ThreatChat ThreatHistory Video Feed

REvil ransomware gang allegedly forced offline by law enforcement counterattacks

S3 Ep55: Live malware, global encryption, dating scams, and secret emanations [Podcasts]

“To the moon!” Cryptocurrency hamster Mr Goxx trades online 24/7

Cybersecurity Awareness Month: Building your career

LANtenna hack spies on your data from across the room! (Sort of)

S3 Ep54: Another 0-day, double Apache patch, and Fight The Phish [Podcast]

Romance scams with a cryptocurrency twist – new research from SophosLabs

Apple quietly patches yet another iPhone 0-day – check you have 15.0.2

Cybersecurity awareness month: Fight the phish!

Apache patch proves patchy – now you need to patch the patch

FIN7 Lures Unwitting Security Pros to Carry Out Ransomware Attacks

REvil Servers Shoved Offline by Governments

Cisco SD-WAN Security Bug Allows Root Code Execution

Threat Actors Abuse Discord to Push Malware

U.S. Ban on Sales of Cyberattack Tools Is Anemic, Experts Warn

TA551 Shifts Tactics to Install Sliver Red-Teaming Tool

Gigabyte Allegedly Hit by AvosLocker Ransomware

Why is Cybersecurity Failing Against Ransomware?

Ransomware Sinks Teeth into Candy-Corn Maker Ahead of Halloween

Feds Warn BlackMatter Ransomware Gang is Poised to Strike

Twitter Suspends Accounts Used to Snare Security Researchers

Employees Make Best Frontline Phishing Defense

Protecting Phones From Pegasus-Like Spyware Attacks

Telegram Fraudsters Ramp Up Forged COVID-19 Vaccine Card Sales

Spotlight on Cybercriminal Supply Chains

Breaking Down Joe Biden's $10B Cybersecurity 'Down Payment'

CISOs Prep For COVID-19 Exposure Notification in the Workplace

Encrypted & Fileless Malware Sees Big Growth

Innovative Proxy Phantom ATO Fraud Ring Haunts eCommerce Accounts

Women, Minorities Are Hacked More Than Others

Payment API Bungling Exposes Millions of Users’ Payment Data

IoT Attacks Skyrocket, Doubling in 6 Months

Podcast: Could the Zoho Flaw Trigger SolarWinds 2.0?

Podcast: 67% of Orgs Have Been Hit by Ransomware at Least Once

DDoS Attacks: A Flourishing Business for Cybercrooks – Podcast

Unpatched Bugs Plague Databases; Data Is Not Secure

What Ragnar Locker Got Wrong About Ransomware Negotiators – Podcast

Holy Grail of Security: Answer to ‘Did X Work?’ – Podcast

'Pay Ransom' Screen? Too Late, Humpty Dumpty – Podcast

Podcast: Ransomware Up x10; Telecoms Uber Walloped

What’s Next for T-Mobile and Its Customers? – Podcast

National Surveillance Camera Rollout Roils Privacy Activists

Malware Gangs Partner Up in Double-Punch Security Threat

How Email Attacks are Evolving in 2021

Patrick Wardle on Hackers Leveraging 'Powerful' iOS Bugs in High-Level Attacks

Ransomware and IP Theft: Top COVID-19 Healthcare Security Scares

How the Pandemic is Reshaping the Bug Bounty Landscape

Experts Weigh in on E-Commerce Security Amid Snowballing Threats

Cybercriminals Step Up Their Game Ahead of U.S. Elections

A Cyber 'Vigilante' is Sabotaging Emotet's Return

'TodayZoo' Phishing Kit Cobbled Together From Other Malware

7 Ways to Lock Down Enterprise Printers

What Squid Game Teaches Us About Cybersecurity

Macs Still Targeted Mostly With Adware, Less With Malware

Google Buckles Down on Android Enterprise Security

Ransomware Rise Pushes Organizations to Prepare for Attack

Malware Abuses Core Features of Discord

Microsoft Launches Security Program for Nonprofits

Microsoft-Signed Rootkit Targets Gaming Environments in China

Execs From Now-Defunct GigaTrust Arrested in $50M Fraud Scheme

Latest News | Dark Reading

Latest Commentary | Dark Reading

aDolus Raises $2.5M to Secure Critical Infrastructure and Grow Sales and Marketing Team

Cybrary Launches New Partnership with Check Point Software to Make Cybersecurity Training Accessible to All

Akamai Technologies Completes Acquisition of Guardicore to Extend Its Zero Trust Solutions to Help Stop Ransomware

Plurilock to Acquire Assets of CloudCodes Software

Invicti Security Announces $625 Million Growth Investment Led by Summit Partners

Nearly Three-Quarters of Organizations Victimized by DNS Attacks in Past 12 Months

Optiv Announces Second Annual $40,000 Scholarship for Black, African American Identifying STEM Students

Microsoft, Intel, and Goldman Sachs to Lead New TCG Work Group to Tackle Supply Chain Security Challenges

MITRE Engenuity Announces ATT&CK® Evaluations Call for Participation for Managed Services

Microsoft is releasing Windows 10 21H2 in November

Hacking gang creates fake firm to hire pentesters for ransomware attacks

Hacking gang creates fake firm to hire pentesters for ransomware attacks

Windows 11 Subsystem for Android lets you sideload apps - Here's how

Cybercrime matures as hackers are forced to work smarter

Cybercrime matures as hackers are forced to work smarter

BlackMatter ransomware victims quietly helped using secret decryptor

BlackMatter ransomware victims quietly helped using secret decryptor

Microsoft 365 will get support for custom ARC configurations

Popular NPM library hijacked to install password-stealers, miners

Popular NPM library hijacked to install password-stealers, miners

Hacker sells the data for millions of Moscow drivers for $800

Hacker sells the data for millions of Moscow drivers for $800

FTC: ISPs collect and monetize far more user data than you’d think

FTC: ISPs collect and monetize far more user data than you’d think

The Week in Ransomware - October 22nd 2021 - Striking back

The Week in Ransomware - October 22nd 2021 - Striking back

SCUF Gaming store hacked to steal credit card info of 32,000 customers

SCUF Gaming store hacked to steal credit card info of 32,000 customers

DarkSide ransomware rushes to cash out $7 million in Bitcoin

DarkSide ransomware rushes to cash out $7 million in Bitcoin

Groove ransomware calls on all extortion gangs to attack US interests

Groove ransomware calls on all extortion gangs to attack US interests

Microsoft: WizardUpdate Mac malware adds new evasion tactics

Microsoft: WizardUpdate Mac malware adds new evasion tactics

Google cuts Play Store dev fees to 15% for all subscriptions

Italian celebs' data exposed in ransomware attack on SIAE

Italian celebs' data exposed in ransomware attack on SIAE

Microsoft Teams adds end-to-end encryption for one-to-one calls

Microsoft Teams adds end-to-end encryption for one-to-one calls

CISA: GPS software bug may cause unexpected behavior this Sunday

Microsoft: Windows 11 printing issues fixed in the KB5006746 update

Massive campaign uses YouTube to push password-stealing malware

Massive campaign uses YouTube to push password-stealing malware

Evil Corp demands $40 million in new Macaw ransomware attacks

Evil Corp demands $40 million in new Macaw ransomware attacks

Windows 11 KB5006746 update fixes gaming performance issues

Nebraska Issues First Federal Cyber-stalking Sentence

New Cybersecurity World Record Set

US Secret Service Announces Cyber Games Winner

FOI Request Reveals Scale of Data Breaches at UK Councils

22% of Brits Received Proof of Vaccination Phishing Email in Past Six Months

Protecting Hybrid Active Directory Environments from Cyber-Attacks

Staying on Top of Diversifying Ransomware Threats

Transforming the Security Operations Centre with Google Scale Analytics

Machine ID Management vs. Digital Transformation: Building a Secure Future

How MDR Can Shelter Organizations From the Cyber Storm

Third-Party Vulnerabilities: Demystifying the Unknown

Removing the Blindfold to Better Network Security

The Challenges of Multi-Cloud and Hybrid Security

MDR/EDR/XDR - Wading Through Acronyms to Find the Right Detection and Response Solution

How to Rethink End-User Protection and Eliminate Phishing and Ransomware

New Strategies for Managing Machine Identities

Securing Active Directory in a Hybrid Identity Environment

New PrintNightmare Patch Can Be Bypassed, Say Researchers

Cybercrime Costs Organizations Nearly $1.79 Million Per Minute

CTOs Keeping Quiet on Breaches to Avoid Cyber Blame Game

Over 170 Scam Cryptomining Apps Charge for Non-Existent Services

Most Insider Data Breaches Aren't Malicious

Kremlin Hackers Reportedly Breached Republican National Committee

Overcoming 'Shadow IT' Need and Risk

Defining the Zero Trust and SASE Relationship

#BHUSA: Researchers Criticize Apple Bug Bounty Program

#BHUSA: How Supply-Chain Attacks Change the Economics of Mass Exploitation

Halloween Horror-Show for Candy-Maker Hit by Ransomware

Over 80% of Brits Deluged with Scam Calls and Texts

Government Agents Compromise REvil Backups to Force Group Offline

US Imprisons Bulletproof Hosting Providers

DOJ Sues Robocaller to Pay Massive Fine

CISA Awards $2M to Cybersecurity Training Programs

72% of Organizations Experienced a DNS Attack in the Past Year

#ISC2Congress: How to Mitigate Evolving Insider Threats

Start Early and Secure Containers Across Their Lifecycle

New affiliates strengthen TrickBot’s distribution tactics

Linphone, MicroSIP softphones impacted by critical vulnerabilities

Nearly $25M stolen by long-running MyKings botnet

Targeted enterprise attacks leverage novel Yanluowang ransomware

CISA official: US facing graver nation-state cybersecurity threats

Microsoft: US, Israeli defense firms attacked by Iranian hackers

Costs of dark web hacking services examined

Hackers somehow got their rootkit a Microsoft-issued digital signature

Hill Republicans to Biden: Pump brakes on emergency rail, aviation cybersecurity regs

Cisco SD-WAN Security Bug Allows Root Code Execution

Gigabyte Allegedly Hit by AvosLocker Ransomware

Faraday 3.18.0

Ubuntu Security Notice USN-5121-1

SAP Enterprise Portal Sensitive Data Disclosure

Windows IKEEXT AuthIP Unvalidated GSS_ID Privilege Escalation

SAP NetWeaver ABAP IGS Memory Corruption

Online Course Registration 1.0 SQL Injection

SAP NetWeaver ABAP Gateway Memory Corruption

SAP NetWeaver ABAP Enqueue Memory Corruption

Ubuntu Security Notice USN-5116-2

Clinic Management System 1.0 Code Execution / SQL Injection

SAP JAVA NetWeaver System Connections XML Injection

SAP NetWeaver ABAP Dispatcher Service Memory Corruption

Jetty 9.4.37.v20210219 Information Disclosure

Ubuntu Security Notice USN-5120-1

Ubuntu Security Notice USN-5119-1

Ubuntu Security Notice USN-5117-1

Small CRM 3.0 Cross Site Scripting

Ubuntu Security Notice USN-5116-1

Ubuntu Security Notice USN-5115-1

Red Hat Security Advisory 2021-3949-01

NIMax 5.3.1f0 Denial Of Service

Ubuntu Security Notice USN-5114-1

Red Hat Security Advisory 2021-3892-01

Easy Chat Server 3.1 Directory Traversal

Red Hat Security Advisory 2021-3889-01

Ransomware Sinks Teeth into Candy-Corn Maker Ahead of Halloween

How hackers hijacked thousands of high-profile YouTube accounts

US judge sentences duo for roles in running bulletproof hosting service

Sim Swapper Doxes and SWATs His Accomplice

Squirrel Bug Lets Attackers Execute Code in Games, Cloud Services

Black market traders cash in on fake COVID-19 vaccination records

Hackers are disguising their malicious JavaScript code with a hard-to-beat trick

Google strips FTP code from Chrome • The Register

Sinclair Confirms Ransomware Attack That Disrupted TV Stations

Hacker Defaces Donald Trump's Website

Eugene Lim – Medium

All Your (d)Base Are Belong To Us, Part 2: Code Execution in Microsoft Office (CVE-2021–38646) | by Eugene Lim | CSG @ GovTech | Oct, 2021 | Medium

All Your (d)Base Are Belong To Us, Part 2: Code Execution in Microsoft Office (CVE-2021–38646) | by Eugene Lim | CSG @ GovTech | Oct, 2021 | Medium

Python — No 1!. Cybersecurity, Cloud, Machine Learning… | by Prof Bill Buchanan OBE | ASecuritySite: When Bob Met Alice | Oct, 2021 | Medium

Python — No 1!. Cybersecurity, Cloud, Machine Learning… | by Prof Bill Buchanan OBE | ASecuritySite: When Bob Met Alice | Oct, 2021 | Medium

Arne H. Tonning – Medium

Why we invested in IndyKite. IndyKite, the Identity Platform for Web… | by Arne H. Tonning | Alliance Venture | Oct, 2021 | Medium

Why we invested in IndyKite. IndyKite, the Identity Platform for Web… | by Arne H. Tonning | Alliance Venture | Oct, 2021 | Medium

FortKnoxster Update 23. Oct 2021. Dear community, hereby a short update… | by FortKnoxster | FortKnoxster | Oct, 2021 | Medium

FortKnoxster Update 23. Oct 2021. Dear community, hereby a short update… | by FortKnoxster | FortKnoxster | Oct, 2021 | Medium

Anton Chuvakin – Medium

Do You Trust Your SIEM?. My admittedly epic (but dated) post… | by Anton Chuvakin | Anton on Security | Oct, 2021 | Medium

Do You Trust Your SIEM?. My admittedly epic (but dated) post… | by Anton Chuvakin | Anton on Security | Oct, 2021 | Medium

stark303 – Medium

IHackPY – Medium

How to break into Cyber Security. Hey Fellas, | by IHackPY | Oct, 2021 | Medium

How to break into Cyber Security. Hey Fellas, | by IHackPY | Oct, 2021 | Medium

Security Policy Defines Culture. Here’s How. | ZeroWall | ZeroWall.ai

Security Policy Defines Culture. Here’s How. | ZeroWall | ZeroWall.ai

Harpinder Singh – Medium

The missing piece of the DevSecOps stack | by Harpinder Singh | Innovation Endeavors | Oct, 2021 | Medium

The missing piece of the DevSecOps stack | by Harpinder Singh | Innovation Endeavors | Oct, 2021 | Medium

Work at Medium | by Jobs @ Medium | Jobs at Medium | Medium

How I Offered Free 1 Lakh Rupees Through Government Website? | by Krishnadev P Melevila | Oct, 2021 | InfoSec Write-ups

IDE - TryHackMe Writeup. Hi all, today we will take on the IDE… | by Manash | Oct, 2021 | InfoSec Write-ups

Hacking JSON Web Tokens (JWTs). how hackers hack JWTs | by Surendra Choudhury | Oct, 2021 | InfoSec Write-ups

What is “Detection As Code”? The Future of Cyber Threat Detection | by TechExpert | Oct, 2021 | InfoSec Write-ups

CSRF for Begginers. CSRF(Cross-site request forgery) is a… | by SaiKrishna K | Oct, 2021 | InfoSec Write-ups

Vulnhub Doubletrouble: Walkthrough | by Mattia Zignale | Oct, 2021 | InfoSec Write-ups

TomGhost. Hello there!!This is not gonna be a… | by Thirukrishnan | Oct, 2021 | InfoSec Write-ups

HackTheBox Writeup: Cap. This was an easy-difficulty Linux box… | by Hacktivities | Oct, 2021 | InfoSec Write-ups

Exploiting Redis Through SSRF Attack | by Muh. Fani Akbar | Oct, 2021 | InfoSec Write-ups

Into the art of Binary Exploitation 0x000003 [Prominence of Integer-Overflow] | by 7h3h4ckv157 ™ | Oct, 2021 | InfoSec Write-ups

Exposing millions of critical data on Kerala Civil Supplies Website! | by Krishnadev P Melevila | Oct, 2021 | InfoSec Write-ups

Blue Team Operations [Part 3]: How To Investigate Phishing Attacks as a SOC Analyst | by TechExpert | Oct, 2021 | InfoSec Write-ups

TodayZoo phishing kit borrows the code from other kits

newsletter Round 337 by Pierluigi Paganini

NATO releases its first strategy for Artificial Intelligence

Threat actors offer for sale data for 50 millions of Moscow drivers

Cisco SD-WAN flaw could lead to arbitrary code execution, patch it now!

Supply-chain attack on NPM Package UAParser, which has millions of daily downloads

Microsoft no longer signs Windows drivers for Process Hacker | Born's Tech and Windows World

Microsoft no longer signs Windows drivers for Process Hacker | Born's Tech and Windows World

Calculating Subnets w/Python3 - YouTube

The Design and Evolution of OCB | SpringerLink

Friday Squid Blogging: Squid Eating Maine Shrimp - Schneier on Security

Twitch hit by massive hack that reveals its entire source code and more - NotebookCheck.net News

Nation-State Attacker of Telecommunications Networks - Schneier on Security

GitHub - Rices/Phishious: An open-source Secure Email Gateway (SEG) evaluation toolkit designed for red-teamers.

GitHub - RoseSecurity/Automator-Terminator: A Proof-of-Concept Layer 2 Denial of Service Attack that disrupts low level operations of Programmable Logic Controllers within industrial environments. Utilizing multithreaded processing, Automator-Terminator delivers a powerful wave of spoofed ethernet packets to a null MAC address.

GitHub - RoseSecurity/Automator-Terminator: A Proof-of-Concept Layer 2 Denial of Service Attack that disrupts low level operations of Programmable Logic Controllers within industrial environments. Utilizing multithreaded processing, Automator-Terminator delivers a powerful wave of spoofed ethernet packets to a null MAC address.

(29) The Cursed Nemef NF2 - Tapered drivers no.3 - YouTube

Passing the Pass-Around Box - YouTube

Michael Gilchrist Guts the Miwa U9 in Multiple Formats, Progressive Pinning & Reassembly - YouTube

Robur Safe Deposit Lock (gins) - YouTube

printable EFF's short wordlist #2.pdf - Google Drive

Tokyo 2020 Olympics suffered half a billion attempted cyberattacks | TechRadar

[31] Unbranded 7 Pin Dimple Lock Picked - YouTube

Google Chrome Vulnerability Worth for $6K: Use After Free (CVE-2021-30573)

Riiver Security Dimple Warehouse Lock Picked Fast - YouTube

Tech workers warned they were going to quit. Now, the problem is spiralling out of control | ZDNet

Problems with Multifactor Authentication - Schneier on Security

Burg wachter Alutitan picked (and a fake backstory for Burg) - YouTube

[140] BiLock 12 pin unmastered picked and gutted - YouTube

CLM Bypass | A Pentesters Ramblings

GitHub - tomschwarz/gocrt: crt.sh command line client written in golang.

395. How strong is a £1 shop padlock 🤔 Opened with a hammer & chisel and a look at whats inside 👀 - YouTube

[30] American 105 Solid Body Padlock - YouTube

In COINTELPRO, FBI used anarchism to 'disrupt left', attack Vietnam & USSR - by Ben Norton - Ben Norton

Supply Chain Attack: NPM Library Used By Facebook And Others Was Compromised | Hackaday

ACE 44mm Laminated Padlock Speedpicked - YouTube

Revealing the secrets of my 'Choices' challenge lock 😲 SPOILERS!!! - YouTube

A step-by-step analysis of a new version of Darkside Ransomware (v. 2.1.2.3) – CYBER GEEKS

virusbtn: On 26 Oct, @CyberAlliance will run a webinar in which Jaya Baloo (Avast), Jen Ellis (Rapid 7), Wendy Whitmore (Palo Alto Networks) & Michael Daniel (CTA) discuss how to move from theory to practice in raising your organization’s level of cybersecurity. https://t.co/XUKATc10tI

virusbtn: On the SANS ISC blog, @malware_traffic reviews a Sliver infection from the "Stolen Images Evidence" campaign. https://t.co/GJfTlBWF51 https://t.co/coSx98CQvl

virusbtn: Security Researcher @BushidoToken writes about ransomware decryption intelligence. https://t.co/XvUcZ62oEh https://t.co/J3gHGkI4yi

virusbtn: Cisco Talos's @Mesiagh writes about three of the threats seen in October: STRRAT, ZLoader and HoneyGain. https://t.co/fq1kxlHp8q https://t.co/RScwKTKKRI

virusbtn: Google’s researchers write about phishing campaigns targeting YouTubers with cookie theft malware. The actors lure their target with fake collaboration opportunities, hijack their channel, then either sell it or use it to broadcast cryptocurrency scams. https://t.co/7MWkgZGTjx https://t.co/CqW3sYXEHi

MITREattack: @MSAdministrator On closer inspection, you might not be correctly filtering out deprecated techniques. That technique is deprecated and has a result hasn't been updated. Suggest taking a look at https://t.co/3pHG0eZtR4.

MITREattack: @MSAdministrator An email to attack@mitre.org is usually the best route, but this works. We're taking a look at what's up, thanks!

MITREattack: Thank you to everyone who made it to our ATT&CK DC Meetup last night! It was great meeting members of the community, and the first time much of the ATT&CK team have seen each other in over year and a half. Next stop: ATT&CKcon 3.0 March 29/30 McLean, VA. https://t.co/ziEejxw4IL https://t.co/X6odKKKM05

MITREattack: @cyb3rops It made no sense to keep it in a different language than the rest of ATT&CK now that it's fully integrated, and would have required two parsers (STIX and YAML) to work with. The material is also rendered human-readable to https://t.co/aA0dlJjiro.

MITREattack: There's one more thing... The ATT&CKcon 3.0 CFP is now open until November 23rd at 6pm ET. And mark your calendars, ATT&CKcon 3.0 will be in McLean, VA on March 29 and 30th. Watch this space for more details, and submit your talks at https://t.co/ziEejxNFAj! https://t.co/6VMBaGtgGn

SpecterOps: One week left to register for our SO-CON 2021 training courses! This is the last chance to take our trainings this year. Classes are filling up fast, so be sure to register now. https://t.co/zA67VT5idF

TalosSecurity: The newest Beers with Talos discusses some of the vulnerabilities that are exploited the most often. But do these types of lists even matter? Do they help defenders? https://t.co/ixLI2CrCuG https://t.co/vBkdY9Bxz8

TalosSecurity: Have you caught up on all of Talos Takes' #NCSAM content? We've released several special episodes this month to help you #BeCyberSmart https://t.co/kbwmn0CDeb https://t.co/7n744iCzxq

TalosSecurity: As part of our continuing research into a series of #cyberattacks in the Asia-Pacific region, we discovered another wave of #RATs targeting users in Afghanistan and India https://t.co/QM3GigtEnX https://t.co/v2GKMPC0Qp

TalosSecurity: We went live this week to discuss the basics of #IncidentResponse for #NCSAM and discussed some exciting new offerings from CTIR. Check out the recording up on our YouTube now! https://t.co/qTFYWA1eE4

TalosSecurity: This week's edition of the Threat Source newsletter has a recording of our live stream from earlier this week, the latest on several #ransomware attacks that went public this week, and much more https://t.co/BlcKxC1TWF https://t.co/ap7Xwzs0dE

MBThreatIntel: @NeePscambaiting We have a good view of the distribution model. They use 4 different steps to redirect to constantly changing landing domains. We have tried to get in touch with both companies but have not had any answer.

MBThreatIntel: ℹ️ #UnderminerEK dropping #Amadey v.2.71 169.197.142[.]162/os.zip 7a7a128a51a5e153c55481518bdffe67093e94d99845531918ff50875a13e5fe C2: web.jsonpost[.]xyz 169.197.142[.]162 https://t.co/Mc1qWim1SJ

MBThreatIntel: Bad affiliate (affid=1494) getting their campaigns mixed up. https://t.co/cOxQeqrd7v

MBThreatIntel: #PurpleFoxEK via malvertising (fadverdirect[.]com) health-benefits[.]shop irkrimutodcnic[.]aixgedbubirtsabkhotsswse[.]monster https://t.co/46Aoyq0WUB

MBThreatIntel: ℹ️ New blog: q-logger skimmer keeps Magecart attacks going Based on previous research by @AffableKraut, @unmaskparasites and @rootprivilege https://t.co/7cSVzVUuDf

anyrun_app: A large number of organizations experienced a ransomware attack in 2021. And our guest writer @danielmartin_a is ready to clarify what this malware is about and how to prevent it. Check out our new post on the #ANYRUN blog! https://t.co/2iR7aYUBcz

anyrun_app: The demand for cybersecurity programs and experts is rising, and getting educated in this domain is helpful for your career. Learn more about malware analysis, its types, and stages with our guest post: https://t.co/lmGq2GWn7J

abuse_ch: Please excuse my language, but I haven't seen that much BS in such a short text for a looooong time 🤦‍♂️ https://t.co/HDnFhmbKsn

abuse_ch: @mdmck10 Thanks, fixed!

abuse_ch: @HGSupport Done

abuse_ch: @HGSupport Do you have any news on this? Despite my abuse report sent by email, the malicious domain name is still active and used as a Loki botnet C2

abuse_ch: Research by @Thycotic shows that in 2021, a majority of organizations that were victim of a ransomware attack "felt they had no choice but to pay ransom demands to restore their data" 🤯 https://t.co/HcBa3VNBfp

QuoIntelligence: We cover #phishing campaigns attributed to the financially-motivated cyber crime group #TA505. They include new tools targeting #NorthAmerica and #German-speaking countries. We also cover how the US is hardening its defenses against #ransomware attacks. https://t.co/tj51hoK9Xj

JAMESWT_MHT: Mentioned #WinGO #CobaltStrike Sample ✅https://t.co/WAO2hIKMEr +extra #WinGO #Rozena #metasploit #cobaltstrike Collection Samples 🔽🔽🔽 https://t.co/jO1Be9fzwu cc @bryceabdo https://t.co/nqNf2prbZh https://t.co/GE4G8FdvCO

cyb3rops: I love the accounts that have “temporary, disable in January 2016” in their description https://t.co/HEVF3mtKXJ

cyb3rops: @taosecurity @Zeekurity Oh, great. I couldn’t find the right Twitter handle.

cyb3rops: @markus_neis @stamparm I guess that we can find dozens of such lists that someone has once compiled or still maintains. The biggest problem is that these research outputs don’t get funneled into actionable rules.

cyb3rops: Shadowban in 3 .. 2 .. 1 https://t.co/KTHzXhimhc

cyb3rops: I've also created a Sigma rule for anyone that uses #Zeek or the like and already applies our public rules https://t.co/QlQlU3ko5F It's always important to transfer detection ideas into actionable content that can directly used by others https://t.co/ous2yvAzZE

RedDrip7: We have released the Win32k Elevation of Privilege Vulnerability #CVE-2021-40449 recurrence process. #Exploit included. Report: https://t.co/uTw75RG05K Translate: https://t.co/wp8twiSRIS

RedDrip7: New samples from #Sidewinder #APT have been uploaded to VirusTotal. IOC: 155ca0971759da484472542667266b0e HtTps://behr[.]ppinewsagency[.]live/5098/1/1084/2/0/0/0/m/files-bd31fa80/file.rtf https://t.co/FG0dN8RNM7 https://t.co/Rg1MPi8ZvN

RedDrip7: We found an approach to exploit Windows zero-day vuln #CVE-2021-40449 which has been used in #MysterySnail #APT activity. It is a use-after-free EoP vulnerability in Win32k and was patched on October 12, 2021. https://t.co/tXE7xMdvFv https://t.co/RYuEcDKLBO https://t.co/O9qwpEx5H4

inj3ct0r: #0day #OnlineCourseRegistration 1.0 - Blind Boolean-Based SQL #Injection #Exploit https://t.co/Ro9xDKp7zo

inj3ct0r: #0day #ClinicManagement System 1.0 - SQL #injection to Remote Code Execution #Exploit #RCE https://t.co/E935C9vPA0

inj3ct0r: #0day #Jetty 9.4.37.v20210219 - Information Disclosure #Vulnerability https://t.co/xBphKp8URd

inj3ct0r: #0day #EasyChat Server 3.1 - Directory Traversal and Arbitrary File Read #Vulnerability https://t.co/Oky6AF1rvV

inj3ct0r: #0day #SmallCRM 3.0 - (description) Stored Cross-Site Scripting #Vulnerability #XSS https://t.co/zdsT3EuPLB

malwrhunterteam: "sana.apk": a7ddb51c63bb4046c2e288f529d12c5bdfa3e561e5bc855dd0457f4017d2fe51 From: https://internet-2000[.]cf/ -> https://internet-2000[.]cf/download.html -> https://internet-2000[.]cf/sana.apk https://t.co/VYuWWWPKQ9

malwrhunterteam: "Whatsapp Hack V2.apk": dacf857e5f2d1f12054ff6830a107f7189daad5ed3d66b7a55fe48addd57281b C2: adventures-61091.portmap[.]host:61091 😂 https://t.co/PpLIHRmFR6

malwrhunterteam: "Correos.apk": 5e749d67941c743cbce9498eb2a7f2b44b077a2a9242fe0c3d3798b53003a34d @JosepAlbors @0xDanielLopez https://t.co/zwg2AAlrDC

malwrhunterteam: "Omegle.apk": ca21083beec1c31cd3629367c2bec1192153923d379352a4ac2c4fcb7b595c6b Probably Donot... @bl4ckh0l3z @LukasStefanko https://t.co/lzZ0Bx4Mrl

malwrhunterteam: This idiot says he would pay 30k for the database of @TheRecord_Media. 30k for the db of a simple news site. 🤦‍♂️ Sounds like he really wants to make fun of himself (or themselves) in any possible ways... 😂 https://t.co/kNFDxTZHAx

blackorbird: Learning iOS Forensics 2.0 #Pegasus bh = bridgehead FORCEDENTRY exploit https://t.co/ToVD46kCgM https://t.co/7xB2NjCiHH https://t.co/1laEsbtBkq

blackorbird: #OceanLotus attacked DrayTek router equipment and compromised multiple enterprise OA system servers, and further used them as a C2 springboard. #APT https://t.co/zMSKnkEY4C https://t.co/NNUKiZzpDG

blackorbird: Global #APT Research Report for the first half of 2021 Add APT Group:APT-C-59(芜琼洞),APT-C-60(伪猎者),APT-C-30(潜行者/Platinum) Report: https://t.co/4vvxr9luYf https://t.co/FgPlH1tzsg

malware_traffic: @sans_isc Dang it... Forgot to tag #Sliver malware.

James_inthe_box: @silascutler @avman1995 @felixw3000 @JAMESWT_MHT @malwrhunterteam In a big way...

James_inthe_box: @avman1995 @felixw3000 @JAMESWT_MHT @malwrhunterteam Ya....had this on the drive: https://t.co/Sr18tKDIZi

James_inthe_box: @felixw3000 @JAMESWT_MHT @malwrhunterteam Looks like #unastealer

James_inthe_box: @felixw3000 @JAMESWT_MHT @malwrhunterteam Looking

James_inthe_box: @KorbenD_Intel @malwrhunterteam Yikes...

pmelson: @KyleTDavis1 I didn’t take it as you sympathizing with the CEO. The challenge with influence, perhaps especially in the board room, is that it’s the purest form of leadership. At that level, hierarchical/authority power is of limited effectiveness.

pmelson: @KyleTDavis1 Agree. My gut says mismanagement and low morale were directly related. Fix the work, start delivering outcomes, and separate any actively disengaged team members from the group, replace them if you have to. In that order. Reassess morale after the first 1-2 rounds of delivery.

pmelson: @KyleTDavis1 Using people is still using people. Maybe the CEO saw it as a solid chess move with minimal damage to the young employee. Or maybe he saw her as expendable. In my opinion, he lacked the imagination to find a way to get his way ethically, a thing I maintain was very possible.

pmelson: @mkr_ultra Potomac is my current fav

demonslay335: @vinopaljiri @Avast Mind mentioning what variant? Just hoping it isn't another BitDefender situation...

demonslay335: @BleepinComputer @billtoulas https://t.co/sBd2W7x1ia

hackerfantastic: @Firefly1776 yes, looks amazing.

Cyb3rWard0g: @russmcsec https://t.co/uvV8qqVkFS

Cyb3rWard0g: @OTR_Community @cyb3rops @blubbfiction @sigma_hq @MITREattack #AnotherOne https://t.co/YM4TxnmDsE

VK_Intel: @PolarToffee 🙂Happy to share. The codebase is certainly based on the same ol' Ryuk. I agree less of a rebrand - just an ops model shift by the same adversaries. Ryuk is gone & its pure encryption model shift in favor of lock+leak of Conti. re: Cont code / roots https://t.co/ieFZ30xjrE

VK_Intel: Plus Ryuk (RIP) -> Conti The golden formula of success: Leak + Lock = Ransom https://t.co/5qRLTxI9gf

DrunkBinary: @kikta @WylieNewmark @WylieNewmark Did you hear that the FSB has kompromat on @badtakeblake that involves furries

Arkbird_SOLG: Thanks to @JAMESWT_MHT for the samples Yara : https://t.co/nLrD9GC4VB ref : https://t.co/1Eidn4VlXq cc @h2jazi @James_inthe_box @BushidoToken @c3rb3ru5d3d53c @0xtornado

Arkbird_SOLG: The implant have as improvement to use ioreg and xmllint for parse the key on the registry (IOPlatformUUID) which content the hardware UUID (Mac's serial number). Fetch also the zip/dmg on cloud structure if possible. https://t.co/P9sfKwbaNU

Arkbird_SOLG: According to Microsoft, some improvements for #UpdateAgent (aka #WizardUpdate) but mostly via the bash script for install the service by plist, bypass Gatekeeper (xattr -r -d https://t.co/3RdTgQRn1N.quarantine), use $ user variable ... https://t.co/ormYmOvhLG

KorbenD_Intel: @James_inthe_box @malwrhunterteam abuse proof too? 😄 https://t.co/3wMHdzEI2a

KorbenD_Intel: @sonatype https://t.co/bIroWdu0N3

KorbenD_Intel: #CobaltStrike 23.234.21.x 122.10.58.x 154.95.225.x 156.232.248.x

KorbenD_Intel: too legit to quit https://t.co/Ek3uQZJoI8

ShadowChasing1: yep sir It is Donot #APT C2:updatedate[.]live https://t.co/E7MENDqxRV

ShadowChasing1: URL: hXXps://share.stablemarket.org/Y5qbOQiIlBomxCjPRFzyiLSvyddx/P1xM4diDmKxL3I= hXXps://share.stablemarket.org/2 hXXps://share.stablemarket.org/1 hXXps://share.stablemarket.org/S1IPLKWyhI+b8SZyQi2j2+5YFP1V6BFxXAUMRERH9O0= https://t.co/R4WBswWaMc

ShadowChasing1: Today our researchers have found new sample which belongs to #Lazarus (#DangerousPassword) #APT group ITW:94b4a8127e410ea950d14d7f7a22897d filename:Profit and Loss Statement. zip ITW:a0c1ca01548be7690f2976742f068e67 filename: Profit and Loss Statement.xlsx.lnk https://t.co/W41EaCG3Tr

ItsReallyNick: @Big_Bad_W0lf_ @nicastronaut @TreeHouseBrewCo @drinksmooj https://t.co/21Jqtm3pnT

cyberwar_15: #북한 #NorthKorea #CyberWar 북한 정찰총국의 대남 공작원이 '백만원' 원고료로 현혹해 기고문처럼 위장한 악성 문서 파일을 열도록 유도하는 화면입니다. 정말 많은 분들이 [돈]의 유혹에 속아 해킹을 당하고 있고 공격은 지속 중입니다. https://t.co/1LyOLNhO2y

cyberwar_15: #북한 #NorthKorea #CyberWar #PDF #Exploit 북한 정찰총국 요원이 사례비 지급 명목으로 위장해 PDF 취약점 악성파일을 대북관계자에게 전송한 화면입니다. 다행히 구글에서 차단을 해주었습니다. https://t.co/oFsu6hCfU2

cyberwar_15: - https://t.co/8QhygJxpEC - - https://t.co/M2MCpdPhYX - - 133.242.141.149 -

cyberwar_15: #북한 #NorthKorea #CyberWar 북한 사이버 공작원의 작전은 계속 이어지고 있습니다. 마치 네이버 고객센터를 사칭해 대북분야 전문가들을 집중 공격하고 있습니다. - https://t.co/8QhygJxpEC - https://t.co/PspSYoMIRD

Manu_De_Lucia: @Pinperepette @carolafrediani non lo so se solo loro pagherebbero eh. cmq secondo la mia esperienza tendono a monetizzare il piu' possibile o cmq a trarre quanto piu' vantaggio possono. L'effettiva ed irreversibile cancellazione selettiva di dati dal pacchetto la vedo come una possibilita' davvero remota.

Manu_De_Lucia: @Pinperepette @carolafrediani vabe' se andiamo sull'appetibilita' dei singoli dati non ne usciamo. ;) E poi che ne sai che possano inventarsi qualcosa per cui il profilo di quello famoso fra qualche mese diventa appetibilissimo ? Potremmo continuare all'infinito ;)

Manu_De_Lucia: @Pinperepette @carolafrediani e poi nel 99% dei casi, chi comprerebbe quei dati mica metterebbe cartelli. Manterrebbe il silenzio piu' assoluto. Li userebbero per frodi, truffe , furto di identita' etc.etc. e correlare tali futuri eventi dopo mesi e mesi risulterebbe davvero complesso.

Manu_De_Lucia: @Pinperepette @carolafrediani ma la credibilita' la perdi non fornendo una chiave per decifrare roba dopo un incidente. Con i dati e' un altro discorso. qual'e' il rischio di perdita di immagine se li riproponi ad-hoc fra 6 mesi ? Io non avallerei tesi che potrebbero spingere qualcuno a pagare per davvero...

Manu_De_Lucia: @Pinperepette @carolafrediani Forse mi sfugge qualcosa del tuo discorso... dici che pagando i 10k tu saresti certo che una banda criminale cancelli i tuoi dati personali da un mucchio di roba esfiltrata avendo garanzie che non solo non li abbiano gia' venduti ma che fra 6 mesi non li ripropongano... giusto ?

58_158_177_102: そもそもクラウド管理コンソールにアクセスできる端末の制限をどうする。。。(無限ループ) この辺りのセキュリティ担保と運用の利便をうまく保っている設計や現実をもっと知りたい

58_158_177_102: この辺りの理想はこうなんだけど現実は、みたいな話に決着をつけるべく、最近は色々と思考実験や試行依頼をしている感じです Azure Bastionの単一環境での試行はうまくいきそうだけど、部門混在する環境で運用維持できるかなぁ、とか。。。

58_158_177_102: 組織として踏み台を運用しようとする場合、後者の環境の場合が多く、管理と違反行為の確認のために人を張り付けなければならず、かつ運用の人や仕組みも、適切なアクセス管理や権限の判断と異常の際の調査ができないと有名無実になってしまうから、一般企業で導入・運用するのはそこそこ難しい印象

58_158_177_102: <複数システム・複数業者の場合> 百くらいのオーナーが異なるシステムがあって、運用者は、自社管理者と業務委託管理者混在 さらに、運用グループはAとCとを見ていたり、Bだけリモートの別業者だったり。。。-> カオスなようで一般的な構成だったりする

58_158_177_102: 踏み台サーバの話をいただいたので記載 <単一システム・複数業者の場合> 踏み台はログもとれるし、管理もしやすくてよい 踏み台からしか繋がらないように通信制御していると障害時に問題が発生するため、通信制御はせず、踏み台を介さない直接アクセスを監視するほうがよい?

aboutsecurity: Look what I got in the mail today! Thanks to @aall86 for continuing the saga together with the great @aionescu, and pioneers @markrussinovich and @davesolomontci 👏🏼📚 (I still remember David’s first ‘Inside Windows NT 2nd edition’ back from 98) #windowsinternals https://t.co/wQfYSD6qQj

aboutsecurity: @juliankrye @SANSInstitute @SANSDefense Early afternoon. On Day 6 we typically play until 2 pm 😎

aboutsecurity: @ateixei I totally approve that @ateixei. And yes, #Malaga is an awesome place. Picasso's birthplace, @antoniobanderas birthplace, hey it's my birthplace too 😂 And it's home to awesome companies like @virustotal and @hispasec, and more importantly awesome ppl like @ssantosv @bquintero...

kyleehmke: How disinformation babies are made. https://t.co/2KO0gdejwn https://t.co/8nJXiwX91b

DissectMalware: It's been a while that I'm contemplating to develop a tool that I always wanted to have while working on samples... I've just decided to develop it. This tweet is the mark of its beginning! I will update when the first version is out...

DissectMalware: @sajjadium @Google Congrats Sajjad! Well deserved.

DissectMalware: @n0x08 Interesting, the authors of the article (2006) also wrote a book on the subject two years before (2004): Malicious Cryptography: Exposing Cryptovirology * I remember reading their book in 2008; awesome read

Hexacorn: @mariuszbit various versions of dbghelp is the most popular find for me too

JCyberSec_: @ANeilan @olihough86 @phishgalore @idclickthat @Sync_Pundit @ActorExpose @illegalFawn @malwrhunterteam @JAMESWT_MHT @dubstard @YourAnonRiots @nullcookies @PhishChicken @urlscanio https://t.co/Fl1gfVhLZm

JCyberSec_: UK COVID #phishing 🇬🇧🧑‍⚕️ 🌐hxxps://vaccinepass-status.com/nhs/appIy/step1.php https://t.co/G6yVyRlFw9

JCyberSec_: @MalwareHuntress @IpNigh You're welcome, although I am not sure Twitter agrees. https://t.co/sIWKv7Urzl

JCyberSec_: MSFT stating this is a new kit, if you look at @urlscanio you can find the first scan of a todayzoo.php page from 9 months ago!! https://t.co/llUU7P3lTQ

JCyberSec_: So this is just the #KOSONG kit which we have been tracking for awhile. The overlaps are interesting and seeing how the kit has evolved and cracked over time. https://t.co/GxtVzKiWEM https://t.co/oyA7KPrGp0

nullcookies: 👀 Sudan

nullcookies: @f_dion I’ll share some audio when I have a moment

nullcookies: Added a Beetronics Swarm pedal to my board and it’s never going to leave it. 10/10 https://t.co/fx48i4dU5G

nullcookies: I’m immeasurably thankful to work in an industry where I’m responding to an RFI on a Saturday night and still having fun doing so.

nullcookies: @rogue_analyst This is not fair.

campuscodi: Root cause analysis for CVE-2021-33742, a zero-day in Internet Explorer https://t.co/QKigdIkYkK https://t.co/nIOUdxbgdK

SBousseaden: correlating #sysmon process creation (eventid 1) with process access (eventid 10) with same ParentProcessGuid/SourceProcessGUID and ProcessGuid/TargetProcessGUID can help spot suspicious process creation (esp for Office and common lolbas) https://t.co/gfZlVJO9qW https://t.co/QI39SZ46pX

SBousseaden: @Cyb3rSn0rlax that could work, IIRC rundll32 -> lsass is not that noisy in general. for MinidumpWriteDump its uses dbghelp.dll/dbgcore.dll (calltrace). https://t.co/wAwuSQA79e

SBousseaden: sysmon traces for zipexec https://t.co/6eqEPpuFmg https://t.co/9PtEv0djrS https://t.co/rYIFP6B6Ow

SBousseaden: https://t.co/D2pzeJStyT https://t.co/gxj7YsQ6h0

424f424f: @MarcOverIP exciting race!

424f424f: @hellor00t We'll see as soon as she goes to install the dreaded printer.... https://t.co/uGQ5cFZO7R

424f424f: @ustayready https://t.co/D1kDeo6S1U

424f424f: Almost time for some #FormulaOne https://t.co/CpbZfDP6xZ

424f424f: I am beta testing Windows 11 by YOLO upgrading my wife's PC. 😎

lazyactivist192: @KtheLum Don't forget Vine Deloria Jr! Plus, the fight hasn't been for federal recognition since like the 50s, it's been everything that comes with recognition. That's expecting logic to filter through their racism tho

cyber__sloth: #scam #Bitcoin #Pixel6Launch. Same old technique, by scammers. Be aware of these live event scams. https://t.co/WXDOW6hcuP

reecdeep: #Phishing #smishing campaing targeting Italian peoples 🇮🇹 💬"Il tuo pacco è stato trattenuto presso in nostro centro di spedizione" 1⃣🔥hxxps://shipttit.verifdmn.xyz/bankanew2/upstrack/ 2⃣🔥hxxps://www.check-npay.com/RWy4dFg6 3⃣🔥hxxps://www.budgetcy.com/verification/process https://t.co/sk98Af8Zc3

reecdeep: #BazarLoader #Malware targeting also #Italy 🇮🇹 from password protected ZIP containing #maldoc 👉drop domain: gainesslushg,com DLL: https://t.co/ggzfisYFHE 🔥c2 list: https://t.co/jqQvcy0YnR #infosec #gdpr #privacy #dataprotection #cybersecurity #dataprivacy #security #mwitaly https://t.co/Ltw6qaINYy

reecdeep: Trending #malspam campaign using #Shellcode in XLSX #maldoc spawns #Lokibot #Malware #stealer 🐚hxxp://23.94.159.219/ole/ole.exe 🔥c2: hxxp://63.250.40.204/~wpdemo/file.php?search=719442 #infosec #security #gdpr #privacy #dataprotection #cybersecurity #dataprivacy #security https://t.co/7xnZZHwROn

reecdeep: new #Dridex #Malware campaign using #Discord URLs h/t @AndreGironda @Cryptolaemus1 https://t.co/Vpru7HA0DV DLL: https://t.co/gud7UGKqWG https://t.co/5vHdyfd9fI Urls: https://t.co/2J2q6SYFVZ 🔥 155.138.203.91:443 207.180.220.242:8116 46.101.142.214:6891 #infosec #cybersecurity https://t.co/9ORgmjptje

reecdeep: #AgentTesla #Malware 🔥exfils to: holyghost007[@[vivaldi.[net #infosec #gdpr #privacy #dataprotection #cybersecurity #dataprivacy #security 👇decrypted config: https://t.co/OHlc2buRA2

luc4m: About the anti-#usa manifesto published by #conti #ransomware gang.. 🤣 @malwrhunterteam https://t.co/GPT0w63byd

luc4m: @BushidoToken @WilliamTurton @zackwhittaker cc @luigi_martire94 @CapeSandbox

NCI_ISACs: "Google has released a new version of its flagship Chrome web browser with patches for a total of 19 vulnerabilities, including 16 reported by external researchers." https://t.co/IXq3Om7r1S

NCI_ISACs: "Sinclair Broadcast Group, which operates dozens of TV stations across the U.S., said Monday that some of its servers and work stations were encrypted with ransomware and that data was stolen from its network." https://t.co/3EFdEj0ujH

FSISAC: “Intelligence sharing across our community & platforms has reached new heights, spurred by the high-profile events of the last 12 months,” said FS-ISAC CEO Steven Silberstein. Check out our 2021 Global Leaders, recognized for their cyber intel sharing: https://t.co/nyk8LNjwZz https://t.co/Acp9S6sk7J

FSISAC: @BofA_News sponsors FS-ISAC’s cybersecurity scholarships for women to help build a more diverse & inclusive cyber workforce. Bank of America’s Kris Fador also champions a wide range of programs designed to recruit & develop diverse talent into the field. https://t.co/y2rRKLS3TB https://t.co/RWl404lHCs

FSISAC: Large scale cyber threats this past year such as ransomware and supply chain incidents resulted in record-breaking peaks of cyber intelligence sharing among FS-ISAC member financial firms. Read more in @RegulationAsia. https://t.co/18N1tMRY4w

FSISAC: Combine the high profile supply chain attacks of the last year with trends like the widespread move to #cloud and rapid adoption of #crypto - and the financial sector needs a new cyber strategy. FS-ISAC CEO Steven Silberstein explains in @TheBanker. https://t.co/N9Vnw2FrL3

FSISAC: Join us at our Singapore virtual member meeting on 27 October to learn the latest cyber threats and trends in the region, directly from other member financial firm peers. Register now: https://t.co/uGOOc5G06m https://t.co/2vApPWY2RN

AutoISAC: (2/2) GCA's Partnership Announcement with the Cyber Security Agency of Singapore- https://t.co/BnMTa7x1Jw

AutoISAC: The Global Cyber Alliance has recently put out a number of reports that are centered around IoT threats and security. Please take a moment to read: IoT Policy and Attack Report-https://t.co/ei8VEkDccf Microsoft Digital Defense Report 2021- https://t.co/XcMRnADdtG

ITISAC: To have a successful career in cybersecurity, you need to be a hacker in a hoody or be really good at math and science, right? NO! There's a cyber career out there for everyone and every skill set! #BeCyberSmart https://t.co/W7FFlxiYTw

ITISAC: IT-ISAC Executive Director Scott Algeier will speak on a panel at #InfoSecWorld 2021 titled, "How to Prepare for the New Era of Government Regulations." This timely session will take place on Nov. 10 @ 2:20 p.m. ET. Register here! https://t.co/zLpowui3Rf

EE_ISAC: Big thanks to Smart Grid Forums for organizing the #IEC61850Week and a fruitful discussion during the #EEISAC panel addressing the need to build a reliable network of trust to strengthen information sharing, cyber prevention and detection in the #energyindustry https://t.co/evRFsV63J2

ongisac: Join @NISTCyber during #cybercareerweek to learn more about the careers in cybersecurity and how the field supports #STEMcareers. Visit https://t.co/h1O7qvek4Y to learn more. #choosecyber #mycyberjob #fuelingcyberintel https://t.co/xiodeHBiHW

ongisac: October is Cybersecurity Awareness Month. Top Tip of The Week: Keep Tabs on Your Apps. Do Your Part. #BeCyberSmart #fuelingcyberintel #cybermonth https://t.co/mWbNRPP85X

ongisac: Cybersecurity Career Awareness week is Oct 18-23, 2021 to learn more about the careers in cybersecurity. Visit https://t.co/hgG4aJMnCo. #mycyberjob @cybercareerweek #fuelingcyberintel https://t.co/nEAVAMpa4c

RealEstateISAC: The latest Real Estate ISAC Daily Report! https://t.co/osSfSpie4s Thanks to @REITs_Nareit @ApartmentWire #cybersecurity #covid

renisac: Looking for ways to improve your organization’s #cybersecurity posture? REN-ISAC is here to help. https://t.co/MhaFtrdsb9

renisac: In our last Quick Poll, we asked how confident followers were at spotting a phishing attempt. The breakdown was interesting with 60% very confident, 20% confident, and 20% somewhat confident. No one said they weren't confident at all. https://t.co/8atnJfm8MP

renisac: #Cybercareerweek helps demystify careers in cybersecurity and raises awareness about pathways to prepare a highly skilled and diverse workforce for careers in cybersecurity. #BeCyberSmart https://t.co/CBoUcNL6Dp

renisac: #Diversity in #cybersecurity is crucial. Check out Diversity, Equity, and Inclusion in Cybersecurity by the Aspen Institute on how we can be more diverse: https://t.co/MQW4Bj1SLW #BeCyberSmart

renisac: The demand for well-trained cyber pros is at an all-time high. Learn about careers in cyber at https://t.co/klowfzq6Ti #BeCyberSmart #CyberCareerWeek https://t.co/F9MPQQldsz

RH_ISAC: Access RH-ISAC's Best Practices podcast on mobile by downloading the uStudio app! Its available to RH-ISAC members and features info listeners can use to improve their organization’s cybersecurity strategies. #RH_ISAC #podcast #infosec #cybersecurity https://t.co/Ak0WgVEARS https://t.co/RF5vPQOYp5

RH_ISAC: Recorded sessions from the RH-ISAC 2021 Summit are now available to RH-ISAC members on Member Exchange. Revisit great keynote presentations on topics like cyber resiliency and digital transformation. #RH_ISAC #ProtectAsOne #RHISACSummit21 #infosec https://t.co/sNs92nmbGY https://t.co/2hdzPWXBE2

RH_ISAC: Phishing is an easy path for threat actors to infiltrate. Make sure your organization is protected by educating your employees on how to detect and avoid this common threat during RH-ISAC Security Awareness Symposium. #RH_ISAC #cybersecurity #infosec https://t.co/qpKe8fKrpo https://t.co/2tBRGBF9cE

RH_ISAC: The 2021 RH-ISAC CISO Benchmark Survey closes Oct 22! This is your last chance to contribute to this important industry report you can use to inform your resource investment decisions for 2022. Take the survey now! #RH_ISAC #infosec #cybersecurity https://t.co/IT2SUm7Byn https://t.co/PAMZcHqKAh

RH_ISAC: Hackers aren’t sneaking in through some backdoor, they are strolling in through the front thanks to insecure or misconfigured email systems. Join Red Sift & Entrust for this webinar on protecting your domain. #cybersecurity #infosec #RH_ISAC https://t.co/MWCSv8gkqS https://t.co/SXXN5CnovJ

HC_Ready: To wrap up National #HealthcareQuality Week, we want to express our appreciation for @pfizer, @BioNTech_Group, @moderna_tx and @JNJNews for their contributions to producing #COVID19 vaccines before guaranteed emergency use (EUA) approval. How this works: https://t.co/0sfKbmKdZ9

HC_Ready: Groups like @FIMCoalition and all U.S. community healthcare organizations play a large part in what makes America's health care strong. Dive into @FIMCoalition's story and find out why we appreciate everything they do. #HealthcareQuality Week https://t.co/rJAIrGS9M2

HC_Ready: This National #HealthcareQuality Week, we appreciate @HHSGov for providing almost $1 billion to medical centers across the nation. These funds will go toward building American healthcare infrastructure and meeting the needs of underserved communities. https://t.co/lQcdVcEjve

HC_Ready: We're showing our appreciation for nurses around the U.S. who battle on the frontlines of the #COVID19 pandemic for National #HealthcareQuality Week. Nurses continue caring for sick patients when visitors aren't allowed while avoiding #COVID19 exposure. https://t.co/xqV52RAd7F

HC_Ready: For National #HealthcareQuality Week, we're showing our appreciation for @clinicamisalud and health care providers everywhere that work to give free health services to underserved communities that need it most. Read more about @clinicamisalud's story. https://t.co/nRt61skfp9

HealthISAC: The Health-ISAC Summit, Netherlands was a success! Thank you sponsors, @RiskRecon and @Intel471Inc. A huge amount of experience and information from healthcare #cybersecurity professionals was shared. ##hisacSummit #healthit https://t.co/2yDOoIEIFf https://t.co/AH66jVfxS4

HealthISAC: Health-ISAC Members the next Member Threat Briefing is Tuesday, October 26. We have an excellent lineup of guest speakers and topics. Learn more here: https://t.co/4nS5bxzWSq #medicaldevices #healthit #biopharma #healthinsurance https://t.co/bHbrF44fbx

HealthISAC: Health-ISAC Hacking Healthcare blog | #Ransomware and Critical Infrastructure #Cyberattacks https://t.co/JxXQhPwQlg #healthit https://t.co/RtEu7CSW6L

HealthISAC: Learn how attackers are leveraging credentials, Active Directory, and the vast over provisioning of entitlements to successfully conduct damaging attacks. Health-ISAC Navigator webinar by @AttivoNetworks November 10. #healthit https://t.co/cqLQAFW582 https://t.co/L3yeglrmRd

HealthISAC: Health-ISAC Summit in the Netherlands day 2 begins with a deep dive into the #healthcare sector’s cyber hygiene posture from Steve Brown and Rigo Van Den Broeck. @RiskRecon is a Health-ISAC Ambassador. #healthit ##hisacSummit https://t.co/1keCfLGrNz https://t.co/tjYyzfW4w4

NEI: Now more than ever before, there is a consensus that adopting a #carbonfree, technology-neutral climate plan is the best way to solve #climatechange. https://t.co/wCX5f29V2U

NEI: Carbon emissions don’t respect borders; no one country alone can protect the #climate. In an effort to speed a solution, the U.S. and #Canada are melding their strengths in reactor engineering, sophisticated manufacturing, and regulatory capabilities. https://t.co/dKqgVvFMJI

NEI: You've heard about molten salt #reactors, but how do they work? @PNNLab dives into the fundamentals of this #advancednuclear reactor technology and potential future applications. https://t.co/wP1z3bmoMU

NEI: You've heard of #nuclear fission, which is how we generate 20% of our country's electricity. But what about fusion? Researchers at @GeneralAtomics are working on perfecting nuclear #fusion, opening up pathways to provide #carbonfree energy for millions. https://t.co/CwuioGOEbS

NEI: To achieve decarbonization goals, funding must be mobilized at a large scale and at a quick speed. @MonicaTrauzzi, sets the stage for these conversations at #COP26 by answering questions about the current state of #climate #finance. https://t.co/r17SjCMVoI

WaterISAC: Learn how utilities can help their employees through stressful times on a Nov. 4 webinar with us and our partners at @NAWCH2O! Register today: https://t.co/4IkVzR2jfB https://t.co/0vPGvVyw1k

WaterISAC: In today's Security & Resilience Update: Government Climate Change Reports, New Microsoft 365 Security Tools, and more! Read the full issue: https://t.co/vQqRjHeopx https://t.co/dmQQr4TP7m

WaterISAC: It is still #CybersecurityAwarenessMonth! What are you doing to learn and prepare? Do Your Part. #BeCyberSmart #cybersecurity #water #wastewater https://t.co/KefdNiQZUi

WaterISAC: WaterISAC Members - Mark your calendars to join us for our next #Cybersecurity Fundamentals Briefing with @ConnectWise on Oct. 27. Register here - https://t.co/gFOxwAegTt Not a member? Get a free trial membership today! = https://t.co/oX9jG81qjP #CybersecurityAwarenessMonth https://t.co/Rv0FypzdP0

AmChemistry: #Chemistry can be found in every direction we look — from automobiles to buildings to technology. It makes the life we live possible. #NationalChemistryWeek https://t.co/h414x0Zukc

SpaceISAC: Fantastic coverage from @SpaceNews_Inc of Day 1 of the Value of Space Summit, and the case for #space as a critical infrastructure! Thank you @Sandra_I_Erwin #VOSS2021 https://t.co/XB5Xv5b0ph

SpaceISAC: Read @SamuelVisner's "Why #6G hardware matters: The case for 'Made in America'" https://t.co/OW7RFDhRCt

SpaceISAC: Great article from @Via_Satellite about designating #space as critical infrastructure, featuring insightful discussion from Dawn Beyer (@LockheedMartin), John Galer (@AIAspeaks), and Samuel Visner (@MITREcorp) from day 1 of the Value of Space Summit. #2021VOSS https://t.co/d4Y35CpLSK

AviationISAC: Open (or don't) your #crypto wallets #airport execs! Join us IN PERSON Nov. 22 at #WAGA2021 for a #cybersecurity tabletop exercise: an airport #ransomware #simulation exploring real-time exec decision making. Register today: https://t.co/32lHVfuezX #cybersecurityawarenessmonth https://t.co/ddhHeZ0sGq

NCIIPC: With more Critical Businesses migrating towards Cloud environment, it is recommended to adopt basic cyber hygiene for Cloud based services. #BeCyberSmart #NCSAM2021 https://t.co/iTmSWiKghx

NCIIPC: #Discourse released Security Advisory for Critical #RCE vulnerability #CVE-2021-41163 in it’s versions 2.7.8 and earlier. Apply patch/necessary workarounds. #Cybersecurity #infosec https://t.co/mbInIpUIKp

NCIIPC: Responsible Vulnerability Disclosure Program (#RVDP) has been a huge success. Thanks to our cyber security professionals and research community. During the National Cyber Security Awareness Month (#NCSAM), NCIIPC duly acknowledges their contributions to build cyber safe nation. https://t.co/0FrJLg8Vhk

NCIIPC: NPM package (ua-parser-js) versions reported to have malicious code. Users of affected versions (0.7.29, 0.8.0, 1.0.0) should upgrade as soon as possible and check their systems for suspicious activity. https://t.co/cn9yUwiAHE

NCIIPC: Nation is celebrating #NCSAM2021. Let's pledge to learn and adopt best cyber hygiene practices to stay protected in cyberspace. Grab an e-copy of #NCIIPC October 2021 Newsletter to stay updated. https://t.co/DGkcbAMJsD https://t.co/D5Rh77otR0

USCERT_gov: Discourse—an open source discussion platform—has released a security advisory to address a critical RCE vulnerability (CVE-2021-41163) in Discourse versions 2.7.8 and earlier. Please patch to versions 2.7.9 or later. https://t.co/VJEoQBi9CV Discourse link https://t.co/CU8VnDLagg

USCERT_gov: 🛑 The cybersecurity information sharing mission is critical to @CISAgov’s success. CISA’s JCDC has openings for experienced communicators who can create and publish alerts and guidance via websites & social media. Apply now! https://t.co/fFUpIXA5Nj https://t.co/EUFwEOBj4Q #Jobs https://t.co/15exWu9b0n

USCERT_gov: 📣 #ICYMI @CISAgov recently released NEW features for the Cyber Career Pathways! Check out https://t.co/U9v33BNEML to compare Tasks and KSAs for multiple work roles to help advance your #cybercareer. #Cybersecurity #InfoSec #Jobs #Careers https://t.co/blnyTUywg4

USCERT_gov: 💻 Incident Responder. Penetration Tester. Research Analyst. Software Engineer. What do these all have in common? They are some of the most in demand, highest-growing cybersecurity jobs! For details on #cybersecurity career pathways, visit https://t.co/irtVziCWvp. #CCAW #Jobs https://t.co/bfuGZafJKg

USCERT_gov: Versions (0.7.29, 0.8.0, and 1.0.0 ) of a popular NPM package named ua-parser-js was found to contain malicious code. Please update to the patched versions (0.7.30, 0.8.1, 1.0.1). More in our alert: https://t.co/BZlGSweb2d GitHub advisory: https://t.co/UmFhFpKNt8

ICSCERT: ⚕️ @CISAgov issued public medical advisory ICSMA-21-294-01 B. Braun Infusomat Space Large Volume Pump to the ICS webpage: https://t.co/kuEKrtDMG1 #ICS #cybersecurity #infosec #healthcare

ICSCERT: .@CISAgov issued public advisory ICSA-21-294-01 ICONICS GENESIS64 and Mitsubishi Electric MC Works64 to the ICS webpage: https://t.co/2jiEnGdFRH #ICS #cybersecurity #infosec #automation #software #SCADA #visualization

ICSCERT: ☁️ @CISAgov issued public advisory ICSA-21-294-02 Delta Electronics DIALink to the ICS webpage: https://t.co/8s7jGUmcqC #ICS #cybersecurity #infosec #ICS #IoT #data

ICSCERT: .@CISAgov issued public advisory ICSA-21-294-03 ICONICS GENESIS64 and Mitsubishi Electric MC Works64 OPC UA to the ICS webpage: https://t.co/mwJNQUwlXj #ICS #cybersecurity #infosec #automation #software

IndianCERT: National Cyber Security Awareness Month, October 2021 (Do Your Part, #BeCyberSmart) https://t.co/7vrHjG5HgQ https://t.co/yGKc7wSTGx Day 24 Cyber Security Tips “Beware of Skimmers and Social Engineering” #CYBERSECURITYAWARENESS #Digitalindia #NCSAM2021 https://t.co/MYvjgCX9fd

IndianCERT: National Cyber Security Awareness Month, October 2021 (Do Your Part, #BeCyberSmart) https://t.co/7vrHjG5HgQ https://t.co/yGKc7wSTGx Day 24 Cyber Security Tips “Beware of Skimmers and Social Engineering” #CYBERSECURITYAWARENESS #Digitalindia #NCSAM2021 https://t.co/FNjsfUNujE

IndianCERT: National Cyber Security Awareness Month, October 2021 (Do Your Part, #BeCyberSmart) https://t.co/7vrHjG5HgQ https://t.co/yGKc7wSTGx Day 24 Cyber Security Tips “Beware of Skimmers and Social Engineering” #CYBERSECURITYAWARENESS #Digitalindia #NCSAM2021 https://t.co/8ld5mIR8N6

IndianCERT: National Cyber Security Awareness Month, October 2021 (Do Your Part, #BeCyberSmart) https://t.co/7vrHjG5HgQ https://t.co/yGKc7wSTGx Day 23 Cyber Security Tips “Keep an eye on children when they use Internet” #CYBERSECURITYAWARENESS #Digitalindia #NCSAM2021 https://t.co/BDp3sxiRyY

IndianCERT: National Cyber Security Awareness Month, October 2021 (Do Your Part, #BeCyberSmart) https://t.co/7vrHjG5HgQ https://t.co/yGKc7wSTGx Day 23 Cyber Security Tips “Keep an eye on children when they use Internet” #CYBERSECURITYAWARENESS #Digitalindia #NCSAM2021 https://t.co/nV0w0v9idR

circl_lu: @lukOlejnik Enjoy!

AgidCert: Sintesi riepilogativa delle campagne malevole nella settimana del 16 – 22 ottobre 2021 💣 #IoC 468 🪲 #Malware 7 (famiglie) 🪝 #Phishing 13 (brand) 🔗 https://t.co/9jl5Dl0NPr https://t.co/iMDuzNomyC

AgidCert: Secondo monitoraggio dello stato di aggiornamento del protocollo #HTTPS e dei #CMS sui sistemi della PA 📈Lato HTTPS i siti votati come sicuri sono raddoppiati, da 9% a 22%. 📉I siti con CMS aggiornato sono regrediti, da 13,7% a 8,3%. 🔗 https://t.co/qDOltr39kE https://t.co/rIhzAMJQlf

CERTEU: The structured cooperation between @CERTEU & @enisa_eu took a new leap forward! To create more value for the #EU, #CTI analysts from both entities met to strengthen their existing bonds & share knowledge 🙌

CERTEU: Critical Vulnerability in Microsoft Exchange Server (CERT-EU Security Advisory 2021-056) - https://t.co/7tPzJa0D0b

CERTEU: @ecarlesi @GoDaddy @ecarlesi Thank you for your report - Could you please give us more information privately?

CERT_EE: Warning! If you receive an email with the subject "Congratulations ! You've been selected by airBALTIC Loyalty Program" then delete the e-mail. This is a phishing attempt. https://t.co/w84U47vxwL

CERT_EE: Ettevaatust! Täna hommikul on levima hakanud näiliselt airBalticu nimel saadetavad e-kirjad pealkirjaga "Congratulations ! You've been selected by airBALTIC Loyalty Program". Palume e-kirja ignoreerida ja see kustutada. E-kirjas jagatav veebilink suunab õngitsuslehele. https://t.co/JPugQEXSHs

certbr: Use redes sociais distintas para fins específicos. Você pode usar uma rede para amigos e outra para assuntos profissionais. #dicacertbr

certbr: Você tem backup? Qual a última vez que copiou os seus arquivos? Proteja-se de ransomware. #dicacertbr

certbr: Evite disponibilizar em redes sociais, blogs e páginas Web dados sobre o seu computador ou sobre os programas que você utiliza. #dicacertbr

certbr: Sobrescreva os dados do disco rígido antes de vender ou se desfazer do seu computador usado. #dicacertbr

certbr: Reutilize senhas apenas em sites onde o risco envolvido é bastante baixo. #dicacertbr

CERTpy: Comparte esta alerta en tus circulos, entre todos podemos ayudar combatir el phishing! 🤚📢 Cuando recibas estos mensajes, reportalo! Puedes reportarlo a abuse@cert.gov.py o directamente a tu banco! 🗣

CERTpy: 📧⚠️ Cuidado con los correos falsos que parecen ser de bancos nacionales, es Phishing! ✅Verificá siempre la URL o dirección (una sola letra puede hacer la diferencia) 🔎Nunca ingreses datos ni contraseñas en sitios desconocidos 👨‍💻Ante la duda, contactá siempre a tu banco! https://t.co/3hOcVPwcy8

cirtgovjm: Which is your favourite?

cirtgovjm: More careers to choose from. #BeCyberSmart #CybersecurityAwarenessMonth @MSETGovJM @elearningja https://t.co/qIg59ZWg0k

cirtgovjm: More careers to choose from. #BeCyberSmart #CybersecurityAwarenessMonth @MSETGovJM @elearningja https://t.co/6ryRvwy56a

cirtgovjm: Tips when working from home. #BeCyberSmart #CybersecurityAwarenessMonth #csirtamericas #CyberSecurity #cybertips https://t.co/J0DxwI2fdR

cirtgovjm: We are live on Facebook. Tune in to hear the discussion. https://t.co/m0iRymE3Pz https://t.co/i48iEFOlXR

jpcert_en: New Security Alert Regarding Vulnerability (CVE-2021-20837) in Movable Type XMLRPC API ^MT https://t.co/gSr1A2T8Gd

jpcert_en: New Security Alert Regarding Oracle Releases Critical Patch Update, October 2021 ^MT https://t.co/TEWS0cs7bl

jpcert: ソフトウェア等の脆弱性関連情報に関する届出状況[2021年第3四半期(7月~9月)]を公開。IPAとJPCERT/CCは、脆弱性関連情報の届出の受付や脆弱性対策情報の公表に向けた調整などの業務を実施しています。^YK https://t.co/kfcowApS3T https://t.co/SqxW69VFfP

jpcert: Movable TypeのXMLRPC APIにおける脆弱性(CVE-2021-20837)に関する注意喚起を公開。シックス・アパート株式会社の情報を確認し、対象製品の確認と速やかな対策、回避策を適用してください。^YK https://t.co/SQKc6BUmbk

jpcert: 2021年10月Oracle製品のクリティカルパッチアップデートに関する注意喚起を公開。Oracleから複数の製品の修正済みソフトウェアが公開されています。Oracleの情報を確認し、対象製品の確認とアップデートの適用などを検討してください。^YK https://t.co/MGxOvs5VN3

jpcert: JPCERT/CC WEEKLY REPORT 2021-10-20を公開。セキュリティ関連情報は8件。ひとくちメモは、内閣サイバーセキュリティセンター(NISC)が公開したランサムウェア特設ページ「ストップ!ランサムウェア」です。^YK https://t.co/77rWkEeUiq

jpcert: JPCERT/CC Eyes「TSUBAMEレポート Overflow(2021年7~9月)」を公開。本日公開の「インターネット定点観測レポート[2021年7月1日~2021年9月30日]」には記述していない海外に設置しているセンサーの観測動向やその他の活動をまとめて取り上げています。^MM https://t.co/2RAvuZcc7w

NSACyber: @StaySafeOnline We have a repository of advisories, info sheets, tech reports and notices on https://t.co/WmuoBakCz1 and on Twitter, @NSACyber #CyberCareerChat #BeCyberSmart

NSACyber: @StaySafeOnline We recently launched @NSACyber summer internship program, an opportunity for undergraduate, graduate and doctoral students in several fields to experience/contribute to NSA’s mission w/ technical professionals on mission cyber-related problems. #CyberCareerChat #BeCyberSmart https://t.co/LKNzh8ge8a

NSACyber: @StaySafeOnline By participating in events like this to share our commitment and passion for #Cybersecurity! We are also hosting our own event on @NSAGov to discuss careers on 21 Oct. #CyberCareerChat #BeCyberSmart #NSALive

NSACyber: @StaySafeOnline By engaging others by joining cyber-professional groups to promote career opportunities in cybersecurity and mentor others in this field. #CyberCareerChat #BeCyberSmart

CSIRTGOB: El #CSIRTGob, pone a disposición del público un informe semanal con las alertas, vulnerabilidades, reportes, recomendaciones y estadísticas recopiladas del 15 y el 21 de octubre de 2021 #ciberseguridad El documento para descarga, aquí: https://t.co/WlaS9xipjc https://t.co/cW9djxzRjF

CSIRTGOB: 9VSA21-00510-01 #CSIRT alerta de vulnerabilidades en productos #RedHat. Los detalles, aquí: https://t.co/A24epbBctZ Más alertas y vulnerabilidades en https://t.co/BhiHTBKIvv #csirtgob #ciberseguridadparaTI https://t.co/5CV0tV7BGJ

CSIRTGOB: 9VSA21-00509-01 #CSIRT alerta de vulnerabilidades en productos #Cisco. Los detalles, aquí: https://t.co/inaLrz3q2Z Más alertas y vulnerabilidades en https://t.co/BhiHTBKIvv #csirtgob #ciberseguridadparaTI https://t.co/ggUUtXuy5s

CSIRTGOB: Nuestros #ciberconsejos elaborados junto a nuestros amigos de toda América para este #MesdelaCiberseguridad vienen hoy desde Jamaica 🇯🇲😄 https://t.co/ZYaKctZ8W3

CSIRTMalta: The new #OWASP Top 10 has been published and listed in #advisory: https://t.co/lYbKjkv7Oj. Further advisories specific to each risk in the list will be published in the future. #Malta #CyberSecurity https://t.co/X5hA5r0RSF

CSIRTMalta: Multiple #vulnerabilities have been disclosed in Trend Micro Apex One and Apex One as a Service. It is highly advised to apply the patches issued by Trend Micro as soon as possible, as indicated in #advisory: https://t.co/2RAg58laPc #Malta #CyberSecurity https://t.co/F24U4h70SI

NationalCsirtCy: Συμμετοχή της Εθνικής Ομάδας Αντιμετώπισης Ηλεκτρονικών Επιθέσεων, National CSIRT-CY στην Εθνική Διακλαδική Άσκηση Κυβερνοάμυνας «ΠΑΝΟΠΤΗΣ 2021» @hndgspio @NationalGuardCY @DefenceCyprus https://t.co/cJjJcudgVY

NationalCsirtCy: Συμμετοχή της Εθνικής Ομάδας Αντιμετώπισης Ηλεκτρονικών Επιθέσεων, National CSIRT-CY στην Εθνική Διακλαδική Άσκηση Κυβερνοάμυνας «ΠΑΝΟΠΤΗΣ 2021» @hndgspio @NationalGuardCY @DefenceCyprus https://t.co/FlFCJ5bhoP

NationalCsirtCy: Οι #ΗΠΑ 🇺🇸 παρέδωσαν στην Αρχή Ψηφιακής Ασφάλειας της Κύπρου 🇨🇾 ηλεκτρονικούς υπολογιστές και λογισμικό για το εργαστήριο εκπαίδευσης στον #Κυβερνοχώρο του #Cyclops. #usa #cyprus #dsa #csirtcy ⁦@USEmbassyCyprus⁩ ⁦@USAmbCy⁩ ⁦@CyprusMFA⁩ https://t.co/RRCZdKvyV5

csirt_it: #Kubernetes: Rilevata una vulnerabilità in ingress-nginx che potrebbe mettere a rischio la confidenzialità e l’integrità delle comunicazioni Rischio: 🟡 Tipologia: Information Disclosure, Broken Access Control 🔗 https://t.co/WTvFURiOAS ⚠️ Azioni di mitigazione disponibili ⚠️ https://t.co/xuqGZ9liEg

csirt_it: #Cisco: Aggiornamenti di sicurezza sanano molteplici vulnerabilità su vari prodotti Rischio: 🟡 Tipologia: Arbitrary Code Execution 🔗 https://t.co/d3WO2xkosl 🔄 Aggiornamenti disponibili 🔄 https://t.co/gwKwCADGl3

csirt_it: #Google: Nuovo aggiornamento di Chrome per Windows, Mac e Linux corregge 19 vulnerabilità di sicurezza Rischio: 🟠 Tipologia: Arbitrary Code Execution 🔗 https://t.co/1btcNH55OT 🔄 Aggiornamenti disponibili 🔄 https://t.co/yKaiz83aQ7

csirt_it: #Oracle: Sanate 419 vulnerabilità tramite il Critical Patch Update di ottobre Rischio: 🟡 🔗 https://t.co/t8A45mqAd4 ⚠️ Importante aggiornare i sistemi ⚠️ https://t.co/cuzbUZpIPN

BACSIRT: 📅21/10 📣"#Instagram ya permite publicar fotos y videos desde el navegador de una computadora " 🔗https://t.co/Y07c2aawqJ vía @LNTecnologia

BACSIRT: 📅20/10 📣"Wanda Nara, Mauro Icardi, La China Suárez y la difusión de fotos íntimas: el #límite de la hoguera pública" 🔗https://t.co/4DvuSLQBU4 vía @TNTecno

BACSIRT: 📅20/10 📣"El peligroso #virus que atacó a un banco de Ecuador puede llegar acá " 🔗https://t.co/dm98lCgAU8 vía @Infotechnology

BACSIRT: 📅19/10 📣"Hackers se colaron en Tinder para robar US$1.4 millones en #bitcoins" 🔗https://t.co/f3V9jYFFOg vía @TNTecno

BACSIRT: 📅19/10 📣"Un #hacker pasaría hasta 20 años en la cárcel por robar y vender fotos de mujeres desnudas " 🔗https://t.co/FaFK44ZcXB vía @TNTecno

AusCERT: We would like to take this opportunity to thank our Members for your continued support and share with you the following snapshot of our services stats for Quarter 3 2021. https://t.co/NzpPJ0zZLF https://t.co/DEg4oKIdPi

AusCERT: AusCERT Week In Review 22 October https://t.co/iIDd4otUyg #Cyber #Security #CyberSecurity #WeekInReview #AusCERT https://t.co/VMHbDr0j0r

AusCERT: Thanks for the shout out and support @cheryanne! https://t.co/EdlcVMch72

BruneiCERT: Next week we'll talk about the dangers of allowing apps to access your files and media followed by who is watching your webcam? 📻 Tune in to Cyber Safe with BruCERT on Pilihan FM #Brunei #BruCERT #SecureVerifyConnect #PilihanFM https://t.co/lXCFeHmvRl

BruneiCERT: If you have set up a profile for your child on Netflix, setting Maturity Ratings on their profile will allow them to view age-appropriate shows safely. #Brunei #BruCERT #SecureVerifyConnect #Netflix https://t.co/h2acSGY9YH

CyberGovAU: The ACSC’s Jess Hunter will help tackle the hypothetical question “Under siege: Are we ready for a cyber attack on Australia’s hospital system?” as part of @AustCyber’s #AUCyberWeek2021 virtual event https://t.co/wamJJRXRXU https://t.co/wJjISWS06T

CyberGovAU: It may be the final week of Cyber Security Awareness Month, but you should always put #cybersecurityfirst. Head to our Facebook and LinkedIn to read another real case: a ransomware success story. https://t.co/o1S10CHeND

CyberGovAU: There are myriad ways you can stay up to date with cyber threats and the information you need to protect yourself and your family online. You can become an ACSC partner, subscribe to our alert service or download tailored cyber security guides at https://t.co/Xm3ahr2Teq https://t.co/E2afNPhPS9

CyberGovAU: The ACSC's Critical Infrastructure Survey closes this week. Make sure to provide your opinion to help guide and inform strategic threat and cyber security product development. To complete the survey go to https://t.co/aULcZ6sZgE https://t.co/YHlfAdCXX6

CyberGovAU: Don't get bitten by these bugs! Updating your device can protect you from software 'bugs' (coding errors or vulnerabilities) that hackers use to access your files. Learn here https://t.co/PrkhfO0cN7 https://t.co/EzO4780XcG

CERTAzerbaijan: Elektron poçtdan təhlükəsiz istifadə qaydakarı #KiberSmartOl #BeCyberSmart #CyberSmartAze https://t.co/Rned4tUOjl

CERTAzerbaijan: Kiber Təhlükənin fərqində olun və sosial şəbəkə hesablarınızın təhlükəsizliyini qoruyun! #KiberSmartOl #BeCyberSmart #CyberSmartAZE https://t.co/gPpWnnNgpK

certlv: Sadarbībā ar @GEANTnews kiberdrošības mēneša ietvaros aicinām pievērst uzmanību savu tīklu drošībai! 🛡️ #CyberHeroAtHome #CyberSecMonth https://t.co/ADdE0taRuo

certlv: ‼ Krāpnieki cenšās pārņemt WhatsApp kontus. Tiek lūgts pārsūtīt kļūdas pēc nosūtītu sešciparu kodu. Kodu nepārsūtam! Uzstādam savam kontam 2 faktoru autentifikāciju Settings ->Account -> Two-step verification. Ja konts pārņemts, sekojam instrukcijām: https://t.co/uzq65Kaazj https://t.co/Zc8wr048IR

csirtmu: KYPO Cyber Range Platform is the winner in the ‘Disruptive Tech’ category of the @InnoRadarEU Prize 2021! ✌️ KYPO is closely connected to our team because we formed its idea and launched the first KYPO projects, so our joy is doubled 😊 https://t.co/2XYvgR7hXB

csirtmu: The Final, Firm Submission Deadline for the Technical and Experience Sessions has been extended to November 1, 2021. So you can submit your papers on network and service management and #security for ten more days!✍️ https://t.co/ytkRMdGXQj

CSIRT_Telconet: ¡Múltiples vulnerabilidades en distintas versiones de Drupal! https://t.co/ncOlVcp7Ea #Actualizar #CMS #Cybersecurity #Drupal #OpenSource https://t.co/Ej2Blzl94j

CSIRT_Telconet: Vulnerabilidad crítica en plugin ProfilePress de WordPress https://t.co/CE8wSw0dx4 #actualización #Actualizar #PluginWordpress #security

CSIRT_Telconet: Vulnerabilidad en periodo de prueba de WINRAR (CVE-2021-35052) https://t.co/rm6LSphCiG #Actualizar #Cybersecurity #infosec #SeguridadInformática https://t.co/nJanHMrVSs

CSIRT_Telconet: Múltiples vulnerabilidades en productos Cisco https://t.co/biYssmsfuS #Actualizar #cisco #Cybersecurity #infosec #Vulnerabilidad https://t.co/yd4cz7aPtz

CSIRT_Telconet: AnyDesk: ¡Escalamiento de privilegios de usuario local! https://t.co/TaQz91ThWV #Actualizar #AnyDesk #Local #Privilegios #CyberSecurity #infosec https://t.co/CzvSMtpxdn

CERTGIB: Multibrand #phishing on a breached Nepal campus website. hXXps://mssmc[.]edu[.]np/Microsoft/FBG/ Data sent to: office.php, microsoft.php and webmail.php respectively Artifact in the Outlook (Microsoft) page: resultborx@gmail.com @dotinepal @nepalcert #CERT_GIB #GroupIB https://t.co/w39bOeQMEL

CSIRTCV: Hoy a las 10:30 en #VLCStartupMarket, CSIRT-CV impartirá la ponencia: "La #ciberseguridad no es cosa de magia". Más información: https://t.co/UBpwlGB1lW @valenciactiva_ @Startup_VLC @AjuntamentVLC https://t.co/PzkpOPcvOS

CSIRTCV: No te pierdas nuestra ponencia: "#Ciberseguridad en startups" a las 10:05 en #VLCStartupMarket Más información: https://t.co/m0Zs9lF0Nw @valenciactiva_ @Startup_VLC @AjuntamentVLC https://t.co/FEUGWE2kGs

CSIRTCV: Hoy a las 17:00 en #VLCStartupMarket, CSIRT-CV impartirá la ponencia: "La #ciberseguridad no es cosa de magia". Más información: https://t.co/UBpwlGjpXm @valenciactiva_ @Startup_VLC @AjuntamentVLC https://t.co/Oi5hvtiUH0

fbgwls245: .WhiteHorse #Ransomware A43EE303F6E4E6870036DAD6666CBBD0 https://t.co/0EtEjh9n30

fbgwls245: #Zeppelin #Ransomware F818938B987236CDD41195796B4C1FB5 https://t.co/IjNTAeNpIV

fbgwls245: .steriok #Thanos #Ransomware B0C615C0A4F485B2030D6E1AB98375F0 Cc: @demonslay335 @Amigo_A_ https://t.co/6WSi3PtmKh

coveware: When a business, government agency or any other organization gets hit by #ransomware and opts to pay a ransom to its attacker in exchange for a decryption key or some other promise, on average it pays $140,000. https://t.co/peLgKpT32p #cybercrime #databreach

coveware: In its early days, #ransomware hinged on a spray-and-pray scheme in which its operators pumped out as many phishing emails as possible and didn’t care who got on the hook – individuals or organizations. Read how the #cyberthreat landscape has changed: https://t.co/D32RRgMaJE

coveware: Coveware's Q3 Ransomware Report is OUT! This quarter we discuss ways to attack the economics of ransomware cyber extortion and go deep on MITRE ATT&CK TTPs observed during Q3 ransomware attacks. https://t.co/jgtjrRYJBj #ransomware #CybersecurityAwarenessMonth https://t.co/7ltglQpxZY

coveware: Notorious #ransomware hacker group, REvil, got a taste of its own medicine after its payment portal and data leak blog was hacked recently. https://t.co/cCSgNcvmLx #cybercriminals #Hacking

Amigo_A_: @SegaccioFM @albertzsigovits @demonslay335 @VK_Intel @f0wlsec @BleepinComputer @malwrhunterteam @siri_urz @James_inthe_box Only in some cases can files be decrypted. Write to Michael. https://t.co/MZEikqE7dJ

Amigo_A_: @fbgwls245 a new BigBossHorse Ransomware variant https://t.co/q8CPRLFj1r 🐎

Amigo_A_: A new article in Digest #UkrainianBug #Ransomware (fake-encryptor). Files are only renamed. https://t.co/udfXxhpJuH Extension: .bugs Ransom notes in Ukrainian: 1ВАЖЛИВА ІНФОРМАЦІЯ!!!.txt 2ВАЖЛИВА ІНФОРМАЦІЯ!!!.txt Thanks to @demonslay335 https://t.co/qXCf2gVpfB

Amigo_A_: A new article in Digest #CryptoJoker 2021 #Ransomware https://t.co/skDptAVVFN Extension: .encrypted Full: .partially.[encrypter@tuta.io].encrypted R/n: how to decrypt my files.txt Email: encrypter@tuta.io Support Topic for getting a decryptor: https://t.co/8HBlmVleUX https://t.co/3iPbqH5WMq

CryptoInsane: Colibri Loader 2021 🐛 CosaNostra : "Go Fuck yourself :v" 😂😘 https://t.co/tnNCEVcA6U

CryptoInsane: @GossiTheDog RAMP forum affiliate (Ex-administrator)

CryptoInsane: USA and Italy under ransomware attack? 🤨🇺🇸🇮🇹🕵️👾🖥️🔐 https://t.co/ovd7Uq3kPc

CryptoInsane: 😘😘😘 https://t.co/4LzlUZtIKa

CryptoInsane: Here we go again! - WELCOME TO 54BB47h! - Ransomware 🕵️👾🖥️🔐 54BB47h ADMIN PORTAL LOGIN 😂😘 https://t.co/An8z8IRJnI

demonslay335: @vinopaljiri @Avast Mind mentioning what variant? Just hoping it isn't another BitDefender situation...

demonslay335: @BleepinComputer @billtoulas https://t.co/sBd2W7x1ia

siri_urz: .BronyaHaxxor #Ransomware 73E648B2A4B5694BE7FE6A0384E911C4 C:\Users\mikoj\OneDrive\Documents\Visual Studio Project\Archuskha_Ransomware_tester\Archuskha_Ransomware_tester\obj\Debug\Ransomware TESTER.pdb https://t.co/8qh4LJrEHu

siri_urz: .foxxy #Ransomware 3A993D38CA545C2B45BBB49DFB3DC246 C:\Users\Sou_1\Downloads\EncrypterPOC-main\EncrypterPOC-main\WindowsFormsApp1\obj\Release\Foxxy.png.pdb https://t.co/veTJHZKPip

darktracer_int: [ALERT] Moses Staff gang has announced "Ministry Of Defense (Israel)" on the victim list. https://t.co/edVGjKp1eM

darktracer_int: Conti ransomware gang announced their opinion on REvil gang. https://t.co/MyY2xvdaVa https://t.co/N6oJFEWSxZ

darktracer_int: Conti ransomware gang, “ANNOUNCEMENT. REVILIVES.” https://t.co/xWggJooNZO

darktracer_int: [Darkweb Ransomware Monitoring for FREE] More than 3,500 organizations have suffered damage from internal data leaking into the darkweb by ransomware gangs. Sign up FREE and sign in https://t.co/HQNGazyfD9 https://t.co/8HS5tOcvy7

darktracer_int: [ALERT] Moses Staff gang has announced "Epsilor (Military batteries and chargers)" on the victim list. https://t.co/USL7WopphV

----Vulners.com High Sev. Last 3 Days----

CVSS: 9.3 'Lone Wolf' Hacker Group Targeting Afghanistan and India with Commodity RATs

CVSS: 6.8 firefox security update

CVSS: 6.8 thunderbird security update

CVSS: 6.9 Linux kernel vulnerabilities

CVSS: 6.9 Linux kernel vulnerabilities

----NVD Last 3 Days----

CVE#: CVE-2021-42258 Published Date: 2021-10-22 CVSS: NO CVSS Description: BQE BillQuick Web Suite 2018 through 2021 before 22.0.9.1 allows SQL injection for unauthenticated remote code execution, as exploited in the wild in October 2021 for ransomware installation. SQL injection can, for example, use the txtID (aka username) parameter. Successful exploitation can include the ability to execute arbitrary code as MSSQLSERVER$ via xp_cmdshell.

CVE#: CVE-2020-36502 Published Date: 2021-10-22 CVSS: NO CVSS Description: Swift File Transfer Mobile v1.1.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the devicename parameter which allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered as the device name itself.

CVE#: CVE-2020-36501 Published Date: 2021-10-22 CVSS: NO CVSS Description: Multiple cross-site scripting (XSS) vulnerabilities in the Support module of SugarCRM v6.5.18 allows attackers to execute arbitrary web scripts or HTML via crafted payloads entered into the primary address state or alternate address state input fields.

CVE#: CVE-2020-36499 Published Date: 2021-10-22 CVSS: NO CVSS Description: TAO Open Source Assessment Platform v3.3.0 RC02 was discovered to contain a cross-site scripting (XSS) vulnerability in the content parameter of the Rubric Block (Add) module. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the rubric name value.

CVE#: CVE-2020-36498 Published Date: 2021-10-22 CVSS: NO CVSS Description: Macrob7 Macs Framework Content Management System - 1.14f contains a cross-site scripting (XSS) vulnerability in the account reset function, which allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the e-mail input field.

CVE#: CVE-2020-36497 Published Date: 2021-10-22 CVSS: NO CVSS Description: DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component makehtml_homepage.php via the `filename`, `mid`, `userid`, and `templet' parameters.

CVE#: CVE-2020-36496 Published Date: 2021-10-22 CVSS: NO CVSS Description: DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component sys_admin_user_edit.php via the `filename`, `mid`, `userid`, and `templet' parameters.

CVE#: CVE-2020-36495 Published Date: 2021-10-22 CVSS: NO CVSS Description: DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component file_manage_view.php via the `filename`, `mid`, `userid`, and `templet' parameters.

CVE#: CVE-2020-36494 Published Date: 2021-10-22 CVSS: NO CVSS Description: DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component mychannel_edit.php via the `filename`, `mid`, `userid`, and `templet' parameters.

CVE#: CVE-2020-36493 Published Date: 2021-10-22 CVSS: NO CVSS Description: DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component media_main.php via the `activepath`, `keyword`, `tag`, `fmdo=x&filename`, `CKEditor` and `CKEditorFuncNum` parameters.

CVE#: CVE-2020-36492 Published Date: 2021-10-22 CVSS: NO CVSS Description: DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component select_media.php via the `activepath`, `keyword`, `tag`, `fmdo=x&filename`, `CKEditor` and `CKEditorFuncNum` parameters.

CVE#: CVE-2020-36491 Published Date: 2021-10-22 CVSS: NO CVSS Description: DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component tags_main.php via the `activepath`, `keyword`, `tag`, `fmdo=x&filename`, `CKEditor` and `CKEditorFuncNum` parameters.

CVE#: CVE-2020-36490 Published Date: 2021-10-22 CVSS: NO CVSS Description: DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component file_manage_view.php via the `activepath`, `keyword`, `tag`, `fmdo=x&filename`, `CKEditor` and `CKEditorFuncNum` parameters.

CVE#: CVE-2020-36489 Published Date: 2021-10-22 CVSS: NO CVSS Description: Dropouts Technologies LLP Air Share v1.2 was discovered to contain a cross-site scripting (XSS) vulnerability in the devicename parameter. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the devicename information.

CVE#: CVE-2020-36488 Published Date: 2021-10-22 CVSS: NO CVSS Description: An issue in the FTP server of Sky File v2.1.0 allows attackers to perform directory traversal via `/null//` path commands.

CVE#: CVE-2020-36486 Published Date: 2021-10-22 CVSS: NO CVSS Description: Swift File Transfer Mobile v1.1.2 and below was discovered to contain a cross-site scripting (XSS) vulnerability via the 'path' parameter of the 'list' and 'download' exception-handling.

CVE#: CVE-2020-36485 Published Date: 2021-10-22 CVSS: NO CVSS Description: Portable Ltd Playable v9.18 was discovered to contain an arbitrary file upload vulnerability in the filename parameter of the upload module. This vulnerability allows attackers to execute arbitrary code via a crafted JPEG file.

CVE#: CVE-2020-28969 Published Date: 2021-10-22 CVSS: NO CVSS Description: Aplioxio PDF ShapingUp 5.0.0.139 contains a buffer overflow which allows attackers to cause a denial of service (DoS) via a crafted PDF file.

CVE#: CVE-2020-28968 Published Date: 2021-10-22 CVSS: NO CVSS Description: Draytek VigorAP 1000C contains a stored cross-site scripting (XSS) vulnerability in the RADIUS Setting - RADIUS Server Configuration module. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the username input field.

CVE#: CVE-2020-28967 Published Date: 2021-10-22 CVSS: NO CVSS Description: FlashGet v1.9.6 was discovered to contain a buffer overflow in the 'current path directory' function. This vulnerability allows attackers to elevate local process privileges via overwriting the registers.

CVE#: CVE-2020-28964 Published Date: 2021-10-22 CVSS: NO CVSS Description: Internet Download Manager 6.37.11.1 was discovered to contain a stack buffer overflow in the Search function. This vulnerability allows attackers to escalate local process privileges via unspecified vectors.

CVE#: CVE-2020-28963 Published Date: 2021-10-22 CVSS: NO CVSS Description: Passcovery Co. Ltd ZIP Password Recovery v3.70.69.0 was discovered to contain a buffer overflow via the decompress function.

CVE#: CVE-2020-28961 Published Date: 2021-10-22 CVSS: NO CVSS Description: Perfex CRM v2.4.4 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the component ./clients/client via the company name parameter.

CVE#: CVE-2020-28960 Published Date: 2021-10-22 CVSS: NO CVSS Description: Chichen Tech CMS v1.0 was discovered to contain multiple SQL injection vulnerabilities in the file product_list.php via the id and cid parameters.

CVE#: CVE-2020-28957 Published Date: 2021-10-22 CVSS: NO CVSS Description: Multiple cross-site scripting (XSS) vulnerabilities in the Customer Add module of Foxlor v0.10.16 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the name, firstname, or username input fields.

CVE#: CVE-2020-28956 Published Date: 2021-10-22 CVSS: NO CVSS Description: Multiple cross-site scripting (XSS) vulnerabilities in the Sales module of SugarCRM v6.5.18 allows attackers to execute arbitrary web scripts or HTML via crafted payloads entered into the primary address state or alternate address state input fields.

CVE#: CVE-2020-28955 Published Date: 2021-10-22 CVSS: NO CVSS Description: SugarCRM v6.5.18 was discovered to contain a cross-site scripting (XSS) vulnerability in the Create Employee module. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the First Name or Last Name input fields.

CVE#: CVE-2020-23061 Published Date: 2021-10-22 CVSS: NO CVSS Description: Dropouts Technologies LLP Super Backup v2.0.5 was discovered to contain an issue in the path parameter of the `list` and `download` module which allows attackers to perform a directory traversal via a change to the path variable to request the local list command.

CVE#: CVE-2020-23060 Published Date: 2021-10-22 CVSS: NO CVSS Description: Internet Download Manager 6.37.11.1 was discovered to contain a stack buffer overflow in the Export/Import function. This vulnerability allows attackers to escalate local process privileges via a crafted ef2 file.

CVE#: CVE-2020-23058 Published Date: 2021-10-22 CVSS: NO CVSS Description: An issue in the authentication mechanism in Nong Ge File Explorer v1.4 unauthenticated allows to access sensitive data.

CVE#: CVE-2020-23055 Published Date: 2021-10-22 CVSS: NO CVSS Description: ANCOM WLAN Controller (Wireless Series & Hotspot) WLC-1000 & WLC-4006 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the /authen/start/ module via the userid and password parameters.

CVE#: CVE-2020-23054 Published Date: 2021-10-22 CVSS: NO CVSS Description: A cross-site scripting (XSS) vulnerability in NSK User Agent String Switcher Service v0.3.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the user agent input field.

CVE#: CVE-2020-23052 Published Date: 2021-10-22 CVSS: NO CVSS Description: Catalyst IT Ltd Mahara CMS v19.10.2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component groupfiles.php via the Number (Nombre) and Description (Descripción) parameters.

CVE#: CVE-2020-23051 Published Date: 2021-10-22 CVSS: NO CVSS Description: Phpgurukul User Registration & User Management System v2.0 was discovered to contain multiple stored cross-site scripting (XSS) vulnerabilities via the firstname and lastname parameters of the registration form & loginsystem input fields.

CVE#: CVE-2020-23050 Published Date: 2021-10-22 CVSS: NO CVSS Description: TAO Open Source Assessment Platform v3.3.0 RC02 was discovered to contain a HTML injection vulnerability in the userFirstName parameter of the user account input field. This vulnerability allows attackers to execute phishing attacks, external redirects, and arbitrary code.

CVE#: CVE-2020-23049 Published Date: 2021-10-22 CVSS: NO CVSS Description: Fork CMS Content Management System v5.8.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the `Displayname` field when using the `Add`, `Edit` or `Register' functions. This vulnerability allows attackers to execute arbitrary web scripts or HTML.

CVE#: CVE-2020-23048 Published Date: 2021-10-22 CVSS: NO CVSS Description: SeedDMS Content Management System v6.0.7 contains a persistent cross-site scripting (XSS) vulnerability in the component AddEvent.php via the name and comment parameters.

CVE#: CVE-2020-23047 Published Date: 2021-10-22 CVSS: NO CVSS Description: Macrob7 Macs Framework Content Management System - 1.14f was discovered to contain a cross-site scripting (XSS) vulnerability in the search input field of the search module.

CVE#: CVE-2020-23046 Published Date: 2021-10-22 CVSS: NO CVSS Description: DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component tpl.php via the `filename`, `mid`, `userid`, and `templet' parameters.

CVE#: CVE-2020-23045 Published Date: 2021-10-22 CVSS: NO CVSS Description: Macrob7 Macs Framework Content Management System - 1.14f was discovered to contain a SQL injection vulnerability via the 'roleId' parameter of the `editRole` and `deletUser` modules.

CVE#: CVE-2020-23044 Published Date: 2021-10-22 CVSS: NO CVSS Description: DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component file_pic_view.php via the `activepath`, `keyword`, `tag`, `fmdo=x&filename`, `CKEditor` and `CKEditorFuncNum` parameters.

CVE#: CVE-2020-23043 Published Date: 2021-10-22 CVSS: NO CVSS Description: Tran Tu Air Sender v1.0.2 was discovered to contain an arbitrary file upload vulnerability in the upload module. This vulnerability allows attackers to execute arbitrary code via a crafted file.

CVE#: CVE-2020-23042 Published Date: 2021-10-22 CVSS: NO CVSS Description: Dropouts Technologies LLP Super Backup v2.0.5 was discovered to contain a cross-site scripting (XSS) vulnerability in the path parameter of the `list` and `download` module. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted GET request.

CVE#: CVE-2020-23041 Published Date: 2021-10-22 CVSS: NO CVSS Description: Dropouts Technologies LLP Air Share v1.2 was discovered to contain a cross-site scripting (XSS) vulnerability in the path parameter of the `list` and `download` exception-handling. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted GET request.

CVE#: CVE-2020-23040 Published Date: 2021-10-22 CVSS: NO CVSS Description: Sky File v2.1.0 contains a directory traversal vulnerability in the FTP server which allows attackers to access sensitive data and files via 'null' path commands.

CVE#: CVE-2020-23039 Published Date: 2021-10-22 CVSS: NO CVSS Description: Folder Lock v3.4.5 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Create Folder function under the 'create' module. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload as a path or folder name.

CVE#: CVE-2020-23038 Published Date: 2021-10-22 CVSS: NO CVSS Description: Swift File Transfer Mobile v1.1.2 and below was discovered to contain an information disclosure vulnerability in the path parameter. This vulnerability is exploited via an error caused by including non-existent path environment variables.

CVE#: CVE-2020-23037 Published Date: 2021-10-22 CVSS: NO CVSS Description: Portable Ltd Playable v9.18 contains a code injection vulnerability in the filename parameter, which allows attackers to execute arbitrary web scripts or HTML via a crafted POST request.

CVE#: CVE-2020-23036 Published Date: 2021-10-22 CVSS: NO CVSS Description: MEDIA NAVI Inc SMACom v1.2 was discovered to contain an insecure session validation vulnerability in the session handling of the `password` authentication parameter of the wifi photo transfer module. This vulnerability allows attackers with network access privileges or on public wifi networks to read the authentication credentials and follow-up requests containing the user password via a man in the middle attack.

CVE#: CVE-2021-42840 Published Date: 2021-10-22 CVSS: NO CVSS Description: SuiteCRM before 7.11.19 allows remote code execution via the system settings Log File Name setting. In certain circumstances involving admin account takeover, logger_file_name can refer to an attacker-controlled PHP file under the web root, because only the all-lowercase PHP file extensions were blocked. NOTE: this issue exists because of an incomplete fix for CVE-2020-28328.

CVE#: CVE-2021-42556 Published Date: 2021-10-22 CVSS: NO CVSS Description: Rasa X before 0.42.4 allows Directory Traversal during archive extraction. In the functionality that allows a user to load a trained model archive, an attacker has arbitrary write capability within specific directories via a crafted archive file.

CVE#: CVE-2021-41171 Published Date: 2021-10-22 CVSS: 3.6 Description: eLabFTW is an open source electronic lab notebook manager for research teams. In versions of eLabFTW before 4.1.0, it allows attackers to bypass a brute-force protection mechanism by using many different forged PHPSESSID values in HTTP Cookie header. This issue has been addressed by implementing brute force login protection, as recommended by Owasp with Device Cookies. This mechanism will not impact users and will effectively thwart any brute-force attempts at guessing passwords. The only correct way to address this is to upgrade to version 4.1.0. Adding rate limitation upstream of the eLabFTW service is of course a valid option, with or without upgrading.

CVE#: CVE-2021-29835 Published Date: 2021-10-22 CVSS: NO CVSS Description: IBM Business Automation Workflow 18.0, 19.0, 20.0, and 21.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 204833.

CVE#: CVE-2021-42836 Published Date: 2021-10-22 CVSS: NO CVSS Description: GJSON before 1.9.3 allows a ReDoS (regular expression denial of service) attack.

CVE#: CVE-2021-42542 Published Date: 2021-10-22 CVSS: NO CVSS Description: The affected product is vulnerable to directory traversal due to mishandling of provided backup folder structure.

CVE#: CVE-2021-42540 Published Date: 2021-10-22 CVSS: NO CVSS Description: The affected product is vulnerable to a unsanitized extract folder for system configuration. A low-privileged user can leverage this logic to overwrite the settings and other key functionality.

CVE#: CVE-2021-42539 Published Date: 2021-10-22 CVSS: NO CVSS Description: The affected product is vulnerable to a missing permission validation on system backup restore, which could lead to account take over and unapproved settings change.

CVE#: CVE-2021-42538 Published Date: 2021-10-22 CVSS: NO CVSS Description: The affected product is vulnerable to a parameter injection via passphrase, which enables the attacker to supply uncontrolled input.

CVE#: CVE-2021-42536 Published Date: 2021-10-22 CVSS: NO CVSS Description: The affected product is vulnerable to a disclosure of peer username and password by allowing all users access to read global variables.

CVE#: CVE-2021-42534 Published Date: 2021-10-22 CVSS: NO CVSS Description: The affected product’s web application does not properly neutralize the input during webpage generation, which could allow an attacker to inject code in the input forms.

CVE#: CVE-2021-42169 Published Date: 2021-10-22 CVSS: NO CVSS Description: The Simple Payroll System with Dynamic Tax Bracket in PHP using SQLite Free Source Code (by: oretnom23 ) is vulnerable from remote SQL-Injection-Bypass-Authentication for the admin account. The parameter (username) from the login form is not protected correctly and there is no security and escaping from malicious payloads.

CVE#: CVE-2021-38485 Published Date: 2021-10-22 CVSS: NO CVSS Description: The affected product is vulnerable to improper input validation in the restore file. This enables an attacker to provide malicious config files to replace any file on disk.

CVE#: CVE-2021-30359 Published Date: 2021-10-22 CVSS: NO CVSS Description: The Harmony Browse and the SandBlast Agent for Browsers installers must have admin privileges to execute some steps during the installation. Because the MS Installer allows regular users to repair their installation, an attacker running an installer before 90.08.7405 can start the installation repair and place a specially crafted binary in the repair folder, which runs with the admin privileges.

CVE#: CVE-2021-0870 Published Date: 2021-10-22 CVSS: NO CVSS Description: In RW_SetActivatedTagType of rw_main.cc, there is possible memory corruption due to a race condition. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-192472262

CVE#: CVE-2021-0708 Published Date: 2021-10-22 CVSS: NO CVSS Description: In runDumpHeap of ActivityManagerShellCommand.java, there is a possible deletion of system files due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-183262161

CVE#: CVE-2021-0706 Published Date: 2021-10-22 CVSS: NO CVSS Description: In startListening of PluginManagerImpl.java, there is a possible way to disable arbitrary app components due to a missing permission check. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-193444889

CVE#: CVE-2021-0705 Published Date: 2021-10-22 CVSS: NO CVSS Description: In sanitizeSbn of NotificationManagerService.java, there is a possible way to keep service running in foreground and keep granted permissions due to Bypass of Background Service Restrictions. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-10Android ID: A-185388103

CVE#: CVE-2021-0703 Published Date: 2021-10-22 CVSS: NO CVSS Description: In SecondStageMain of init.cpp, there is a possible use after free due to incorrect shared_ptr usage. This could lead to local escalation of privilege if the attacker has physical access to the device, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-184569329

CVE#: CVE-2021-0702 Published Date: 2021-10-22 CVSS: NO CVSS Description: In RevertActiveSessions of apexd.cpp, there is a possible way to share the wrong file due to an unintentional MediaStore downgrade. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-193932765

CVE#: CVE-2021-0652 Published Date: 2021-10-22 CVSS: NO CVSS Description: In VectorDrawable::VectorDrawable of VectorDrawable.java, there is a possible way to introduce a memory corruption due to sharing of not thread-safe objects. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-185178568

CVE#: CVE-2021-0651 Published Date: 2021-10-22 CVSS: NO CVSS Description: In loadLabel of PackageItemInfo.java, there is a possible way to DoS a device by having a long label in an app due to incorrect input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-9 Android-10Android ID: A-67013844

CVE#: CVE-2021-0643 Published Date: 2021-10-22 CVSS: NO CVSS Description: In getAllSubInfoList of SubscriptionController.java, there is a possible way to retrieve a long term identifier without the correct permissions due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-10Android ID: A-183612370

CVE#: CVE-2021-0483 Published Date: 2021-10-22 CVSS: NO CVSS Description: In multiple methods of AAudioService, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-153358911

CVE#: CVE-2021-41747 Published Date: 2021-10-22 CVSS: NO CVSS Description: Cross-Site Scripting (XSS) vulnerability exists in Csdn APP 4.10.0, which can be exploited by attackers to obtain sensitive information such as user cookies.

CVE#: CVE-2021-41745 Published Date: 2021-10-22 CVSS: NO CVSS Description: ShowDoc 2.8.3 ihas a file upload vulnerability, where attackers can use the vulnerability to obtain server permissions.

CVE#: CVE-2021-41744 Published Date: 2021-10-22 CVSS: NO CVSS Description: All versions of yongyou PLM are affected by a command injection issue. UFIDA PLM (Product Life Cycle Management) is a strategic management method. It applies a series of enterprise application systems to support the entire process from conceptual design to the end of product life, and the collaborative creation, distribution, application and management of product information across organizations. Yonyou PLM uses jboss by default, and you can access the management control background without authorization An attacker can use this vulnerability to gain server permissions.

CVE#: CVE-2021-38481 Published Date: 2021-10-22 CVSS: NO CVSS Description: The scheduler service running on a specific TCP port enables the user to start and stop jobs. There is no sanitation of the supplied JOB ID provided to the function. An attacker may send a malicious payload that can enable the user to execute another SQL expression by sending a specific string.

CVE#: CVE-2021-38479 Published Date: 2021-10-22 CVSS: NO CVSS Description: Many API function codes receive raw pointers remotely from the user and trust these pointers as valid in-bound memory regions. An attacker can manipulate API functions by writing arbitrary data into the resolved address of a raw pointer.

CVE#: CVE-2021-38477 Published Date: 2021-10-22 CVSS: NO CVSS Description: There are multiple API function codes that permit reading and writing data to or from files and directories, which could lead to the manipulation and/or the deletion of files.

CVE#: CVE-2021-38475 Published Date: 2021-10-22 CVSS: NO CVSS Description: The database connection to the server is performed by calling a specific API, which could allow an unprivileged user to gain SYSDBA permissions.

CVE#: CVE-2021-38473 Published Date: 2021-10-22 CVSS: NO CVSS Description: The affected product’s code base doesn’t properly control arguments for specific functions, which could lead to a stack overflow.

CVE#: CVE-2021-38471 Published Date: 2021-10-22 CVSS: NO CVSS Description: There are multiple API function codes that permit data writing to any file, which may allow an attacker to modify existing files or create new files.

CVE#: CVE-2021-38469 Published Date: 2021-10-22 CVSS: NO CVSS Description: Many of the services used by the affected product do not specify full paths for the DLLs they are loading. An attacker can exploit the uncontrolled search path by implanting their own DLL near the affected product’s binaries, thus hijacking the loaded DLL.

CVE#: CVE-2021-38467 Published Date: 2021-10-22 CVSS: NO CVSS Description: A specific function code receives a raw pointer supplied by the user and deallocates this pointer. The user can then control what memory regions will be freed and cause use-after-free condition.

CVE#: CVE-2021-38465 Published Date: 2021-10-22 CVSS: NO CVSS Description: The webinstaller is a Golang web server executable that enables the generation of an Auvesy image agent. Resource consumption can be achieved by generating large amounts of installations, which are then saved without limitation in the temp folder of the webinstaller executable.

CVE#: CVE-2021-38463 Published Date: 2021-10-22 CVSS: NO CVSS Description: The affected product does not properly control the allocation of resources. A user may be able to allocate unlimited memory buffers using API functions.

CVE#: CVE-2021-38461 Published Date: 2021-10-22 CVSS: NO CVSS Description: The affected product uses a hard-coded blowfish key for encryption/decryption processes. The key can be easily extracted from binaries.

CVE#: CVE-2021-38459 Published Date: 2021-10-22 CVSS: NO CVSS Description: The data of a network capture of the initial handshake phase can be used to authenticate at a SYSDBA level. If a specific .exe is not restarted often, it is possible to access the needed handshake packets between admin/client connections. Using the SYSDBA permission, an attacker can change user passwords or delete the database.

CVE#: CVE-2021-38457 Published Date: 2021-10-22 CVSS: NO CVSS Description: The server permits communication without any authentication procedure, allowing the attacker to initiate a session with the server without providing any form of authentication.

CVE#: CVE-2021-38455 Published Date: 2021-10-22 CVSS: NO CVSS Description: The affected product’s OS Service does not verify any given parameter. A user can supply any type of parameter that will be passed to inner calls without checking the type of the parameter or the value.

CVE#: CVE-2021-38453 Published Date: 2021-10-22 CVSS: NO CVSS Description: Some API functions allow interaction with the registry, which includes reading values as well as data modification.

CVE#: CVE-2021-38451 Published Date: 2021-10-22 CVSS: NO CVSS Description: The affected product’s proprietary protocol CSC allows for calling numerous function codes. In order to call those function codes, the user must supply parameters. There is no sanitation on the value of the offset, which allows the client to specify any offset and read out-of-bounds data.

CVE#: CVE-2021-38449 Published Date: 2021-10-22 CVSS: NO CVSS Description: Some API functions permit by-design writing or copying data into a given buffer. Since the client controls these parameters, an attacker could rewrite the memory in any location of the affected product.

CVE#: CVE-2021-36357 Published Date: 2021-10-22 CVSS: NO CVSS Description: An issue was discovered in OpenPOWER 2.6 firmware. unpack_timestamp() calls le32_to_cpu() for endian conversion of a uint16_t "year" value, resulting in a type mismatch that can truncate a higher integer value to a smaller one, and bypass a timestamp check. The fix is to use the right endian conversion function.

CVE#: CVE-2021-35230 Published Date: 2021-10-22 CVSS: NO CVSS Description: As a result of an unquoted service path vulnerability present in the Kiwi CatTools Installation Wizard, a local attacker could gain escalated privileges by inserting an executable into the path of the affected service or uninstall entry.

CVE#: CVE-2021-31682 Published Date: 2021-10-22 CVSS: NO CVSS Description: The login portal for the Automated Logic WebCTRL/WebCTRL OEM web application contains a vulnerability that allows for reflected XSS attacks due to the operatorlocale GET parameter not being sanitized. This issue impacts versions 6.5 and below. This issue works by passing in a basic XSS payload to a vulnerable GET parameter that is reflected in the output without sanitization.

CVE#: CVE-2021-31835 Published Date: 2021-10-22 CVSS: NO CVSS Description: Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO) prior to 5.10 Update 11 allows ePO administrators to inject arbitrary web script or HTML via a specific parameter where the administrator's entries were not correctly sanitized.

CVE#: CVE-2021-31834 Published Date: 2021-10-22 CVSS: NO CVSS Description: Stored Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO) prior to 5.10 Update 11 allows ePO administrators to inject arbitrary web script or HTML via multiple parameters where the administrator's entries were not correctly sanitized.

CVE#: CVE-2021-34362 Published Date: 2021-10-22 CVSS: NO CVSS Description: A command injection vulnerability has been reported to affect QNAP device running Media Streaming add-on. If exploited, this vulnerability allow remote attackers to run arbitrary commands. We have already fixed this vulnerability in the following versions of Media Streaming add-on: QTS 5.0.0: Media Streaming add-on 500.0.0.3 ( 2021/08/20 ) and later QTS 4.5.4: Media Streaming add-on 500.0.0.3 ( 2021/08/20 ) and later QTS 4.3.6: Media Streaming add-on 430.1.8.12 ( 2021/08/20 ) and later QTS 4.3.3: Media Streaming add-on 430.1.8.12 ( 2021/09/29 ) and later QuTS-Hero 5.0.0: Media Streaming add-on 500.0.0.3 ( 2021/08/20 ) and later

----#MALWARE----

techjunkiejh: Got this Flubot #malware warning on your #Android phone? Beware, it's a trap https://t.co/Rix0fBD9lg #CyberSecurity… https://t.co/Mkc7KwaFUI Link with Tweet Link with Tweet

beefyspace: RT @jmdevlabs: Your Router is under attack! https://t.co/MCOZmwzOEw #firewall #cybersecurity #router #hacking #malware #infosec #cyber #vul… Link with Tweet

cybersec_feeds: RT @jmdevlabs: Your Router is under attack! https://t.co/MCOZmwzOEw #firewall #cybersecurity #router #hacking #malware #infosec #cyber #vul… Link with Tweet

CyberIQs_: Is Shooting at a Tesla Ethical? https://t.co/ifYXQP8KLB #infosec #infosecurity #cybersecurity #threatintel… https://t.co/R2CcjFKUut Link with Tweet Link with Tweet

CyberSecurityN8: RT @WebSeal_In: Cyber Security Incidents #CyberSecurity #CISO #Infosec #CIO #Cloud #Edge #5G #IoT #privacy#appsec #mobilesec #infosec #secu…

sectest9: RT @WebSeal_In: Cyber Security Incidents #CyberSecurity #CISO #Infosec #CIO #Cloud #Edge #5G #IoT #privacy#appsec #mobilesec #infosec #secu…

RealCrusader84: RT @ArchinalLee: #CyberSecurity researchers @AuCyble find a piece of #malware that targets #Android OS. The team first found it on #Malware…

ReadTechHere: RT @AhmadBawaneh1: How can we still trust install and use #npm when this happens very often. #javascript #Malware https://t.co/DPYK0PWygW Link with Tweet

ReadTechHere: RT @CyberIQs_: Top 3 Grooming Techniques in Fraud: What to Watch for https://t.co/swGx9QpSWu #infosec #infosecurity #cybersecurity #threati… Link with Tweet

ReadTechHere: RT @CyberIQs_: CISO Interview Series: Investing in Frameworks, Humans, and https://t.co/aWd3NYynW7 #infosec #infosecurity #cybersecurity #t… Link with Tweet

CyberIQs_: CISO Interview Series: Investing in Frameworks, Humans, and https://t.co/aWd3NYynW7 #infosec #infosecurity… https://t.co/zobpB4NRUd Link with Tweet Link with Tweet

GoaiDev: RT @AhmadBawaneh1: How can we still trust install and use #npm when this happens very often. #javascript #Malware https://t.co/DPYK0PWygW Link with Tweet

CyberIQs_: Top 3 Grooming Techniques in Fraud: What to Watch for https://t.co/swGx9QpSWu #infosec #infosecurity #cybersecurity… https://t.co/8NSfoeSI3U Link with Tweet Link with Tweet

AhmadBawaneh1: How can we still trust install and use #npm when this happens very often. #javascript #Malware https://t.co/DPYK0PWygW Link with Tweet

100DaysOf2020: RT @fajarQMEDIAbali: Facebook Scraper v1.0.1.8 Full Activated - Data Extractor Marketing Tool - Discount 100% OFF https://t.co/bYBCikVI60 #… Link with Tweet

----#PHISHING----

mldesk: Hell of a #segue #simple #phish https://t.co/qOpjzjCXVP Link with Tweet

Zero_Sploit: Hahahahaha this is the worst lmfao #phishing https://t.co/Nhu3po9lNs

GuyForgetGhost: Set I: A Wave of Hope(6), YEM(25)> Moma(10), Simple(X) #Phish (8:26pm-XX)

UnitMonster1: Nice! #Simple #Phish #couchtour

GuyForgetGhost: Set I: A Wave of Hope, YEM>Moma, Simple #Phish (8:26pm-XX)

PhishCompanion: Simple has been played 188 times Last played: 2021-10-16 Show gap: 6 First played on: 1994-05-27… https://t.co/RlbaGOCJac Link with Tweet

Infinate_wonder: The vibe is alive and thriving in The Forum🥳🥰🤪⭕️🌈 #phish https://t.co/yn5t4jNHd8

RiddleMeister: First time seeing the boys in 5 years and get a first set YEM. aiiilllllright #phish

JEMPradio: Brett Slater - The Dead Zone 6-22-18 #Phish #CommunityRadio #NowPlaying https://t.co/LPFrNPSY15 Link with Tweet

PhishPhashion: Phish never sold out, but the clothes they wear usually do. Always love to see Cactus in this ‘Vatos racer with m… https://t.co/jQ92i9Re8w Link with Tweet

phootykits: "Life is too short, let's Type II every song we have" - Phish in 2021 #phish #PhishFallTour2021 #phishfromtheroad

mldesk: RT @GuyForgetGhost: That YEM was right on the borderline of 24-25. I went with 25. Depends on where the official cut comes into play. #Phish

KesaGataMe0: #Phishing #SMBC #SMCC #三井住友カード IP:153.122.191.89 (AS 131921 / GMO GlobalSign Holdings K.K. ) hxxps://www.smcb-i… https://t.co/RdirwpxRVd Link with Tweet

Ann__Atomic: What’s up guys, I got here late #phish https://t.co/zuX0HM96Mi

secretcabdriver: YEM was about 24 minutes. #phish

----#OSINT----

beefyspace: RT @cybritexsec: MOSINT - gather information about the target email https://t.co/pzlv7KTXX3 #infosec #cybersecurity #redteam #pentest #pe… Link with Tweet

the404code: RT @cybritexsec: MOSINT - gather information about the target email https://t.co/pzlv7KTXX3 #infosec #cybersecurity #redteam #pentest #pe… Link with Tweet

harrywald80: RT @OSINTtechniques: Bellingcat’s Online Investigation Toolkit. Updated October 11, 2021 https://t.co/Cqd24i92zz #osint Link with Tweet

GoocMzcWEAunJXq: RT @InformNapalm: The Hague tribunal awaits tankmen of #Russian #Army’s 136th Brigade: lists, documents, orders. #OSINT+#HUMINT. https://t.…

r00tkit__: RT @spiderfoot: Our third and final post (or is it?) on #OSINT data sources you should consider for penetration testing, bug bounties, thre…

s3xcur1ty: RT @cyb_detective: Cloudmare Simple tool to find origin servers of websites protected by #Cloudflare, #Sucuri or #Incapsula with a misco…

s3xcur1ty: RT @OSINTtechniques: Bellingcat’s Online Investigation Toolkit. Updated October 11, 2021 https://t.co/Cqd24i92zz #osint Link with Tweet

Din0087: RT @EmbersOfStirn: I figured I would put together some Proj. 877 Kilo sails/kiosks to show the masts and antennas used by different countri…

MSetera: RT @cyb_detective: GoFindWhois More than 180 online tool for domain investigaions in one. What's not to be found here: reverse whois, host…

paramilipic: RT @EmbersOfStirn: I figured I would put together some Proj. 877 Kilo sails/kiosks to show the masts and antennas used by different countri…

maskaryawan: RT @OSINTtechniques: Bellingcat’s Online Investigation Toolkit. Updated October 11, 2021 https://t.co/Cqd24i92zz #osint Link with Tweet

BadgermoleE: RT @vcdgf555: Folks, if you want a good break down of the port congestion situation, the fire on the #ZimKingston and other topics related…

DrXiaoliang: RT @lobsterlarryliu: Satellite via @planet suspected capture PLA naval exercise in the East China Sea #OSINT https://t.co/MERKneyM9l

BenatIartza: RT @allciber: Most Advanced Open Source Intelligence (OSINT) Framework for scanning IP Address, Emails, Websites, Organizations. https://t…

AzuerBot: RT @cybritexsec: MOSINT - gather information about the target email https://t.co/pzlv7KTXX3 #infosec #cybersecurity #redteam #pentest #pe… Link with Tweet

----#THREATINTEL----

CyberIQs_: Is Shooting at a Tesla Ethical? https://t.co/ifYXQP8KLB #infosec #infosecurity #cybersecurity #threatintel… https://t.co/R2CcjFKUut Link with Tweet Link with Tweet

blokdykg: Know which ones you need. 2494 Quick Tips to be a Threat Intelligence Expert: https://t.co/4Me1AsC8AF How does int… https://t.co/IL7DQNARdB Link with Tweet Link with Tweet

Jarruda16: If your #Cybersecurity strategy hasn’t changed since 2020, it’s gone the way of the floppy disk. Stay ahead of the… https://t.co/geO6wkAjMI Link with Tweet

RealCrusader84: RT @ArchinalLee: #CyberSecurity researchers @AuCyble find a piece of #malware that targets #Android OS. The team first found it on #Malware…

ReadTechHere: RT @CyberIQs_: Top 3 Grooming Techniques in Fraud: What to Watch for https://t.co/swGx9QpSWu #infosec #infosecurity #cybersecurity #threati… Link with Tweet

ReadTechHere: RT @CyberIQs_: CISO Interview Series: Investing in Frameworks, Humans, and https://t.co/aWd3NYynW7 #infosec #infosecurity #cybersecurity #t… Link with Tweet

CyberIQs_: CISO Interview Series: Investing in Frameworks, Humans, and https://t.co/aWd3NYynW7 #infosec #infosecurity… https://t.co/zobpB4NRUd Link with Tweet Link with Tweet

CyberIQs_: Top 3 Grooming Techniques in Fraud: What to Watch for https://t.co/swGx9QpSWu #infosec #infosecurity #cybersecurity… https://t.co/8NSfoeSI3U Link with Tweet Link with Tweet

iSecurity: Role of Cybersecurity in today’s Age https://t.co/0IF1OPacR9 #cybersecurity #threatintelligence #trust Link with Tweet

sectest9: RT @CyberIQs_: Data engineers burnout overwhelming, a wake-up call to https://t.co/CRcy7aDlnW #infosec #infosecurity #cybersecurity #threat… Link with Tweet

CyberSecurityN8: RT @CyberIQs_: Data engineers burnout overwhelming, a wake-up call to https://t.co/CRcy7aDlnW #infosec #infosecurity #cybersecurity #threat… Link with Tweet

Ringmaster40: RT @Robert4787: Trump is a pathological egotist with delusions of grandeur and an obsession with power, and is toxic to tens of millions of…

CyberIQs_: Data engineers burnout overwhelming, a wake-up call to https://t.co/CRcy7aDlnW #infosec #infosecurity… https://t.co/YAvYCgSdBE Link with Tweet Link with Tweet

CyberIQs_: Security leaders facing challenges in managing and securing https://t.co/FVgk9nUg4n #infosec #infosecurity… https://t.co/yft7Az0Cwe Link with Tweet Link with Tweet

KalemaChris: RT @CyberIQs_: Daum Phishing E-mails Disguised as ‘Purchase Order’ being Dis https://t.co/UdpHVet8xJ #infosec #infosecurity #cybersecurity… Link with Tweet

----#RANSOMWARE----

TommyBrownIII1: RT @CyberSecDN: Report: REvil #ransomware group was forced offline https://t.co/if7FTAOBzX #CyberSecurity #InfoSec #SCMagazine Link with Tweet

TommyBrownIII1: RT @CyberSecDN: Many Canadian firms knuckle under to #ransomware demands, survey suggests | https://t.co/xzsifyFs1L https://t.co/r5CIcZ7gGE… Link with Tweet Link with Tweet

CyberIQs_: Is Shooting at a Tesla Ethical? https://t.co/ifYXQP8KLB #infosec #infosecurity #cybersecurity #threatintel… https://t.co/R2CcjFKUut Link with Tweet Link with Tweet

vishne0: RT @CsuiteTechPoint: Ransomware attacks may continue to make substantial amounts of money for threat actors. As per @Accenture's assessment…

CyberSecurityN8: RT @WebSeal_In: Cyber Security Incidents #CyberSecurity #CISO #Infosec #CIO #Cloud #Edge #5G #IoT #privacy#appsec #mobilesec #infosec #secu…

sectest9: RT @WebSeal_In: Cyber Security Incidents #CyberSecurity #CISO #Infosec #CIO #Cloud #Edge #5G #IoT #privacy#appsec #mobilesec #infosec #secu…

sectest9: RT @cornemare: ICYMI: According to the recent @Fortinet 2021 Global State of #Ransomware Report, only 84% of organizations reported having…

CyberSecurityN8: RT @cornemare: ICYMI: According to the recent @Fortinet 2021 Global State of #Ransomware Report, only 84% of organizations reported having…

DIGITALDECODED1: RT @cornemare: ICYMI: According to the recent @Fortinet 2021 Global State of #Ransomware Report, only 84% of organizations reported having…

ReadTechHere: RT @CyberIQs_: Top 3 Grooming Techniques in Fraud: What to Watch for https://t.co/swGx9QpSWu #infosec #infosecurity #cybersecurity #threati… Link with Tweet

ReadTechHere: RT @CyberIQs_: CISO Interview Series: Investing in Frameworks, Humans, and https://t.co/aWd3NYynW7 #infosec #infosecurity #cybersecurity #t… Link with Tweet

CyberIQs_: CISO Interview Series: Investing in Frameworks, Humans, and https://t.co/aWd3NYynW7 #infosec #infosecurity… https://t.co/zobpB4NRUd Link with Tweet Link with Tweet

CyberIQs_: Top 3 Grooming Techniques in Fraud: What to Watch for https://t.co/swGx9QpSWu #infosec #infosecurity #cybersecurity… https://t.co/8NSfoeSI3U Link with Tweet Link with Tweet

cybersec_feeds: RT @cornemare: ICYMI: According to the recent @Fortinet 2021 Global State of #Ransomware Report, only 84% of organizations reported having…

DigiEconoReport: RT @CsuiteTechPoint: Ransomware attacks may continue to make substantial amounts of money for threat actors. As per @Accenture's assessment…

-----#OPENDIR----

AcooEdi: RT @AcooEdi: SubCrawl - A Modular Framework For Discovering Open Directories, Identifying Unique Content Through Signatures And Organizing…

beefyspace: RT @ozuma5119: #phishing hxxps://heroes[.]ucalgary[.]edu[.]qa/bezz/ IP: 162.241.97[.]215 (AS46606 Unified Layer) Brand: Chase https://t.co/…

ActorExpose: RT @ozuma5119: #phishing hxxps://heroes[.]ucalgary[.]edu[.]qa/bezz/ IP: 162.241.97[.]215 (AS46606 Unified Layer) Brand: Chase https://t.co/…

beefyspace: RT @ecarlesi: Possible threat on hxxp://clearvoyants[.]com/zend[.]zip #phishing #opendir

ecarlesi: Possible threat on hxxp://clearvoyants[.]com/zend[.]zip #phishing #opendir

ecarlesi: Possible threat on hxxp://clearvoyants[.]com/zend[.]zip #phishing #opendir https://t.co/jHH5r7qq48

ecarlesi: Possible threat on hxxp://clearvoyants[.]com/pinpoint-master%20(1)[.]zip #phishing #opendir https://t.co/n0y4sBhcre

you_and_i: RT @1ZRR4H: Open Source Supply Chain Attacks (NPM) ⚠️ LIVE: /185.173.36.219/download/ WIN: FC724EB2894F34A3ACA4B952D2F816CD LINUX: 217C5E…

fe_tsoc: RT @ozuma5119: #phishing hxxps://heroes[.]ucalgary[.]edu[.]qa/bezz/ IP: 162.241.97[.]215 (AS46606 Unified Layer) Brand: Chase https://t.co/…

ANeilan: RT @ozuma5119: #phishing hxxps://heroes[.]ucalgary[.]edu[.]qa/bezz/ IP: 162.241.97[.]215 (AS46606 Unified Layer) Brand: Chase https://t.co/…

ozuma5119: #phishing hxxps://heroes[.]ucalgary[.]edu[.]qa/bezz/ IP: 162.241.97[.]215 (AS46606 Unified Layer) Brand: Chase… https://t.co/ItuygU3Ri6 Link with Tweet

marinohacker123: RT @1ZRR4H: Open Source Supply Chain Attacks (NPM) ⚠️ LIVE: /185.173.36.219/download/ WIN: FC724EB2894F34A3ACA4B952D2F816CD LINUX: 217C5E…

bijaysenihang: RT @1ZRR4H: Open Source Supply Chain Attacks (NPM) ⚠️ LIVE: /185.173.36.219/download/ WIN: FC724EB2894F34A3ACA4B952D2F816CD LINUX: 217C5E…

chyzzy_UI: RT @1ZRR4H: Open Source Supply Chain Attacks (NPM) ⚠️ LIVE: /185.173.36.219/download/ WIN: FC724EB2894F34A3ACA4B952D2F816CD LINUX: 217C5E…

sir_j_au: RT @1ZRR4H: Open Source Supply Chain Attacks (NPM) ⚠️ LIVE: /185.173.36.219/download/ WIN: FC724EB2894F34A3ACA4B952D2F816CD LINUX: 217C5E…

-----#MALSPAM----

cybsecbot: RT @Richard_S81: #Hacking #TA505 #MirrorBlast #Malspam #Malware #Vulnerability #CyberCrime #CyberAttack #CyberSecurity Russia linked TA505…

cybersec_feeds: RT @Richard_S81: #Hacking #TA505 #MirrorBlast #Malspam #Malware #Vulnerability #CyberCrime #CyberAttack #CyberSecurity Russia linked TA505…

Richard_S81: #Hacking #TA505 #MirrorBlast #Malspam #Malware #Vulnerability #CyberCrime #CyberAttack #CyberSecurity Russia linke… https://t.co/g3yRHIjwg5 Link with Tweet

Marchal___: RT @reecdeep: Trending #malspam campaign using #Shellcode in XLSX #maldoc spawns #Lokibot #Malware #stealer 🐚hxxp://23.94.159.219/ole/ole.…

FragmentedSoul5: RT @reecdeep: Trending #malspam campaign using #Shellcode in XLSX #maldoc spawns #Lokibot #Malware #stealer 🐚hxxp://23.94.159.219/ole/ole.…

cybersec_feeds: RT @reecdeep: Trending #malspam campaign using #Shellcode in XLSX #maldoc spawns #Lokibot #Malware #stealer 🐚hxxp://23.94.159.219/ole/ole.…

CSSalesMan: RT @reecdeep: Trending #malspam campaign using #Shellcode in XLSX #maldoc spawns #Lokibot #Malware #stealer 🐚hxxp://23.94.159.219/ole/ole.…

sectest9: RT @reecdeep: Trending #malspam campaign using #Shellcode in XLSX #maldoc spawns #Lokibot #Malware #stealer 🐚hxxp://23.94.159.219/ole/ole.…

CyberSecurityN8: RT @reecdeep: Trending #malspam campaign using #Shellcode in XLSX #maldoc spawns #Lokibot #Malware #stealer 🐚hxxp://23.94.159.219/ole/ole.…

NetSecBunny: RT @reecdeep: Trending #malspam campaign using #Shellcode in XLSX #maldoc spawns #Lokibot #Malware #stealer 🐚hxxp://23.94.159.219/ole/ole.…

Charlot53053143: RT @reecdeep: Trending #malspam campaign using #Shellcode in XLSX #maldoc spawns #Lokibot #Malware #stealer 🐚hxxp://23.94.159.219/ole/ole.…

cybersec_feeds: RT @reecdeep: Trending #malspam campaign using #Shellcode in XLSX #maldoc spawns #Lokibot #Malware #stealer 🐚hxxp://23.94.159.219/ole/ole.…

Jent_Hack: RT @reecdeep: Trending #malspam campaign using #Shellcode in XLSX #maldoc spawns #Lokibot #Malware #stealer 🐚hxxp://23.94.159.219/ole/ole.…

IntamePer: RT @reecdeep: Trending #malspam campaign using #Shellcode in XLSX #maldoc spawns #Lokibot #Malware #stealer 🐚hxxp://23.94.159.219/ole/ole.…

HerbieZimmerman: RT @James_inthe_box: Incoming #hancitor #malspam run, DocuSign subjects, @google feedproxy links, TREASUREMART[.]COM sender: http://feedpr…

----#EMOTET----

cybersec_feeds: RT @VerteksConsult: Botnets such as #Emotet distribute malware that can change its characteristics to sneak past traditional antivirus solu…

CyberSecPlace: RT @VerteksConsult: Botnets such as #Emotet distribute malware that can change its characteristics to sneak past traditional antivirus solu…

VerteksConsult: Botnets such as #Emotet distribute malware that can change its characteristics to sneak past traditional antivirus… https://t.co/B7kqVgFLGH Link with Tweet

cybersec_feeds: RT @CyberDefenders: New Challenge -> 'DeepDive' You have given a memory image for a compromised Windows machine. Analyze the image and figu…

davidkoepi: RT @CyberDefenders: New Challenge -> 'DeepDive' You have given a memory image for a compromised Windows machine. Analyze the image and figu…

iria_piyo: RT @CyberDefenders: New Challenge -> 'DeepDive' You have given a memory image for a compromised Windows machine. Analyze the image and figu…

UnsungCyberHero: RT @CyberDefenders: New Challenge -> 'DeepDive' You have given a memory image for a compromised Windows machine. Analyze the image and figu…

cybersec_feeds: RT @CyberDefenders: New Challenge -> 'DeepDive' You have given a memory image for a compromised Windows machine. Analyze the image and figu…

grantwernick: RT @fletch_ai: 450 million cyberattacks attempted on Japan Olympics infrastructure: NTT - Are you at risk? Find out with Fletch. #CyberSec…

_langly: RT @CyberDefenders: New Challenge -> 'DeepDive' You have given a memory image for a compromised Windows machine. Analyze the image and figu…

m4khno_: RT @CyberDefenders: New Challenge -> 'DeepDive' You have given a memory image for a compromised Windows machine. Analyze the image and figu…

yashdiwakar422: RT @CyberDefenders: New Challenge -> 'DeepDive' You have given a memory image for a compromised Windows machine. Analyze the image and figu…

lnxg33k: RT @CyberDefenders: New Challenge -> 'DeepDive' You have given a memory image for a compromised Windows machine. Analyze the image and figu…

fletch_ai: 450 million cyberattacks attempted on Japan Olympics infrastructure: NTT - Are you at risk? Find out with Fletch.… https://t.co/rLopCMHyR5 Link with Tweet

global_police: RT @CyberDefenders: New Challenge -> 'DeepDive' You have given a memory image for a compromised Windows machine. Analyze the image and figu…

-----#BUGBOUNTY----

olexande: RT @programmerjoke9: No dark mode 🥺#100Daysofcode #javascript #programming #dev #linux #java #programming #CodeNewbie #python #reactjs #bug…

ak_bruster: RT @0xJin: Best SSRF bypass: http://127.1/ http://0000::1:80/ http://[::]:80/ http://2130706433/ http://whitelisted@127.0.0.1 http://0x7f0…

beefyspace: RT @cybritexsec: MOSINT - gather information about the target email https://t.co/pzlv7KTXX3 #infosec #cybersecurity #redteam #pentest #pe… Link with Tweet

VamshiPolaboina: RT @0xJin: Best SSRF bypass: http://127.1/ http://0000::1:80/ http://[::]:80/ http://2130706433/ http://whitelisted@127.0.0.1 http://0x7f0…

harvest57688777: RT @programmerjoke9: If your mom was a class#100Daysofcode #javascript #programming #dev #linux #java #programming #CodeNewbie #python #rea…

DjangoBot_: RT @programmerjoke9: No dark mode 🥺#100Daysofcode #javascript #programming #dev #linux #java #programming #CodeNewbie #python #reactjs #bug…

programmerjoke9: If your mom was a class#100Daysofcode #javascript #programming #dev #linux #java #programming #CodeNewbie #python… https://t.co/VcaY1UaqjT Link with Tweet

CodeWithTwitchi: RT @programmerjoke9: No dark mode 🥺#100Daysofcode #javascript #programming #dev #linux #java #programming #CodeNewbie #python #reactjs #bug…

CodeWithTwitchi: RT @programmerjoke9: Captcha done right#100Daysofcode #javascript #programming #dev #linux #java #programming #CodeNewbie #python #reactjs…

CodeWithTwitchi: RT @programmerjoke9: The indentation debate just ended!#100Daysofcode #javascript #programming #dev #linux #java #programming #CodeNewbie #…

the404code: RT @cybritexsec: MOSINT - gather information about the target email https://t.co/pzlv7KTXX3 #infosec #cybersecurity #redteam #pentest #pe… Link with Tweet

crypt0bull: RT @0xJin: XSS payload for an image: <img src=x onerror=alert('XSS')>.png "><img src=x onerror=alert('XSS')>.png "><svg onmouseover=alert(1…

Discovertech3: RT @programmerjoke9: No dark mode 🥺#100Daysofcode #javascript #programming #dev #linux #java #programming #CodeNewbie #python #reactjs #bug…

Discovertech3: RT @programmerjoke9: Captcha done right#100Daysofcode #javascript #programming #dev #linux #java #programming #CodeNewbie #python #reactjs…

----#CYBERCRIME----

CyberSecurityN8: RT @WebSeal_In: Cyber Security Incidents #CyberSecurity #CISO #Infosec #CIO #Cloud #Edge #5G #IoT #privacy#appsec #mobilesec #infosec #secu…

sectest9: RT @WebSeal_In: Cyber Security Incidents #CyberSecurity #CISO #Infosec #CIO #Cloud #Edge #5G #IoT #privacy#appsec #mobilesec #infosec #secu…

sectest9: RT @BforeAi: Predicted Malicious Domain : truckyardpro[.]com PreCrime Threat Intelligence Threat Agnostic Near-Zero False Positives #…

CyberSecurityN8: RT @BforeAi: Predicted Malicious Domain : truckyardpro[.]com PreCrime Threat Intelligence Threat Agnostic Near-Zero False Positives #…

cybersec_feeds: RT @BforeAi: Predicted Malicious Domain : estampalocura[.]com PreCrime Threat Intelligence Threat Agnostic Near-Zero False Positives…

BforeAi: Predicted Malicious Domain : truckyardpro[.]com PreCrime Threat Intelligence Threat Agnostic Near-Zero False Po… https://t.co/LdjFVsQfke Link with Tweet

WebSeal_In: Cyber Security Incidents #CyberSecurity #CISO #Infosec #CIO #Cloud #Edge #5G #IoT #privacy#appsec #mobilesec… https://t.co/FfpRYR7pXv Link with Tweet

adonaigautier: RT @BforeAi: Predicted Malicious Domain : stastnedeti[.]online PreCrime Threat Intelligence Threat Agnostic Near-Zero False Positives…

JFSebastian146: RT @bamitav: 300,00+ Installations of Catch Themes #WordPress Plugins Vulnerable https://t.co/tUSjqiGTll #infosec #ZeroTrust #zeroday #se… Link with Tweet

RealCrusader84: RT @Serum_of_Truth7: Today's Cybercrime News "22% of Brits received proof of vaccination phishing email" https://t.co/UXbCcRAA5q #serum… Link with Tweet

cybersec_feeds: RT @twelvesec: The #Dutch Police have arrested nine people for targeting and stealing money from the elderly by impersonating #bank employe…

onomsalam2pas: RT @bamitav: 300,00+ Installations of Catch Themes #WordPress Plugins Vulnerable https://t.co/tUSjqiGTll #infosec #ZeroTrust #zeroday #se… Link with Tweet

Gurgling_MrD: RT @bamitav: 300,00+ Installations of Catch Themes #WordPress Plugins Vulnerable https://t.co/tUSjqiGTll #infosec #ZeroTrust #zeroday #se… Link with Tweet

JMC31337: RT @HitechguruS: #Hackergroup upset the U.S. attacked its #servers https://t.co/yJpb0K88ny #Infosec #Malware #Ransomware #CyberSecurity #cy… Link with Tweet

youcanbhealthy: RT @Serum_of_Truth7: Today's Cybercrime News "22% of Brits received proof of vaccination phishing email" https://t.co/UXbCcRAA5q #serum… Link with Tweet

----Hacking Updates----

DFW2600 updated hackgibson.sh. This repo has 1 stars and 1 watchers. This repo was created on 2021-07-01. --- The homepage for the open source Hack The Gibson // SH trading card game.

facebook updated hhvm. This repo has 17098 stars and 1044 watchers. This repo was created on 2010-01-02. --- A virtual machine for executing programs written in Hack.

Scholasticpal updated HacktoberFest2021_. This repo has 11 stars and 1 watchers. This repo was created on 2021-10-20. --- Make your first PR! ~ A beginner-friendly repository made specifically for open source beginners. Add your profile, a blog, or any program under any language or update the existing one. Just make sure to add the file under the correct directory. Happy hacking!

spencerlepine updated hr-sea19-mvp. This repo has 0 stars and 1 watchers. This repo was created on 2021-10-12. --- GroceryChecc simplifies brainstorming an individualized shopping list by helping find relevant grocery products and replacement items. Hack Reactor full-stack (solo) minimum viable product project.

CuteLeon updated HackSystem. This repo has 56 stars and 2 watchers. This repo was created on 2018-05-04. --- A Hack System based on ASP.NET Core and Blazor WebAssembly.

ShadowWhisperer updated IPs. This repo has 12 stars and 1 watchers. This repo was created on 2021-05-13. --- IP block lists for: Malware, Hackers, Sniffers, etc..

michoricardo updated RecursosInformaticosGratuitos. This repo has 0 stars and 1 watchers. This repo was created on 2021-09-14. --- Este repo tiene la finalidad de agregar y compartir recursos de programación, hacking e informática en general

RobertJamesKarash updated oneclickinstaller. This repo has 1 stars and 1 watchers. This repo was created on 2021-10-23. --- A Cross Platform One Click Installer for Games and Desktop Application Apps ^-^ A White Hack in C/DOS/BASH

Ashraf-wan updated Corvid. This repo has 1 stars and 1 watchers. This repo was created on 2021-10-21. --- Hacking and programming operating system for docker and virtual machine.

hershel-theodore-layton updated lecof-router. This repo has 0 stars and 1 watchers. This repo was created on 2021-10-25. --- A request router for Hack and HHVM without a build step

ideahacks updated ideahacks.la. This repo has 1 stars and 1 watchers. This repo was created on 2017-07-10. --- Website for IDEA Hacks, UCLA's annual hardware-focused hackathon

Dan-Fishman updated BASIS-is-Beautiful. This repo has 0 stars and 1 watchers. This repo was created on 2021-10-07. --- Happy Hacking!

infosecstreams updated infosecstreams.github.io. This repo has 45 stars and 4 watchers. This repo was created on 2021-03-15. --- A (hopefully) actively maintained activity-based-autosorted list of InfoSec Streamers

trottafede updated e-commerce-back. This repo has 0 stars and 1 watchers. This repo was created on 2021-06-17. --- Hack Academy e-commerce back end

maxzinkus updated dotfiles. This repo has 11 stars and 1 watchers. This repo was created on 2018-10-27. --- "Why use an IDE when you can spend hours hacking vim into being one?"

mozilla updated fx-private-relay. This repo has 791 stars and 29 watchers. This repo was created on 2019-06-06. --- Keep your email safe from hackers and trackers. Make an email alias with 1 click, and keep your address to yourself.

wrothmonk updated Grey-Hack-Scripts. This repo has 0 stars and 1 watchers. This repo was created on 2021-09-30. --- Scripts and tools for the game Grey Hack

antoinenguyen-09 updated All_CTF_write-ups. This repo has 0 stars and 1 watchers. This repo was created on 2020-09-02. --- From Antoine Nguyen and 0n10n_43t4rs team with love:3

mozilla updated fx-private-relay-add-on. This repo has 10 stars and 11 watchers. This repo was created on 2021-04-30. --- Companion add-on for Firefox Relay. Keep your email safe from hackers and trackers. Make an email alias with one click, and keep your address to yourself.

xxxmicrobexxx updated whmcs-template-hacks. This repo has 0 stars and 1 watchers. This repo was created on 2021-10-25. --- Hacks to the WHMCS Twenty One and Blend templates to make the way I use it easier

Jinp-He updated ShadowBringer. This repo has 0 stars and 1 watchers. This repo was created on 2021-10-15. --- A unity project on hacker and doggy

tanrax updated important-stories-alert-for-hacker-news. This repo has 3 stars and 1 watchers. This repo was created on 2019-07-29. --- The entire code in this repository is in charge of feeding the Telegram channel. Every hour check for a new story with more than 600 points in Hacker News.

NeonNetworks updated FIVE. This repo has 6 stars and 0 watchers. This repo was created on 2021-10-16. --- FIVE, Vulnerability Scanner And Mass Exploiter, made for pentesting.

SamuelmdLow updated HTN2021. This repo has 0 stars and 1 watchers. This repo was created on 2021-09-18. --- Website that attempts to replace the textbook! Created for Hack the North 2021.

hadenlabs updated zsh-hacker. This repo has 0 stars and 1 watchers. This repo was created on 2019-11-26. --- functions and tools for hackers

----Security Updates---- davibaltar updated swagger-autogen. This repo has 77 stars and 5 watchers. This repo was created on 2020-04-13. --- This module performs the automatic construction of the Swagger documentation. The module can identify the endpoints and automatically capture methods such as to get, post, put, and so on. The module can also identify the paths, routes, middlewares, response status code, parameters in the path, query and body. It is possible to add information such as endpoint description, parameter description, definitions, security, among others. It is also possible to ignore or disable the automatic capture of an endpoint (in the latter case, having to manually add each information). The module generates the .json file with the documentation in the swagger format.

smashah updated smashblock. This repo has 56 stars and 1 watchers. This repo was created on 2020-03-01. --- 📡 🛡️A self-updating extensive blocklist filter for AdGaurd. Be sure to 🌟 this repository for updates!

GrapheneOS updated grapheneos.org. This repo has 173 stars and 21 watchers. This repo was created on 2019-04-25. --- Sources for the GrapheneOS website.

unique-Creations updated SecurityCamera. This repo has 0 stars and 1 watchers. This repo was created on 2021-08-31. --- None

ByamB4 updated oyusec. This repo has 5 stars and 3 watchers. This repo was created on 2021-01-19. --- Make it better place to learn, practice, compete in security field in :mongolia:

linux-mailinglist-archives updated linux-security-module.vger.kernel.org.0. This repo has 0 stars and 1 watchers. This repo was created on 2019-07-01. --- None

jahid58 updated security-anywhere. This repo has 0 stars and 1 watchers. This repo was created on 2021-05-07. --- None

ziesemer updated ad-privileged-audit. This repo has 2 stars and 1 watchers. This repo was created on 2021-04-05. --- Provides various Windows Server Active Directory (AD) security-focused reports.

kiri-vadivelu updated digital-designers. This repo has 0 stars and 2 watchers. This repo was created on 2020-02-06. --- Digital Designers - Website Design Agency

jack-ullery updated AppAnvil. This repo has 0 stars and 2 watchers. This repo was created on 2021-08-03. --- Graphical user interface for the AppArmor security module.

redpwn updated jail. This repo has 11 stars and 9 watchers. This repo was created on 2021-02-04. --- An nsjail Docker image for CTF pwnables

krol3 updated container-security-checklist. This repo has 78 stars and 2 watchers. This repo was created on 2021-03-07. --- Checklist for container security - devsecops practices

yachabach updated UdaSecurity. This repo has 0 stars and 1 watchers. This repo was created on 2021-10-23. --- Udacity Java Capstone project

webbuild1 updated Software-Security-Vulnerability-Assessments. This repo has 0 stars and 1 watchers. This repo was created on 2021-10-25. --- None

Akshay-Vs updated PassLock. This repo has 22 stars and 4 watchers. This repo was created on 2021-08-21. --- PassLock is a medium-security password manager that encrypts passwords using Advanced Encryption Standard (AES)

yezhimincxvxb updated security. This repo has 0 stars and 1 watchers. This repo was created on 2021-10-20. --- None

ShadowWhisperer updated IPs. This repo has 12 stars and 1 watchers. This repo was created on 2021-05-13. --- IP block lists for: Malware, Hackers, Sniffers, etc..

bibhusprasad updated 016_spring_security. This repo has 0 stars and 1 watchers. This repo was created on 2021-10-20. --- None

Remusqs1 updated user_administration_reqres_Angular. This repo has 0 stars and 1 watchers. This repo was created on 2021-10-25. --- An user administration website, with users provided by the reqrest API services (https://reqres.in/). Login, token security, users list with pagination, creation of users.

keepassxreboot updated keepassxc. This repo has 11292 stars and 248 watchers. This repo was created on 2016-02-28. --- KeePassXC is a cross-platform community-driven port of the Windows application “Keepass Password Safe”.

SamuelQuinones updated password-generator. This repo has 2 stars and 2 watchers. This repo was created on 2021-04-10. --- Generate secure, hard to guess passwords with the click of a button!

cstrotm updated security-profiles. This repo has 0 stars and 1 watchers. This repo was created on 2021-10-19. --- SELinux, AppArmor, Systemd and Firejail profiles

boltopspro-docs updated s3-secure. This repo has 0 stars and 1 watchers. This repo was created on 2020-04-06. --- Public documentation for boltopspro/s3-secure

tschecurity updated Unit-7-WordPress-Application-Security-Pentest. This repo has 0 stars and 1 watchers. This repo was created on 2021-04-15. --- Objective of this assignment was to find vulnerabilities in WordPress by using common attack techniques: XSS and User Enumeration.

boltopspro-docs updated kms-key. This repo has 0 stars and 1 watchers. This repo was created on 2020-04-06. --- Public documentation for boltopspro/kms-key

----PoC Updates----

henriqueccapozzi updated pocs. This repo has 0 stars and 1 watchers. This repo was created on 2021-01-17. --- Proofs of concept and simple howto's

irromano updated irromano.github.io. This repo has 0 stars and 1 watchers. This repo was created on 2021-09-17. --- Demo Website for proof-of-concept

zack0179 updated XRPL-Concept. This repo has 2 stars and 1 watchers. This repo was created on 2021-10-12. --- A proof of concept using XRPL

chrisns updated cosign-keyless-demo. This repo has 0 stars and 1 watchers. This repo was created on 2021-10-20. --- Proof of concept that uses cosign and GitHub's in built OIDC for actions to sign container images, providing a proof that what is in the registry came from your GitHub action.

D1fty updated TimeLines. This repo has 0 stars and 1 watchers. This repo was created on 2021-10-25. --- A proof-of-concept for a two player, side scroller game where the goal is to out maneuver your opponent. Made on a deadline, I ran out of time to tidy up the code. Refer to the presentation for future work.

ooterness updated Experiments. This repo has 0 stars and 1 watchers. This repo was created on 2021-10-24. --- Assorted experiments and proof-of-concept code

martincalvodaniel updated nats-poc. This repo has 0 stars and 1 watchers. This repo was created on 2021-10-25. --- This simple gradle project presents a proof of concept of microservices communicating through a NATS server.

dalyleide updated Microservices-Portifolio. This repo has 0 stars and 1 watchers. This repo was created on 2021-10-24. --- Microservices: proof of concept and study projects

eliamartani updated poco-app-store-vue. This repo has 0 stars and 0 watchers. This repo was created on 2019-07-06. --- Proof of concept for VueJS

codecreative updated newsminder. This repo has 0 stars and 1 watchers. This repo was created on 2021-03-22. --- Proof of concept Puppeteer and Actions

jacksodl23 updated GovLab. This repo has 0 stars and 1 watchers. This repo was created on 2021-07-25. --- This is a proof of concept for the GovLab app.

fjarri updated nucypher-async. This repo has 0 stars and 1 watchers. This repo was created on 2021-10-24. --- Experimental async proof of concept for nucypher library

marianososto updated blockchain-go. This repo has 0 stars and 1 watchers. This repo was created on 2021-10-24. --- proof of concept of a blockchain in GO

fiatjaf updated nostr-relay-poc. This repo has 3 stars and 2 watchers. This repo was created on 2021-01-14. --- Proof-of-concept Nostr relay implementation

JulianCambraia updated springboot-docker-mysql-jwt. This repo has 0 stars and 1 watchers. This repo was created on 2021-10-17. --- Poc (Proof of Concept) Crud Cliente com autenticação JWT, banco de dados MySQL e Container Docker

HeavyRain266 updated ScalaChat. This repo has 0 stars and 1 watchers. This repo was created on 2021-10-24. --- Proof of concept Scala chat app for Android

alexcoder04 updated rfap-server. This repo has 0 stars and 1 watchers. This repo was created on 2021-10-24. --- proof-of-concept file transfer protocol - server side

alexcoder04 updated librfap. This repo has 0 stars and 1 watchers. This repo was created on 2021-10-24. --- proof-of-concept file transfer protocol - client side

TheMaligator updated Tokono. This repo has 1 stars and 1 watchers. This repo was created on 2021-10-22. --- A proof of concept peer-to-peer botnet

tmichett updated quay_lab_poc. This repo has 1 stars and 1 watchers. This repo was created on 2021-08-27. --- Quay Lab Proof-of-Concept Deployment

Constantin07 updated PoC. This repo has 0 stars and 1 watchers. This repo was created on 2021-03-28. --- Proof of Concepts

Benjamintlj updated powderGame. This repo has 0 stars and 1 watchers. This repo was created on 2021-10-24. --- An early attempt to recreate the powder game on https://dan-ball.jp/en/javagame/dust/, as proof of concept for my interest in cellular automata.

davidmoros updated poc. This repo has 0 stars and 1 watchers. This repo was created on 2018-07-07. --- Proof of concept

dptru10 updated SmallDrugQM9. This repo has 1 stars and 1 watchers. This repo was created on 2021-01-30. --- Proof of concept machine learning pipeline for accelerating drug discovery

MaxvanderLaan updated Proof_Of_Concept. This repo has 0 stars and 1 watchers. This repo was created on 2021-10-23. --- None