerability (cisco-sa-FND-AUTH-vEypBmmR)

CVSS: 7.2 VMware Fusion 11.x < 11.5.7 Use-after-free (VMSA-2020-0026)

CVSS: 8.5 Photon OS 3.0: Librepo PHSA-2020-3.0-0164

CVSS: 7.5 SaltStack Salt rest_cherrypy ssh_port Command Injection Remote Code Execution Vulnerability

CVSS: 6.8 Oracle Linux 6 : thunderbird (ELSA-2020-4158)

CVSS: 7.2 ESXi 6.5 / 6.7 / 7.0 Multiple Vulnerabilities (VMSA-2020-0026)

CVSS: 7.2 VMware Workstation 15.x < 15.5.7 Use-after-free (VMSA-2020-0026)

CVSS: 6.8 Cisco SD-WAN vManage Software XXE (cisco-sa-vmanx3-vrZbOqqD)

CVSS: 7.5 SaltStack Salt rest_cherrypy ssh_priv Command Injection Remote Code Execution Vulnerability

CVSS: 7.5 SaltStack Salt rest_cherrypy ssh_remote_port_forwards Command Injection Remote Code Execution Vulnerability

CVSS: 10.0 ZeroShell 3.9.0 Remote Command Execution

----NVD Last 3 Days----

CVE#: CVE-2015-9550 Published Date: 2020-11-24 CVSS: NO CVSS Description: An issue was discovered on TOTOLINK A850R-V1 through 1.0.1-B20150707.1612 and F1-V2 through 1.1-B20150708.1646 devices. By sending a specific hel,xasf packet to the WAN interface, it is possible to open the web management interface on the WAN interface.

CVE#: CVE-2015-9551 Published Date: 2020-11-24 CVSS: NO CVSS Description: An issue was discovered on TOTOLINK A850R-V1 through 1.0.1-B20150707.1612 and F1-V2 through 1.1-B20150708.1646 devices. There is Remote Code Execution in the management interface via the formSysCmd sysCmd parameter.

CVE#: CVE-2019-20925 Published Date: 2020-11-24 CVSS: NO CVSS Description: An unauthenticated client can trigger denial of service by issuing specially crafted wire protocol messages, which cause the message decompressor to incorrectly allocate memory. This issue affects: MongoDB Inc. MongoDB Server v4.2 versions prior to 4.2.1; v4.0 versions prior to 4.0.13; v3.6 versions prior to 3.6.15; v3.4 versions prior to 3.4.24.

CVE#: CVE-2020-10762 Published Date: 2020-11-24 CVSS: NO CVSS Description: An information-disclosure flaw was found in the way that gluster-block before 0.5.1 logs the output from gluster-block CLI operations. This includes recording passwords to the cmd_history.log file which is world-readable. This flaw allows local users to obtain sensitive information by reading the log file. The highest threat from this vulnerability is to data confidentiality.

CVE#: CVE-2020-10763 Published Date: 2020-11-24 CVSS: NO CVSS Description: An information-disclosure flaw was found in the way Heketi before 10.1.0 logs sensitive information. This flaw allows an attacker with local access to the Heketi server to read potentially sensitive information such as gluster-block passwords.

CVE#: CVE-2020-12262 Published Date: 2020-11-27 CVSS: NO CVSS Description: Intelbras TIP200 60.61.75.15, TIP200LITE 60.61.75.15, and TIP300 65.61.75.15 devices allow /cgi-bin/cgiServer.exx?page= XSS.

CVE#: CVE-2020-13620 Published Date: 2020-11-24 CVSS: NO CVSS Description: Fastweb FASTGate GPON FGA2130FWB devices through 2020-05-26 allow CSRF via the router administration web panel, leading to an attacker's ability to perform administrative actions such as modifying the configuration.

CVE#: CVE-2020-13886 Published Date: 2020-11-26 CVSS: NO CVSS Description: Intelbras TIP 200 60.61.75.15, TIP 200 LITE 60.61.75.15, and TIP 300 65.61.75.22 devices allow cgi-bin/cgiServer.exx?page=../ Directory Traversal.

CVE#: CVE-2020-13942 Published Date: 2020-11-24 CVSS: NO CVSS Description: It is possible to inject malicious OGNL or MVEL scripts into the /context.json public endpoint. This was partially fixed in 1.5.1 but a new attack vector was found. In Apache Unomi version 1.5.2 scripts are now completely filtered from the input. It is highly recommended to upgrade to the latest available version of the 1.5.x release to fix this problem.

CVE#: CVE-2020-14190 Published Date: 2020-11-25 CVSS: NO CVSS Description: Affected versions of Atlassian Fisheye/Crucible allow remote attackers to achieve Regex Denial of Service via user-supplied regex in EyeQL. The affected versions are before version 4.8.4.

CVE#: CVE-2020-14191 Published Date: 2020-11-25 CVSS: NO CVSS Description: Affected versions of Atlassian Fisheye/Crucible allow remote attackers to impact the application's availability via a Denial of Service (DoS) vulnerability in the MessageBundleResource within Atlassian Gadgets. The affected versions are before version 4.8.4.

CVE#: CVE-2020-15928 Published Date: 2020-11-24 CVSS: NO CVSS Description: In Ortus TestBox 2.4.0 through 4.1.0, unvalidated query string parameters to test-browser/index.cfm allow directory traversal.

CVE#: CVE-2020-15929 Published Date: 2020-11-24 CVSS: NO CVSS Description: In Ortus TestBox 2.4.0 through 4.1.0, unvalidated query string parameters passed to system/runners/HTMLRunner.cfm allow an attacker to write an arbitrary CFM file (within the application's context) containing attacker-defined CFML tags, leading to Remote Code Execution.

CVE#: CVE-2020-24815 Published Date: 2020-11-24 CVSS: NO CVSS Description: A Server-Side Request Forgery (SSRF) affecting the PDF generation in MicroStrategy 10.4, 2019 before Update 6, and 2020 before Update 2 allows authenticated users to access the content of internal network resources or leak files from the local system via HTML containers embedded in a dossier/dashboard document. NOTE: 10.4., no fix will be released as version will reach end-of-life on 31/12/2020.

CVE#: CVE-2020-25159 Published Date: 2020-11-24 CVSS: NO CVSS Description: 499ES EtherNet/IP (ENIP) Adaptor Source Code is vulnerable to a stack-based buffer overflow, which may allow an attacker to send a specially crafted packet that may result in a denial-of-service condition or code execution.

CVE#: CVE-2020-25472 Published Date: 2020-11-24 CVSS: NO CVSS Description: SimplePHPscripts News Script PHP Pro 2.3 is affected by a Cross Site Request Forgery (CSRF) vulnerability, which allows attackers to add new users.

CVE#: CVE-2020-25473 Published Date: 2020-11-24 CVSS: NO CVSS Description: SimplePHPscripts News Script PHP Pro 2.3 does not properly set the HttpOnly Flag from Session Cookies.

CVE#: CVE-2020-25474 Published Date: 2020-11-24 CVSS: NO CVSS Description: SimplePHPscripts News Script PHP Pro 2.3 is affected by a Cross Site Scripting (XSS) vulnerability via the editor_name parameter.

CVE#: CVE-2020-25475 Published Date: 2020-11-24 CVSS: NO CVSS Description: SimplePHPscripts News Script PHP Pro 2.3 is affected by a SQL Injection via the id parameter in an editNews action.

CVE#: CVE-2020-25640 Published Date: 2020-11-24 CVSS: NO CVSS Description: A flaw was discovered in WildFly before 21.0.0.Final where, Resource adapter logs plain text JMS password at warning level on connection error, inserting sensitive information in the log file.

CVE#: CVE-2020-25650 Published Date: 2020-11-25 CVSS: NO CVSS Description: A flaw was found in the way the spice-vdagentd daemon handled file transfers from the host system to the virtual machine. Any unprivileged local guest user with access to the UNIX domain socket path `/run/spice-vdagentd/spice-vdagent-sock` could use this flaw to perform a memory denial of service for spice-vdagentd or even other processes in the VM system. The highest threat from this vulnerability is to system availability. This flaw affects spice-vdagent versions 0.20 and previous versions.

CVE#: CVE-2020-25651 Published Date: 2020-11-26 CVSS: NO CVSS Description: A flaw was found in the SPICE file transfer protocol. File data from the host system can end up in full or in parts in the client connection of an illegitimate local user in the VM system. Active file transfers from other users could also be interrupted, resulting in a denial of service. The highest threat from this vulnerability is to data confidentiality as well as system availability. This flaw affects spice-vdagent versions 0.20 and prior.

CVE#: CVE-2020-25652 Published Date: 2020-11-26 CVSS: NO CVSS Description: A flaw was found in the spice-vdagentd daemon, where it did not properly handle client connections that can be established via the UNIX domain socket in `/run/spice-vdagentd/spice-vdagent-sock`. Any unprivileged local guest user could use this flaw to prevent legitimate agents from connecting to the spice-vdagentd daemon, resulting in a denial of service. The highest threat from this vulnerability is to system availability. This flaw affects spice-vdagent versions 0.20 and prior.

CVE#: CVE-2020-25653 Published Date: 2020-11-26 CVSS: NO CVSS Description: A race condition vulnerability was found in the way the spice-vdagentd daemon handled new client connections. This flaw may allow an unprivileged local guest user to become the active agent for spice-vdagentd, possibly resulting in a denial of service or information leakage from the host. The highest threat from this vulnerability is to data confidentiality as well as system availability. This flaw affects spice-vdagent versions 0.20 and prior.

CVE#: CVE-2020-25654 Published Date: 2020-11-24 CVSS: NO CVSS Description: An ACL bypass flaw was found in pacemaker before 1.1.24-rc1 and 2.0.5-rc2. An attacker having a local account on the cluster and in the haclient group could use IPC communication with various daemons directly to perform certain tasks that they would be prevented by ACLs from doing if they went through the configuration.

CVE#: CVE-2020-26212 Published Date: 2020-11-25 CVSS: NO CVSS Description: GLPI stands for Gestionnaire Libre de Parc Informatique and it is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI before version 9.5.3, any authenticated user has read-only permissions to the planning of every other user, even admin ones. Steps to reproduce the behavior: 1. Create a new planning with 'eduardo.mozart' user (from 'IT' group that belongs to 'Super-admin') into it's personal planning at 'Assistance' > 'Planning'. 2. Copy the CalDAV url and use a CalDAV client (e.g. Thunderbird) to sync the planning with the provided URL. 3. Inform the username and password from any valid user (e.g. 'camila' from 'Proativa' group). 4. 'Camila' has read-only access to 'eduardo.mozart' personal planning. The same behavior happens to any group. E.g. 'Camila' has access to 'IT' group planning, even if she doesn't belong to this group and has a 'Self-service' profile permission). This issue is fixed in version 9.5.3. As a workaround, one can remove the `caldav.php` file to block access to CalDAV server.

CVE#: CVE-2020-26232 Published Date: 2020-11-24 CVSS: NO CVSS Description: Jupyter Server before version 1.0.6 has an Open redirect vulnerability. A maliciously crafted link to a jupyter server could redirect the browser to a different website. All jupyter servers are technically affected, however, these maliciously crafted links can only be reasonably made for known jupyter server hosts. A link to your jupyter server may appear safe, but ultimately redirect to a spoofed server on the public internet.

CVE#: CVE-2020-26235 Published Date: 2020-11-24 CVSS: NO CVSS Description: In Rust time crate from version 0.2.7 and before version 0.2.23, unix-like operating systems may segfault due to dereferencing a dangling pointer in specific circumstances. This requires the user to set any environment variable in a different thread than the affected functions. The affected functions are time::UtcOffset::local_offset_at, time::UtcOffset::try_local_offset_at, time::UtcOffset::current_local_offset, time::UtcOffset::try_current_local_offset, time::OffsetDateTime::now_local and time::OffsetDateTime::try_now_local. Non-Unix targets are unaffected. This includes Windows and wasm. The issue was introduced in version 0.2.7 and fixed in version 0.2.23.

CVE#: CVE-2020-26237 Published Date: 2020-11-24 CVSS: NO CVSS Description: Highlight.js is a syntax highlighter written in JavaScript. Highlight.js versions before 9.18.2 and 10.1.2 are vulnerable to Prototype Pollution. A malicious HTML code block can be crafted that will result in prototype pollution of the base object's prototype during highlighting. If you allow users to insert custom HTML code blocks into your page/app via parsing Markdown code blocks (or similar) and do not filter the language names the user can provide you may be vulnerable. The pollution should just be harmless data but this can cause problems for applications not expecting these properties to exist and can result in strange behavior or application crashes, i.e. a potential DOS vector. If your website or application does not render user provided data it should be unaffected. Versions 9.18.2 and 10.1.2 and newer include fixes for this vulnerability. If you are using version 7 or 8 you are encouraged to upgrade to a newer release.

CVE#: CVE-2020-26238 Published Date: 2020-11-25 CVSS: NO CVSS Description: Cron-utils is a Java library to parse, validate, migrate crons as well as get human readable descriptions for them. In cron-utils before version 9.1.3, a template Injection vulnerability is present. This enables attackers to inject arbitrary Java EL expressions, leading to unauthenticated Remote Code Execution (RCE) vulnerability. Only projects using the @Cron annotation to validate untrusted Cron expressions are affected. This issue was patched in version 9.1.3.

CVE#: CVE-2020-26240 Published Date: 2020-11-25 CVSS: NO CVSS Description: Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. An ethash mining DAG generation flaw in Geth before version 1.9.24 could cause miners to erroneously calculate PoW in an upcoming epoch (estimated early January, 2021). This happened on the ETC chain on 2020-11-06. This issue is relevant only for miners, non-mining nodes are unaffected. This issue is fixed as of 1.9.24

CVE#: CVE-2020-26241 Published Date: 2020-11-25 CVSS: NO CVSS Description: Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. This is a Consensus vulnerability in Geth before version 1.9.17 which can be used to cause a chain-split where vulnerable nodes reject the canonical chain. Geth's pre-compiled dataCopy (at 0x00...04) contract did a shallow copy on invocation. An attacker could deploy a contract that writes X to an EVM memory region R, then calls 0x00..04 with R as an argument, then overwrites R to Y, and finally invokes the RETURNDATACOPY opcode. When this contract is invoked, a consensus-compliant node would push X on the EVM stack, whereas Geth would push Y. This is fixed in version 1.9.17.

CVE#: CVE-2020-26242 Published Date: 2020-11-25 CVSS: NO CVSS Description: Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. In Geth before version 1.9.18, there is a Denial-of-service (crash) during block processing. This is fixed in 1.9.18.

CVE#: CVE-2020-26243 Published Date: 2020-11-25 CVSS: NO CVSS Description: Nanopb is a small code-size Protocol Buffers implementation. In Nanopb before versions 0.4.4 and 0.3.9.7, decoding specifically formed message can leak memory if dynamic allocation is enabled and an oneof field contains a static submessage that contains a dynamic field, and the message being decoded contains the submessage multiple times. This is rare in normal messages, but it is a concern when untrusted data is parsed. This is fixed in versions 0.3.9.7 and 0.4.4. The following workarounds are available: 1) Set the option `no_unions` for the oneof field. This will generate fields as separate instead of C union, and avoids triggering the problematic code. 2) Set the type of the submessage field inside oneof to `FT_POINTER`. This way the whole submessage will be dynamically allocated and the problematic code is not executed. 3) Use an arena allocator for nanopb, to make sure all memory can be released afterwards.

CVE#: CVE-2020-26890 Published Date: 2020-11-24 CVSS: NO CVSS Description: Matrix Synapse before 1.20.0 erroneously permits non-standard NaN, Infinity, and -Infinity JSON values in fields of m.room.member events, allowing remote attackers to execute a denial of service attack against the federation and common Matrix clients. If such a malformed event is accepted into the room's state, the impact is long-lasting and is not fixed by an upgrade to a newer version, requiring the event to be manually redacted instead. Since events are replicated to servers of other room members, the impact is not constrained to the server of the event sender.

CVE#: CVE-2020-26936 Published Date: 2020-11-26 CVSS: NO CVSS Description: Cloudera Data Engineering (CDE) before 1.1 was vulnerable to a CSRF attack.

CVE#: CVE-2020-27207 Published Date: 2020-11-26 CVSS: NO CVSS Description: Zetetic SQLCipher 4.x before 4.4.1 has a use-after-free, related to sqlcipher_codec_pragma and sqlite3Strlen30 in sqlite3.c. A remote denial of service attack can be performed. For example, a SQL injection can be used to execute the crafted SQL command sequence. After that, some unexpected RAM data is read.

CVE#: CVE-2020-27251 Published Date: 2020-11-26 CVSS: NO CVSS Description: A heap overflow vulnerability exists within FactoryTalk Linx Version 6.11 and prior. This vulnerability could allow a remote, unauthenticated attacker to send malicious port ranges, which could result in remote code execution.

CVE#: CVE-2020-27253 Published Date: 2020-11-26 CVSS: NO CVSS Description: A flaw exists in the Ingress/Egress checks routine of FactoryTalk Linx Version 6.11 and prior. This vulnerability could allow a remote, unauthenticated attacker to specifically craft a malicious packet resulting in a denial-of-service condition on the device.

CVE#: CVE-2020-27255 Published Date: 2020-11-26 CVSS: NO CVSS Description: A heap overflow vulnerability exists within FactoryTalk Linx Version 6.11 and prior. This vulnerability could allow a remote, unauthenticated attacker to send malicious set attribute requests, which could result in the leaking of sensitive information. This information disclosure could lead to the bypass of address space layout randomization (ASLR).

CVE#: CVE-2020-27662 Published Date: 2020-11-26 CVSS: NO CVSS Description: In GLPI before 9.5.3, ajax/comments.php has an Insecure Direct Object Reference (IDOR) vulnerability that allows an attacker to read data from any database table (e.g., glpi_tickets, glpi_users, etc.).

CVE#: CVE-2020-27663 Published Date: 2020-11-26 CVSS: NO CVSS Description: In GLPI before 9.5.3, ajax/getDropdownValue.php has an Insecure Direct Object Reference (IDOR) vulnerability that allows an attacker to read data from any itemType (e.g., Ticket, Users, etc.).

CVE#: CVE-2020-28329 Published Date: 2020-11-24 CVSS: NO CVSS Description: Barco wePresent WiPG-1600W firmware includes a hardcoded API account and password that is discoverable by inspecting the firmware image. A malicious actor could use this password to access authenticated, administrative functions in the API. Affected Version(s): 2.5.1.8, 2.5.0.25, 2.5.0.24, 2.4.1.19.

CVE#: CVE-2020-28330 Published Date: 2020-11-24 CVSS: NO CVSS Description: Barco wePresent WiPG-1600W devices have Unprotected Transport of Credentials. Affected Version(s): 2.5.1.8. An attacker armed with hardcoded API credentials (retrieved by exploiting CVE-2020-28329) can issue an authenticated query to display the admin password for the main web user interface listening on port 443/tcp of a Barco wePresent WiPG-1600W device.

CVE#: CVE-2020-28331 Published Date: 2020-11-24 CVSS: NO CVSS Description: Barco wePresent WiPG-1600W devices have Improper Access Control. Affected Version(s): 2.5.1.8. The Barco wePresent WiPG-1600W device has an SSH daemon included in the firmware image. By default, the SSH daemon is disabled and does not start at system boot. The system initialization scripts read a device configuration file variable to see if the SSH daemon should be started. The web interface does not provide a visible capability to alter this configuration file variable. However, a malicious actor can include this variable in a POST such that the SSH daemon will be started when the device boots.

CVE#: CVE-2020-28332 Published Date: 2020-11-24 CVSS: NO CVSS Description: Barco wePresent WiPG-1600W devices download code without an Integrity Check. Affected Version(s): 2.5.1.8, 2.5.0.25, 2.5.0.24, 2.4.1.19. The Barco wePresent WiPG-1600W firmware does not perform verification of digitally signed firmware updates and is susceptible to processing and installing modified/malicious images.

CVE#: CVE-2020-28333 Published Date: 2020-11-24 CVSS: NO CVSS Description: Barco wePresent WiPG-1600W devices allow Authentication Bypass. Affected Version(s): 2.5.1.8. The Barco wePresent WiPG-1600W web interface does not use session cookies for tracking authenticated sessions. Instead, the web interface uses a "SEID" token that is appended to the end of URLs in GET requests. Thus the "SEID" would be exposed in web proxy logs and browser history. An attacker that is able to capture the "SEID" and originate requests from the same IP address (via a NAT device or web proxy) would be able to access the user interface of the device without having to know the credentials.

CVE#: CVE-2020-28334 Published Date: 2020-11-24 CVSS: NO CVSS Description: Barco wePresent WiPG-1600W devices use Hard-coded Credentials (issue 2 of 2). Affected Version(s): 2.5.1.8, 2.5.0.25, 2.5.0.24, 2.4.1.19. The Barco wePresent WiPG-1600W device has a hardcoded root password hash included in the firmware image. Exploiting CVE-2020-28329, CVE-2020-28330 and CVE-2020-28331 could potentially be used in a simple and automated exploit chain to go from unauthenticated remote attacker to root shell.

CVE#: CVE-2020-28348 Published Date: 2020-11-24 CVSS: NO CVSS Description: HashiCorp Nomad and Nomad Enterprise 0.9.0 up to 0.12.7 client Docker file sandbox feature may be subverted when not explicitly disabled or when using a volume mount type. Fixed in 0.12.8, 0.11.7, and 0.10.8.

CVE#: CVE-2020-28726 Published Date: 2020-11-24 CVSS: NO CVSS Description: Open redirect in SeedDMS 6.0.13 via the dropfolderfileform1 parameter to out/out.AddDocument.php.

CVE#: CVE-2020-28928 Published Date: 2020-11-24 CVSS: NO CVSS Description: In musl libc through 1.2.1, wcsnrtombs mishandles particular combinations of destination buffer size and source character limit, as demonstrated by an invalid write access (buffer overflow).

CVE#: CVE-2020-28991 Published Date: 2020-11-24 CVSS: NO CVSS Description: Gitea 0.9.99 through 1.12.x before 1.12.6 does not prevent a git protocol path that specifies a TCP port number and also contains newlines (with URL encoding) in ParseRemoteAddr in modules/auth/repo_form.go.

CVE#: CVE-2020-28994 Published Date: 2020-11-24 CVSS: NO CVSS Description: A SQL injection vulnerability was discovered in Karenderia Multiple Restaurant System, affecting versions 5.4.2 and below. The vulnerability allows for an unauthenticated attacker to perform various tasks such as modifying and leaking all contents of the database.

CVE#: CVE-2020-29002 Published Date: 2020-11-24 CVSS: NO CVSS Description: includes/CologneBlueTemplate.php in the CologneBlue skin for MediaWiki through 1.35 allows XSS via a qbfind message supplied by an administrator.

CVE#: CVE-2020-29003 Published Date: 2020-11-24 CVSS: NO CVSS Description: The PollNY extension for MediaWiki through 1.35 allows XSS via an answer option for a poll question, entered during Special:CreatePoll or Special:UpdatePoll.

CVE#: CVE-2020-29006 Published Date: 2020-11-24 CVSS: NO CVSS Description: MISP before 2.4.135 lacks an ACL check, related to app/Controller/GalaxyElementsController.php and app/Model/GalaxyElement.php.

CVE#: CVE-2020-29040 Published Date: 2020-11-24 CVSS: NO CVSS Description: An issue was discovered in Xen through 4.14.x allowing x86 HVM guest OS users to cause a denial of service (stack corruption), cause a data leak, or possibly gain privileges because of an off-by-one error. NOTE: this issue is caused by an incorrect fix for CVE-2020-27671.

CVE#: CVE-2020-29042 Published Date: 2020-11-26 CVSS: NO CVSS Description: An issue was discovered in BigBlueButton through 2.2.29. A brute-force attack may occur because an unlimited number of codes can be entered for a meeting that is protected by an access code.

CVE#: CVE-2020-29043 Published Date: 2020-11-26 CVSS: NO CVSS Description: An issue was discovered in BigBlueButton through 2.2.29. When at attacker is able to view an account_activations/edit?token= URI, the attacker can create an approved user account associated with an email address that has an arbitrary domain name.

CVE#: CVE-2020-29053 Published Date: 2020-11-24 CVSS: NO CVSS Description: HRSALE 2.0.0 allows XSS via the admin/project/projects_calendar set_date parameter.

CVE#: CVE-2020-29054 Published Date: 2020-11-24 CVSS: NO CVSS Description: An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, and FD8000 devices. Attackers can use "show system infor" to discover cleartext TELNET credentials.

CVE#: CVE-2020-29055 Published Date: 2020-11-24 CVSS: NO CVSS Description: An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, and FD8000 devices. By default, the appliance can be managed remotely only with HTTP, telnet, and SNMP. It doesn't support SSL/TLS for HTTP or SSH. An attacker can intercept passwords sent in cleartext and conduct man-in-the-middle attacks on the management of the appliance.

CVE#: CVE-2020-29056 Published Date: 2020-11-24 CVSS: NO CVSS Description: An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, and FD8000 devices. One can escape from a shell and acquire root privileges by leveraging the TFTP download configuration.

CVE#: CVE-2020-29057 Published Date: 2020-11-24 CVSS: NO CVSS Description: An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, and FD8000 devices. It allows remote attackers to cause a denial of service (reboot) by sending random bytes to the telnet server on port 23, aka a "shawarma" attack.

CVE#: CVE-2020-29058 Published Date: 2020-11-24 CVSS: NO CVSS Description: An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, and FD8000 devices. Attackers can discover cleartext web-server credentials via certain /opt/lighttpd/web/cgi/ requests.

CVE#: CVE-2020-29059 Published Date: 2020-11-24 CVSS: NO CVSS Description: An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, and FD8000 devices. There is a default panger123 password for the suma123 account for certain old firmware.

CVE#: CVE-2020-29060 Published Date: 2020-11-24 CVSS: NO CVSS Description: An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, and FD8000 devices. There is a default debug124 password for the debug account.

CVE#: CVE-2020-29061 Published Date: 2020-11-24 CVSS: NO CVSS Description: An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, and FD8000 devices. There is a default root126 password for the root account.

CVE#: CVE-2020-29062 Published Date: 2020-11-24 CVSS: NO CVSS Description: An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, and FD8000 devices. There is a default blank password for the guest account.

CVE#: CVE-2020-29063 Published Date: 2020-11-24 CVSS: NO CVSS Description: An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, and FD8000 devices. A custom encryption algorithm is used to store encrypted passwords. This algorithm will XOR the password with the hardcoded *j7a(L#yZ98sSd5HfSgGjMj8;Ss;d)(*&^#@$a2s0i3g value.

CVE#: CVE-2020-29065 Published Date: 2020-11-26 CVSS: NO CVSS Description: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none.

CVE#: CVE-2020-29069 Published Date: 2020-11-25 CVSS: NO CVSS Description: _get_flag_ip_localdb in server/mhn/ui/utils.py in Modern Honey Network (MHN) through 2020-11-23 allows attackers to cause a denial-of-service via an IP address that is absent from a local geolocation database, because the code tries to uppercase a return value even if that value is not a string.

CVE#: CVE-2020-29070 Published Date: 2020-11-25 CVSS: NO CVSS Description: osCommerce 2.3.4.1 has XSS vulnerability via the authenticated user entering the XSS payload into the title section of newsletters.

CVE#: CVE-2020-29071 Published Date: 2020-11-25 CVSS: NO CVSS Description: An XSS issue was found in the Shares feature of LiquidFiles before 3.3.19. The issue arises from the insecure rendering of HTML files uploaded to the platform as attachments, when the -htmlview URL is directly accessed. The impact ranges from executing commands as root on the server to retrieving sensitive information about encrypted e-mails, depending on the permissions of the target user.

CVE#: CVE-2020-29072 Published Date: 2020-11-25 CVSS: NO CVSS Description: A Cross-Site Script Inclusion vulnerability was found on LiquidFiles before 3.3.19. This client-side attack requires user interaction (opening a link) and successful exploitation could lead to encrypted e-mail content leakage via messages/sent?format=js and popup?format=js.

CVE#: CVE-2020-29074 Published Date: 2020-11-25 CVSS: NO CVSS Description: scan.c in x11vnc 0.9.16 uses IPC_CREAT|0777 in shmget calls, which allows access by actors other than the current user.

CVE#: CVE-2020-29128 Published Date: 2020-11-26 CVSS: NO CVSS Description: petl before 1.68, in some configurations, allows resolution of entities in an XML document.

CVE#: CVE-2020-29129 Published Date: 2020-11-26 CVSS: NO CVSS Description: ncsi.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of header data even if that exceeds the total packet length.

CVE#: CVE-2020-29130 Published Date: 2020-11-26 CVSS: NO CVSS Description: slirp.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of header data even if that exceeds the total packet length.

CVE#: CVE-2020-29133 Published Date: 2020-11-27 CVSS: NO CVSS Description: jsp/upload.jsp in Coremail XT 5.0 allows XSS via an uploaded personal signature, as demonstrated by a .jpg.html filename in the signImgFile parameter.

CVE#: CVE-2020-29135 Published Date: 2020-11-27 CVSS: NO CVSS Description: cPanel before 90.0.17 has multiple instances of URL parameter injection (SEC-567).

CVE#: CVE-2020-29136 Published Date: 2020-11-27 CVSS: NO CVSS Description: In cPanel before 90.0.17, 2FA can be bypassed via a brute-force approach (SEC-575).

CVE#: CVE-2020-29137 Published Date: 2020-11-27 CVSS: NO CVSS Description: cPanel before 90.0.17 allows self-XSS via the WHM Transfer Tool interface (SEC-577).

CVE#: CVE-2020-29144 Published Date: 2020-11-27 CVSS: NO CVSS Description: In Ericsson BSCS iX R18 Billing & Rating iX R18, MX is a web base module in BSCS iX that is vulnerable to stored XSS via an Alert Dashboard comment. In most test cases, session hijacking was also possible by utilizing the XSS vulnerability. This potentially allows for full account takeover, or exploiting admins' browsers by using the beef framework.

CVE#: CVE-2020-29145 Published Date: 2020-11-27 CVSS: NO CVSS Description: In Ericsson BSCS iX R18 Billing & Rating iX R18, ADMX is a web base module in BSCS iX that is vulnerable to stored XSS via the name or description field to a solutionUnitServlet?SuName=UserReferenceDataSU Access Rights Group. In most test cases, session hijacking was also possible by utilizing the XSS vulnerability. This potentially allows for full account takeover, or exploiting admins' browsers by using the beef framework.

CVE#: CVE-2020-3984 Published Date: 2020-11-24 CVSS: NO CVSS Description: The SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3 and 3.4.x prior to 3.4.4 does not apply correct input validation which allows for SQL-injection. An authenticated SD-WAN Orchestrator user may exploit a vulnerable API call using specially crafted SQL queries which may lead to unauthorized data access.

CVE#: CVE-2020-3985 Published Date: 2020-11-24 CVSS: NO CVSS Description: The SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3 and 3.4.x prior to 3.4.4 allows an access to set arbitrary authorization levels leading to a privilege escalation issue. An authenticated SD-WAN Orchestrator user may exploit an application weakness and call a vulnerable API to elevate their privileges.

CVE#: CVE-2020-4000 Published Date: 2020-11-24 CVSS: NO CVSS Description: The SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3, 3.4.x prior to 3.4.4, and 4.0.x prior to 4.0.1 allows for executing files through directory traversal. An authenticated SD-WAN Orchestrator user is able to traversal directories which may lead to code execution of files.

CVE#: CVE-2020-4001 Published Date: 2020-11-24 CVSS: NO CVSS Description: The SD-WAN Orchestrator 3.3.2, 3.4.x, and 4.0.x has default passwords allowing for a Pass-the-Hash Attack. SD-WAN Orchestrator ships with default passwords for predefined accounts which may lead to to a Pass-the-Hash attack.

CVE#: CVE-2020-4002 Published Date: 2020-11-24 CVSS: NO CVSS Description: The SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3, 3.4.x prior to 3.4.4, and 4.0.x prior to 4.0.1 handles system parameters in an insecure way. An authenticated SD-WAN Orchestrator user with high privileges may be able to execute arbitrary code on the underlying operating system.

CVE#: CVE-2020-4003 Published Date: 2020-11-24 CVSS: NO CVSS Description: VMware SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3, 3.4.x prior to 3.4.4, and 4.0.x prior to 4.0.1 was found to be vulnerable to SQL-injection attacks allowing for potential information disclosure. An authenticated SD-WAN Orchestrator user may inject code into SQL queries which may lead to information disclosure.

CVE#: CVE-2020-5641 Published Date: 2020-11-24 CVSS: NO CVSS Description: Cross-site request forgery (CSRF) vulnerability in GS108Ev3 firmware version 2.06.10 and earlier allows remote attackers to hijack the authentication of administrators and the product's settings may be changed without the user's intention or consent via unspecified vectors.

CVE#: CVE-2020-5674 Published Date: 2020-11-24 CVSS: NO CVSS Description: Untrusted search path vulnerability in the installers of multiple SEIKO EPSON products allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

CVE#: CVE-2020-7378 Published Date: 2020-11-24 CVSS: NO CVSS Description: CRIXP OpenCRX version 4.30 and 5.0-20200717 and prior suffers from an unverified password change vulnerability. An attacker who is able to connect to the affected OpenCRX instance can change the password of any user, including admin-Standard, to any chosen value. This issue was resolved in version 5.0-20200904, released September 4, 2020.

CVE#: CVE-2020-7778 Published Date: 2020-11-26 CVSS: 3.4 Description: This affects the package systeminformation before 4.30.2. The attacker can overwrite the properties and functions of an object, which can lead to executing OS commands.

CVE#: CVE-2020-7779 Published Date: 2020-11-26 CVSS: 1.4 Description: All versions of package djvalidator are vulnerable to Regular Expression Denial of Service (ReDoS) by sending crafted invalid emails - for example, --@------------------------------------------------------------------------------------------------------------------------!.

----#MALWARE----

sam11_pearl: RT @CybSec4: Bandook: Signed & Delivered #cybersecurity #malware https://t.co/jTps7BCNSa Link with Tweet

sectest9: RT @ptracesecurity: APK/DEX detector for Windows, Linux and MacOS. https://t.co/eqt70NmfmG #MobileSecurity #AndroidSecurity #ReverseEngine… Link with Tweet

CyberSecurityN8: RT @ptracesecurity: APK/DEX detector for Windows, Linux and MacOS. https://t.co/eqt70NmfmG #MobileSecurity #AndroidSecurity #ReverseEngine… Link with Tweet

sectest9: RT @re_and_more: RE tip of the day: IAT (import address table) hooking is another form of API hooking where the attackers modify the import…

CyberSecurityN8: RT @re_and_more: RE tip of the day: IAT (import address table) hooking is another form of API hooking where the attackers modify the import…

re_and_more: RE tip of the day: IAT (import address table) hooking is another form of API hooking where the attackers modify the… https://t.co/j8jFfbdK0f Link with Tweet

semi_colon4: RT @ptracesecurity: APK/DEX detector for Windows, Linux and MacOS. https://t.co/eqt70NmfmG #MobileSecurity #AndroidSecurity #ReverseEngine… Link with Tweet

ptracesecurity: APK/DEX detector for Windows, Linux and MacOS. https://t.co/eqt70NmfmG #MobileSecurity #AndroidSecurity… https://t.co/4Iriqk80sa Link with Tweet Link with Tweet

shanebrighton: #RT @TechMarketView: For total #malware immunity, it is time to move beyond detection. Find out more and join… https://t.co/7uILotX4wj Link with Tweet

PanevezioV: RT @TheHackersNews: A new digitally-signed Bandook #malware sample spotted in the wild, once again aiming at high-value targets across mult…

ralucasaceanu: RT @TheHackersNews: A new digitally-signed Bandook #malware sample spotted in the wild, once again aiming at high-value targets across mult…

BreachAware: The stark impact on the price of a #malware #cyberattack allegedly via 10 employees logging onto sensitive infr… https://t.co/nDFlNGxcRN Link with Tweet

TheCyberSecHub: RT @TheHackersNews: A new digitally-signed Bandook #malware sample spotted in the wild, once again aiming at high-value targets across mult…

sectest9: RT @CybSec4: Bandook: Signed & Delivered #cybersecurity #malware https://t.co/jTps7BCNSa Link with Tweet

CyberSecurityN8: RT @CybSec4: Bandook: Signed & Delivered #cybersecurity #malware https://t.co/jTps7BCNSa Link with Tweet

----#PHISHING----

JEMPradio: Phish - The Dogs (7-8-16) #Phish #CommunityRadio #NowPlaying https://t.co/s9i3jkbCBt Link with Tweet

AbilityNet: FREE featured Friday factsheet on how to spot a scam and avoid it. https://t.co/cKEdu39Zlj. The factsheet covers… https://t.co/dpIkXrvMXS Link with Tweet Link with Tweet

phishprotection: The Holidays are Coming Which Means Holiday Phishing Emails are Coming too https://t.co/pK2ymWsQ4H #phishing… https://t.co/DG8jZwo0IK Link with Tweet Link with Tweet

JEMPradio: Grateful Dead - Cumberland Blues (3-21-90) #Phish #CommunityRadio #NowPlaying https://t.co/s9i3jkbCBt Link with Tweet

andresvilarino: #OpenBanking, Open Risk: How To Eliminate #Fraud In The #Future Of #Finance #privacy #security #data #Apps… https://t.co/R40NPjC5NH Link with Tweet

dubstard: RT @illegalFawn: @Namecheap would you please revoke as soon as possible the following deceptive #phishing domain targeting Unicredit, it is…

sectest9: RT @AppRayOfficial: Tis’ the Season for Online Holiday Shopping; and Phishing https://t.co/BWWKnbUGZs #holidayshopping #phishing #mobilesec… Link with Tweet

hdccpp: RT @tsecrime: RT @nerccu: Everyone should beware of a #Zoom #phishing attack, posing as a Zoom meeting invite. #cyberprotect https://t.c…

Security_Fraud: RT @tsecrime: RT @nerccu: Everyone should beware of a #Zoom #phishing attack, posing as a Zoom meeting invite. #cyberprotect https://t.c…

secureclick_irl: You know your organisation's IT security plan has a problem when conversations like this happen...… https://t.co/AAe71kkcJ3 Link with Tweet

KalemaChris: RT @TantivyUK: Manchester United still crippled by 'disruptive' #cyberattack: do they need a better Cyber Defender? https://t.co/saleShnxdd… Link with Tweet

beefyspace: RT @tsecrime: RT @nerccu: Everyone should beware of a #Zoom #phishing attack, posing as a Zoom meeting invite. #cyberprotect https://t.c…

beefyspace: RT @Cyber_Vigilance: Take a look at our Cyber Weekly Digest for a round up of all the biggest and latest #cybersecurity stories. Read abou…

attacksolutions: RT @TechUnityInc: Phishing Attacks Are Targeting People’s Emotions; It’s Time to Leverage AI to Help https://t.co/ZqyydPsxkM #Phishing #Cyb… Link with Tweet

1066PI: RT @tsecrime: RT @nerccu: Everyone should beware of a #Zoom #phishing attack, posing as a Zoom meeting invite. #cyberprotect https://t.c…

----#OSINT----

gbackfried: RT @saillabs: SAIL LABS Head of Research, Gerhard Backfried, will hold a presentation on the topic “Towards a Cross-Media Approach for Comm…

kp_ryn: RT @OsintCurious: #ICYMI #OSINT Geolocation is always useful in an OSINT investigation. @nixintel shows methods allowing us to leverage…

MikkelsenDean: RT @OsintCurious: #ICYMI #OSINT Geolocation is always useful in an OSINT investigation. @nixintel shows methods allowing us to leverage…

dutch_osintguy: RT @OsintCurious: #ICYMI #OSINT Geolocation is always useful in an OSINT investigation. @nixintel shows methods allowing us to leverage…

olympicBJ: RT @OsintCurious: #ICYMI #OSINT Geolocation is always useful in an OSINT investigation. @nixintel shows methods allowing us to leverage…

javier_carriazo: RT @javier_carriazo: Ransomware data leaks strike 1000 companies in 2020 #CyberSecurity #osint #cyberthreats #hackers #darkweb #databreach…

javier_carriazo: RT @javier_carriazo: Personal data of 16 million Brazilian COVID-19 patients exposed online #CyberSecurity #osint #cyberthreats #hackers #…

javier_carriazo: RT @javier_carriazo: Stantinko Botnet Now Targeting Linux Servers to Hide Behind Proxies #CyberSecurity #osint #cyberthreats #hackers #dar…

javier_carriazo: RT @JinibaBD: Is this your experience too? 🙄😤😱 Attacks are rising in all vectors and types #CyberSecurity #osint #cyberthreats #hackers #d…

javier_carriazo: RT @JinibaBD: True! but #supplychain #riskmanagement starts with #socialengineering vulnerabilities #CyberSecurity #osint #cyberthreats #h…

cybsecbot: RT @JinibaBD: Police get custody of notorious hacker Shriki #CyberSecurity #osint #cyberthreats #hackers #darkweb #databreaches #cybercrim…

RDSWEB: RT @x0dium: Where am I? #osint https://t.co/SAelMOZRZv

x0dium: Where am I? #osint https://t.co/SAelMOZRZv

sciBot6: RT @Hakin9: BLACK FRIDAY is here! Check out our deals >> https://t.co/iPhdRAhNDg #infosec #hacking #hackers #Pentesting #programming #pent… Link with Tweet

phil_f1: RT @CovertShores: #OSINT: radar activity detected in Barents Sea, corresponding to #Russia Zircon hypersonic missile test. Certain radars…

----#THREATINTEL----

hacking_future: Cybersecurity - Mitre ATT&ACK. Discover the best articles of the week: 27.11.2020 https://t.co/yKtPPaa4Pw… https://t.co/Hj6VAeyalW Link with Tweet Link with Tweet

javier_carriazo: RT @javier_carriazo: Ransomware data leaks strike 1000 companies in 2020 #CyberSecurity #osint #cyberthreats #hackers #darkweb #databreach…

javier_carriazo: RT @javier_carriazo: Personal data of 16 million Brazilian COVID-19 patients exposed online #CyberSecurity #osint #cyberthreats #hackers #…

javier_carriazo: RT @javier_carriazo: Stantinko Botnet Now Targeting Linux Servers to Hide Behind Proxies #CyberSecurity #osint #cyberthreats #hackers #dar…

javier_carriazo: RT @JinibaBD: Is this your experience too? 🙄😤😱 Attacks are rising in all vectors and types #CyberSecurity #osint #cyberthreats #hackers #d…

javier_carriazo: RT @JinibaBD: True! but #supplychain #riskmanagement starts with #socialengineering vulnerabilities #CyberSecurity #osint #cyberthreats #h…

cybsecbot: RT @JinibaBD: Police get custody of notorious hacker Shriki #CyberSecurity #osint #cyberthreats #hackers #darkweb #databreaches #cybercrim…

cyberreport_io: Entersekt releases findings from State of Online Shopping Report UK https://t.co/5asTyUzvbf #cybersecurity… https://t.co/TyXSkIlbgC Link with Tweet Link with Tweet

sectest9: RT @JinibaBD: Police get custody of notorious hacker Shriki #CyberSecurity #osint #cyberthreats #hackers #darkweb #databreaches #cybercrim…

CyberSecurityN8: RT @JinibaBD: Police get custody of notorious hacker Shriki #CyberSecurity #osint #cyberthreats #hackers #darkweb #databreaches #cybercrim…

vuldiren: RT @sansforensics: Learn the latest methods for producing #threatintel at this year's FREE, virtual #CTISummit. Don't miss out, register…

JinibaBD: RT @JinibaBD: Police get custody of notorious hacker Shriki #CyberSecurity #osint #cyberthreats #hackers #darkweb #databreaches #cybercrim…

javier_carriazo: RT @JinibaBD: Police get custody of notorious hacker Shriki #CyberSecurity #osint #cyberthreats #hackers #darkweb #databreaches #cybercrim…

JinibaBD: RT @JinibaBD: True! but #supplychain #riskmanagement starts with #socialengineering vulnerabilities #CyberSecurity #osint #cyberthreats #h…

CyberSecDN: An Inside Look at an Account Takeover https://t.co/obKd5Sg46i #threatintel #cybercrime #phishing #email via @DarkReading Link with Tweet

----#RANSOMWARE----

tripodi_f: RT @Cohesity: True or false: Distributed database replication is a #dataprotection strategy. 🇽 False. In the event of a #ransomware attack,…

twelvesec: #USFertility was the latest in a string of #ransomware victims, the largest network of fertility centres in the U.S… https://t.co/uvY0v2lQuJ Link with Tweet

RichDuszak: RT @daniel_kraft: Beyond despicable. A wave of damaging #ransomware cyberattacks on hospitals has upended the lives of patients with cance…

BWC_Security: Sopra Steria expects €50 million loss after Ryuk ransomware attack. French IT services giant Sopra Steria said toda… https://t.co/mOQHDEHtbg Link with Tweet

sectest9: RT @ISMG_APACME: Speaking with the @baltimoresun newspaper, Mychael Dickerson, confirmed via Twitter that several schools in Baltimore were…

BreachReports: RT @darktracer_int: [BREAKING] The #REvil #ransomware group leaked a screenshot of the stolen 50GB materials from the official portal of Ar…

CyberSecurityN8: RT @ISMG_APACME: Speaking with the @baltimoresun newspaper, Mychael Dickerson, confirmed via Twitter that several schools in Baltimore were…

ISMG_APACME: Speaking with the @baltimoresun newspaper, Mychael Dickerson, confirmed via Twitter that several schools in Baltimo… https://t.co/PrthElpre6 Link with Tweet

BnkInfoSecurity: Speaking with the @baltimoresun newspaper, Mychael Dickerson, confirmed via Twitter that several schools in Baltimo… https://t.co/zE1ck6y199 Link with Tweet

LogRhythm: In this #LogRhythm webinar with Ultimate Windows Security, experts will demonstrate how to translate a recent repor… https://t.co/wEWUGvmNYR Link with Tweet

sectest9: RT @mirchi111: When a CIO/ CISO says your #dataprotection solution gives them confidence against #ransomware – that’s the very best endorse…

CyberSecurityN8: RT @mirchi111: When a CIO/ CISO says your #dataprotection solution gives them confidence against #ransomware – that’s the very best endorse…

becrib0831: RT @mirchi111: When a CIO/ CISO says your #dataprotection solution gives them confidence against #ransomware – that’s the very best endorse…

becrib0831: #Ransomware attacks continue to increase, making comprehensive data protection even more critical. Join #Commvault… https://t.co/DNzy0JimKD Link with Tweet

WLesicki: RT @3xp0rtblog: #Malware #Ransomware #Darkside DarkSide Ransomware developers started the CDN (Content Delivery Network) system. In the…

-----#OPENDIR----

Malwaredev: RT @wwp96: #blue #bot #opendir #panel @ViriBack @JAMESWT_MHT @James_inthe_box only 4 samples on https://t.co/oDSMvIYi5a, not on c2db jx2-b… Link with Tweet

ecarlesi: Possible threat on hxxp://dubaidentistsnetwork[.]com/wordpress-5[.]5[.]3[.]zip #phishing #opendir

ecarlesi: Possible threat on hxxp://hashing24[.]work/LetsMine-Files_Documentation[.]zip #phishing #opendir

beefyspace: RT @ecarlesi: Threat on hxxps://ms-excelonline[.]com/oauth2[.]zip #phishing #opendir

beefyspace: RT @ecarlesi: Threat on hxxps://ms-excelonline[.]com/AP-Report[.]zip #phishing #opendir

ecarlesi: Threat on hxxps://ms-excelonline[.]com/oauth2[.]zip #phishing #opendir

ecarlesi: Threat on hxxps://ms-excelonline[.]com/AP-Report[.]zip #phishing #opendir

ecarlesi: Possible threat on hxxp://nerfbay[.]com/xyz-classifieds-free_2_0[.]zip #phishing #opendir

ecarlesi: Threat on hxxp://ms-excelonline[.]com/oauth2[.]zip #phishing #opendir

ecarlesi: Threat on hxxp://ms-excelonline[.]com/AP-Report[.]zip #phishing #opendir

beefyspace: RT @ecarlesi: Possible threat on hxxp://website-login-m-p[.]com/tela/ #phishing #opendir

beefyspace: RT @ecarlesi: Possible threat on hxxp://website-login-m-p[.]com/nova/ #phishing #opendir

beefyspace: RT @ecarlesi: Threat on hxxp://website-login-m-p[.]com/nova[.]zip #phishing #opendir

beefyspace: RT @ecarlesi: Threat on hxxps://ilocalstore[.]com/rwData/k-app[.]zip #phishing #opendir

ecarlesi: Possible threat on hxxp://website-login-m-p[.]com/tela/ #phishing #opendir

-----#MALSPAM----

cyber_int: [BLOG] #njRAT is used to target victims located in the #MiddleEast and its usage is on the rise. ⚠️ #Malspam campai… https://t.co/4odyqZgaol Link with Tweet

panda_zheng: RT @malware_traffic: 2020-11-24 (Tuesday) - #malspam pushing #AgentTesla - Email: https://t.co/IC63STsWJb - LHA: https://t.co/1E0z8Nuswq -… Link with Tweet Link with Tweet

KanbeWorks: RT @malware_traffic: 2020-11-24 (Tuesday) - #malspam pushing #AgentTesla - Email: https://t.co/IC63STsWJb - LHA: https://t.co/1E0z8Nuswq -… Link with Tweet Link with Tweet

Malwaredev: RT @malware_traffic: 2020-11-24 (Tuesday) - #malspam pushing #AgentTesla - Email: https://t.co/IC63STsWJb - LHA: https://t.co/1E0z8Nuswq -… Link with Tweet Link with Tweet

c0depleaser: RT @malware_traffic: 2020-11-24 (Tuesday) - #malspam pushing #AgentTesla - Email: https://t.co/IC63STsWJb - LHA: https://t.co/1E0z8Nuswq -… Link with Tweet Link with Tweet

malwaremike22: RT @Unit42_Intel: 2020-11-23 (Monday) - #malspam pushing #Dridex uses #SmokeLoader, and we saw #webshell activity on our infected lab host.…

Securityblog: RT @malware_traffic: 2020-11-24 (Tuesday) - #malspam pushing #AgentTesla - Email: https://t.co/IC63STsWJb - LHA: https://t.co/1E0z8Nuswq -… Link with Tweet Link with Tweet

ActorExpose: RT @bit_dam: Active #malspam #phishing of #Microsoft detected in-the-wild by @BitDamSecurity airtable.]com/shrZlKk3E9uK1w6zK @airtable @…

drakesarath: RT @Unit42_Intel: 2020-11-23 (Monday) - #malspam pushing #Dridex uses #SmokeLoader, and we saw #webshell activity on our infected lab host.…

vl_sk: RT @malware_traffic: 2020-11-24 (Tuesday) - #malspam pushing #AgentTesla - Email: https://t.co/IC63STsWJb - LHA: https://t.co/1E0z8Nuswq -… Link with Tweet Link with Tweet

thlnk3r: RT @malware_traffic: 2020-11-24 (Tuesday) - #malspam pushing #AgentTesla - Email: https://t.co/IC63STsWJb - LHA: https://t.co/1E0z8Nuswq -… Link with Tweet Link with Tweet

hutaro_neko: RT @Unit42_Intel: 2020-11-23 (Monday) - #malspam pushing #Dridex uses #SmokeLoader, and we saw #webshell activity on our infected lab host.…

kilijanek: RT @malware_traffic: 2020-11-24 (Tuesday) - #malspam pushing #AgentTesla - Email: https://t.co/IC63STsWJb - LHA: https://t.co/1E0z8Nuswq -… Link with Tweet Link with Tweet

JAMESWT_MHT: RT @malware_traffic: 2020-11-24 (Tuesday) - #malspam pushing #AgentTesla - Email: https://t.co/IC63STsWJb - LHA: https://t.co/1E0z8Nuswq -… Link with Tweet Link with Tweet

th3c0rt3x: RT @malware_traffic: 2020-11-24 (Tuesday) - #malspam pushing #AgentTesla - Email: https://t.co/IC63STsWJb - LHA: https://t.co/1E0z8Nuswq -… Link with Tweet Link with Tweet

----#EMOTET----

JRoosen: RT @Cryptolaemus1: #Emotet C2 Deltas from 2020/11/26 as of 14:00EST or 19:00UTC E3 added for complete set https://t.co/pCBJ6dEEMK Link with Tweet

Cryptolaemus1: #Emotet C2 Deltas from 2020/11/26 as of 14:00EST or 19:00UTC E3 added for complete set https://t.co/pCBJ6dEEMK Link with Tweet

Securityblog: RT @Cryptolaemus1: #Emotet C2 Deltas from 2020/11/26 as of 14:00EST or 19:00UTC E1 only so far, updates will follow https://t.co/r3vv3DgX…

McAfee_Help: Are you prepared to defend against #Emotet? Watch our Emotet Trojan #webcast, where we covered behavioral analysi… https://t.co/j5Ke1oJtOC Link with Tweet

thlnk3r: RT @Cryptolaemus1: #Emotet C2 Deltas from 2020/11/26 as of 14:00EST or 19:00UTC E1 only so far, updates will follow https://t.co/r3vv3DgX…

JRoosen: RT @Cryptolaemus1: #Emotet C2 Deltas from 2020/11/26 as of 14:00EST or 19:00UTC now with added E2 for extra goodness https://t.co/Xz0iMDGF…

JRoosen: RT @Cryptolaemus1: #Emotet C2 Deltas from 2020/11/26 as of 14:00EST or 19:00UTC E1 only so far, updates will follow https://t.co/r3vv3DgX…

Paladin3161: RT @Cryptolaemus1: #Emotet C2 Deltas from 2020/11/26 as of 14:00EST or 19:00UTC E1 only so far, updates will follow https://t.co/r3vv3DgX…

kilijanek: RT @Cryptolaemus1: #Emotet C2 Deltas from 2020/11/26 as of 14:00EST or 19:00UTC E1 only so far, updates will follow https://t.co/r3vv3DgX…

lazyactivist192: RT @Cryptolaemus1: #Emotet C2 Deltas from 2020/11/26 as of 14:00EST or 19:00UTC E1 only so far, updates will follow https://t.co/r3vv3DgX…

Cryptolaemus1: #Emotet C2 Deltas from 2020/11/26 as of 14:00EST or 19:00UTC now with added E2 for extra goodness https://t.co/Xz0iMDGFNI Link with Tweet

Cryptolaemus1: #Emotet C2 Deltas from 2020/11/26 as of 14:00EST or 19:00UTC E1 only so far, updates will follow… https://t.co/v7b4nrywaA Link with Tweet

jayeshmthakur: RT @alexandrakohut: You stopped that #Emotet trojan last year. So why is it back? Your #malware bad dream has returned and it’s brought fri…

TwitchBuds: RT @GracieArt3: Japanese Theme Style Overlay Design let me know if you're in Need. #logo_designer #pfp #banner #animation #LogoDesign #Grap…

GracieArt3: Japanese Theme Style Overlay Design let me know if you're in Need. #logo_designer #pfp #banner #animation… https://t.co/J6YfYuH4XB Link with Tweet

-----#BUGBOUNTY----

sam11_pearl: RT @bugbounty18: Become a White Hat Hacker — Get 10 Top-Rated Courses at 97% OFF https://t.co/XudfXu3WUg #bugbounty #bugbounties Link with Tweet

katipuzer0: RT @febinrev: Some of my favorite CSRF protection bypasses : 1. Remove the CSRF token 2. Remove the token and the parameter from the reque…

3lnarc0: Any bug hunters here from Bangkok? Pm me #bugbounty

Abdulelaah403: RT @ptracesecurity: a recon tool that allows searching on URLs that are exposed via shortener services https://t.co/8ysiGEwfC2 #Recon #Bu… Link with Tweet

Abdulelaah403: RT @ofjaaah: Search Hackers - Update. https://t.co/WXQZxQgSK2 Censys Spyce Shodan Viz Grey Zoomeye Onyphe Wigle Intelx Fofa Hunter Zorexe… Link with Tweet

sectest9: RT @bugbounty18: Become a White Hat Hacker — Get 10 Top-Rated Courses at 97% OFF https://t.co/XudfXu3WUg #bugbounty #bugbounties Link with Tweet

CyberSecurityN8: RT @bugbounty18: Become a White Hat Hacker — Get 10 Top-Rated Courses at 97% OFF https://t.co/XudfXu3WUg #bugbounty #bugbounties Link with Tweet

538355: RT @bugbounty18: Become a White Hat Hacker — Get 10 Top-Rated Courses at 97% OFF https://t.co/XudfXu3WUg #bugbounty #bugbounties Link with Tweet

bugbounty18: Become a White Hat Hacker — Get 10 Top-Rated Courses at 97% OFF https://t.co/XudfXu3WUg #bugbounty #bugbounties Link with Tweet

copraqeil83daf4: RT @zarcolio: Sorry About your WAF - Modern WAF Bypass Techniques https://t.co/EWMVNsBjgy #bugbountytips #bugbountytip #BugBounty Link with Tweet

bitnovo: Crypto Firm Offers $200,000 Bug Bounty to Hacker Who Stole $2m #Crypto #BugBounty #Cryptocurrencies #Hacker… https://t.co/fx34iTBA1J Link with Tweet

baranertemir1: RT @febinrev: Some of my favorite CSRF protection bypasses : 1. Remove the CSRF token 2. Remove the token and the parameter from the reque…

ismailsntrk7: i buyed iphone 12 pro 512GB pacific blue. @Apple @ATT @Hacker0x01 #bugbounty https://t.co/ndzlGcQr1F

0x_Akoko: RT @zarcolio: Sorry About your WAF - Modern WAF Bypass Techniques https://t.co/EWMVNsBjgy #bugbountytips #bugbountytip #BugBounty Link with Tweet

TomTown28040225: RT @zarcolio: Sorry About your WAF - Modern WAF Bypass Techniques https://t.co/EWMVNsBjgy #bugbountytips #bugbountytip #BugBounty Link with Tweet

----#CYBERCRIME----

twelvesec: #USFertility was the latest in a string of #ransomware victims, the largest network of fertility centres in the U.S… https://t.co/uvY0v2lQuJ Link with Tweet

kuknoorpally_ps: RT @ts_womensafety: Workplace atmosphere should make you feel safe not uncomfortable. . . . Report The Abuse! #WomenSafetyAtWork #Telangan…

javier_carriazo: RT @javier_carriazo: Ransomware data leaks strike 1000 companies in 2020 #CyberSecurity #osint #cyberthreats #hackers #darkweb #databreach…

javier_carriazo: RT @javier_carriazo: Personal data of 16 million Brazilian COVID-19 patients exposed online #CyberSecurity #osint #cyberthreats #hackers #…

javier_carriazo: RT @javier_carriazo: Stantinko Botnet Now Targeting Linux Servers to Hide Behind Proxies #CyberSecurity #osint #cyberthreats #hackers #dar…

javier_carriazo: RT @JinibaBD: Is this your experience too? 🙄😤😱 Attacks are rising in all vectors and types #CyberSecurity #osint #cyberthreats #hackers #d…

javier_carriazo: RT @JinibaBD: True! but #supplychain #riskmanagement starts with #socialengineering vulnerabilities #CyberSecurity #osint #cyberthreats #h…

cybsecbot: RT @JinibaBD: Police get custody of notorious hacker Shriki #CyberSecurity #osint #cyberthreats #hackers #darkweb #databreaches #cybercrim…

sectest9: RT @joeclark947: @CIOonline @avast_antivirus @kaspersky @AVGFree @symantec @ESET @TheHackersNews @hackernoon @Cisco @Microsoft @IBM @intel…

CyberSecurityN8: RT @joeclark947: @CIOonline @avast_antivirus @kaspersky @AVGFree @symantec @ESET @TheHackersNews @hackernoon @Cisco @Microsoft @IBM @intel…

joeclark947: RT @joeclark947: @CIOonline @avast_antivirus @kaspersky @AVGFree @symantec @ESET @TheHackersNews @hackernoon @Cisco @Microsoft @IBM @intel…

MunniRa10776207: RT @PcrBikaner: Be aware of fake E-mail id frauds #cybersecurity #cybercrime @IgpBikaner @Ishwaranand11 @CyberCellRaj @Cyberdost @PoliceRa…

beefyspace: RT @ECCOUNCIL: Live Now! Panel Discussion on “Security Awareness: Need of the Hour” Click Here to Join Now: https://t.co/f92cVAYLQH #ecc… Link with Tweet

ECCOUNCIL: Live Now! Panel Discussion on “Security Awareness: Need of the Hour” Click Here to Join Now:… https://t.co/DvwC9xRHF2 Link with Tweet

Heron_Ian: RT @nottspolice: Ready to grab a #BlackFriday Bargain? Make sure you check out these top tips to help you buy online securely: https://t.…

----Hacking Updates----

akkuman updated akkuman.github.io. This repo has 0 stars and 1 watchers. This repo was created on 2016-05-25. --- Python&Hacker

sanscript-tech updated hacking-tools-scripts. This repo has 19 stars and 4 watchers. This repo was created on 2020-10-15. --- Hacking Scripts that will blow your mind engineered by Hackers ♠️.

joaodarocha updated my-hacks. This repo has 0 stars and 1 watchers. This repo was created on 2020-09-15. --- This is where I store my hacks (AKA scripts and config files)

nappo updated nappo. This repo has 1 stars and 1 watchers. This repo was created on 2020-10-29. --- Scalable, open-source, reinforcement learning library focused on modularity and simplicity for easy hacking. It currently includes all scalable versions of PPO and SAC.

WorldWide010 updated xxxcam. This repo has 0 stars and 1 watchers. This repo was created on 2020-11-27. --- Program for automatic hacking of cameras

corrupt updated HmbBfDI-toolbox. This repo has 0 stars and 1 watchers. This repo was created on 2020-11-20. --- Tools, scripts, and prototypes I'm hacking at HmbBfDI

Luci-Hacks updated htools. This repo has 0 stars and 1 watchers. This repo was created on 2020-11-27. --- Hacking-Tools

ismail updated hacks. This repo has 2 stars and 1 watchers. This repo was created on 2012-08-04. --- Small hacks

SpiderLabs updated HostHunter. This repo has 344 stars and 36 watchers. This repo was created on 2018-05-17. --- HostHunter a recon tool for discovering hostnames using OSINT techniques.

hilarex updated GoBot. This repo has 1 stars and 2 watchers. This repo was created on 2020-04-16. --- A Discord Bot in Golang for Hack The Box members.

thevillagehacker updated Bug-Hunting. This repo has 8 stars and 2 watchers. This repo was created on 2020-10-27. --- The Repository contains various payloads, tools, tips and tricks from various hackers around the world. Please take a quick look down here 👇👇

aigars-github updated blacklist. This repo has 0 stars and 1 watchers. This repo was created on 2020-10-24. --- IP's from which scanning, spaming or hacking attempts detected

shivaprasad-bhat updated HakerRank_Java. This repo has 0 stars and 1 watchers. This repo was created on 2020-11-25. --- Hacker Rank Practice Java

UltimateHackingKeyboard updated agent. This repo has 443 stars and 37 watchers. This repo was created on 2016-01-12. --- The configurator application of the Ultimate Hacking Keyboard

EugeneRikka updated Selectel. This repo has 0 stars and 1 watchers. This repo was created on 2020-11-24. --- Selectel GameDev Hack 2020. Team TWins.

hermiawu updated hermiawu.github.io. This repo has 0 stars and 1 watchers. This repo was created on 2020-08-23. --- Hack the 6ix Project

HackersOfSweden updated Granborre. This repo has 0 stars and 2 watchers. This repo was created on 2020-11-26. --- Our solution for Hack for Sweden 365

andreabenini updated linux.tips. This repo has 3 stars and 1 watchers. This repo was created on 2017-04-03. --- Various hints, bookmarks, suggestions and hacks

UltimateHackingKeyboard updated firmware. This repo has 267 stars and 27 watchers. This repo was created on 2016-01-31. --- The firmware of the Ultimate Hacking Keyboard

processhacker updated phnt. This repo has 247 stars and 26 watchers. This repo was created on 2018-08-14. --- Native API header files for the Process Hacker project.

shawnduong updated zero-to-hero-hacking. This repo has 1 stars and 1 watchers. This repo was created on 2020-06-10. --- A comprehensive, live guide to computer hacking. This is a continuous WIP and is largely incomplete as of now.

vishnugirija updated Hacking-Supplies. This repo has 0 stars and 1 watchers. This repo was created on 2020-11-18. --- A collection of various resources and tools for hackers

kritesh-debug updated i-am-new-. This repo has 0 stars and 1 watchers. This repo was created on 2020-11-27. --- Help me for hack i am so noob

nwplus updated livesite. This repo has 8 stars and 3 watchers. This repo was created on 2020-07-22. --- portal for hackers at nwplus hackathons

marshal41 updated c-language-usefull-codes. This repo has 0 stars and 1 watchers. This repo was created on 2020-11-26. --- Not related to hacking

----Security Updates----

aquasecurity updated starboard-lens-extension. This repo has 12 stars and 7 watchers. This repo was created on 2020-10-28. --- Lens extension for viewing Starboard security information

SomeSortOfRepository updated SpringSecurityDemoProject. This repo has 0 stars and 1 watchers. This repo was created on 2020-11-27. --- None

SAP updated fosstars-rating-core. This repo has 17 stars and 8 watchers. This repo was created on 2020-01-27. --- A framework for defining ratings for open-source projects. In particular, the framework offers a security rating for open-source projects that may be used to assess the security risk that comes with open-source components.

wazuh updated wazuh-packages. This repo has 31 stars and 29 watchers. This repo was created on 2017-04-21. --- Wazuh - Tools for packages creation

lirantal updated npq. This repo has 478 stars and 7 watchers. This repo was created on 2017-12-14. --- 🎖safely* install packages with npm or yarn by auditing them as part of your install process

IQTLabs updated poseidon. This repo has 296 stars and 27 watchers. This repo was created on 2016-05-10. --- Poseidon is a python-based application that leverages software defined networks (SDN) to acquire and then feed network traffic to a number of machine learning techniques. The machine learning algorithms classify and predict the type of device.

JavaGarcia updated Neanet. This repo has 1 stars and 1 watchers. This repo was created on 2020-08-02. --- Threat intelligence

ComplianceAsCode updated content. This repo has 1107 stars and 137 watchers. This repo was created on 2014-04-29. --- Security automation content in SCAP, OSCAL, Bash, Ansible, and other formats

klzbb updated springboot_manager. This repo has 0 stars and 1 watchers. This repo was created on 2020-07-06. --- 权限管理系统:springboot + mybatis + mysql + spring-security

hcpx updated security. This repo has 0 stars and 1 watchers. This repo was created on 2020-11-26. --- None

zaproxy updated zap-extensions. This repo has 461 stars and 53 watchers. This repo was created on 2015-05-07. --- OWASP ZAP Add-ons

brittonhayes updated hikeshi. This repo has 1 stars and 1 watchers. This repo was created on 2020-11-04. --- Hikeshi is a security incident response application that keeps documenting incidents simple, so you can focus on fighting fires.

zaproxy updated zaproxy. This repo has 7973 stars and 394 watchers. This repo was created on 2015-06-03. --- The OWASP ZAP core project

authelia updated authelia. This repo has 2466 stars and 45 watchers. This repo was created on 2016-12-07. --- The Single Sign-On Multi-Factor portal for web apps

qukaige updated spring-security. This repo has 0 stars and 1 watchers. This repo was created on 2020-11-27. --- None

stornado updated crypto-spring-boot-starter. This repo has 0 stars and 1 watchers. This repo was created on 2020-11-27. --- API Security starter for Spring Boot

dimaSkalora updated ServiceCompanyBigSpeed. This repo has 0 stars and 1 watchers. This repo was created on 2020-09-17. --- Java/Maven/ Spring/ Security/ JPA(Hibernate)/ REST(Jackson)/ Bootstrap(CSS)/ jQuery/Ajax

abirbakhti updated SpringSecurity. This repo has 0 stars and 1 watchers. This repo was created on 2020-11-27. --- None

HansjoergW updated bfh_mt_hs2020_sec_data. This repo has 0 stars and 1 watchers. This repo was created on 2020-10-11. --- code to prepare and analzye the data from the u.s. security and exchange commission

stackrox updated helm-charts. This repo has 26 stars and 6 watchers. This repo was created on 2020-03-30. --- Helm charts for StackRox Kubernetes Security Platform

cys950331 updated KMU_AI_SECURITY. This repo has 0 stars and 1 watchers. This repo was created on 2020-11-09. --- None

ricequant updated rqalpha. This repo has 3976 stars and 429 watchers. This repo was created on 2016-07-20. --- A extendable, replaceable Python algorithmic backtest && trading framework supporting multiple securities

exasol updated row-level-security. This repo has 2 stars and 19 watchers. This repo was created on 2019-06-11. --- Virtual-Schema-based row-level security for Exasol

cr0hn updated mist. This repo has 3 stars and 2 watchers. This repo was created on 2020-08-26. --- The Security Language for security engineers

juliushekkala updated SecurityBot. This repo has 0 stars and 1 watchers. This repo was created on 2020-11-12. --- Created during Computer Security Project fall 2020

----PoC Updates----

DmitryLapshov updated esp32cam_sim800Lv2_proof_of_concept. This repo has 0 stars and 1 watchers. This repo was created on 2020-11-27. --- Proof of concept that esp32cam module can work with sim800l module

sano-jin updated vertex. This repo has 0 stars and 1 watchers. This repo was created on 2020-09-05. --- A proof of concept of DHLMNtal.

juangallostra updated augmented-reality. This repo has 152 stars and 13 watchers. This repo was created on 2018-09-16. --- Augmented reality proof of concept project with Python and OpenCV

Nortamo updated cont_conda. This repo has 0 stars and 1 watchers. This repo was created on 2020-11-05. --- Proof of concept for packaging existing installations using singularity

Petr-Kovalev updated punched-cards-qmnist-poc. This repo has 1 stars and 1 watchers. This repo was created on 2020-11-04. --- Object recognition by random binary data lookup proof of concept for QMNIST

ohpyupi updated cmpe272.ai-powered-http-analyzer. This repo has 0 stars and 1 watchers. This repo was created on 2020-10-24. --- A project to build a proof of concept of AI-powered HTTP analyzer.

Petr-Kovalev updated punched-cards-fashion-mnist-poc. This repo has 2 stars and 1 watchers. This repo was created on 2020-11-06. --- Object recognition by random binary data lookup proof of concept for Fashion MNIST

layaxx updated pdfcc. This repo has 0 stars and 1 watchers. This repo was created on 2020-11-04. --- proof of concept web app allowing substitution of colors in a PDF

tisnik updated poc-schema-checks. This repo has 0 stars and 1 watchers. This repo was created on 2020-11-23. --- Proof of concept - schema checks

zrrrzzt updated lndr-poc. This repo has 0 stars and 1 watchers. This repo was created on 2019-12-29. --- Proof of concept for lndr

TeleworkInc updated web-widgets-poc. This repo has 9 stars and 2 watchers. This repo was created on 2020-11-26. --- A brief document explaining the Web Widgets proof-of-concept.

ivanpierre updated clojurust. This repo has 1 stars and 1 watchers. This repo was created on 2020-09-28. --- A proof of concept version of Clojure in Rust.

diegodev91 updated DesignPatterns. This repo has 0 stars and 1 watchers. This repo was created on 2020-05-27. --- Proof of concepts for design patterns

elijah-mccoy5 updated Authentication-Display. This repo has 0 stars and 1 watchers. This repo was created on 2020-11-27. --- Simple authentication program for proof of concept.

NickGeek updated frj-compiler. This repo has 0 stars and 1 watchers. This repo was created on 2020-09-22. --- The proof-of-concept compiler for FRJ (https://arxiv.org/abs/2008.12592) done as part of my COMP489 research project.

sirpaulmcd updated Elite-Gardening-Squad-Open. This repo has 0 stars and 1 watchers. This repo was created on 2020-10-23. --- Open source scripts for a (proof of concept) couch coop dungeon crawler game about gardening. Work in progress, made in the Unity game engine.

Jonathan-Mckenzie updated swift-vapor-lambda. This repo has 0 stars and 1 watchers. This repo was created on 2020-11-25. --- proof of concept for running a swift vapor app both locally and in AWS Lambda connected to AWS API Gateway

e-src updated cyPOC. This repo has 0 stars and 1 watchers. This repo was created on 2020-11-16. --- Cypress Test Framework - Proof of Concept

peku33 updated logicblocks. This repo has 0 stars and 2 watchers. This repo was created on 2019-12-09. --- Proof of concept building automation system

ewgRa updated test_tasks. This repo has 0 stars and 1 watchers. This repo was created on 2020-11-10. --- Test tasks from inteviews, proof of concepts, etc.

ricardo-comar updated spring-boot-camunda. This repo has 1 stars and 1 watchers. This repo was created on 2020-09-15. --- Proof of Concept to lean Camunda BPM

nhsconnect updated prm-deductions-ehr-repository. This repo has 3 stars and 15 watchers. This repo was created on 2019-10-27. --- A Proof of Concept implementation for the storage of Patient Health Records in their native format.

kaurjvpld updated tuul. This repo has 0 stars and 1 watchers. This repo was created on 2020-11-24. --- Proof of concept scooter managing app

julianpierer updated kv. This repo has 0 stars and 1 watchers. This repo was created on 2020-11-26. --- proof of concept of an easy memory storage

snoopysecurity updated Public. This repo has 14 stars and 1 watchers. This repo was created on 2015-07-18. --- Archive - Repository contains old publicly released presentations, tools, Proof of Concepts and other junk.