25 million user records leak online from popular math app Mathway | ZDNet Link to post
Coding an ADVANCED BACKDOOR | PART 1 - YouTube Link to post
New Resources Available for Password Manager Apps - News - Apple Developer Link to post
Friday Squid Blogging: Shark vs. Squid - Schneier on Security Link to post
House leadership is trying to ram through a reauthorization of FISA and PATRIOT Act surveillance authorities using an obscure Congressional mechanism Link to post
Threat Intel | Cyber Attacks Leveraging the COVID-19/CoronaVirus Pandemic - SentinelLabs Link to post
New Research: "Privacy Threats in Intimate Relationships" - Schneier on Security Link to post
The State of Secure Software: Past, Present, and Future Link to post
Coding an ADVANCED BACKDOOR | PART 1 - YouTube Link to post
Detailed Audit of Voatz' Voting App Confirms Security Flaws Link to post
IBM Releases Fully Homomorphic Encryption Toolkit for MacOS and iOS; Linux and Android Coming Soon | IBM Research Blog Link to post
Hack The Box: Nest – Khaotic Developments Link to post
Cisco NX-OS Software Unexpected IP in IP Packet Processing Vulnerability Link to post
Fake ransomware decryptor double-encrypts desperate victims' files Link to post
Defeating Stack Canary, PIE and DEP on remote 64 bit server with byte wise bruteforce Link to post
Best Password Manager Reviews - Consumer Reports Link to post
COVID-19 Cyber Attacks - WebARX Security Link to post
Introduction - Secure Rust Guidelines Link to post
The Espionage Act Reform Bill Addresses Key Press Concerns Link to post
Security Love Languages: 8 Tips to Win Friends and Influence People in Security Link to post
Analyzing Honeypot Data with Azure Sentinel Link to post
Why Citizen is the unofficial social network for protests Link to post
GitHub - veeral-patel/learn-security-engineering: How I'm learning to build secure systems Link to post
Coding an ADVANCED BACKDOOR | PART 3 - YouTube Link to post
Reassembling a Mul-T-Lock C-Series Padlock with Split Core - YouTube Link to post
Analyzing Honeypot Data with Azure Sentinel Link to post
Russian Hackers Attack US Nuclear Missile Contractor, Demand Ransom for Stolen Data | forklog.media Link to post
Coding an ADVANCED BACKDOOR | PART 2 - YouTube Link to post
The Plan - Finding a program - Bug Bounty - Ep - 01 - YouTube Link to post
This new ransomware is targeting Windows and Linux PCs with a 'unique' attack | ZDNet Link to post
Firefox to remove support for the FTP protocol | ZDNet Link to post
Incident: Big Footy data breach exposed private details of up to 100,000 users | WAtoday - Australian Information Security Awareness and Advisory Link to post
Coding an ADVANCED BACKDOOR | PART 3 - YouTube Link to post
HackTheBox - Blocky | Noob To OSCP Episode #29 - YouTube Link to post
Defeating Stack Canary, PIE and DEP on remote 64 bit server with byte wise bruteforce Link to post
Google exploring using location info to slow coronavirus spread Link to post
DIY Intruder Alarm | Arduino Projects - YouTube Link to post
The U.S. wants smartphone location data to fight coronavirus. Privacy advocates are worried. Link to post
Protect our Speech and Security Online: Reject the Graham-Blumenthal Bill | EFF Action Center Link to post
Zoom's Commitment to User Security Depends on Whether you Pay It or Not - Schneier on Security Link to post
----Vulners.com High Sev. Last Day----
----NVD Last 3 Days----
CVE#: CVE-2018-21235 Published Date: 2020-06-04 CVSS: NO CVSS Description: An issue was discovered in Foxit E-mail advertising system before September 2018. It allows authentication bypass and information disclosure, related to Interspire Email Marketer.
CVE#: CVE-2018-21236 Published Date: 2020-06-04 CVSS: NO CVSS Description: An issue was discovered in Foxit Reader before 2.4.4. It has a NULL pointer dereference.
CVE#: CVE-2018-21237 Published Date: 2020-06-04 CVSS: NO CVSS Description: An issue was discovered in Foxit PhantomPDF before 8.3.7. It allows NTLM credential theft via a GoToE or GoToR action.
CVE#: CVE-2018-21238 Published Date: 2020-06-04 CVSS: NO CVSS Description: An issue was discovered in Foxit PhantomPDF before 8.3.7. It allows memory consumption via an ArrayBuffer(0xfffffffe) call.
CVE#: CVE-2018-21239 Published Date: 2020-06-04 CVSS: NO CVSS Description: An issue was discovered in Foxit Reader and PhantomPDF before 9.2. It allows NTLM credential theft via a GoToE or GoToR action.
CVE#: CVE-2018-21240 Published Date: 2020-06-04 CVSS: NO CVSS Description: An issue was discovered in Foxit Reader and PhantomPDF before 9.2. It allows memory consumption via an ArrayBuffer(0xfffffffe) call.
CVE#: CVE-2018-21241 Published Date: 2020-06-04 CVSS: NO CVSS Description: An issue was discovered in Foxit PhantomPDF before 8.3.6. It has an untrusted search path that allows a DLL to execute remote code.
CVE#: CVE-2018-21242 Published Date: 2020-06-04 CVSS: NO CVSS Description: An issue was discovered in Foxit PhantomPDF before 8.3.6. It allows Remote Code Execution via a GoToE or GoToR action.
CVE#: CVE-2018-21243 Published Date: 2020-06-04 CVSS: NO CVSS Description: An issue was discovered in Foxit PhantomPDF before 8.3.6. It has COM object mishandling when Microsoft Word is used.
CVE#: CVE-2018-21244 Published Date: 2020-06-04 CVSS: NO CVSS Description: An issue was discovered in Foxit PhantomPDF before 8.3.6. It allows arbitrary application execution via an embedded executable file in a PDF portfolio, aka FG-VD-18-029.
CVE#: CVE-2019-16150 Published Date: 2020-06-04 CVSS: NO CVSS Description: Use of a hard-coded cryptographic key to encrypt security sensitive data in local storage and configuration in FortiClient for Windows prior to 6.4.0 may allow an attacker with access to the local storage or the configuration backup file to decrypt the sensitive data via knowledge of the hard-coded key.
CVE#: CVE-2019-16384 Published Date: 2020-06-04 CVSS: 3.6 Description: Cybele Thinfinity VirtualUI 2.5.17.2 allows ../ path traversal that can be used for data exfiltration. This enables files outside of the web directory to be retrieved if the exact location is known and the user has permissions.
CVE#: CVE-2019-16385 Published Date: 2020-06-04 CVSS: 2.7 Description: Cybele Thinfinity VirtualUI 2.5.17.2 allows HTTP response splitting via the mimetype parameter within a PDF viewer request, as demonstrated by an example.pdf?mimetype= substring. The victim user must load an application request to view a PDF, containing the malicious payload. This results in a reflected XSS payload being executed.
CVE#: CVE-2019-20813 Published Date: 2020-06-04 CVSS: 3.6 Description: An issue was discovered in Foxit PhantomPDF before 8.3.12. It has a NULL pointer dereference.
CVE#: CVE-2019-20814 Published Date: 2020-06-04 CVSS: 3.6 Description: An issue was discovered in Foxit PhantomPDF before 8.3.12. It allows memory consumption because data is created for each page of an application level.
CVE#: CVE-2019-20815 Published Date: 2020-06-04 CVSS: 3.6 Description: An issue was discovered in Foxit PhantomPDF before 8.3.12. It allows stack consumption via nested function calls for XML parsing.
CVE#: CVE-2019-20816 Published Date: 2020-06-04 CVSS: 3.6 Description: An issue was discovered in Foxit PhantomPDF before 8.3.12. It has a NULL pointer dereference.
CVE#: CVE-2019-20817 Published Date: 2020-06-04 CVSS: 3.6 Description: An issue was discovered in Foxit Reader and PhantomPDF before 9.7. It has a NULL pointer dereference.
CVE#: CVE-2019-20818 Published Date: 2020-06-04 CVSS: 3.6 Description: An issue was discovered in Foxit Reader and PhantomPDF before 9.7. It allows memory consumption because data is created for each page of an application level.
CVE#: CVE-2019-20819 Published Date: 2020-06-04 CVSS: 3.6 Description: An issue was discovered in Foxit Reader and PhantomPDF before 9.7. It allows stack consumption via nested function calls for XML parsing.
CVE#: CVE-2019-20820 Published Date: 2020-06-04 CVSS: 3.6 Description: An issue was discovered in Foxit Reader and PhantomPDF before 9.7. It has a NULL pointer dereference.
CVE#: CVE-2019-20821 Published Date: 2020-06-04 CVSS: NO CVSS Description: An issue was discovered in Foxit PhantomPDF Mac before 3.4. It has a NULL pointer dereference.
CVE#: CVE-2019-20822 Published Date: 2020-06-04 CVSS: NO CVSS Description: An issue was discovered in the 3D Plugin Beta for Foxit Reader and PhantomPDF before 9.7.0.29430. It has an out-of-bounds write via incorrect image data.
CVE#: CVE-2019-20823 Published Date: 2020-06-04 CVSS: NO CVSS Description: An issue was discovered in Foxit PhantomPDF before 8.3.11. It has a buffer overflow because a looping correction does not occur after JavaScript updates Field APs.
CVE#: CVE-2019-20824 Published Date: 2020-06-04 CVSS: NO CVSS Description: An issue was discovered in Foxit PhantomPDF before 8.3.11. It has a NULL pointer dereference via FXSYS_wcslen in an Epub file.
CVE#: CVE-2019-20825 Published Date: 2020-06-04 CVSS: NO CVSS Description: An issue was discovered in Foxit PhantomPDF before 8.3.11. It has an out-of-bounds write when Internet Explorer is used.
CVE#: CVE-2019-20826 Published Date: 2020-06-04 CVSS: NO CVSS Description: An issue was discovered in Foxit PhantomPDF Mac 3.3 and Foxit Reader for Mac before 3.3. It has a NULL pointer dereference.
CVE#: CVE-2019-20827 Published Date: 2020-06-04 CVSS: NO CVSS Description: An issue was discovered in Foxit PhantomPDF Mac 3.3 and Foxit Reader for Mac before 3.3. It allows stack consumption because of interaction between ICC-Based color space and Alternate color space.
CVE#: CVE-2019-20828 Published Date: 2020-06-04 CVSS: 3.6 Description: An issue was discovered in Foxit Reader and PhantomPDF before 9.6. It has a buffer overflow because a looping correction does not occur after JavaScript updates Field APs.
CVE#: CVE-2019-20829 Published Date: 2020-06-04 CVSS: 3.6 Description: An issue was discovered in Foxit Reader and PhantomPDF before 9.6. It has a NULL pointer dereference via FXSYS_wcslen in an Epub file.
CVE#: CVE-2019-20830 Published Date: 2020-06-04 CVSS: 5.9 Description: An issue was discovered in Foxit Reader and PhantomPDF before 9.6. It has an out-of-bounds write when Internet Explorer is used.
CVE#: CVE-2019-20831 Published Date: 2020-06-04 CVSS: NO CVSS Description: An issue was discovered in the 3D Plugin Beta for Foxit Reader and PhantomPDF before 9.5.0.20733. It has void data mishandling, causing a crash.
CVE#: CVE-2019-20832 Published Date: 2020-06-04 CVSS: NO CVSS Description: An issue was discovered in Foxit PhantomPDF before 8.3.10. It has homograph mishandling.
CVE#: CVE-2019-20833 Published Date: 2020-06-04 CVSS: NO CVSS Description: An issue was discovered in Foxit PhantomPDF before 8.3.10. It has mishandling of cloud credentials, as demonstrated by Google Drive.
CVE#: CVE-2019-20834 Published Date: 2020-06-04 CVSS: NO CVSS Description: An issue was discovered in Foxit PhantomPDF before 8.3.10. It allows signature validation bypass via a modified file or a file with non-standard signatures.
CVE#: CVE-2019-20835 Published Date: 2020-06-04 CVSS: 1.4 Description: An issue was discovered in Foxit Reader and PhantomPDF before 9.5. It has homograph mishandling.
CVE#: CVE-2019-20836 Published Date: 2020-06-04 CVSS: 3.6 Description: An issue was discovered in Foxit Reader and PhantomPDF before 9.5. It has mishandling of cloud credentials, as demonstrated by Google Drive.
CVE#: CVE-2019-20837 Published Date: 2020-06-04 CVSS: 3.6 Description: An issue was discovered in Foxit Reader and PhantomPDF before 9.5. It allows signature validation bypass via a modified file or a file with non-standard signatures.
CVE#: CVE-2020-10061 Published Date: 2020-06-05 CVSS: NO CVSS Description: Improper handling of the full-buffer case in the Zephyr Bluetooth implementation can result in memory corruption. This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions, and version 1.14.0 and later versions.
CVE#: CVE-2020-10062 Published Date: 2020-06-05 CVSS: NO CVSS Description: An off-by-one error in the Zephyr project MQTT packet length decoder can result in memory corruption and possible remote code execution. NCC-ZEP-031 This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions.
CVE#: CVE-2020-10063 Published Date: 2020-06-05 CVSS: NO CVSS Description: A remote adversary with the ability to send arbitrary CoAP packets to be parsed by Zephyr is able to cause a denial of service. This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions.
CVE#: CVE-2020-10068 Published Date: 2020-06-05 CVSS: NO CVSS Description: In the Zephyr project Bluetooth subsystem, certain duplicate and back-to-back packets can cause incorrect behavior, resulting in a denial of service. This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions, and version 1.14.0 and later versions.
CVE#: CVE-2020-10070 Published Date: 2020-06-05 CVSS: NO CVSS Description: In the Zephyr Project MQTT code, improper bounds checking can result in memory corruption and possibly remote code execution. NCC-ZEP-031 This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions.
CVE#: CVE-2020-10071 Published Date: 2020-06-05 CVSS: NO CVSS Description: The Zephyr MQTT parsing code performs insufficient checking of the length field on publish messages, allowing a buffer overflow and potentially remote code execution. NCC-ZEP-031 This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions.
CVE#: CVE-2020-10543 Published Date: 2020-06-05 CVSS: NO CVSS Description: Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow.
CVE#: CVE-2020-10546 Published Date: 2020-06-04 CVSS: 5.9 Description: rConfig 3.9.4 and previous versions has unauthenticated compliancepolicies.inc.php SQL injection. Because, by default, nodes' passwords are stored in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices.
CVE#: CVE-2020-10547 Published Date: 2020-06-04 CVSS: 5.9 Description: rConfig 3.9.4 and previous versions has unauthenticated compliancepolicyelements.inc.php SQL injection. Because, by default, nodes' passwords are stored in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices.
CVE#: CVE-2020-10548 Published Date: 2020-06-04 CVSS: 5.9 Description: rConfig 3.9.4 and previous versions has unauthenticated devices.inc.php SQL injection. Because, by default, nodes' passwords are stored in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices.
CVE#: CVE-2020-10549 Published Date: 2020-06-04 CVSS: 5.9 Description: rConfig 3.9.4 and previous versions has unauthenticated snippets.inc.php SQL injection. Because, by default, nodes' passwords are stored in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices.
CVE#: CVE-2020-10702 Published Date: 2020-06-04 CVSS: NO CVSS Description: A flaw was found in QEMU in the implementation of the Pointer Authentication (PAuth) support for ARM introduced in version 4.0 and fixed in version 5.0.0. A general failure of the signature generation process caused every PAuth-enforced pointer to be signed with the same signature. A local attacker could obtain the signature of a protected pointer and abuse this flaw to bypass PAuth protection for all programs running on QEMU.
CVE#: CVE-2020-10878 Published Date: 2020-06-05 CVSS: NO CVSS Description: Perl before 5.30.3 has an integer overflow related to mishandling of a "PL_regkind[OP(n)] == NOTHING" situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction injection.
CVE#: CVE-2020-11094 Published Date: 2020-06-04 CVSS: NO CVSS Description: The October CMS debugbar plugin before version 3.1.0 contains a feature where it will log all requests (and all information pertaining to each request including session data) whenever it is enabled. This presents a problem if the plugin is ever enabled on a system that is open to untrusted users as the potential exists for them to use this feature to view all requests being made to the application and obtain sensitive information from those requests. There even exists the potential for account takeovers of authenticated users by non-authenticated public users, which would then lead to a number of other potential issues as an attacker could theoretically get full access to the system if the required conditions existed. Issue has been patched in v3.1.0 by locking down access to the debugbar to all users; it now requires an authenticated backend user with a specifically enabled permission before it is even usable, and the feature that allows access to stored request information is restricted behind a different permission that's more restrictive.
CVE#: CVE-2020-11492 Published Date: 2020-06-05 CVSS: NO CVSS Description: An issue was discovered in Docker Desktop through 2.2.0.5 on Windows. If a local attacker sets up their own named pipe prior to starting Docker with the same name, this attacker can intercept a connection attempt from Docker Service (which runs as SYSTEM), and then impersonate their privileges.
CVE#: CVE-2020-11679 Published Date: 2020-06-04 CVSS: NO CVSS Description: Castel NextGen DVR v1.0.0 is vulnerable to privilege escalation through the Adminstrator/Users/Edit/:UserId functionality. Adminstrator/Users/Edit/:UserId fails to check that the request was submitted by an Administrator. This allows a normal user to escalate their privileges by adding additional roles to their account.
CVE#: CVE-2020-11680 Published Date: 2020-06-04 CVSS: NO CVSS Description: Castel NextGen DVR v1.0.0 is vulnerable to authorization bypass on all administrator functionality. The application fails to check that a request was submitted by an administrator. Consequently, a normal user can perform actions including, but not limited to, creating/modifying the file store, creating/modifying alerts, creating/modifying users, etc.
CVE#: CVE-2020-11681 Published Date: 2020-06-04 CVSS: NO CVSS Description: Castel NextGen DVR v1.0.0 stores and displays credentials for the associated SMTP server in cleartext. Low privileged users can exploit this to create an administrator user and obtain the SMTP credentials.
CVE#: CVE-2020-11682 Published Date: 2020-06-04 CVSS: NO CVSS Description: Castel NextGen DVR v1.0.0 is vulnerable to CSRF in all state-changing request. A __RequestVerificationToken is set by the web interface, and included in requests sent by web interface. However, this token is not verified by the application: the token can be removed from all requests and the request will succeed.
CVE#: CVE-2020-11696 Published Date: 2020-06-05 CVSS: NO CVSS Description: In Combodo iTop a menu shortcut name can be exploited with a stored XSS payload. This is fixed in all iTop packages (community, essential, professional) in version 2.7.0 and iTop essential and iTop professional in version 2.6.4.
CVE#: CVE-2020-11697 Published Date: 2020-06-05 CVSS: NO CVSS Description: In Combodo iTop, dashboard ids can be exploited with a reflective XSS payload. This is fixed in all iTop packages (community, essential, professional) for version 2.7.0 and in iTop essential and iTop professional packages for version 2.6.4.
CVE#: CVE-2020-11975 Published Date: 2020-06-05 CVSS: NO CVSS Description: Apache Unomi allows conditions to use OGNL scripting which offers the possibility to call static Java classes from the JDK that could execute code with the permission level of the running Java process.
CVE#: CVE-2020-12723 Published Date: 2020-06-05 CVSS: NO CVSS Description: regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls.
CVE#: CVE-2020-12847 Published Date: 2020-06-04 CVSS: NO CVSS Description: Pydio Cells 2.0.4 web application offers an administrative console named “Cells Console” that is available to users with an administrator role. This console provides an administrator user with the possibility of changing several settings, including the application’s mailer configuration. It is possible to configure a few engines to be used by the mailer application to send emails. If the user selects the “sendmail” option as the default one, the web application offers to edit the full path where the sendmail binary is hosted. Since there is no restriction in place while editing this value, an attacker authenticated as an administrator user could force the web application into executing any arbitrary binary.
CVE#: CVE-2020-12848 Published Date: 2020-06-05 CVSS: NO CVSS Description: In Pydio Cells 2.0.4, once an authenticated user shares a file selecting the create a public link option, a hidden shared user account is created in the backend with a random username. An anonymous user that obtains a valid public link can get the associated hidden account username and password and proceed to login to the web application. Once logged into the web application with the hidden user account, some actions that were not available with the public share link can now be performed.
CVE#: CVE-2020-12849 Published Date: 2020-06-05 CVSS: NO CVSS Description: Pydio Cells 2.0.4 allows any user to upload a profile image to the web application, including standard and shared user roles. These profile pictures can later be accessed directly with the generated URL by any unauthenticated or authenticated user.
CVE#: CVE-2020-12851 Published Date: 2020-06-04 CVSS: NO CVSS Description: Pydio Cells 2.0.4 allows an authenticated user to write or overwrite existing files in another user’s personal and cells folders (repositories) by uploading a custom generated ZIP file and leveraging the file extraction feature present in the web application. The extracted files will be placed in the targeted user folders.
CVE#: CVE-2020-12852 Published Date: 2020-06-04 CVSS: NO CVSS Description: The update feature for Pydio Cells 2.0.4 allows an administrator user to set a custom update URL and the public RSA key used to validate the downloaded update package. The update process involves downloading the updated binary file from a URL indicated in the update server response, validating its checksum and signature with the provided public key and finally replacing the current application binary. To complete the update process, the application’s service or appliance needs to be restarted. An attacker with administrator access can leverage the software update feature to force the application to download a custom binary that will replace current Pydio Cells binary. When the server or service is eventually restarted the attacker will be able to execute code under the privileges of the user running the application. In the Pydio Cells enterprise appliance this is with the privileges of the user named “pydio”.
CVE#: CVE-2020-12853 Published Date: 2020-06-04 CVSS: NO CVSS Description: Pydio Cells 2.0.4 allows XSS. A malicious user can either upload or create a new file that contains potentially malicious HTML and JavaScript code to personal folders or accessible cells.
CVE#: CVE-2020-13646 Published Date: 2020-06-05 CVSS: NO CVSS Description: In the cheetah free wifi 5.1 driver file liebaonat.sys, local users are allowed to cause a denial of service (BSOD) or other unknown impact due to failure to verify the value of a specific IOCTL.
CVE#: CVE-2020-13692 Published Date: 2020-06-04 CVSS: NO CVSS Description: PostgreSQL JDBC Driver (aka PgJDBC) before 42.2.13 allows XXE.
CVE#: CVE-2020-13765 Published Date: 2020-06-04 CVSS: NO CVSS Description: rom_copy() in hw/core/loader.c in QEMU 4.1.0 does not validate the relationship between two addresses, which allows attackers to trigger an invalid memory copy operation.
CVE#: CVE-2020-13768 Published Date: 2020-06-04 CVSS: NO CVSS Description: In MiniShare before 1.4.2, there is a stack-based buffer overflow via an HTTP PUT request, which allows an attacker to achieve arbitrary code execution, a similar issue to CVE-2018-19861, CVE-2018-19862, and CVE-2019-17601. NOTE: this product is discontinued.
CVE#: CVE-2020-13777 Published Date: 2020-06-04 CVSS: NO CVSS Description: GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography for encrypting a session ticket (a loss of confidentiality in TLS 1.2, and an authentication bypass in TLS 1.3). The earliest affected version is 3.6.4 (2018-09-24) because of an error in a 2018-09-18 commit. Until the first key rotation, the TLS server always uses wrong data in place of an encryption key derived from an application.
CVE#: CVE-2020-13791 Published Date: 2020-06-04 CVSS: NO CVSS Description: hw/pci/pci.c in QEMU 4.2.0 allows guest OS users to trigger an out-of-bounds access by providing an address near the end of the PCI configuration space.
CVE#: CVE-2020-13800 Published Date: 2020-06-04 CVSS: NO CVSS Description: ati-vga in hw/display/ati.c in QEMU 4.2.0 allows guest OS users to trigger infinite recursion via a crafted mm_index value during an ati_mm_read or ati_mm_write call.
CVE#: CVE-2020-13803 Published Date: 2020-06-04 CVSS: 3.6 Description: An issue was discovered in Foxit PhantomPDF Mac and Foxit Reader for Mac before 4.0. It allows signature validation bypass via a modified file or a file with non-standard signatures.
CVE#: CVE-2020-13804 Published Date: 2020-06-04 CVSS: 5.9 Description: An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It allows information disclosure of a hardcoded username and password in the DocuSign plugin.
CVE#: CVE-2020-13805 Published Date: 2020-06-04 CVSS: 5.9 Description: An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It has brute-force attack mishandling because the CAS service lacks a limit on login failures.
CVE#: CVE-2020-13806 Published Date: 2020-06-04 CVSS: 3.6 Description: An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It has a use-after-free because of JavaScript execution after a deletion or close operation.
CVE#: CVE-2020-13807 Published Date: 2020-06-04 CVSS: 3.6 Description: An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It has circular reference mishandling that causes a loop.
CVE#: CVE-2020-13808 Published Date: 2020-06-04 CVSS: 3.6 Description: An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It allows resource consumption via crafted cross-reference stream data.
CVE#: CVE-2020-13809 Published Date: 2020-06-04 CVSS: 3.6 Description: An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It allows resource consumption via long strings in the content stream.
CVE#: CVE-2020-13810 Published Date: 2020-06-04 CVSS: NO CVSS Description: An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It allows signature validation bypass via a modified file or a file with non-standard signatures.
CVE#: CVE-2020-13811 Published Date: 2020-06-04 CVSS: NO CVSS Description: An issue was discovered in Foxit Studio Photo before 3.6.6.922. It has an out-of-bounds write via a crafted TIFF file.
CVE#: CVE-2020-13812 Published Date: 2020-06-04 CVSS: NO CVSS Description: An issue was discovered in Foxit Studio Photo before 3.6.6.922. It allows local users to gain privileges via a crafted DLL in the current working directory.
CVE#: CVE-2020-13813 Published Date: 2020-06-04 CVSS: NO CVSS Description: An issue was discovered in Foxit Studio Photo before 3.6.6.922. It allows local users to gain privileges via a crafted DLL in the current working directory when FoxitStudioPhoto366_3.6.6.916.exe is used.
CVE#: CVE-2020-13814 Published Date: 2020-06-04 CVSS: NO CVSS Description: An issue was discovered in Foxit Reader and PhantomPDF before 9.7.1. It has a use-after-free via a document that lacks a dictionary.
CVE#: CVE-2020-13815 Published Date: 2020-06-04 CVSS: NO CVSS Description: An issue was discovered in Foxit Reader and PhantomPDF before 9.7.1. It allows stack consumption via a loop of an indirect object reference.
CVE#: CVE-2020-13816 Published Date: 2020-06-05 CVSS: NO CVSS Description: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2020-13817. Reason: This candidate is a reservation duplicate of CVE-2020-13817. Notes: All CVE users should reference CVE-2020-13817 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
CVE#: CVE-2020-13817 Published Date: 2020-06-04 CVSS: NO CVSS Description: ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of service (daemon exit or system time change) by predicting transmit timestamps for use in spoofed packets. The victim must be relying on unauthenticated IPv4 time sources. There must be an off-path attacker who can query time from the victim's ntpd instance.
CVE#: CVE-2020-13818 Published Date: 2020-06-04 CVSS: 3.6 Description: In Zoho ManageEngine OpManager before 125144, when is used, directory traversal validation can be bypassed.
CVE#: CVE-2020-13822 Published Date: 2020-06-04 CVSS: NO CVSS Description: The Elliptic package 6.5.2 for Node.js allows ECDSA signature malleability via variations in encoding, leading '\0' bytes, or integer overflows. This could conceivably have a security-relevant impact if an application relied on a single canonical signature.
CVE#: CVE-2020-13827 Published Date: 2020-06-04 CVSS: 2.7 Description: phpList before 3.5.4 allows XSS via /lists/admin/user.php and /lists/admin/users.php.
CVE#: CVE-2020-13829 Published Date: 2020-06-04 CVSS: NO CVSS Description: An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) software. Attackers can disable the SEAndroid protection mechanism in the RKP. The Samsung ID is SVE-2019-15998 (June 2020).
CVE#: CVE-2020-13830 Published Date: 2020-06-04 CVSS: NO CVSS Description: An issue was discovered on Samsung mobile devices with P(9.0) software. One UI HOME logging can leak information. The Samsung ID is SVE-2019-16382 (June 2020).
CVE#: CVE-2020-13831 Published Date: 2020-06-04 CVSS: NO CVSS Description: An issue was discovered on Samsung mobile devices with O(8.x) and P(9.0) (Exynos 7570 chipsets) software. The Trustonic Kinibi component allows arbitrary memory mapping. The Samsung ID is SVE-2019-16665 (June 2020).
CVE#: CVE-2020-13832 Published Date: 2020-06-04 CVSS: NO CVSS Description: An issue was discovered on Samsung mobile devices with Q(10.0) (with TEEGRIS on Exynos chipsets) software. The Widevine Trustlet allows arbitrary code execution because of memory disclosure, The Samsung IDs are SVE-2020-17117, SVE-2020-17118, SVE-2020-17119, and SVE-2020-17161 (June 2020).
CVE#: CVE-2020-13833 Published Date: 2020-06-04 CVSS: NO CVSS Description: An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. The system area allows arbitrary file overwrites via a symlink attack. The Samsung ID is SVE-2020-17183 (June 2020).
CVE#: CVE-2020-13834 Published Date: 2020-06-04 CVSS: NO CVSS Description: An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (with TEEGRIS) software. Secure Folder does not properly restrict use of Android Debug Bridge (adb) for arbitrary installations. The Samsung ID is SVE-2020-17369 (June 2020).
CVE#: CVE-2020-13835 Published Date: 2020-06-04 CVSS: NO CVSS Description: An issue was discovered on Samsung mobile devices with O(8.x) (with TEEGRIS) software. The Gatekeeper Trustlet allows a brute-force attack on user credentials. The Samsung ID is SVE-2020-16908 (June 2020).
CVE#: CVE-2020-13836 Published Date: 2020-06-04 CVSS: NO CVSS Description: An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. HWRResProvider allows path traversal for data exposure. The Samsung ID is SVE-2020-16954 (June 2020).
CVE#: CVE-2020-13837 Published Date: 2020-06-04 CVSS: NO CVSS Description: An issue was discovered on Samsung mobile devices with Q(10.0) software. The Lockscreen feature does not block Quick Panel access to Music Share. The Samsung ID is SVE-2020-17145 (June 2020).
CVE#: CVE-2020-13838 Published Date: 2020-06-04 CVSS: NO CVSS Description: An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) software. The DeX Lockscreen feature does not block access to Quick Panel and notifications. The Samsung ID is SVE-2020-17187 (June 2020).
CVE#: CVE-2020-13839 Published Date: 2020-06-05 CVSS: NO CVSS Description: An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 (MTK chipsets). Code execution can occur via a custom AT command handler buffer overflow. The LG ID is LVE-SMP-200007 (June 2020).
CVE#: CVE-2020-13840 Published Date: 2020-06-05 CVSS: NO CVSS Description: An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 (MTK chipsets). Code execution can occur via an MTK AT command handler buffer overflow. The LG ID is LVE-SMP-200008 (June 2020).
CVE#: CVE-2020-13841 Published Date: 2020-06-05 CVSS: NO CVSS Description: An issue was discovered on LG mobile devices with Android OS 9 and 10 (MTK chipsets). An AT command handler allows attackers to bypass intended access restrictions. The LG ID is LVE-SMP-200009 (June 2020).
CVE#: CVE-2020-13842 Published Date: 2020-06-05 CVSS: NO CVSS Description: An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 (MTK chipsets). A dangerous AT command was made available even though it is unused. The LG ID is LVE-SMP-200010 (June 2020).
CVE#: CVE-2020-13843 Published Date: 2020-06-05 CVSS: NO CVSS Description: An issue was discovered on LG mobile devices with Android OS software before 2020-06-01. Local users can cause a denial of service because checking of the userdata partition is mishandled. The LG ID is LVE-SMP-200014 (June 2020).
CVE#: CVE-2020-13848 Published Date: 2020-06-04 CVSS: NO CVSS Description: Portable UPnP SDK (aka libupnp) 1.12.1 and earlier allows remote attackers to cause a denial of service (crash) via a crafted SSDP message due to a NULL pointer dereference in the functions FindServiceControlURLPath and FindServiceEventURLPath in genlib/service_table/service_table.c.
CVE#: CVE-2020-13849 Published Date: 2020-06-04 CVSS: NO CVSS Description: The MQTT protocol 3.1.1 requires a server to set a timeout value of 1.5 times the Keep-Alive value specified by a client, which allows remote attackers to cause a denial of service (loss of the ability to establish new connections), as demonstrated by SlowITe.
CVE#: CVE-2020-13864 Published Date: 2020-06-05 CVSS: NO CVSS Description: The Elementor Page Builder plugin before 2.9.9 for WordPress suffers from a stored XSS vulnerability. An author user can create posts that result in a stored XSS by using a crafted payload in custom links.
CVE#: CVE-2020-13865 Published Date: 2020-06-05 CVSS: NO CVSS Description: The Elementor Page Builder plugin before 2.9.9 for WordPress suffers from multiple stored XSS vulnerabilities. An author user can create posts that result in stored XSS vulnerabilities, by using a crafted link in the custom URL or by applying custom attributes.
CVE#: CVE-2020-13867 Published Date: 2020-06-05 CVSS: NO CVSS Description: Open-iSCSI targetcli-fb through 2.1.52 has weak permissions for /etc/target (and for the backup directory and backup files).
CVE#: CVE-2020-13868 Published Date: 2020-06-05 CVSS: NO CVSS Description: An issue was discovered in the Comments plugin before 1.5.5 for Craft CMS. CSRF affects comment integrity.
CVE#: CVE-2020-13869 Published Date: 2020-06-05 CVSS: NO CVSS Description: An issue was discovered in the Comments plugin before 1.5.6 for Craft CMS. There is stored XSS via a guest name.
CVE#: CVE-2020-13870 Published Date: 2020-06-05 CVSS: NO CVSS Description: An issue was discovered in the Comments plugin before 1.5.5 for Craft CMS. There is stored XSS via an asset volume name.
CVE#: CVE-2020-13871 Published Date: 2020-06-06 CVSS: NO CVSS Description: SQLite 3.32.2 has a use-after-free in resetAccumulator in select.c because the parse tree rewrite for window functions is too late.
CVE#: CVE-2020-13881 Published Date: 2020-06-06 CVSS: NO CVSS Description: In support.c in pam_tacplus 1.3.8 through 1.5.1, the TACACS+ shared secret gets logged via syslog if the DEBUG loglevel and journald are used.
CVE#: CVE-2020-13883 Published Date: 2020-06-06 CVSS: NO CVSS Description: In WSO2 API Manager 3.0.0 and earlier, WSO2 API Microgateway 2.2.0, and WSO2 IS as Key Manager 5.9.0 and earlier, Management Console allows XXE during addition or update of a Lifecycle.
CVE#: CVE-2020-13889 Published Date: 2020-06-06 CVSS: NO CVSS Description: showAlert() in the administration panel in Bludit 3.12.0 allows XSS.
CVE#: CVE-2020-13890 Published Date: 2020-06-06 CVSS: NO CVSS Description: The Neon theme 2.0 before 2020-06-03 for Bootstrap allows XSS via an Add Task Input operation in a dashboard.
CVE#: CVE-2020-13894 Published Date: 2020-06-07 CVSS: NO CVSS Description: handler/upload_handler.jsp in DEXT5 Editor through 3.5.1402961 allows an attacker to download arbitrary files via the savefilepath field.
CVE#: CVE-2020-13895 Published Date: 2020-06-07 CVSS: NO CVSS Description: Crypt::Perl::ECDSA in the Crypt::Perl (aka p5-Crypt-Perl) module before 0.32 for Perl fails to verify correct ECDSA signatures when r and s are small and when s = 1. This happens when using the curve secp256r1 (prime256v1). This could conceivably have a security-relevant impact if an attacker wishes to use public r and s values when guessing whether signature verification will fail.
CVE#: CVE-2020-13897 Published Date: 2020-06-07 CVSS: NO CVSS Description: HESK before 3.1.10 allows reflected XSS.
CVE#: CVE-2020-1883 Published Date: 2020-06-05 CVSS: NO CVSS Description: Huawei products NIP6800;Secospace USG6600;USG9500 have a memory leak vulnerability. An attacker with high privileges exploits this vulnerability by continuously performing specific operations. Successful exploitation of this vulnerability can cause service abnormal.
CVE#: CVE-2020-4183 Published Date: 2020-06-04 CVSS: 2.7 Description: IBM Security Guardium 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 174739.
CVE#: CVE-2020-4191 Published Date: 2020-06-04 CVSS: 3.6 Description: IBM Security Guardium 11.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 174852.
CVE#: CVE-2020-4193 Published Date: 2020-06-04 CVSS: 5.9 Description: IBM Security Guardium 11.1 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 174857.
CVE#: CVE-2020-4229 Published Date: 2020-06-05 CVSS: NO CVSS Description: IBM Worklight/MobileFoundation 8.0.0.0 does not properly invalidate session cookies when a user logs out of a session, which could allow another user to gain unauthorized access to a user's session. IBM X-Force ID: 175211.
CVE#: CVE-2020-4448 Published Date: 2020-06-05 CVSS: NO CVSS Description: IBM WebSphere Application Server Network Deployment 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to execute arbitrary code on the system with a specially-crafted sequence of serialized objects from untrusted sources. IBM X-Force ID: 181228.
CVE#: CVE-2020-4449 Published Date: 2020-06-05 CVSS: NO CVSS Description: IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional could allow a remote attacker to obtain sensitive information with a specially-crafted sequence of serialized objects. IBM X-Force ID: 181230.
CVE#: CVE-2020-4450 Published Date: 2020-06-05 CVSS: NO CVSS Description: IBM WebSphere Application Server 8.5 and 9.0 traditional could allow a remote attacker to execute arbitrary code on the system with a specially-crafted sequence of serialized objects. IBM X-Force ID: 181231.
CVE#: CVE-2020-4509 Published Date: 2020-06-04 CVSS: 4.7 Description: IBM QRadar SIEM 7.3 and 7.4 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 182364.
CVE#: CVE-2020-5591 Published Date: 2020-06-05 CVSS: NO CVSS Description: XACK DNS 1.11.0 to 1.11.4, 1.10.0 to 1.10.8, 1.8.0 to 1.8.23, 1.7.0 to 1.7.18, and versions before 1.7.0 allow remote attackers to cause a denial of service condition resulting in degradation of the recursive resolver's performance or compromising the recursive resolver as a reflector in a reflection attack.
CVE#: CVE-2020-6640 Published Date: 2020-06-04 CVSS: NO CVSS Description: An improper neutralization of input vulnerability in the Admin Profile of FortiAnalyzer may allow a remote authenticated attacker to perform a stored cross site scripting attack (XSS) via the Description Area.
CVE#: CVE-2020-7030 Published Date: 2020-06-04 CVSS: 3.6 Description: A sensitive information disclosure vulnerability was discovered in the web interface component of IP Office that may potentially allow a local user to gain unauthorized access to the component. Affected versions of IP Office include: 9.x, 10.0 through 10.1.0.7 and 11.0 though 11.0.4.3.
CVE#: CVE-2020-7661 Published Date: 2020-06-04 CVSS: NO CVSS Description: all versions of url-regex are vulnerable to Regular Expression Denial of Service. An attacker providing a very long string in String.test can cause a Denial of Service.
CVE#: CVE-2020-8103 Published Date: 2020-06-05 CVSS: NO CVSS Description: A vulnerability in the improper handling of symbolic links in Bitdefender Antivirus Free can allow an unprivileged user to substitute a quarantined file, and restore it to a privileged location. This issue affects Bitdefender Antivirus Free versions prior to 1.0.17.178.
CVE#: CVE-2020-8555 Published Date: 2020-06-05 CVSS: NO CVSS Description: The Kubernetes kube-controller-manager in versions v1.0-1.14, versions prior to v1.15.12, v1.16.9, v1.17.5, and version v1.18.0 are vulnerable to a Server Side Request Forgery (SSRF) that allows certain authorized users to leak up to 500 bytes of arbitrary information from unprotected endpoints within the master's host network (such as link-local or loopback services).
CVE#: CVE-2020-9074 Published Date: 2020-06-05 CVSS: NO CVSS Description: Huawei Smartphones HONOR 20 PRO;Honor View 20;HONOR 20 have an improper handling of exceptional condition Vulnerability. A component cannot deal with an exception correctly. Attackers can exploit this vulnerability by sending malformed message. This could compromise normal service of affected phones.
CVE#: CVE-2020-9292 Published Date: 2020-06-04 CVSS: NO CVSS Description: An unquoted service path vulnerability in the FortiSIEM Windows Agent component may allow an attacker to gain elevated privileges via the AoWinAgt executable service path.
CVE#: CVE-2020-9462 Published Date: 2020-06-04 CVSS: NO CVSS Description: An issue was discovered in all Athom Homey and Homey Pro devices up to the current version 4.2.0. An attacker within RF range can obtain a cleartext copy of the network configuration of the device, including the Wi-Fi PSK, during device setup. Upon success, the attacker is able to further infiltrate the target's Wi-Fi networks.
CVE#: CVE-2020-9859 Published Date: 2020-06-05 CVSS: NO CVSS Description: A memory consumption issue was addressed with improved memory handling. This issue is fixed in iOS 13.5.1 and iPadOS 13.5.1, macOS Catalina 10.15.5 Supplemental Update, tvOS 13.4.6, watchOS 6.2.6. An application may be able to execute arbitrary code with kernel privileges.
----Hacking Updates----
Ultimate-Hosts-Blacklist updated The-Big-List-of-Hacked-Malware-Web-Sites. This repo has 4 stars and 4 watchers. This repo was created on 2018-04-04. --- Test of https://github.com/mitchellkrogza/The-Big-List-of-Hacked-Malware-Web-Sites/blob/master/hacked-domains.list Link to Repo
avhidalamsyah updated Facebook. This repo has 0 stars and 1 watchers. This repo was created on 2020-06-07. --- Online Tool for Hacking Facebook Account Link to Repo
krxdev-kaan updated AqHax-CSGO. This repo has 10 stars and 0 watchers. This repo was created on 2019-06-28. --- Simple CSGO Hack Link to Repo
bioinf-stuff updated bio_at_home-hacking_and_bio_hardware. This repo has 0 stars and 0 watchers. This repo was created on 2020-03-11. --- Chapter on analyzing sequences and information from biological hardware at home (outside the lab), eg openPCR, mini sequencers Link to Repo
WebReflection updated hn. This repo has 12 stars and 1 watchers. This repo was created on 2020-06-03. --- Isomorphic Hacker News Link to Repo
AlexJalkanen updated StudBud-HTNE. This repo has 0 stars and 1 watchers. This repo was created on 2020-06-06. --- Hack the North East Hackathon Project Link to Repo
42Bastian updated lynx_hacking. This repo has 0 stars and 0 watchers. This repo was created on 2019-07-07. --- Collection of Lynx demos, trial. Link to Repo
kulshekhar updated next-hnpwa. This repo has 39 stars and 2 watchers. This repo was created on 2017-09-23. --- A PWA made using Next.js and the Hacker News API https://next-fb-hnpwa.firebaseapp.com/ Link to Repo
andrewdimmer updated cards-ar. This repo has 0 stars and 1 watchers. This repo was created on 2020-06-06. --- An augmented reality hack created for Hack The Northeast 2020. Link to Repo
Matthew-Forster updated Hack-the-Northeast-2020. This repo has 0 stars and 1 watchers. This repo was created on 2020-06-07. --- My submission for the "Best Gaming Hack" 🎮 Link to Repo
SturdyFool10 updated Escape-from-SARS-CoV. This repo has 0 stars and 1 watchers. This repo was created on 2020-06-07. --- Hack the northeast challenge Link to Repo
akashmodak97 updated Competitive-Coding-and-Interview-Problems. This repo has 2 stars and 1 watchers. This repo was created on 2020-01-10. --- This repo contains some problem solutions from different popular coding platforms like Code Chef, Leet Code, Hacker Blocks,etc. Link to Repo
mohanram123 updated Registration-Form. This repo has 0 stars and 1 watchers. This repo was created on 2020-06-06. --- Hack-stack 1 Link to Repo
vinh-le updated asl. This repo has 0 stars and 1 watchers. This repo was created on 2020-06-06. --- A game developed for Hack the Northeast 2020 that challenges you to beat your high score while learning the ASL alphabet. Link to Repo
Iggy-o updated cAeSAR-cIPHeR. This repo has 0 stars and 1 watchers. This repo was created on 2020-06-07. --- Gotta keep those passwords safe, there's hackers out there Link to Repo
Likj128 updated articulatedordains. This repo has 0 stars and 1 watchers. This repo was created on 2020-06-07. --- Project hack for carp in inanity Link to Repo
dretax updated GarHal_CSGO. This repo has 19 stars and 8 watchers. This repo was created on 2020-04-25. --- A project that demonstrates how to screw with CSGO from Kernel Space. (CSGO Cheat/Hack) All cleaned up, and with updated offsets. Link to Repo
repo3 updated Jhs. This repo has 0 stars and 1 watchers. This repo was created on 2019-10-24. --- The source specializes in hack programs and games of lan and online and tic rickets paid to become free for you developer source JHS Link to Repo
Tool-DK updated Phinix. This repo has 0 stars and 1 watchers. This repo was created on 2020-06-07. --- Phinx is a fb id hacking toolkit coded by Nirob Islam Rahad Link to Repo
CyberDemon-crypto updated matrix. This repo has 0 stars and 1 watchers. This repo was created on 2020-06-04. --- Customizable bit matrix Link to Repo
Likj128 updated provablystinger. This repo has 0 stars and 1 watchers. This repo was created on 2020-06-07. --- Project abdomen's for hacked in nissan Link to Repo
ameenmaali updated urldedupe. This repo has 8 stars and 3 watchers. This repo was created on 2020-06-02. --- Pass in a list of URLs with query strings, get back a unique list of URLs and query string combinations Link to Repo
Amyh102 updated vibe-check. This repo has 0 stars and 1 watchers. This repo was created on 2020-06-06. --- Hack the Northeast 2020 Link to Repo
yz-ogeb updated dark.yz. This repo has 0 stars and 0 watchers. This repo was created on 2019-07-16. --- Hack Facebook Link to Repo
yz-ogeb updated darkcorona. This repo has 1 stars and 1 watchers. This repo was created on 2020-04-09. --- Hack Facebook, DarkFb, Versi Corona Link to Repo
----Security Updates----
keeweb updated keeweb. This repo has 8879 stars and 226 watchers. This repo was created on 2015-10-17. --- Free cross-platform password manager compatible with KeePass Link to Repo
unchase updated awesome-russian-it. This repo has 223 stars and 30 watchers. This repo was created on 2020-01-23. --- :book: :headphones: :tv: :calendar: Список полезных русскоязычных ресурсов, связанных с ИТ Link to Repo
ricequant updated rqalpha. This repo has 3772 stars and 435 watchers. This repo was created on 2016-07-20. --- A extendable, replaceable Python algorithmic backtest && trading framework supporting multiple securities Link to Repo
gro1m updated AZ-500-Microsoft-Azure-Security-Technologies. This repo has 0 stars and 1 watchers. This repo was created on 2020-05-11. --- None Link to Repo
ivan-sincek updated invoker. This repo has 124 stars and 5 watchers. This repo was created on 2019-07-11. --- Penetration testing utility. Link to Repo
UtilWork updated utilwork.github.io. This repo has 0 stars and 1 watchers. This repo was created on 2020-06-07. --- About Web, Java, Security, AI and son on... Link to Repo
Shinpachi8 updated learnJavaSec. This repo has 0 stars and 1 watchers. This repo was created on 2020-05-17. --- this is my java security learn program. Link to Repo
lw-92 updated spring-security-demo. This repo has 0 stars and 1 watchers. This repo was created on 2020-06-04. --- spring security 的相关使用分析 Link to Repo
cyberphor updated scallion. This repo has 0 stars and 1 watchers. This repo was created on 2020-05-11. --- My custom plugins and tool integrations for enhancing Security Onion 16. Link to Repo
toulousain79 updated MySB. This repo has 86 stars and 16 watchers. This repo was created on 2014-06-17. --- MySB (MySeedBox) is more than a simplified installation script of a multi-users Seedbox. There are many solutions to install a Seedbox, but we never talk about safety and regular operations. MySB could be renamed MySSB (MySecuredSeedBox). Link to Repo
google updated syzkaller. This repo has 2964 stars and 171 watchers. This repo was created on 2015-10-12. --- syzkaller is an unsupervised coverage-guided kernel fuzzer Link to Repo
radareorg updated cutter. This repo has 7108 stars and 255 watchers. This repo was created on 2017-09-25. --- Free and Open Source Reverse Engineering Platform powered by radare2 Link to Repo
tomervoro updated WIND_Project_Security. This repo has 0 stars and 1 watchers. This repo was created on 2020-05-22. --- None Link to Repo
DeanNevan updated JNU19IS. This repo has 49 stars and 4 watchers. This repo was created on 2020-03-04. --- 暨大19信安(IS,Information Security),包括电子版的作业、实验报告、程序等。 Link to Repo
sergKononovich updated simplSpringBootApp. This repo has 0 stars and 1 watchers. This repo was created on 2020-06-07. --- simple application for experiments, used: Spring boot,Spring Boot JPA (Hibernate), Spring Security and others Link to Repo
apapiccio updated cyb6004. This repo has 0 stars and 1 watchers. This repo was created on 2020-05-04. --- ECU Cyber Security - Scripting Languages Link to Repo
Lylio updated Pollster. This repo has 0 stars and 1 watchers. This repo was created on 2019-09-03. --- A Spring Boot & React polling app which includes Spring Security, JWT and MySQL. Link to Repo
Marekgr7 updated role-based-security-for-web-apps. This repo has 0 stars and 1 watchers. This repo was created on 2019-12-16. --- security template configured for web applications with two tables User and Role Link to Repo
M66B updated FairEmail. This repo has 1053 stars and 78 watchers. This repo was created on 2018-08-02. --- Fully featured, open source, privacy friendly email app for Android Link to Repo
wKovacs64 updated hibp. This repo has 62 stars and 3 watchers. This repo was created on 2016-04-08. --- A Promise-based client for the 'Have I been pwned?' service. Link to Repo
Marekgr7 updated security-step-by-step. This repo has 0 stars and 1 watchers. This repo was created on 2019-12-15. --- None Link to Repo
yangzongzhuan updated RuoYi-Vue-Oracle. This repo has 7 stars and 3 watchers. This repo was created on 2020-05-31. --- 基于SpringBoot,Spring Security,JWT,Vue & Element 的前后端分离权限管理系统 Link to Repo
ilkinbayram updated SecurityEntrance-National-Aviation-Academy. This repo has 0 stars and 1 watchers. This repo was created on 2020-06-07. --- Created For Preventing All Unlawful Attacks by Illegal Passports' reasons. Link to Repo
alexmurray updated ubuntu-security-podcast. This repo has 1 stars and 2 watchers. This repo was created on 2018-08-13. --- None Link to Repo
genjisan46 updated MotorBike-ShowRoom-System. This repo has 0 stars and 0 watchers. This repo was created on 2019-06-06. --- C++ language that apply class and object,linked list,searching and sorting. This program have several function such as insert,delete,search,refresh and delete.This program also have computer security technique when try to insert password, the word of password was encrypt using coding technique. This program about model of motorbike and learning process in data structure and algorithm. Link to Repo
----PoC Updates----
shiibaryu updated poc_txdr_on_nic. This repo has 0 stars and 1 watchers. This repo was created on 2020-05-26. --- proof of concept of nic architecture that have tx descriptor rings Link to Repo
purplebugs updated elastic-kibana-node. This repo has 0 stars and 1 watchers. This repo was created on 2019-12-04. --- Proof of concept of elasticsearch kibana and a node.js app working together Link to Repo
liuxiaotong15 updated e2e_public. This repo has 0 stars and 1 watchers. This repo was created on 2020-03-16. --- For paper 'Artificial intuition for solving chemistry problems via an End-to-End approach: a proof of concept' Link to Repo
JasonEtco updated rss-to-readme. This repo has 2 stars and 1 watchers. This repo was created on 2020-05-28. --- A little proof-of-concept for @brianlovin! Link to Repo
adpolican updated accessible-typing. This repo has 0 stars and 1 watchers. This repo was created on 2020-06-07. --- Proof of concept for a typing scheme using only the keys that your fingers rest upon in the home row Link to Repo
james2doyle updated project-splitting. This repo has 0 stars and 1 watchers. This repo was created on 2019-09-01. --- Experiments and proof-of-concepts for how to share code across projects locally Link to Repo
org-pivotal updated org-pivotal. This repo has 10 stars and 2 watchers. This repo was created on 2018-10-27. --- Proof of concept for extending org-mode with Pivotal Tracker abilities Link to Repo
sul-dlss-labs updated rdf2marc. This repo has 2 stars and 13 watchers. This repo was created on 2020-05-06. --- A proof-of-concept RDF to MARC converter for use within the Sinopia ecosystem. Link to Repo
jherr updated wp5-cms-poc. This repo has 0 stars and 1 watchers. This repo was created on 2020-05-25. --- Webpack 5 CMS Proof Of Concept Link to Repo
87andrewh updated CornerCulling. This repo has 0 stars and 1 watchers. This repo was created on 2020-06-04. --- Culling Method Proof of Concept in Unreal Engine 4 Link to Repo
Gustavo6046 updated sensetrack. This repo has 0 stars and 1 watchers. This repo was created on 2020-06-06. --- Simple dynamic interactive music AI proof-of-concept. Written in TypeScript, supports multiple backends. Link to Repo
hackerhouse-opensource updated exploits. This repo has 100 stars and 8 watchers. This repo was created on 2019-03-23. --- exploits and proof-of-concept vulnerability demonstration files from the team at Hacker House Link to Repo
JoanPedro updated Angular-PoCs. This repo has 0 stars and 1 watchers. This repo was created on 2020-05-31. --- Angular Proof of Concepts. [PoCs] Link to Repo
boettiger-lab updated data-tracker. This repo has 0 stars and 0 watchers. This repo was created on 2020-02-21. --- Proof of concept for Content-Identifier Based Registry for streaming data sources Link to Repo
lammarco updated backspin-flying. This repo has 0 stars and 1 watchers. This repo was created on 2020-06-04. --- proof-of-concept for a endless scroller Link to Repo
darksylinc updated EnumIterator. This repo has 0 stars and 1 watchers. This repo was created on 2020-04-11. --- Proof of Concept for C++ enum iterators. See http://www.yosoygames.com.ar/wp/2017/03/c-iterable-enums/ Link to Repo
steven-michaud updated PatchBug1576767. This repo has 0 stars and 0 watchers. This repo was created on 2020-04-28. --- Proof of concept workaround for Mozilla bug 1576767 Link to Repo
vvatanabe updated grpc-proxyd. This repo has 0 stars and 1 watchers. This repo was created on 2020-06-05. --- just a proof of concept Link to Repo
LuisGustavoSchevenin updated poc-sqs. This repo has 0 stars and 1 watchers. This repo was created on 2020-06-04. --- Proof of concept using Amazon Simple Queue Service (SQS) and other tools/libraries Link to Repo
PramodKumarYadav updated PesterCI. This repo has 0 stars and 1 watchers. This repo was created on 2020-06-05. --- This repository is to do a proof of concept for running Powershell Pester tests in GitHub-Actions CI Link to Repo
vjain143 updated wikipoc. This repo has 1 stars and 1 watchers. This repo was created on 2015-09-27. --- This repository contain java technology and framework related project. In other words proof of concept of the different framework. Link to Repo
ByteZ1337 updated Kotlin-Obfuscator. This repo has 3 stars and 1 watchers. This repo was created on 2020-06-01. --- Proof of concept Kotlin Obfuscator Link to Repo
Denperidge updated media-raspberry-pie. This repo has 0 stars and 1 watchers. This repo was created on 2020-06-02. --- A set of tools that allow a Raspberry Pie to become the cheapest downloading + streaming platform. More proof of concept than anything. Still watch official releases if possible. Link to Repo
CERTCC updated PoC-Exploits. This repo has 36 stars and 8 watchers. This repo was created on 2020-03-20. --- Select proof-of-concept exploits for software vulnerabilities to aid in identifying and testing vulnerable systems. Link to Repo
Dejvino updated pinephone-sway-poc. This repo has 1 stars and 1 watchers. This repo was created on 2020-05-26. --- Sway UI configured for PinePhone (Proof Of Concept) Link to Repo
----#MALWARE----
cybersec_feeds --> RT @bamitav: Cyber Crime on a Roll, CyberSecurity still catching up..!! https://t.co/EmXPmoSHzU
bamitav --> #Iranian cyberattacks on #Israeli facilities thwarted for a year - The Jerusalem Post https://t.co/uu9pJH92ba… https://t.co/5k5B7g9PXP Link with TweetLink with Tweet
Berman_J --> RT @SemperisTech: “The fact that #malware explicitly targets domain controllers underscores how critical it is to properly configure, monit…
chidambara09 --> RT @DC_CyberProtect: This week’s #NCSC’s weekly threat report features software and server vulnerabilities, and #phishing #scams targeting…
chidambara09 --> RT @BadrUAE: Why your voice is your new #password
cybersec_feeds --> RT @antgrasso_IT: Il phishing è una pratica spregevole che tende a carpire informazioni confidenziali attraverso l'inganno e/o la simulazio…
AnBenji --> RT @SocEngineerInc: Expert Insight: ZLoader Malware Returns As A Coronavirus Phishing Scam https://t.co/l25cLWK1nf #Phishing ⠀ https://t.c… Link with Tweet
fraabye --> RT @CurtBraz: I'm thrilled to announce a new research blog post on a subject I'm very passionate about! I found and demonstrate an effectiv…
NewsAt20 --> RT Ultrascan419 "Walter: No proof of extensive voter fraud: Clearly, election mail-in fraud is possible. Most recen… https://t.co/RQywtOzNMA Link with Tweet
NewsAt20 --> RT Ultrascan419 "Another victim of credit card fraud: Mohammad Nazim has become a victim of credit card fraud. The… https://t.co/moNQryznaN Link with Tweet
#BiometricsID #passwordsecurity #biometrics #privacy #security #phishing… https://t.co/dYGjfyrfyO Link with Tweet
NyMataguilera --> RT @policia: ¿En serio? ¿De verdad crees que te pedirían confirmar tu cuenta de esta forma?
La respuesta es👉NO
Los cibermalos están inten…
cybersec_feeds --> RT @DC_CyberProtect: This week’s #NCSC’s weekly threat report features software and server vulnerabilities, and #phishing #scams targeting…
ISABELROMEROM11 --> RT @policia: Se hacen pasar por Endesa para hacerte creer que te han cobrado dos veces la factura... 🤔
Pues va a ser que NO☝ te van a reem…
Ultrascan419 --> Walter: No proof of extensive voter fraud: Clearly, election mail-in fraud is possible. Most recently, this was dem… https://t.co/x0CINyNWj9 Link with Tweet
----#OSINT----
chidambara09 --> RT @RedPacketSec: Conduent's European Operations Hit by Maze Ransomware, Data Stolen - https://t.co/kEM4ccXHIp
Gartzen72 --> RT @0x3c7: Just pushed https://t.co/qq12sbwf6l to github - a first draft for a common data model + conversion tools across @censysio and @s… Link with Tweet
Rana97821367 --> RT @aadilbrar: New #OSINT video of PLA and Indian soldiers. The video seems to have been recorded by the Indian side. Notice all soldiers a…
RDSWEB --> RT @RedPacketSec: Conduent's European Operations Hit by Maze Ransomware, Data Stolen - https://t.co/kEM4ccXHIp
GanbaruTobi --> RT @TheCyberViking: I will be with @rag_sec, @AlanTheBlank, and @cybersecstu hosting an #OSINT workshop for finding missing people tomorro…
LiteOlika --> RT @V3rbaal: 📢Looking for new opportunities! I'm a Senior Intelligence Analyst, Investigator and Polygrapher. I specialize in Open Source I…
RedPacketSec --> Conduent's European Operations Hit by Maze Ransomware, Data Stolen - https://t.co/kEM4ccXHIp
#OSINT #Security #Threatintel #cybersecurity Link with Tweet
WebSecurityIT --> RT @_IntelligenceX: We just launched our new free service: https://t.co/bNhevz4MzZ 🎉
Need to find email addresses for a domain? All subdom… Link with Tweet
----#THREATINTEL----
chidambara09 --> RT @cyberreport_io: An agile national vision - JP Fabri and Nicky Gouder https://t.co/1LA6tvzK3a #cybersecurity #threatintelligence #cybern… Link with Tweet
chidambara09 --> RT @RedPacketSec: Conduent's European Operations Hit by Maze Ransomware, Data Stolen - https://t.co/kEM4ccXHIp
cyberreport_io --> An agile national vision - JP Fabri and Nicky Gouder https://t.co/1LA6tvzK3a #cybersecurity #threatintelligence… https://t.co/kgBIp4UPhf Link with TweetLink with Tweet
DamskyIrena --> RT @DamskyIrena: I've republished my "The Cyber Threat Intelligence Cycle" blog post - have fun! https://t.co/thsy9kSLuM
gh0std4ncer --> RT @SentinelOne: 🕵️ #SentinelLabs | Updates to Sarwent malware show a continued interest in backdoor functionality, and a preference for us…
RDSWEB --> RT @RedPacketSec: Conduent's European Operations Hit by Maze Ransomware, Data Stolen - https://t.co/kEM4ccXHIp
CyberspaceAsia --> RT @happygeek: By me @Forbes and @ForbesEurope: A three-month-old #Windows10 vulnerability is back to haunt #Windows users who haven't patc…
sectest9 --> RT @AshwiniKumar1_: On demand Indian Video platform @ZEE5India got breached. https://t.co/uahpptYsSh
RedPacketSec --> Conduent's European Operations Hit by Maze Ransomware, Data Stolen - https://t.co/kEM4ccXHIp
#OSINT #Security #Threatintel #cybersecurity Link with Tweet
----#RANSOMWARE----
secure_blink --> Amidst the Pandemic, NetWalker Ransomeware has become one of the major cyberspace threats. Here's an elaborated art… https://t.co/MNO1ebfPYy Link with Tweet
cybersec_feeds --> RT @bamitav: Cyber Crime on a Roll, CyberSecurity still catching up..!! https://t.co/EmXPmoSHzU
Felwin_546 --> RT @Cohesity: #Ransomware prevention/detection is critical, and keeping patient data secured is more important than ever. Learn how Cohesit…
chidambara09 --> RT @bamitav: #Iranian cyberattacks on #Israeli facilities thwarted for a year - The Jerusalem Post https://t.co/uu9pJH92ba
chidambara09 --> RT @CyberSecDN: Revealed: Advanced Java-Based #Ransomware PonyFinal https://t.co/8pdM7LpVbR #InfoSecMag via @SecurityNewsbot Link with Tweet
bamitav --> #Iranian cyberattacks on #Israeli facilities thwarted for a year - The Jerusalem Post https://t.co/uu9pJH92ba… https://t.co/5k5B7g9PXP Link with TweetLink with Tweet
elliot__liber --> RT @PMProuk: ReddyyZ/DeathRansom #Education #ransomware https://t.co/IEW2TD3tUa Link with Tweet
cybersec_feeds --> RT @AcidTec: Fake #ransomware decryptor double-encrypts desperate victims' files - #hacking #cybersecurity https://t.co/kBOcK1JCcW Link with Tweet
vishne0 --> RT @JosephSteinberg: A Guide To Choosing The Best Antivirus Software For Your Computer And Phone
cybersec_feeds --> RT @FBussoletti: #Cybercrime: arriva #Metamorfo, #Malware diffuso via #malspam. Esperti #CyberSecurity di @Bitdefender: Si sfrutta la tecni…
SBenato --> #EMOTET è la principale e più pericolosa minaccia oggi in circolazione, un #trojan avanzatissimo modulare e che si… https://t.co/hqRPVJ9iiG Link with Tweet
marcogovoni --> Virtualcaffe: Emotet (by @SBenato) https://t.co/dHEo6YDc4K #virtualcaffe #emotet #malware #firewallumano #formazione Link with Tweet
CyberSecInt --> ~ Fake News Uses Coronavirus To Spread Malware: Cybercriminals are using fake email messages about the coronavirus… https://t.co/rnoIRpACH9 Link with Tweet
kushalveer000 --> RT @manas_hunter: Got a "forgot password" page? Apply these tips, these might be handy. If you get a bounty from it, don't forget to mentio…
nyrbte --> RT @hackerscrolls: You asked for something about OAuth — we did.
Here is a mindmap about hacking OAuth 2.0. We tried to cover all possibl…
cat alive-subdomains.txt | parallel -j50 -q curl -w 'Sta… https://t.co/pDFcxzEOVf Link with Tweet
motaz88_88 --> RT @zer0pwn: Using proxychains, you can proxy all traffic from an application on linux.
I often use this to forward traffic thru Burpsuite…
rudra16t --> RT @khushbhatt: Kudos to all the Winners of BATPWN CTF @bsidesahmedabad.
@DefConUA @liuhackse @alcapwnctf @InfoSecIITR and Young
#Bsides #…
a_pandurangi --> RT @lordjerry0x01: I just shared one of my finding "Local file read via XSS using PDF file generate functionality": https://t.co/TZ3rlZ3k61… Link with Tweet
rudra16t --> RT @bsidesahmedabad: Lauds & praises to all the BSides Ahmedabad team members for their immense support in making BatPwn a huge success! 👏…
IsecEmAll --> RT @lordjerry0x01: I just shared one of my finding "Local file read via XSS using PDF file generate functionality": https://t.co/TZ3rlZ3k61… Link with Tweet
----#CYBERCRIME----
chidambara09 --> RT @CallMeSam_____: This is very serious,our main admin detected a massive movement through WA,Telegram,Facebook to make a fandalism moveme…
sectest9 --> RT @oliveriogabriel: 👉 ATENCION: ESTAFA EN INTERNET 👇
https://t.co/qVNG7uDtFs via @InfosecurityMag #cybercrime #CyberSecurity Link with Tweet
i_zeeray --> RT @cybercrimefia: ✅Cybercrime FIA busts Nigerian Gang
#Nigerianfraud
#cybercrime https://t.co/Nzu9YIbs6v
wellytanoto --> RT @CallMeSam_____: This is very serious,our main admin detected a massive movement through WA,Telegram,Facebook to make a fandalism moveme…
mohamadharis251 --> RT @CallMeSam_____: This is very serious,our main admin detected a massive movement through WA,Telegram,Facebook to make a fandalism moveme…
sectest9 --> RT @AghiathChbib: AI: The New Cyber Crime Solution… and Threat
cyb3rops: Yet another C2/„implant“ framework https://t.co/hGRtIa8DJh Link to Tweet
cyb3rops: @jenschm @JohnHultquist @cglyer @anthomsec @RidT @taosecurity @WylieNewmark @ChicagoCyber @PJ47596176 @Viking_Sec @cnoanalysis @bread08 GOSSIPGIRL — because I‘d like to fill some missing links and talk to experts, not apprentices Link to Tweet
cyb3rops: @CyberWarship @3mm4h3ff Yesterday - I got this new issue. Should I recommend him Wine? https://t.co/p2xyIg4mH8 Link to Tweet
inj3ct0r: #0daytoday #vBulletin 5.6.1 SQL Injection #Exploit https://t.co/mYFrzdViPl Link to Tweet
inj3ct0r: #0daytoday #Microsoft #Windows - (#SMBGhost) Remote Code Execution #Exploit #RCE #SMB https://t.co/GLjTluSTDd Link to Tweet
inj3ct0r: #0daytoday #macOS/x64 zsh RickRolling #Shellcode (198 bytes) https://t.co/UZ3bXebV69 Link to Tweet
inj3ct0r: #0daytoday #QuickBox Pro 2.1.8 - Authenticated Remote Code Execution #Exploit #RCE https://t.co/QNbzLBZOtu Link to Tweet
inj3ct0r: #0daytoday #VMware vCenter Server 6.7 - Authentication #Bypass #Exploit https://t.co/3zuBt8PlLe Link to Tweet
0dayDB: #WordPress Drag And Drop Multi File Uploader Remote Code Execution
#0day #Zeroday #Exploit #Exploits #Security Link to Tweet
0dayDB: #WebLogic Server Deserialization – Remote Code Execution
#0day #Zeroday #Exploit #Exploits #Security Link to Tweet
0dayDB: #VMWare vCloud Director 9.7.0.15498291 – Remote Code Execution
#0day #Zeroday #Exploit #Exploits #Security Link to Tweet
int0x33: @unfoldmybrain The cost in both time and skill to do this well is high which is why I think the great ones never get shared and the public ones stay pretty average, in addition to good attackers map the public ones for indicators of honeypot. Link to Tweet
int0x33: @unfoldmybrain None of the out of the box ones imo, you’ll only get flakes who aren’t even worth the attention if you’re well defended. You have to make custom ones for certain use cases to be truly effective, and put a lot of work into making the honeypot feel real, fully interactive. Link to Tweet
malware_traffic: More info on #Valak (soft_sig: mad29) dated Wednesday 2020-06-03 - Paste of info: https://t.co/cI4Mno8iVk - Pastebin raw: https://t.co/snnzUIIg75 - Had to try different source IPs before finding one where I could download the Valak DLLs. https://t.co/HaxQgfQPkP Link to Tweet
malware_traffic: 2020-06-03 - #Valak (soft_sig: mad29) infection with #IcedID (#Bokbot) - one #malspam example, #pcap of infection traffic, malware/artifacts, and the associated IOCs available at: https://t.co/w8LMup78X5 https://t.co/XPKfVCUxWR Link to Tweet
malware_traffic: 2020-06-03 - #malspam pushing #Dridex - 10 email examples, a #pcap of infection traffic, some malware/artifacts, and some IOCs available at: https://t.co/LZHpR0ZZWV https://t.co/y6GRicWPRb Link to Tweet
malware_traffic: @NinjaNull I figure if it's important, they'll leave a message. Link to Tweet
James_inthe_box: @maciekkotowicz @AdamTheAnalyst Thanks Mak! Link to Tweet
James_inthe_box: @cocaman @abuse_ch Beautiful...thank you! Link to Tweet
James_inthe_box: Skills I've acquired since the #pandemic:
I can now open doors using just my pinky. 💪 Link to Tweet
cyb3rops: sudo apt install --install-recommends winehq-stable https://t.co/RM0VIUWeoJ Link to Tweet
inj3ct0r: #0daytoday #vBulletin 5.6.1 SQL Injection #Exploit https://t.co/mYFrzdViPl Link to Tweet
0dayDB: #WordPress Drag And Drop Multi File Uploader Remote Code Execution
malwrhunterteam: And the file is still there...
blackorbird: @cyb3rops @VK_Intel @JohnLaTwC @craiu @cglyer @ItsReallyNick @RedDrip7 @hasherezade @Cyb3rWard0g @olafhartong @neu5ron @SBousseaden Thanks Florian! #FF @cyb3rops Link to Tweet
wugeej: [Tool] GhostShell-Malware indetectable, with AV bypass techniques, anti-disassembly, etc.
int0x33: @kevinriggle Cheers 🍻Enjoy! Link to Tweet
hyp3rlinx: CVE-2020-7030 Avaya IP Office v9.1.8.0 - 11 / Insecure Transit Password Disclosure
malware_traffic: More info on #Valak (soft_sig: mad29) dated Wednesday 2020-06-03 - Paste of info: https://t.co/cI4Mno8iVk - Pastebin raw: https://t.co/snnzUIIg75 - Had to try different source IPs before finding one where I could download the Valak DLLs. https://t.co/HaxQgfQPkP Link to Tweet
James_inthe_box: @maciekkotowicz @AdamTheAnalyst Thanks Mak! Link to Tweet