ThreatChat ThreatHistory Video Feed

Android apps are snooping on your installed software – Link to post -- NakedSecurity

Firefox 76 will have option to enforce HTTPS-only connections – Link to post -- NakedSecurity

Thousands of Dark Web sites deleted in attack on free hosting service – Link to post -- NakedSecurity

FBI takes down hacker platform Deer.io – Link to post -- NakedSecurity

S2 Ep32: ZoomBombing, Android malware and the WhatsApp Martinelli hoax – Podcast – Link to post -- NakedSecurity

Watch out! Scummy scammers target home deliveries – Link to post -- NakedSecurity

Apple Safari now blocks all third-party cookies by default – Link to post -- NakedSecurity

Adobe issues emergency fix for file-munching bug – Link to post -- NakedSecurity

Apple iOS 13.4 offers fixes for 30 vulnerabilities – Link to post -- NakedSecurity

Windows has a zero-day that won’t be patched for weeks – Link to post -- NakedSecurity

Your unused computer could help find a COVID-19 cure – Link to post -- NakedSecurity

Hackers target WHO in phishing attack – Link to post -- NakedSecurity

Facebook Messenger may ban mass-forwarding of messages – Link to post -- NakedSecurity

Hijacked Twitter accounts used to advertise face masks – Link to post -- NakedSecurity

Tokyo Olympics Postponed, But 5G Security Lessons Shine Link to post -- ThreatPost

Hackers Hijack Routers to Spread Malware Via Coronavirus Apps Link to post -- ThreatPost

Emerging APT Mounts Mass iPhone Surveillance Campaign Link to post -- ThreatPost

Tupperware Cyberattack Stores Away Customer Payment Cards Link to post -- ThreatPost

Apple Unpatched VPN Bypass Bug Impacts iOS 13, Warn Researchers Link to post -- ThreatPost

Critical CODESYS Bug Allows Remote Code Execution Link to post -- ThreatPost

As Zoom Booms, Incidents of ‘ZoomBombing’ Become a Growing Nuisance Link to post -- ThreatPost

Responding to the New Normal: How to Prevent Added Risk in Your Business Link to post -- ThreatPost

Apple Update Fixes WebKit Flaws in iOS, Safari Link to post -- ThreatPost

Unknown 'WildPressure' Malware Campaign Lets Off Steam in Middle East Link to post -- ThreatPost

Tekya Malware Threatens Millions of Android Users via Google Play Link to post -- ThreatPost

Katie Moussouris: The Bug Bounty Conflict of Interest Link to post -- ThreatPost

Google Discloses Android Camera Hijack Hack Link to post -- ThreatPost

No 'Silver Bullet' Fix for Alexa, Google Smart Speaker Hacks Link to post -- ThreatPost

Marc Rogers: Success of Anonymous Bug Submission Program 'Takes A Village' Link to post -- ThreatPost

Thousands of IoT Devices Bricked By Silex Malware Link to post -- ThreatPost

ThreatList: Ransomware Costs Double in Q4, Sodinokibi Dominates Link to post -- ThreatPost

ThreatList: 90% SMBs Believe Nation-State Actors Are Targeting Them Link to post -- ThreatPost

ThreatList: A Third of Biometric Systems Targeted by Malware in Q3 Link to post -- ThreatPost

ThreatList: Admin Rights for Third Parties is the Norm Link to post -- ThreatPost

ThreatList: Most Retail Hardware Bug Bounty Flaws Are Critical Link to post -- ThreatPost

News Wrap, Coronavirus Edition: WFH Security Woes, Pwn2Own Link to post -- ThreatPost

More Than Half of IoT Devices Vulnerable to Severe Attacks Link to post -- ThreatPost

RSAC 2020: Editors' Preview of Hottest Sessions, Speakers and Themes Link to post -- ThreatPost

News Wrap: Valentine's Day Scams and Emotet's Wi-Fi Hack Link to post -- ThreatPost

Critical Cisco 'CDPwn' Protocol Flaws Explained: Podcast Link to post -- ThreatPost

Bezos, WhatsApp Cyberattacks Show Growing Mobile Sophistication Link to post -- ThreatPost

Vivin Nets Thousands of Dollars Using Cryptomining Malware Link to post -- ThreatPost

News Wrap: PoC Exploits, Cable Haunt and Joker Malware Link to post -- ThreatPost

Cloud Misconfig Mistakes Show Need For DevSecOps Link to post -- ThreatPost

Akamai Talks Massive Uptick in Credential-Stuffing Attacks Against Bank APIs Link to post -- ThreatPost

Chris Eng: Patch Management Challenges Drive 'Security Debt' Link to post -- ThreatPost

Cobalt Ulster Strikes Again With New ForeLord Malware Link to post -- ThreatPost

Forrester: Keeping Smart Cities Safe From Hacks Link to post -- ThreatPost

Patrick Wardle: Apple Devices Hit With Recycled macOS Malware Link to post -- ThreatPost

IoT Insecurity: When Your Vacuum Turns on You Link to post -- ThreatPost

Video: Ransomware a Growing Industrial Security Threat Link to post -- ThreatPost

2020 Cybersecurity Trends to Watch Link to post -- ThreatPost

Top Mobile Security Stories of 2019 Link to post -- ThreatPost

Facebook Security Debacles: 2019 Year in Review Link to post -- ThreatPost

Biggest Malware Threats of 2019 Link to post -- ThreatPost

Top 10 IoT Disasters of 2019 Link to post -- ThreatPost

2019 Malware Trends to Watch Link to post -- ThreatPost

Top 2018 Security and Privacy Stories Link to post -- ThreatPost

2019: The Year Ahead in Cybersecurity Link to post -- ThreatPost

2018: A Banner Year for Breaches Link to post -- ThreatPost

Malicious USB Drive Hides Behind Gift Card Lure Link to post -- DarkReading

Virgin Media Could Pay GB pound 4.5B for Leak ... Link to post -- DarkReading

The Wild, Wild West(world) of Cybersecurity Link to post -- DarkReading

Purported Brute-Force Attack Aims at Linksys ... Link to post -- DarkReading

Cyber Version of 'Justice League' Launches to Fight ... Link to post -- DarkReading

Insurance Giant Chubb Might Be Ransomware Victim Link to post -- DarkReading

How to Evict Attackers Living Off Your Land Link to post -- DarkReading

How Zoom, Netflix, and Dropbox are Staying Online ... Link to post -- DarkReading

10 Security Services Options for SMBs Link to post -- DarkReading

Security Not a Priority for SAP Projects, Users Report Link to post -- DarkReading

3 Mobile Security Problems That Most Security Teams ... Link to post -- DarkReading

Technology Empowers Pandemic Response, But Privacy ... Link to post -- DarkReading

Introducing Zero-Trust Access Link to post -- DarkReading

China-Based Threat Group Launches Widespread ... Link to post -- DarkReading

Missing Patches, Misconfiguration Top Technical ... Link to post -- DarkReading

Tupperware Hit by Card Skimmer Attack Link to post -- DarkReading

What Should I Do If Someone Is Impersonating My ... Link to post -- DarkReading

Do DevOps Teams Need a Company Attorney on Speed Dial? Link to post -- DarkReading

FBI Shutters Russian-Based Hacker Platform, Makes ... Link to post -- DarkReading

COVID-19: Getting Ready for the Next Business ... Link to post -- DarkReading

FBI: Hackers Sending Malicious USB Drives & Teddy Bears via USPS Link to post -- BleepingComputer

Russian-Speaking Hackers Attack Pharma, Manufacturing Companies in Europe Link to post -- BleepingComputer

Actively Exploited Windows Font Parsing Bugs Get Temporary Fix Link to post -- BleepingComputer

Unpatched iOS Bug Blocks VPNs From Encrypting All Traffic Link to post -- BleepingComputer

Microsoft's Windows 10 Dockable 'News Bar' Now In Beta Link to post -- BleepingComputer

FTC Warns VoIP Providers to Stop Facilitating Coronavirus Scams Link to post -- BleepingComputer

The Week in Ransomware - March 27th 2020 - Don't Attack Hospitals! Link to post -- BleepingComputer

US Small Business Administration Grants Used as Phishing Bait Link to post -- BleepingComputer

Google Advises Against Disabling Sites During the Pandemic Link to post -- BleepingComputer

Google Warned Users of 40,000 State-Sponsored Attacks in 2019 Link to post -- BleepingComputer

Ryuk Ransomware Keeps Targeting Hospitals During the Pandemic Link to post -- BleepingComputer

Windows 10 Search Getting New Features for Business Customers Link to post -- BleepingComputer

New Windows 10 Bug Causes Internet Connectivity Issues, Fix in April Link to post -- BleepingComputer

Chubb Cyber Insurer Allegedly Hit By Maze Ransomware Attack Link to post -- BleepingComputer

Google Resumes Chrome Releases on an Adjusted Schedule Link to post -- BleepingComputer

Chinese Hackers Use Cisco, Citrix, Zoho Exploits In Targeted Attacks Link to post -- BleepingComputer

WordPress Malware Distributed via Pirated Coronavirus Plugins Link to post -- BleepingComputer

Google Chrome Adding Option to Always Show Full URLs Link to post -- BleepingComputer

Windows 10 Insider Build 19592 Brings New 2-in-1 PC Experience Link to post -- BleepingComputer

Domain Registrars Take Action Against Fraudulent COVID-19 Websites Link to post -- InfoSec-Magazine

US Plans to Dig Up the Dead for New Cyber-Defense Building Link to post -- InfoSec-Magazine

LORCA Launches Open Call for Fifth Cohort of Cyber-Scaleups Link to post -- InfoSec-Magazine

FBI Issues Child Sextortion Warning Amid School Closures Link to post -- InfoSec-Magazine

Virgin Media Facing Huge Compensation Bill Over Data Breach Link to post -- InfoSec-Magazine

UK Government Uses Zoom Despite MoD Security Concerns Link to post -- InfoSec-Magazine

#COVID19 News Links Hijacked With iOS Spyware Link to post -- InfoSec-Magazine

BadUSB Stick Mailed to Company From ‘Best Buy’ Link to post -- InfoSec-Magazine

The Impact of #COVID19 on the Infosec Industry Link to post -- InfoSec-Magazine

Zero Trust: A Cybersecurity Essential and the Key to Success Link to post -- InfoSec-Magazine

2FA or MFA: Which Authentication is Right for Your Business? Link to post -- InfoSec-Magazine

Gain Control and Security of Your File Collaboration Link to post -- InfoSec-Magazine

Strategies to Scale and Upskill Your Security Team Link to post -- InfoSec-Magazine

AI in Security: Keeping Up with the Trend Link to post -- InfoSec-Magazine

Automation in Data File Transfer: Improving Security and Saving You Time Link to post -- InfoSec-Magazine

Leveraging ISO 27001 to Manage Cyber & Information Security Risks Link to post -- InfoSec-Magazine

Making a SOAR Strategy Work For You Link to post -- InfoSec-Magazine

New Year, New Decade, New Threats and Challenges Link to post -- InfoSec-Magazine

2019 Cybersecurity Headlines in Review Link to post -- InfoSec-Magazine

Authentication Standards in 2019: Why Passwords Remain Problematic, and Future Solutions Link to post -- InfoSec-Magazine

All 4G Networks Susceptible to DoS Attacks Link to post -- InfoSec-Magazine

#COVID19 Fears Drive Phishing Emails Up 667% in Under a Month Link to post -- InfoSec-Magazine

Malicious 'Corona Anti-Virus' Software Discovered Link to post -- InfoSec-Magazine

Using SIEM to Protect Against Top Cybersecurity Threats Link to post -- InfoSec-Magazine

Best Practices in Designing a Data Decommissioning Policy Link to post -- InfoSec-Magazine

VPN Usage in US Quadruples Link to post -- InfoSec-Magazine

Data Deposit Box Exposes PII of 270K Users Link to post -- InfoSec-Magazine

Tupperware Site Hacked by Digital Skimmers Link to post -- InfoSec-Magazine

Three-Quarters of Large Firms Suffered Security Breach Last Year Link to post -- InfoSec-Magazine

Canadian Volunteers to Form Cyber Civil Defense Brigade Link to post -- InfoSec-Magazine

Alleged Operator of Telegram Sexual Abuse Ring Identified Link to post -- InfoSec-Magazine

Cybersecurity super group swoops in to fight COVID-19 related hacks Link to post -- SCMagazine

Best Buy gift cards, USB drive used to spread infostealer Link to post -- SCMagazine

Ransomware attacks vs Kimchuk, Visser reveal supply chain threat to DOD Link to post -- SCMagazine

SC Media’s complete coverage: Threat and Preparation Link to post -- SCMagazine

Maze ransomware group claims Chubb as victim Link to post -- SCMagazine

Default exploited by 'Zoom bombers' could by used by cybercrooks Link to post -- SCMagazine

COVID-19 puts corporate WFH capabilities to the test Link to post -- SCMagazine

Five tips for managing remote workers during a pandemic Link to post -- SCMagazine

Threat parallels: Coronavirus and cybersecurity Link to post -- SCMagazine

New Milum trojan used against Mid-Eastern targets Link to post -- SCMagazine

Apple releases more than 30 security patches Link to post -- SCMagazine

DEER.IO caught in FBI's headlights; cybercrime platform gets shut down Link to post -- SCMagazine

Tupperware site hacked with credit card skimmer Link to post -- SCMagazine

APT41 activity down during China COVID-19 quarantines; massive campaign undeterred Link to post -- SCMagazine

Presidential campaign websites relying on risky third party code Link to post -- SCMagazine

US coronavirus: CDC issues travel advisory for New York tri-state area - CNN Link to post -- PacketStorm

A mysterious hacker group is eavesdropping on corporate email and FTP traffic Link to post -- PacketStorm

A Twitch streamer is exposing coronavirus scams live Link to post -- PacketStorm

Best Buy gift cards, USB drive used to spread infostealer Link to post -- PacketStorm

Micro Focus Vibe 4.0.6 Cross Site Scripting Link to post -- PacketStorm

Micro Focus Vibe 4.0.6 HTML Injection Link to post -- PacketStorm

IBM Cognos TM1 / IBM Planning Analytics Server Configuration Overwrite / Code Execution Link to post -- PacketStorm

DLINK DWL-2600 Authenticated Remote Command Injection Link to post -- PacketStorm

codeBeamer 9.5 Cross Site Scripting Link to post -- PacketStorm

rConfig 3.9.4 searchField Remote Code Execution Link to post -- PacketStorm

FreeCommander XE 2020 Pathname Buffer Overflow Link to post -- PacketStorm

Apple Security Advisory 2020-03-25-2 Link to post -- PacketStorm

Apple Security Advisory 2020-03-25-1 Link to post -- PacketStorm

Webexcels Ecommerce CMS 2.x SQL Injection / Cross Site Scripting Link to post -- PacketStorm

Red Hat Security Advisory 2020-0984-01 Link to post -- PacketStorm

Gentoo Linux Security Advisory 202003-61 Link to post -- PacketStorm

Gentoo Linux Security Advisory 202003-60 Link to post -- PacketStorm

Red Hat Security Advisory 2020-0983-01 Link to post -- PacketStorm

ECK Hotel 1.0 Cross Site Request Forgery Link to post -- PacketStorm

Gentoo Linux Security Advisory 202003-59 Link to post -- PacketStorm

Red Hat Security Advisory 2020-0981-01 Link to post -- PacketStorm

Everest 5.50.2100 Denial Of Service Link to post -- PacketStorm

Gentoo Linux Security Advisory 202003-58 Link to post -- PacketStorm

Gentoo Linux Security Advisory 202003-57 Link to post -- PacketStorm

Jinfornet Jreport 15.6 Directory Traversal Link to post -- PacketStorm

Easy RM To MP3 Converter 2.7.3.700 Local Buffer Overflow Link to post -- PacketStorm

WordPress StatTraq 1.3.0 SQL Injection Link to post -- PacketStorm

Soluzione Globale Ecommerce CMS 1 SQL Injection Link to post -- PacketStorm

Emerging APT Mounts Mass iPhone Surveillance Campaign Link to post -- PacketStorm

Trolls exploit Zoom privacy settings as app gains popularity | Technology Link to post -- PacketStorm

Google sent users 40,000 warnings of nation-state hack attacks in 2019 Link to post -- PacketStorm

Booz Allen analyzed 200+ Russian hacking operations to better understand their tactics Link to post -- PacketStorm

New attack on home routers sends users to spoofed sites that push malware Link to post -- PacketStorm

4G networks vulnerable to denial of service attacks, subscriber tracking Link to post -- PacketStorm

GE Employees Lit Up with Sensitive Doc Breach Link to post -- PacketStorm

Tupperware site hacked with credit card skimmer Link to post -- PacketStorm

Never-before-seen attackers are targeting Mideast industrial organizations Link to post -- PacketStorm

Coronavirus Slashes Global Air Pollution: Interactive Map Link to post -- PacketStorm

Intro to Reverse Engineering, Part 2 - The Startup Link to post -- Medium

Build Go Secure Data Transfer with RSA Encryption | The Startup Link to post -- Medium

Intro to Reverse Engineering - The Startup Link to post -- Medium

Not All Masks Are Created Equal: Cloth Offers Little Protection Against Coronavirus Link to post -- Medium

We’re in the Midst of a Massive Work-From-Home Experiment. What If It Works? Link to post -- Medium

What It’s Like to Be a Delivery Worker During the COVID-19 Pandemic Link to post -- Medium

Maintaining Digital Forensics’ Integrity in the Age of Automation Link to post -- Medium

Decrypting the Internet of value - Mike Co Link to post -- Medium

Explain By Example: Networking - The Startup Link to post -- Medium

What Are The Fundamental Services Provided By Security? Hint: CIA Is Not The Answer Link to post -- Medium

RealWorldCyberSecurity – Medium Link to post -- Medium

Breaking Down AWS’s Identity and Access Management (IAM) Link to post -- Medium

Trivially Defeating Crypto Backdoors: You Can’t Stuff The Crypto Genie Back Into The Bottle Link to post -- Medium

RealWorldCyberSecurity – Medium Link to post -- Medium

Why you should switch to Signal or Telegram from WhatsApp, Today Link to post -- Medium

IE: Data of 9,735 teachers shared after ‘phishing’ email breach Link to post

First-Ever CCPA Cause of Action Filed in a Federal Court, but Is This Class Claim Short-Lived? Link to post

Video - 360 Total Security Essential vs Nemty Revenge ransomware | MalwareTips Community Link to post

Source code of Dharma ransomware pops up for sale on hacking forums Link to post

Phishing Attacks & How Can You Avoid Them? | LIFARS, Your Cyber Resiliency Partner Link to post -- Medium

Experts Insight On Watford Community Housing (WCH) Data Breach | Information Security Buzz Link to post

Zero Trust Security- Report 2019 | LIFARS, Your Cyber Resiliency Partner Link to post -- Medium

Malware from notorious FIN7 group is being delivered by snail mail - CyberScoop Link to post

New financially motivated attacks in Western Europe traced to Russian-speaking threat actorsSecurity Affairs Link to post

Chinese Hacker Group APT41 Uses Recent Exploits To Target Companies Worldwide | Information Security Buzz Link to post

LightSpy spyware infects iOS | Kaspersky official blog Link to post

Ryuk Ransomware continue to target hospitals during COVID19 outbreakSecurity Affairs Link to post

Social-engineering the FBI in 1971 / Boing Boing Link to post

CVE-2020-8816 – Pi-hole Remote Code Execution – Nate's Blog Link to post

A mysterious hacker group is eavesdropping on corporate email and FTP traffic | ZDNet Link to post

Popular Info Sec Tools | TechnoLush Link to post

Now that everyone's using Zoom, here are some privacy risks you need to watch out for - CNET Link to post

HOW to KEEP Your Packages SAFE (better than a glitter bomb) - YouTube Link to post

Hardware Solutions To Highly-Adversarial Environments - Whitebox Crypto vs TPM vs TEE vs Secure Enclaves vs Secure Elements vs HSM vs CloudHSM vs KMS - Part 1 Link to post

Password stealer Trojan – Malware Analysis | Malware Analysis Link to post

Incident: Melbourne IT services firm Geidi hit by REvil ransomware | iTWire - Australian Information Security Awareness and Advisory Link to post

Windows Portable Apps: Multi One Password Link to post

Friday Squid Blogging: Squid Can Edit Their Own Genome - Schneier on Security Link to post

JavaScript without parentheses using DOMMatrix | PortSwigger Research Link to post

While US Fights COVID-19, 83 Percent of Healthcare Systems Run Outdated Software | PCMag Link to post

Czech hospital hit by cyberattack while in the midst of a COVID-19 outbreak | ZDNet Link to post

Digital rights activists raise money for billboard criticizing Schiff over surveillance fight | TheHill Link to post

Story of Gus Weiss - Schneier on Security Link to post

FCC: Watch Out for Robocall Scams Offering Fake Coronavirus Test Kits | PCMag Link to post

Hack The Box - Sniper Link to post

YouTube Link to post

Working From Home | How to Use Zoom, Slack and Other Remote Software Safely | SentinelOne Link to post

Massive Pin Tumbler Lock. How Locks Work. FarmCraft101 - YouTube Link to post

Stalker | Frida • A world-class dynamic instrumentation framework Link to post

Ransomware Gangs to Stop Attacking Health Orgs During Pandemic - Geeks Gyaan Link to post

GitHub - m0bilesecurity/RMS-Runtime-Mobile-Security: Runtime Mobile Security (RMS) is a powerful web interface that helps you to manipulate Android Java Classes and Methods at Runtime Link to post

[011] Iseo F6 Extra S - pick + gut - YouTube Link to post

[5] Illinois Duo Cabinet Lock Picked - YouTube Link to post

Unidentified Database Exposes 200 Million Americans | CyberNews Link to post

Booz Allen analyzed 200+ Russian hacking operations to better understand their tactics | ZDNet Link to post

Detailed Audit of Voatz' Voting App Confirms Security Flaws Link to post

Hackers are targeting your kids to infect Android and Chromebook devices with malware | Laptop Mag Link to post

A call to developers (as a developer) - Benedikt Berger - Medium Link to post

Imperva WAF Bypass | TechAnarchy Link to post

Have you noticed a surge in phishing emails since the coronavirus outbreak? We have, too! | Laptop Mag Link to post

How to Hack a vulnerable Server? | vulnuni CTF walkthrough | GUnet 1.73 | Beginners Vulnhub Machine - YouTube Link to post

Data security: Are you in pray, hope or believe mode? | DigiconAsia Link to post

----Vulners.com High Sev. Last Day----

CVSS: 10.0 WAFs don't work Link to vuln / exploit

CVSS: 9.3 Recommended update for ruby2.5 (important) Link to vuln / exploit

CVSS: 9.0 rConfig 3.9.4 searchField Remote Code Execution Link to vuln / exploit

----NVD Last 3 Days----

CVE#: CVE-2020-10245 Published Date: 2020-03-26 CVSS: NO CVSS
Description: CODESYS V3 web server before 3.5.15.40, as used in CODESYS Control runtime systems, has a buffer overflow.

CVE#: CVE-2020-10508 Published Date: 2020-03-27 CVSS: NO CVSS
Description: Sunnet eHRD, a human training and development management system, improperly stores system files. Attackers can use a specific URL and capture confidential information.

CVE#: CVE-2020-10509 Published Date: 2020-03-27 CVSS: NO CVSS
Description: Sunnet eHRD, a human training and development management system, contains vulnerability of Cross-Site Scripting (XSS), attackers can inject arbitrary command into the system and launch XSS attack.

CVE#: CVE-2020-10510 Published Date: 2020-03-27 CVSS: NO CVSS
Description: Sunnet eHRD, a human training and development management system, contains a vulnerability of Broken Access Control. After login, attackers can use a specific URL, access unauthorized functionality and data.

CVE#: CVE-2020-10607 Published Date: 2020-03-27 CVSS: NO CVSS
Description: In Advantech WebAccess, Versions 8.4.2 and prior. A stack-based buffer overflow vulnerability caused by a lack of proper validation of the length of user-supplied data may allow remote code execution.

CVE#: CVE-2020-10817 Published Date: 2020-03-27 CVSS: NO CVSS
Description: The custom-searchable-data-entry-system (aka Custom Searchable Data Entry System) plugin through 1.7.1 for WordPress allows SQL Injection. NOTE: this product is discontinued.

CVE#: CVE-2020-10823 Published Date: 2020-03-26 CVSS: NO CVSS
Description: A stack-based buffer overflow in /cgi-bin/activate.cgi through var parameter on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request (issue 1 of 3).

CVE#: CVE-2020-10824 Published Date: 2020-03-26 CVSS: NO CVSS
Description: A stack-based buffer overflow in /cgi-bin/activate.cgi through ticket parameter on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request (issue 2 of 3).

CVE#: CVE-2020-10825 Published Date: 2020-03-26 CVSS: NO CVSS
Description: A stack-based buffer overflow in /cgi-bin/activate.cgi while base64 decoding ticket parameter on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request (issue 3 of 3).

CVE#: CVE-2020-10826 Published Date: 2020-03-26 CVSS: NO CVSS
Description: /cgi-bin/activate.cgi on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve command injection via a remote HTTP request in DEBUG mode.

CVE#: CVE-2020-10827 Published Date: 2020-03-26 CVSS: NO CVSS
Description: A stack-based buffer overflow in apmd on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request.

CVE#: CVE-2020-10828 Published Date: 2020-03-26 CVSS: NO CVSS
Description: A stack-based buffer overflow in cvmd on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request.

CVE#: CVE-2020-10939 Published Date: 2020-03-27 CVSS: NO CVSS
Description: Insecure, default path permissions in PHOENIX CONTACT PC WORX SRT through 1.14 allow for local privilege escalation.

CVE#: CVE-2020-10940 Published Date: 2020-03-27 CVSS: NO CVSS
Description: Local Privilege Escalation can occur in PHOENIX CONTACT PORTICO SERVER through 3.0.7 when installed to run as a service.

CVE#: CVE-2020-10952 Published Date: 2020-03-27 CVSS: NO CVSS
Description: GitLab EE/CE 8.11 through 12.9.1 allows blocked users to pull/push docker images.

CVE#: CVE-2020-10953 Published Date: 2020-03-27 CVSS: NO CVSS
Description: In GitLab EE 11.7 through 12.9, the NPM feature is vulnerable to a path traversal issue.

CVE#: CVE-2020-10954 Published Date: 2020-03-27 CVSS: NO CVSS
Description: GitLab through 12.9 is affected by a potential DoS in repository archive download.

CVE#: CVE-2020-10955 Published Date: 2020-03-27 CVSS: NO CVSS
Description: GitLab EE/CE 11.1 through 12.9 is vulnerable to parameter tampering on an upload feature that allows an unauthorized user to read content available under specific folders.

CVE#: CVE-2020-10956 Published Date: 2020-03-27 CVSS: NO CVSS
Description: GitLab 8.10 and later through 12.9 is vulnerable to an SSRF in a project import note feature.

CVE#: CVE-2020-10968 Published Date: 2020-03-26 CVSS: NO CVSS
Description: FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy).

CVE#: CVE-2020-10969 Published Date: 2020-03-26 CVSS: NO CVSS
Description: FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane.

CVE#: CVE-2020-10990 Published Date: 2020-03-27 CVSS: NO CVSS
Description: An XXE issue exists in Accenture Mercury before 1.12.28 because of the platformlambda/core/serializers/SimpleXmlParser.java component.

CVE#: CVE-2020-10991 Published Date: 2020-03-27 CVSS: NO CVSS
Description: Mulesoft APIkit through 1.3.0 allows XXE because of validation/RestXmlSchemaValidator.java

CVE#: CVE-2020-10992 Published Date: 2020-03-27 CVSS: NO CVSS
Description: Azkaban through 3.84.0 allows XXE, related to validator/XmlValidatorManager.java and user/XmlUserManager.java.

CVE#: CVE-2020-10993 Published Date: 2020-03-27 CVSS: NO CVSS
Description: Osmand through 2.0.0 allow XXE because of binary/BinaryMapIndexReader.java.

CVE#: CVE-2020-1764 Published Date: 2020-03-26 CVSS: NO CVSS
Description: A hard-coded cryptographic key vulnerability in the default configuration file was found in Kiali, all versions prior to 1.15.1. A remote attacker could abuse this flaw by creating their own JWT signed tokens and bypass Kiali authentication mechanisms, possibly gaining privileges to view and alter the Istio configuration.

CVE#: CVE-2020-1769 Published Date: 2020-03-27 CVSS: NO CVSS
Description: In the login screens (in agent and customer interface), Username and Password fields use autocomplete, which might be considered as security issue. This issue affects: ((OTRS)) Community Edition: 5.0.41 and prior versions, 6.0.26 and prior versions. OTRS: 7.0.15 and prior versions.

CVE#: CVE-2020-1770 Published Date: 2020-03-27 CVSS: NO CVSS
Description: Support bundle generated files could contain sensitive information that might be unwanted to be disclosed. This issue affects: ((OTRS)) Community Edition: 5.0.41 and prior versions, 6.0.26 and prior versions. OTRS: 7.0.15 and prior versions.

CVE#: CVE-2020-1771 Published Date: 2020-03-27 CVSS: NO CVSS
Description: Attacker is able craft an article with a link to the customer address book with malicious content (JavaScript). When agent opens the link, JavaScript code is executed due to the missing parameter encoding. This issue affects: ((OTRS)) Community Edition: 6.0.26 and prior versions. OTRS: 7.0.15 and prior versions.

CVE#: CVE-2020-1772 Published Date: 2020-03-27 CVSS: NO CVSS
Description: It's possible to craft Lost Password requests with wildcards in the Token value, which allows attacker to retrieve valid Token(s), generated by users which already requested new passwords. This issue affects: ((OTRS)) Community Edition 5.0.41 and prior versions, 6.0.26 and prior versions. OTRS: 7.0.15 and prior versions.

CVE#: CVE-2020-1773 Published Date: 2020-03-27 CVSS: NO CVSS
Description: It's possible that an authenticated user guess other session IDs based on its own. Also it's possible to guess a password reset token or an automated password generated. This issue affects ((OTRS)) Community Edition: 5.0.41 and prior versions, 6.0.26 and prior versions. OTRS; 7.0.15 and prior versions.

CVE#: CVE-2020-1800 Published Date: 2020-03-26 CVSS: NO CVSS
Description: HUAWEI smartphones P30 with versions earlier than 10.0.0.185(C00E85R1P11) have an improper access control vulnerability. The software incorrectly restricts access to a function interface from an unauthorized actor, the attacker tricks the user into installing a crafted application, successful exploit could allow the attacker do certain unauthenticated operations.

CVE#: CVE-2020-3920 Published Date: 2020-03-27 CVSS: NO CVSS
Description: UltraLog Express device management interface does not properly perform access authentication in some specific pages/functions. Any user can access the privileged page to manage accounts through specific system directory.

CVE#: CVE-2020-3921 Published Date: 2020-03-27 CVSS: NO CVSS
Description: UltraLog Express device management software stores user’s information in cleartext. Any user can obtain accounts information through a specific page.

CVE#: CVE-2020-3936 Published Date: 2020-03-27 CVSS: NO CVSS
Description: UltraLog Express device management interface does not properly filter user inputted string in some specific parameters, attackers can inject arbitrary SQL command.

CVE#: CVE-2020-4276 Published Date: 2020-03-26 CVSS: NO CVSS
Description: IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional is vulnerable to a privilege escalation vulnerability when using token-based authentication in an admin request over the SOAP connector. X-Force ID: 175984.

CVE#: CVE-2020-5129 Published Date: 2020-03-26 CVSS: NO CVSS
Description: A vulnerability in the SonicWall SMA1000 HTTP Extraweb server allows an unauthenticated remote attacker to cause HTTP server crash which leads to Denial of Service. This vulnerability affected SMA1000 Version 12.1.0-06411 and earlier.

CVE#: CVE-2020-5339 Published Date: 2020-03-26 CVSS: NO CVSS
Description: RSA Authentication Manager versions prior to 8.4 P10 contain a stored cross-site scripting vulnerability in the Security Console. A malicious RSA Authentication Manager Security Console administrator with advanced privileges could exploit this vulnerability to store arbitrary HTML or JavaScript code through the Security Console web interface. When other Security Console administrators open the affected report page, the injected scripts could potentially be executed in their browser.

CVE#: CVE-2020-5340 Published Date: 2020-03-26 CVSS: NO CVSS
Description: RSA Authentication Manager versions prior to 8.4 P10 contain a stored cross-site scripting vulnerability in the Security Console. A malicious RSA Authentication Manager Security Console administrator with advanced privileges could exploit this vulnerability to store arbitrary HTML or JavaScript code through the Security Console web interface. When other Security Console administrators attempt to change the default security domain mapping, the injected scripts could potentially be executed in their browser.

CVE#: CVE-2020-5857 Published Date: 2020-03-27 CVSS: NO CVSS
Description: On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2.2, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, undisclosed HTTP behavior may lead to a denial of service.

CVE#: CVE-2020-5858 Published Date: 2020-03-27 CVSS: NO CVSS
Description: On BIG-IP 15.0.0-15.0.1.2, 14.1.0-14.1.2.2, 13.1.0-13.1.3.2, 12.1.0-12.1.5, and 11.5.2-11.6.5.1 and BIG-IQ 7.0.0, 6.0.0-6.1.0, and 5.2.0-5.4.0, users with non-administrator roles (for example, Guest or Resource Administrator) with tmsh shell access can execute arbitrary commands with elevated privilege via a crafted tmsh command.

CVE#: CVE-2020-5859 Published Date: 2020-03-27 CVSS: NO CVSS
Description: On BIG-IP 15.1.0.1, specially formatted HTTP/3 messages may cause TMM to produce a core file.

CVE#: CVE-2020-5860 Published Date: 2020-03-27 CVSS: NO CVSS
Description: On BIG-IP 15.0.0-15.1.0.2, 14.1.0-14.1.2.3, 13.1.0-13.1.3.2, 12.1.0-12.1.5.1, and 11.5.2-11.6.5.1 and BIG-IQ 7.0.0, 6.0.0-6.1.0, and 5.2.0-5.4.0, in a High Availability (HA) network failover in Device Service Cluster (DSC), the failover service does not require a strong form of authentication and HA network failover traffic is not encrypted by Transport Layer Security (TLS).

CVE#: CVE-2020-5861 Published Date: 2020-03-27 CVSS: NO CVSS
Description: On BIG-IP 12.1.0-12.1.5, the TMM process may produce a core file in some cases when Ram Cache incorrectly optimizes stored data resulting in memory errors.

CVE#: CVE-2020-5862 Published Date: 2020-03-27 CVSS: NO CVSS
Description: On BIG-IP 15.1.0-15.1.0.1, 15.0.0-15.0.1.1, and 14.1.0-14.1.2.2, under certain conditions, TMM may crash or stop processing new traffic with the DPDK/ENA driver on AWS systems while sending traffic. This issue does not affect any other platforms, hardware or virtual, or any other cloud provider since the affected driver is specific to AWS.

CVE#: CVE-2020-5863 Published Date: 2020-03-27 CVSS: NO CVSS
Description: In NGINX Controller versions prior to 3.2.0, an unauthenticated attacker with network access to the Controller API can create unprivileged user accounts. The user which is created is only able to upload a new license to the system but cannot view or modify any other components of the system.

CVE#: CVE-2020-6095 Published Date: 2020-03-27 CVSS: NO CVSS
Description: An exploitable denial of service vulnerability exists in the GstRTSPAuth functionality of GStreamer/gst-rtsp-server 1.14.5. A specially crafted RTSP setup request can cause a null pointer deference resulting in denial-of-service. An attacker can send a malicious packet to trigger this vulnerability.

CVE#: CVE-2020-6999 Published Date: 2020-03-26 CVSS: NO CVSS
Description: In Moxa EDS-G516E Series firmware, Version 5.2 or lower, some of the parameters in the setting pages do not ensure text is the correct size for its buffer.

CVE#: CVE-2020-7260 Published Date: 2020-03-26 CVSS: NO CVSS
Description: DLL Side Loading vulnerability in the installer for McAfee Application and Change Control (MACC) prior to 8.3 allows local users to execute arbitrary code via execution from a compromised folder.

CVE#: CVE-2020-7918 Published Date: 2020-03-27 CVSS: NO CVSS
Description: An insecure direct object reference in webmail in totemo totemomail 7.0.0 allows an authenticated remote user to read and modify mail folder names of other users via enumeration.

CVE#: CVE-2020-7944 Published Date: 2020-03-26 CVSS: NO CVSS
Description: In Continuous Delivery for Puppet Enterprise (CD4PE) before 3.4.0, changes to resources or classes containing Sensitive parameters can result in the Sensitive parameters ending up in the impact analysis report.

CVE#: CVE-2020-8551 Published Date: 2020-03-27 CVSS: NO CVSS
Description: The Kubelet component in versions 1.15.0-1.15.9, 1.16.0-1.16.6, and 1.17.0-1.17.2 has been found to be vulnerable to a denial of service attack via the kubelet API, including the unauthenticated HTTP read-only API typically served on port 10255, and the authenticated HTTPS API typically served on port 10250.

CVE#: CVE-2020-8552 Published Date: 2020-03-27 CVSS: NO CVSS
Description: The Kubernetes API server component in versions prior to 1.15.9, 1.16.0-1.16.6, and 1.17.0-1.17.2 has been found to be vulnerable to a denial of service attack via successful API requests.

CVE#: CVE-2020-8910 Published Date: 2020-03-26 CVSS: NO CVSS
Description: A URL parsing issue in goog.uri of the Google Closure Library versions up to and including v20200224 allows an attacker to send malicious URLs to be parsed by the library and return the wrong authority. Mitigation: update your library to version v20200315.

CVE#: CVE-2020-8923 Published Date: 2020-03-26 CVSS: NO CVSS
Description: An improper HTML sanitization in Dart versions up to and including 2.7.1 and dev versions 2.8.0-dev.16.0, allows an attacker leveraging DOM Clobbering techniques to skip the sanitization and inject custom html/javascript (XSS). Mitigation: update your Dart SDK to 2.7.2, and 2.8.0-dev.17.0 for the dev version. If you cannot update, we recommend you review the way you use the affected APIs, and pay special attention to cases where user-provided data is used to populate DOM nodes. Consider using Element.innerText or Node.text to populate DOM elements.

CVE#: CVE-2020-9065 Published Date: 2020-03-26 CVSS: NO CVSS
Description: Huawei smart phone Taurus-AL00B with versions earlier than 10.0.0.203(C00E201R7P2) have a use-after-free (UAF) vulnerability. An authenticated, local attacker may perform specific operations to exploit this vulnerability. Successful exploitation may tamper with the information to affect the availability.

CVE#: CVE-2020-9066 Published Date: 2020-03-26 CVSS: NO CVSS
Description: Huawei smartphones OxfordP-AN10B with versions earlier than 10.0.1.169(C00E166R4P1) have an improper authentication vulnerability. The Application doesn't perform proper authentication when user performs certain operations. An attacker can trick user into installing a malicious plug-in to exploit this vulnerability. Successful exploit could allow the attacker to bypass the authentication to perform unauthorized operations.

CVE#: CVE-2020-9467 Published Date: 2020-03-26 CVSS: 2.7
Description: Piwigo 2.10.1 has stored XSS via the file parameter in a /ws.php request because of the pwg.images.setInfo function.

CVE#: CVE-2020-9468 Published Date: 2020-03-26 CVSS: NO CVSS
Description: The Community plugin 2.9.e-beta for Piwigo allows users to set image information on images in albums for which they do not have permission, by manipulating the image_id parameter.

CVE#: CVE-2020-9521 Published Date: 2020-03-26 CVSS: NO CVSS
Description: An SQL injection vulnerability was discovered in Micro Focus Service Manager Automation (SMA), affecting versions 2019.08, 2019.05, 2019.02, 2018.08, 2018.05, 2018.02. The vulnerability could allow for the improper neutralization of special elements in SQL commands and may lead to the product being vulnerable to SQL injection.

----Hacking Updates----

willshiao updated CheaterBeater. This repo has 3 stars and 1 watchers. This repo was created on 2020-03-28. --- LA Hacks 2020 project. Link to Repo

adrianblancode updated Cheddar. This repo has 14 stars and 3 watchers. This repo was created on 2015-07-25. --- Hacker News reader for Android Link to Repo

walterli97 updated LAHackCoronaVirus. This repo has 0 stars and 2 watchers. This repo was created on 2020-03-28. --- LA Hack code repo Link to Repo

Frederick-S updated sp-hacker-news. This repo has 0 stars and 1 watchers. This repo was created on 2020-03-25. --- A simple Hacker News client for SharePoint Online. Link to Repo

Kaosam updated HTBWriteups. This repo has 2 stars and 2 watchers. This repo was created on 2020-02-08. --- Writeups of Hack The Box machines, Italian and English languages Link to Repo

vasuadari updated hacker_news_alert. This repo has 0 stars and 1 watchers. This repo was created on 2020-03-28. --- Email alert for Hacker News. Link to Repo

hackerrishad updated Facebook-Hacking-Framework. This repo has 0 stars and 1 watchers. This repo was created on 2020-03-29. --- None Link to Repo

gits-lit updated place.it. This repo has 0 stars and 4 watchers. This repo was created on 2020-03-28. --- We are hacking LA Hacks 2020 Link to Repo

SimonCropp updated SetStartupProjects. This repo has 19 stars and 5 watchers. This repo was created on 2015-05-16. --- Setting Visual Studio startup projects by hacking the suo Link to Repo

peterbartels updated dutch-hacking-health-corona-15. This repo has 0 stars and 1 watchers. This repo was created on 2020-03-27. --- Hackathon for Dutch Hacking Health so that people can share their knowledge and profile so that they can contribute in helping combat COVID-19 Link to Repo

tim-nguyen-cs updated cuarantine-collab-compete. This repo has 0 stars and 1 watchers. This repo was created on 2020-03-28. --- LA Hacks 2020 Link to Repo

noplacenoaddress updated RNMnetwork. This repo has 0 stars and 1 watchers. This repo was created on 2019-07-15. --- The worldwide neural monitoring network. The "Illuminati" facility, a fraud. Organized harassment. Humans hacking. A site full of violence. The ELF SLF and MF noble present middle age. Where all the people that I know have tortured me. Link to Repo

sushmithaat updated 100daysofcode-hackerrank. This repo has 0 stars and 1 watchers. This repo was created on 2020-03-26. --- Solve the problems on Hacker Rank->Problem Solving->Algorithms Link to Repo

Ultimate-Hosts-Blacklist updated The-Big-List-of-Hacked-Malware-Web-Sites. This repo has 3 stars and 3 watchers. This repo was created on 2018-04-04. --- Test of https://github.com/mitchellkrogza/The-Big-List-of-Hacked-Malware-Web-Sites/blob/master/hacked-domains.list Link to Repo

wyqdgggfk updated Note-For-Hacking-with-macOS. This repo has 0 stars and 1 watchers. This repo was created on 2020-02-20. --- This is just a note for Hacking with macOS,I create this repository for macOS App develop learning,the original author is Paul Hudson,everyone can buy his ebook on hackingwithswift.com Link to Repo

kauxheek updated Message-Automation-In-facebook. This repo has 0 stars and 1 watchers. This repo was created on 2020-03-29. --- It contains python script to automate messaging in facebbok without any api Link to Repo

givo-io updated covid19hack2020. This repo has 0 stars and 2 watchers. This repo was created on 2020-03-26. --- Hacking together on the webportal for GIVO Link to Repo

CoditEU updated htc-social-connect. This repo has 1 stars and 4 watchers. This repo was created on 2020-03-25. --- A cloud based application that we build for Hack The Crisis, an attempt to leverage cloud technology to help elderly people in isolation Link to Repo

sc2-mkr updated hack_at_home_java. This repo has 0 stars and 1 watchers. This repo was created on 2020-03-27. --- 28/03/2020 Hack@Home competition Java backend part Link to Repo

mitchellkrogza updated Suspicious.Snooping.Sniffing.Hacking.IP.Addresses. This repo has 12 stars and 2 watchers. This repo was created on 2018-04-12. --- A daily updated list of suspicious, snooping, sniffing and hacking attempts from IP addresses against services like SSH, HTTP and Wordpress Hack Attempts Link to Repo

INDIATECHYOUTUBE updated Phishcan-windows. This repo has 0 stars and 1 watchers. This repo was created on 2020-03-26. --- HACK 18 SOCIAL ACCOUNT IN WINDOWS Link to Repo

telvinni97 updated CovidScreening. This repo has 0 stars and 1 watchers. This repo was created on 2020-03-28. --- LA Hacks 2020 Link to Repo

KKovs updated SpellFire. This repo has 1 stars and 2 watchers. This repo was created on 2019-09-22. --- World of Warcraft hacking framework Link to Repo

anderson-tsai updated Drive-Safe. This repo has 0 stars and 1 watchers. This repo was created on 2020-03-28. --- Submission for LA Hacks 2020. Created by Anderson Tsai, Brad Byun, Christopher Mouri, and Kevin Tu. Link to Repo

dead-hosts updated The-Big-List-of-Hacked-Malware-Web-Sites_git_mitchellkrogza. This repo has 5 stars and 2 watchers. This repo was created on 2018-01-10. --- Test of https://github.com/mitchellkrogza/The-Big-List-of-Hacked-Malware-Web-Sites Link to Repo

----Security Updates----

slegga updated nginx-security. This repo has 0 stars and 1 watchers. This repo was created on 2020-01-19. --- guard and login perl scripts to use in nginx auth_request system. Link to Repo

edoardottt updated pwd-safety. This repo has 2 stars and 0 watchers. This repo was created on 2020-03-14. --- 🔒command line tool checking password safety🔒 Link to Repo

2cloudlab updated module_security. This repo has 0 stars and 1 watchers. This repo was created on 2020-03-05. --- None Link to Repo

Jasleen1493 updated code-done-right. This repo has 0 stars and 1 watchers. This repo was created on 2020-03-28. --- End to end software application development with CI/CD, cloud deployment and security enabled Link to Repo

secdev updated scapy. This repo has 5025 stars and 183 watchers. This repo was created on 2015-10-01. --- Scapy: the Python-based interactive packet manipulation program & library. Supports Python 2 & Python 3. Link to Repo

Peergos updated Peergos. This repo has 730 stars and 53 watchers. This repo was created on 2013-08-23. --- A decentralised, secure file storage and social network Link to Repo

birdhan updated NetworkSecurity. This repo has 1 stars and 0 watchers. This repo was created on 2019-07-01. --- 渗透测试工具 Link to Repo

complexorganizations updated wireguard-manager. This repo has 416 stars and 12 watchers. This repo was created on 2019-02-13. --- Self-hosted Wireguard Installer / Manager for CentOS, Debian, Ubuntu, Arch, Fedora, Redhat, Raspbian Link to Repo

1170301027 updated Network_Security. This repo has 0 stars and 1 watchers. This repo was created on 2020-03-25. --- This repo is about hit network security course lab. Link to Repo

dunwu updated spring-security-template. This repo has 0 stars and 1 watchers. This repo was created on 2020-03-29. --- None Link to Repo

Psy367 updated Psy-Plosion. This repo has 1 stars and 1 watchers. This repo was created on 2019-10-24. --- "Salute in salutations world‐wisely, electric air‐wavers, temporal materialists, the bloody dirty and non for we all swim in Sol. Alleviated we, Quasi‐Satya⸗Empyrean‐Theatre modifying in intent extend our reach into the abysmal‐abyssal of the deepest quarks to the incredibly expansive superstar‐clusters. You may all rest in peace your security is assured. Prestigious, of heightest order our leveraging solicitors and hardened, bleach marshal‐militant enforcers will claim existence."(+∞-~∞)psy367. Link to Repo

eugenp updated tutorials. This repo has 20149 stars and 1422 watchers. This repo was created on 2013-04-29. --- Just Announced - "Learn Spring Security OAuth": Link to Repo

phax updated ph-commons. This repo has 21 stars and 3 watchers. This repo was created on 2014-08-18. --- Java 1.8+ Library with tons of utility classes required in all projects Link to Repo

M66B updated FairEmail. This repo has 867 stars and 72 watchers. This repo was created on 2018-08-02. --- Fully featured, open source, privacy friendly email app for Android Link to Repo

Hack23 updated sonar-cloudformation-plugin. This repo has 3 stars and 1 watchers. This repo was created on 2019-05-31. --- Sonar cloudformation plugin Link to Repo

ayumi-cloud updated oc-security-module. This repo has 4 stars and 4 watchers. This repo was created on 2019-12-04. --- Repo to gather security enhancement ideas and monitor progress on the security module (part of several modules making up the October II update). Link to Repo

kvravikumar updated eSecurityNew. This repo has 0 stars and 2 watchers. This repo was created on 2020-03-26. --- None Link to Repo

abhishekkundlas updated SpringBoot2.x-2020. This repo has 0 stars and 1 watchers. This repo was created on 2020-03-15. --- A multi maven sample project with Spring Boot 2.x + JWT security +Spring data jpa ( PostgreSQL BD ) + log4j2 + global exception handling + Sonarqube + Swagger technology Link to Repo

ramureddymca updated spring-boot-security-jwt. This repo has 0 stars and 1 watchers. This repo was created on 2020-03-29. --- Spring-Boot Security Sample Rest with JWT and H2 database example Link to Repo

Baeldung updated spring-security-oauth. This repo has 1233 stars and 137 watchers. This repo was created on 2016-03-02. --- Just Announced - "Learn Spring Security OAuth": Link to Repo

bokuwagaijin updated security-strategy-essentials. This repo has 0 stars and 1 watchers. This repo was created on 2020-03-29. --- None Link to Repo

fcrisanti updated fc-project-management. This repo has 0 stars and 1 watchers. This repo was created on 2020-03-18. --- Project Portfolio Management made with Spring, Hibernate, JS, Thymeleaf, PostgreSQL, Spring Security (work in progress) Link to Repo

elohopea updated security-in-microservices. This repo has 0 stars and 1 watchers. This repo was created on 2019-12-22. --- My Bachelor's thesis. Aalto University. Computer Science. Security in Microservices. Link to Repo

Captain-Sangam updated Arduino-Based-Home-Security-System. This repo has 0 stars and 0 watchers. This repo was created on 2016-10-15. --- A completer Home Security system based on Arduino with multiple sensors to monitor status, pin based entry and locking, GSM shield to give instrusion alerts via SMS. Read Read_me.txt for Additional Details and How to use the project. Link to Repo

romeliotavasjr updated go-crypto. This repo has 0 stars and 1 watchers. This repo was created on 2020-03-29. --- Implementing SHA-512 for an Information Security Class Link to Repo

----PoC Updates----

rajagurunath updated Active-Learning-in-Text-classification. This repo has 2 stars and 1 watchers. This repo was created on 2018-12-22. --- A Small Proof of concepts to illustrate Active learning in Text classification usecases Link to Repo

Ciusss89 updated gtip-thesis. This repo has 0 stars and 1 watchers. This repo was created on 2020-03-29. --- Proof of concept: protocol to scan nodes and instaurate a fault-tolerant communication Link to Repo

edwinRNDR updated poc-orx-keyframer. This repo has 0 stars and 1 watchers. This repo was created on 2020-03-29. --- Proof-of-concept for a reusable keyframer Link to Repo

Salabar updated dynamic_graph. This repo has 4 stars and 3 watchers. This repo was created on 2019-08-17. --- proof-of-concept graphs library for Rust Link to Repo

jeffreykhong1 updated AID.One-App-Demo. This repo has 0 stars and 1 watchers. This repo was created on 2019-09-09. --- A proof-of-concept mobile implementation of a validated artificial intelligence based personalized dosing platform intended for clinician use. Link to Repo

Immueggpain updated forwardproto. This repo has 2 stars and 2 watchers. This repo was created on 2018-08-14. --- A naive forwarding protocol. This is a proof of concept (PoC). Link to Repo

zrrrzzt updated lndr-poc. This repo has 0 stars and 1 watchers. This repo was created on 2019-12-29. --- Proof of concept for lndr Link to Repo

mrfaildeveloper updated alt-prng. This repo has 0 stars and 1 watchers. This repo was created on 2020-03-06. --- # Alt-PRNG is a Proof of Concept POC not to use the Computer and to go full Autonomic Retard (prng*7.8*prng) … Link to Repo

findinpath updated postgres-spring-boot-dynamicpropertysource. This repo has 0 stars and 1 watchers. This repo was created on 2020-03-29. --- Proof of concept for using the `DynamicPropertySource` spring annotation in tests requiring PostgreSQL Link to Repo

abaplint updated transpiler. This repo has 5 stars and 4 watchers. This repo was created on 2020-02-26. --- Proof of Concept - Very much work in progress Link to Repo

lxman updated WinformRemoteControl. This repo has 0 stars and 1 watchers. This repo was created on 2020-03-29. --- A proof of concept to demonstrate a relatively unobtrusive way to remote control a winform app Link to Repo

mmcc1 updated BitcoinECDSA. This repo has 0 stars and 1 watchers. This repo was created on 2020-03-29. --- Proof of concept GANN-based cracker of Bitcoin ECDSA Link to Repo

acrosman updated electronForce. This repo has 0 stars and 1 watchers. This repo was created on 2020-03-23. --- This is a basic proof-of-concept level wrapper of Electron around JSForce. The intention is to do more interesting things in the future, but first having a simple cross-platform application to run Salesforce API calls in an interface seems useful. Link to Repo

vikiarora updated VNinAction. This repo has 1 stars and 1 watchers. This repo was created on 2020-03-29. --- Vishal Nagpal repository to do proof of concept for DevOps, Data Science and Python Link to Repo

digital-land updated map-templates. This repo has 0 stars and 3 watchers. This repo was created on 2020-03-17. --- A proof-of-concept for splitting out maps into templates to be consumed by Nunjucks Link to Repo

sceptre12 updated Cesium-React-Wrapper. This repo has 0 stars and 1 watchers. This repo was created on 2020-03-28. --- Creating a small proof of concept. for integrating cesium with react. Link to Repo

vivichrist updated TestingApp. This repo has 0 stars and 1 watchers. This repo was created on 2020-03-04. --- Proof of concept Google login page Link to Repo

jonnyohjonnyo updated codequality-poc. This repo has 0 stars and 1 watchers. This repo was created on 2020-03-28. --- Code Quality Proof Of Concept Link to Repo

dynamoRando updated FrostDB. This repo has 0 stars and 1 watchers. This repo was created on 2019-09-25. --- A proof of concept project of a Cooperative Database System Link to Repo

jlfwong updated stardew-valley-save-editor. This repo has 0 stars and 1 watchers. This repo was created on 2020-03-28. --- A really simple proof of concept of editing Stardew Valley save files totally in-browser Link to Repo

JonathanMaccollum updated AstroPatchwork. This repo has 1 stars and 1 watchers. This repo was created on 2020-02-01. --- Project Patchwork DZI Proof Of Concept Link to Repo

imbsky updated coq-to-ocaml-to-js. This repo has 16 stars and 2 watchers. This repo was created on 2019-10-24. --- Proof of concept to generate safe and fast JavaScript Link to Repo

HerCerM updated gdhe_arch_prototype. This repo has 0 stars and 1 watchers. This repo was created on 2020-03-28. --- Quick and small prototype as a proof of concept for an MVC architecture Link to Repo

arontolentino updated managing-local-markets. This repo has 0 stars and 1 watchers. This repo was created on 2020-03-18. --- A proof of concept web app for matching local bank offers Link to Repo

aarona updated dja_example. This repo has 0 stars and 1 watchers. This repo was created on 2020-03-27. --- A proof-of-concept site utilizing devise_jwt_auth Link to Repo

----#MALWARE----

SamuelRF1981 --> RT @AEPD_es: Los ciberdelincuentes utilizan el #Coronavirus para realizar ataques de #phishing o #malware a través de apps de mensajería in…

Global_hackers --> RT @PhishFindR: 🎣 PhishFindR Found:

11 NEW #Phishing #Domains 🌐

@ 21:14:38 > https://t.co/D0bPPArRxa

🌐 Found Today: 434 > https://t.co/D0b… Link with Tweet

mercaderd --> RT @AEPD_es: Los ciberdelincuentes utilizan el #Coronavirus para realizar ataques de #phishing o #malware a través de apps de mensajería in…

sectest9 --> RT @HeliosCert: Sample submitted

2020-03-29 09:00:02

Dionaea Honeypot

Protocol: smbd

Sources: ::ffff:186.43.32.98

2ff1df503e8b52454c27c3…

CyberSecurityN8 --> RT @HeliosCert: Sample submitted

2020-03-29 09:00:02

Dionaea Honeypot

Protocol: smbd

Sources: ::ffff:186.43.32.98

2ff1df503e8b52454c27c3…

SeVConsulting1 --> The latest SeV Consulting : Digital Leadership & Information Technology! https://t.co/TxtN9SauX7 and for more great… https://t.co/BFRMBC3w8e Link with Tweet Link with Tweet

BorskiKay --> RT @HeliosCert: Sample submitted

2020-03-29 09:00:02

Dionaea Honeypot

Protocol: smbd

Sources: ::ffff:186.43.32.98

2ff1df503e8b52454c27c3…

CyberSecCare --> RT @AuCyble: Indonesia-based, Strategic Intelligence Company, left their Kibana engine open on the internet exposing over 300 million recor…

cybersec_feeds --> RT @AuCyble: Indonesia-based, Strategic Intelligence Company, left their Kibana engine open on the internet exposing over 300 million recor…

HeliosCert --> Sample submitted

2020-03-29 09:00:02

Dionaea Honeypot

Protocol: smbd

Sources: ::ffff:186.43.32.98

2ff1df503e8b52… https://t.co/QtP0Xy970a Link with Tweet

LabsReason --> RT @ReasonCSecurity: Attackers are leveraging the #coronavirus pandemic with fake donation webpages, credit card phishing, PayPal integrati…

ChrisVolbert --> RT @PhishStats: https://t.co/MAuIXRvYiq detected 26 new websites hosting #phishing | new today: 66 | #infosec #cybersecurity #malware https… Link with Tweet

MaltrakN --> RT @db_digest: FBI Takes Down Russian Hacker Platform https://t.co/xLbMjrpAx3

https://t.co/7QAOWrzLIp

#databreach #databreaches #databreach… Link with Tweet Link with Tweet

ReasonCSecurity --> Attackers are leveraging the #coronavirus pandemic with fake donation webpages, credit card phishing, PayPal integr… https://t.co/a1yvU4dVOL Link with Tweet

CyberSecCare --> RT @db_digest: FBI Takes Down Russian Hacker Platform https://t.co/xLbMjrpAx3

https://t.co/7QAOWrzLIp

#databreach #databreaches #databreach… Link with Tweet Link with Tweet

----#PHISHING----

trabajosdiscapa --> RT @guardiacivil: 🔊 Detectada campaña de SMS, con asunto “ERTE”, en los que se suplanta al Servicio Público de Empleo (SEPE). Informan de u…

COLIBRI01751374 --> RT @guardiacivil: 🔊 Detectada campaña de SMS, con asunto “ERTE”, en los que se suplanta al Servicio Público de Empleo (SEPE). Informan de u…

vvalvazquez --> RT @guardiacivil: 🔊 Detectada campaña de SMS, con asunto “ERTE”, en los que se suplanta al Servicio Público de Empleo (SEPE). Informan de u…

EduardoBejarMe1 --> RT @policia: ¡OJO A ESTE MENSAJE!

Recuerda que tu banco nunca te avisaría de un problema en tu cuenta a través de email o sms.

✔No pinch…

Manolo67554861 --> RT @guardiacivil: 🔊 Detectada campaña de SMS, con asunto “ERTE”, en los que se suplanta al Servicio Público de Empleo (SEPE). Informan de u…

FernandoGodino --> RT @guardiacivil: 🔊 Detectada campaña de SMS, con asunto “ERTE”, en los que se suplanta al Servicio Público de Empleo (SEPE). Informan de u…

SamuelRF1981 --> RT @AEPD_es: Los ciberdelincuentes utilizan el #Coronavirus para realizar ataques de #phishing o #malware a través de apps de mensajería in…

Silvest65725088 --> RT @guardiacivil: 🔊 Detectada campaña de SMS, con asunto “ERTE”, en los que se suplanta al Servicio Público de Empleo (SEPE). Informan de u…

ShaheenBaberCI --> RT @PSsafercomms: If you choose to do more online shopping at this time, follow the NCSC guidance for 'Shopping Online Securely - Don't get…

auroraf80 --> RT @guardiacivil: 🔊 Detectada campaña de SMS, con asunto “ERTE”, en los que se suplanta al Servicio Público de Empleo (SEPE). Informan de u…

tihagoaquin --> RT @guardiacivil: 🔊 Detectada campaña de SMS, con asunto “ERTE”, en los que se suplanta al Servicio Público de Empleo (SEPE). Informan de u…

figlesi_ --> RT @guardiacivil: 🔊 Detectada campaña de SMS, con asunto “ERTE”, en los que se suplanta al Servicio Público de Empleo (SEPE). Informan de u…

Primi_tonni --> RT @guardiacivil: 🔊 Detectada campaña de SMS, con asunto “ERTE”, en los que se suplanta al Servicio Público de Empleo (SEPE). Informan de u…

AnaMartinezCCOO --> RT @guardiacivil: 🔊 Detectada campaña de SMS, con asunto “ERTE”, en los que se suplanta al Servicio Público de Empleo (SEPE). Informan de u…

gameiro1991 --> RT @guardiacivil: 🔊 Detectada campaña de SMS, con asunto “ERTE”, en los que se suplanta al Servicio Público de Empleo (SEPE). Informan de u…

----#OSINT----

WebSecurityIT --> RT @dessantx: Now you can identify logos and symbols in images with Search by Image using the newly added search engines for finding tradem…

_twitwork --> RT @G_Karayannis: So, we got this spot-on >> #Hubei residents appear to attack police as travel restrictions relaxed https://t.co/6xFzasi4N…

WebSecurityIT --> RT @G_Karayannis: So, we got this spot-on >> #Hubei residents appear to attack police as travel restrictions relaxed https://t.co/6xFzasi4N…

tshirtman --> RT @dessantx: Now you can identify logos and symbols in images with Search by Image using the newly added search engines for finding tradem…

G_Karayannis --> So, we got this spot-on >> #Hubei residents appear to attack police as travel restrictions relaxed… https://t.co/cnYXTBxeFq Link with Tweet

WebSecurityIT --> RT @BelevgEvgeny: A good #OSINT post and guide from @chihebchebbi201 https://t.co/KmqdsJNgOB Link with Tweet

_twitwork --> RT @BelevgEvgeny: A good #OSINT post and guide from @chihebchebbi201 https://t.co/KmqdsJNgOB Link with Tweet

0xswapnil --> RT @0xdotexe: Excel up your twitter search in few tweets [ 1/n ]

"abcdef" -> Search exact phrase

OR/AND -> Logical operators

- (dash) -> E…

chewiekibkib --> RT @BelevgEvgeny: A good #OSINT post and guide from @chihebchebbi201 https://t.co/KmqdsJNgOB Link with Tweet

sectest9 --> RT @BenOwen42: Oh to be on the road again travelling the world with @DanniGBrooke ✈️🛫 #cybersecurity #OSINT https://t.co/EURH3aZT9f

RDSWEB --> RT @BelevgEvgeny: A good #OSINT post and guide from @chihebchebbi201 https://t.co/KmqdsJNgOB Link with Tweet

CyberSecurityN8 --> RT @BenOwen42: Oh to be on the road again travelling the world with @DanniGBrooke ✈️🛫 #cybersecurity #OSINT https://t.co/EURH3aZT9f

RDSWEB --> RT @BenOwen42: Oh to be on the road again travelling the world with @DanniGBrooke ✈️🛫 #cybersecurity #OSINT https://t.co/EURH3aZT9f

cephalopodluke2 --> RT @BenOwen42: Oh to be on the road again travelling the world with @DanniGBrooke ✈️🛫 #cybersecurity #OSINT https://t.co/EURH3aZT9f

BelevgEvgeny --> A good #OSINT post and guide from @chihebchebbi201 https://t.co/KmqdsJNgOB Link with Tweet

----#THREATINTEL----

C2_finder --> RT @OnNetServices: 27th March 2020, Webinar PDF uploaded, topic: AFTs - ReGrouping.

https://t.co/EDIxsbisVh

#ThreatIntel #FukuzaMwizi ht… Link with Tweet

gdprAI --> RT @3XS0: Hackers targeting employees who are working from home due to coronavirus #CyberSec #Security #ThreatIntel #cybersecurity #datapro…

sectest9 --> RT @3XS0: Hackers targeting employees who are working from home due to coronavirus #CyberSec #Security #ThreatIntel #cybersecurity #datapro…

CyberSecurityN8 --> RT @3XS0: Hackers targeting employees who are working from home due to coronavirus #CyberSec #Security #ThreatIntel #cybersecurity #datapro…

BorskiKay --> RT @3XS0: Hackers targeting employees who are working from home due to coronavirus #CyberSec #Security #ThreatIntel #cybersecurity #datapro…

3XS0 --> Hackers targeting employees who are working from home due to coronavirus #CyberSec #Security #ThreatIntel… https://t.co/D1UulTtIsw Link with Tweet

asfakian --> RT @CYINT_dude: @sroberts Copy to New Graph > Transform(s) > Prune nodes > Merge new relevant nodes back to original graph > pick a new bra…

WebSecurityIT --> RT @RedPacketSec: Home Routers Hijacked to Deliver Info-Stealing Malware 'Oski' - https://t.co/sJhFZlVX2x

#OSINT #Security #Threatintel #cy… Link with Tweet

_twitwork --> RT @RedPacketSec: Home Routers Hijacked to Deliver Info-Stealing Malware 'Oski' - https://t.co/sJhFZlVX2x

#OSINT #Security #Threatintel #cy… Link with Tweet

RedPacketSec --> Home Routers Hijacked to Deliver Info-Stealing Malware 'Oski' - https://t.co/sJhFZlVX2x

#OSINT #Security #Threatintel #cybersecurity Link with Tweet

RedPacketSec --> Russian #Security Services Track Down Colossal Credit Card Fraud Ring - https://t.co/dcDkQqkd7D

#OSINT #Threatintel #cybersecurity Link with Tweet

cybersec_feeds --> RT @javier_carriazo: Dark web hosting firm quits after hackers delete its database #CyberSec #Security #ThreatIntel #cybersecurity #datapro…

cybersec_feeds --> RT @dancho_danchev: Missing Koobface? Check out my Keynote on Tracking down and Taking Down the Koobface botnet circa 2016 - https://t.co/q…

sushmitakumar7 --> RT @cyberreport_io: Why Closing Cybersecurity Skill Gap Topmost Priority For IT In 2020 - Inc42 Media https://t.co/cCqObp5RpP #cybersecurit… Link with Tweet

cyberreport_io --> Why Closing Cybersecurity Skill Gap Topmost Priority For IT In 2020 - Inc42 Media https://t.co/cCqObp5RpP… https://t.co/snlw9jo3Ku Link with Tweet Link with Tweet

----#RANSOMWARE----

neoslabDev --> Doppelpaymer Ransomware was not distributed via Bluekeep Exploit #Doppelpaymer #Cryptominer #Botnet #Network… https://t.co/OkBQloXxfk Link with Tweet

CyberSecCare --> RT @AuCyble: Indonesia-based, Strategic Intelligence Company, left their Kibana engine open on the internet exposing over 300 million recor…

cybersec_feeds --> RT @AuCyble: Indonesia-based, Strategic Intelligence Company, left their Kibana engine open on the internet exposing over 300 million recor…

MaltrakN --> RT @db_digest: FBI Takes Down Russian Hacker Platform https://t.co/xLbMjrpAx3

https://t.co/7QAOWrzLIp

#databreach #databreaches #databreach… Link with Tweet Link with Tweet

cybersec_feeds --> RT @Fisher85M: The Internet of #Ransomware Things {Infographic}

[@ipfconline1]

#CyberSecurity #IoT #IoTsecurity #CyberAttacks #CyberCrime…

SofiaSZM --> #Maze #Ransomware Map ⤵️ https://t.co/GzY9gurHQk Link with Tweet

CyberSecCare --> RT @db_digest: FBI Takes Down Russian Hacker Platform https://t.co/xLbMjrpAx3

https://t.co/7QAOWrzLIp

#databreach #databreaches #databreach… Link with Tweet Link with Tweet

janesherd --> RT @db_digest: FBI Takes Down Russian Hacker Platform https://t.co/xLbMjrpAx3

https://t.co/7QAOWrzLIp

#databreach #databreaches #databreach… Link with Tweet Link with Tweet

NCSbyHTCS --> #ransomware | #computerhacker | Oh-so-generous ransomware crooks vow to hold back from health organisations during… https://t.co/bru9wmt2NA Link with Tweet

cybersec_feeds --> RT @noikeanolife: 3 trends in #AI🧠#ML⚙️too important to miss @VentureBeat https://t.co/xASDtK2lNA #Cloud #OpenSource #CIO #GDPR #Algorithms… Link with Tweet

sectest9 --> RT @db_digest: FBI Takes Down Russian Hacker Platform https://t.co/xLbMjrpAx3

https://t.co/7QAOWrzLIp

#databreach #databreaches #databreach… Link with Tweet Link with Tweet

CyberSecurityN8 --> RT @db_digest: FBI Takes Down Russian Hacker Platform https://t.co/xLbMjrpAx3

https://t.co/7QAOWrzLIp

#databreach #databreaches #databreach… Link with Tweet Link with Tweet

WebSecurityIT --> RT @db_digest: FBI Takes Down Russian Hacker Platform https://t.co/xLbMjrpAx3

https://t.co/7QAOWrzLIp

#databreach #databreaches #databreach… Link with Tweet Link with Tweet

cybersec_feeds --> RT @db_digest: FBI Takes Down Russian Hacker Platform https://t.co/xLbMjrpAx3

https://t.co/7QAOWrzLIp

#databreach #databreaches #databreach… Link with Tweet Link with Tweet

TimesNiger --> RT @keepnetlabs: #Hackers often use shortened links to manipulate you. https://t.co/GqY0iDgZcs #infosec #ransomware #malware #RIPTwitter #… Link with Tweet

-----#OPENDIR----

CyberSecurityN8 --> RT @FewAtoms: #malware #cybersecurity #opendir #infosec #ThreatHunting

hxxp://45.88.110.171/download/ https://t.co/XvgvnE11ud

sectest9 --> RT @FewAtoms: #malware #cybersecurity #opendir #infosec #ThreatHunting

hxxp://45.88.110.171/download/ https://t.co/XvgvnE11ud

cybersec_feeds --> RT @FewAtoms: #malware #cybersecurity #opendir #infosec #ThreatHunting

hxxp://45.88.110.171/download/ https://t.co/XvgvnE11ud

adi_prosperita --> RT @jorgemieres: #opendir #malware-based 🔃

🔛 sampsonrobert[.]com

1⃣☣️aa2f099a4add180a942829b251cffee5 #macro

2⃣☣️dc79baa4e0aeb90d6be9c406eb…

sectest9 --> RT @jorgemieres: #opendir #malware-based 🔃

🔛 sampsonrobert[.]com

1⃣☣️aa2f099a4add180a942829b251cffee5 #macro

2⃣☣️dc79baa4e0aeb90d6be9c406eb…

CyberSecurityN8 --> RT @jorgemieres: #opendir #malware-based 🔃

🔛 sampsonrobert[.]com

1⃣☣️aa2f099a4add180a942829b251cffee5 #macro

2⃣☣️dc79baa4e0aeb90d6be9c406eb…

MalwareInt --> RT @jorgemieres: #opendir #malware-based 🔃

🔛 sampsonrobert[.]com

1⃣☣️aa2f099a4add180a942829b251cffee5 #macro

2⃣☣️dc79baa4e0aeb90d6be9c406eb…

ecarlesi --> #phishing #opendir @intesasanpaolo

hxxps://intesa-controllo-conti_com/ https://t.co/a4IUw7T1VR

ecarlesi --> #phishing #opendir @WellsFargo

hxxp://wellsfarsecure_online/ https://t.co/AGCiWxSVve

MaltrakN --> RT @jorgemieres: #opendir #malware-based 🔃

🔛 sampsonrobert[.]com

1⃣☣️aa2f099a4add180a942829b251cffee5 #macro

2⃣☣️dc79baa4e0aeb90d6be9c406eb…

jorgemieres --> #opendir #malware-based 🔃

🔛 sampsonrobert[.]com

1⃣☣️aa2f099a4add180a942829b251cffee5 #macro

2⃣☣️dc79baa4e0aeb90d6be… https://t.co/ANujVHlXT6 Link with Tweet

unnamedoutsider --> RT @olihough86: a Simple trick many seem to overlook is to setup tweetdeck and filter some columns on

- https://t.co/tJyD5iubcj

- https://… Link with Tweet

olihough86 --> a Simple trick many seem to overlook is to setup tweetdeck and filter some columns on

- https://t.co/tJyD5iubcj

-… https://t.co/2uO8DTIabo Link with Tweet Link with Tweet

mz_malhunt --> hxxp://masfip[.]fr/wp-content/uploads/2020/

Bunch of EXEs plus bunch of #Covid_19 files and PDFs

#opendir

petrovic082 --> #opendir

hxxp://www.kapersky.xyz/

😆

-----#MALSPAM----

sectest9 --> RT @bsmuir: With no end in sight, #covidー19 is the golden key to #cybercrime, posits @360TotalSec. #infosec #Cybersecurity #DFIR #CISO #mal…

CyberSecurityN8 --> RT @bsmuir: With no end in sight, #covidー19 is the golden key to #cybercrime, posits @360TotalSec. #infosec #Cybersecurity #DFIR #CISO #mal…

CSOCIntel --> RT @bsmuir: With no end in sight, #covidー19 is the golden key to #cybercrime, posits @360TotalSec. #infosec #Cybersecurity #DFIR #CISO #mal…

bsmuir --> Ever wonder how people who fall victim to #cybercrime (#phishing, #spam, #malspam) react? This researcher received… https://t.co/UI9XmlUdtS Link with Tweet

bsmuir --> With no end in sight, #covidー19 is the golden key to #cybercrime, posits @360TotalSec. #infosec #Cybersecurity… https://t.co/k3iMlsBY8a Link with Tweet

3XS0 --> 2020-03-23

#Malspam(#Cutwail) -> Attaced Excel File -> #Ursnif

Target:Italy

Example

https://t.co/Pzwq304HWy https://t.co/YqG7zuIu7g Link with Tweet

PiratePartyINT --> RT @malware_traffic: 2020-03-26 - information_03_26.doc from German #malspam using password-protected zip attachments (password: 111) pushe…

IpNigh --> In the last 24hrs IPNigh Bot has:

Scanned 263 #Phishing URLs

Found 19 #OpenDirs

Downloaded 6 #PhishingKits

For info… https://t.co/v0GtXdIBPa Link with Tweet

ActorExpose --> RT @bit_dam: #phishing #malspam

lol! looks legit right?

The certificate was issued yesterday

url: hxxps://billgateshelp.com/ https://t.co/…

bit_dam --> #phishing #malspam

lol! looks legit right?

The certificate was issued yesterday

url: hxxps://billgateshelp.com/ https://t.co/OogGb93soP

ActorExpose --> RT @wavellan: Credentials stealing via URL shortener #malware #SPAM #malspam 200.29.152.150 @Telmex #phishing 31.220.110.20 @HostingerCOM…

marwan2elsayyad --> RT @3XS0: 2020-03-23

#Malspam(#Cutwail) -> Attaced Excel File -> #Ursnif

Target:Italy

Example

https://t.co/Pzwq304HWy https://t.co/p9gbpB8… Link with Tweet

Slvlombardo --> #SicurezzaInformatica: come evitare attacchi di #phishing e #malspam https://t.co/bUdaZgVqiC Link with Tweet

MatteoMenicacc1 --> RT @Slvlombardo: Aumentano campagne #phishing, #malspam e attacchi cyber che, sfruttando paura di massa #coronavirus, diffondono pericolosi…

domenicoraguseo --> RT @Slvlombardo: Aumentano campagne #phishing, #malspam e attacchi cyber che, sfruttando paura di massa #coronavirus, diffondono pericolosi…

----#EMOTET----

cbbyd1949 --> RT @them67: そんなうまい話ないからね。気を付けて!

#EMOTET #フィッシング #詐欺 #クズ

新型コロナウイルスに便乗した攻撃メールに注意 「マスク無料送付」「保健所の通知」をかたるワナhttps://t.co/6fEiUXfeck Link with Tweet

kenchan_happy8 --> RT @them67: そんなうまい話ないからね。気を付けて!

#EMOTET #フィッシング #詐欺 #クズ

新型コロナウイルスに便乗した攻撃メールに注意 「マスク無料送付」「保健所の通知」をかたるワナhttps://t.co/6fEiUXfeck Link with Tweet

them67 --> RT @them67: そんなうまい話ないからね。気を付けて!

#EMOTET #フィッシング #詐欺 #クズ

新型コロナウイルスに便乗した攻撃メールに注意 「マスク無料送付」「保健所の通知」をかたるワナhttps://t.co/6fEiUXfeck Link with Tweet

mosaique_inc --> Bromiumは、Emotet対策にも有効!

検出を回避し増殖を続けるEmotetには、従来の検知型マルウェア対策製品では対処できません。

#マルウェア #Emotet #サイバーセキュリティ

https://t.co/TBTzYTXo9R Link with Tweet

MatteoMenicacc1 --> RT @Slvlombardo: Aumentano campagne #phishing, #malspam e attacchi cyber che, sfruttando paura di massa #coronavirus, diffondono pericolosi…

domenicoraguseo --> RT @Slvlombardo: Aumentano campagne #phishing, #malspam e attacchi cyber che, sfruttando paura di massa #coronavirus, diffondono pericolosi…

NewsOnCyberSec --> RT @Slvlombardo: Aumentano campagne #phishing, #malspam e attacchi cyber che, sfruttando paura di massa #coronavirus, diffondono pericolosi…

CyberSecHub0 --> RT @Slvlombardo: Aumentano campagne #phishing, #malspam e attacchi cyber che, sfruttando paura di massa #coronavirus, diffondono pericolosi…

Slvlombardo --> Aumentano campagne #phishing, #malspam e attacchi cyber che, sfruttando paura di massa #coronavirus, diffondono per… https://t.co/GXugtXnVCz Link with Tweet

KanbeWorks --> RT @Cryptolaemus1: #emotet C2 update - binaries released ~16:20 UTC 20200327

small decrease in E1/E3 C2 count

no spamming or other activit…

QvXI8UNEqTS6f49 --> RT @them67: そんなうまい話ないからね。気を付けて!

#EMOTET #フィッシング #詐欺 #クズ

新型コロナウイルスに便乗した攻撃メールに注意 「マスク無料送付」「保健所の通知」をかたるワナhttps://t.co/6fEiUXfeck Link with Tweet

itsme_alica --> #Emotet kennen einige von euch. Aber auch #TA505? Unser Sicherheitschef @Ttschersich warnt im Video davor, dass Kri… https://t.co/wCL0Fyl2dz Link with Tweet

mosaique_inc --> Bromiumは、Emotet対策にも有効!

検出を回避し増殖を続けるEmotetには、従来の検知型マルウェア対策製品では対処できません。

#マルウェア #Emotet #サイバーセキュリティ

https://t.co/TBTzYTXo9R Link with Tweet

siroutakeru --> RT @them67: そんなうまい話ないからね。気を付けて!

#EMOTET #フィッシング #詐欺 #クズ

新型コロナウイルスに便乗した攻撃メールに注意 「マスク無料送付」「保健所の通知」をかたるワナhttps://t.co/6fEiUXfeck Link with Tweet

AndreGironda --> RT @Cryptolaemus1: #emotet C2 update - binaries released ~16:20 UTC 20200327

small decrease in E1/E3 C2 count

no spamming or other activit…

-----#BUGBOUNTY----

acidphantomFTP --> RT @caseyjohnellis: REMINDER: this is NOT THE TIME to be doing unsanctioned, active testing security against healthcare organizations. if y…

SoumyadeepBas12 --> RT @YourNextBugTip: Self XSS to Account Takeover

- Logout Victim (CSRF)

- Login Attacker (CSRF)

- Stored Self XSS

- Logout Attacker (CSR…

THB_STX --> RT @YourNextBugTip: Self XSS to Account Takeover

- Logout Victim (CSRF)

- Login Attacker (CSRF)

- Stored Self XSS

- Logout Attacker (CSR…

loujennae --> RT @caseyjohnellis: REMINDER: this is NOT THE TIME to be doing unsanctioned, active testing security against healthcare organizations. if y…

CyberSecCare --> RT @tekkie: Fellow colleagues in #InfoSec. Please do not engage in Pen Tests or offer your #bugbounty services free of charge without sign-…

tekkie --> Fellow colleagues in #InfoSec. Please do not engage in Pen Tests or offer your #bugbounty services free of charge w… https://t.co/3cuNV9UJtf Link with Tweet

dhakal_ananda --> Saw this in a @Hacker0x01 private program.

Looking at how programs are becoming professional is really awesome an… https://t.co/FUxPDJvqbq Link with Tweet

sectest9 --> RT @YourNextBugTip: Self XSS to Account Takeover

- Logout Victim (CSRF)

- Login Attacker (CSRF)

- Stored Self XSS

- Logout Attacker (CSR…

CyberSecurityN8 --> RT @YourNextBugTip: Self XSS to Account Takeover

- Logout Victim (CSRF)

- Login Attacker (CSRF)

- Stored Self XSS

- Logout Attacker (CSR…

legend1337 --> RT @YourNextBugTip: Self XSS to Account Takeover

- Logout Victim (CSRF)

- Login Attacker (CSRF)

- Stored Self XSS

- Logout Attacker (CSR…

CyberSecCare --> RT @hacback17: My today's agenda - Learning about Amass, a #SwissArmyKnife for #pentesters and #bughunters. #bugbounty #hacking

If you've…

reedontech --> RT @hacback17: My today's agenda - Learning about Amass, a #SwissArmyKnife for #pentesters and #bughunters. #bugbounty #hacking

If you've…

RusticWind --> RT @mhamed_kchikech: I wrote this blog to answer some of your questions. Hope you'll enjoy it.

#Hacking #BugBounty #Bug #Bounty

https://t.c…

xtblg --> RT @caseyjohnellis: REMINDER: this is NOT THE TIME to be doing unsanctioned, active testing security against healthcare organizations. if y…

YourNextBugTip --> RT @Unknownuser1806: Find #CVEs

https://t.co/wOOxzbydBN

https://t.co/lKvQHEpTHl

https://t.co/n1teetr8Fm

https://t.co/1VBangzPPl

https://t… Link with Tweet Link with Tweet Link with Tweet Link with Tweet

----#CYBERCRIME----

sectest9 --> RT @lgomezperu: Despite increasing #cybercrime and dependency on digital revenues, many CEOs operate in the dark. A stunning 63% of CISOs d…

CyberSecurityN8 --> RT @lgomezperu: Despite increasing #cybercrime and dependency on digital revenues, many CEOs operate in the dark. A stunning 63% of CISOs d…

CyberSecCare --> RT @AuCyble: Indonesia-based, Strategic Intelligence Company, left their Kibana engine open on the internet exposing over 300 million recor…

cybersec_feeds --> RT @AuCyble: Indonesia-based, Strategic Intelligence Company, left their Kibana engine open on the internet exposing over 300 million recor…

Secnewsbytes --> RT @PoliceDSC: Our cyber theme this month is ‘Managing a breach’. Have a look at our latest video explaining what actions to take if a data…

CyberSecCare --> RT @lgomezperu: Despite increasing #cybercrime and dependency on digital revenues, many CEOs operate in the dark. A stunning 63% of CISOs d…

cybersec_feeds --> RT @lgomezperu: Despite increasing #cybercrime and dependency on digital revenues, many CEOs operate in the dark. A stunning 63% of CISOs d…

cybersec_feeds --> RT @Fisher85M: The Internet of #Ransomware Things {Infographic}

[@ipfconline1]

#CyberSecurity #IoT #IoTsecurity #CyberAttacks #CyberCrime…

cantfoolall --> RT @SteveAmps: Six of the biggest security threats facing the remote workforce

 #DataBreach #CyberSecurity #data #privacy #cybercrime #Dat…

Christianmockin --> Zal ‘internetseks’ toenemen, en daarmee mede het afpersen? #sextortion #corona #cybercrime https://t.co/dZOyl89sHb Link with Tweet

wlvunichaplains --> RT @wlv_uni: STUDENTS: While you're studying at home, be aware of online scams & fraud. Our Digital Services team have some tips for you to…

icyriljames --> Seen “Don't F**k with Cats: Hunting an Internet Killer” on Netflix yet? Amazing documentary. Great display of recon… https://t.co/HlwOCRIUSX Link with Tweet

TimesNiger --> RT @keepnetlabs: #Hackers often use shortened links to manipulate you. https://t.co/GqY0iDgZcs #infosec #ransomware #malware #RIPTwitter #… Link with Tweet

OttLegalRebels --> RT @SteveAmps: Six of the biggest security threats facing the remote workforce

 #DataBreach #CyberSecurity #data #privacy #cybercrime #Dat…

sectest9 --> RT @SteveAmps: Six of the biggest security threats facing the remote workforce

 #DataBreach #CyberSecurity #data #privacy #cybercrime #Dat…

cyb3rops: PentesterAcademy has reduced its prices 70% because of COVID-19 @SecurityTube

https://t.co/3fYbgzrgAn https://t.co/TYqdkpTKfL Link to Tweet

cyb3rops: Policy Analyzer

https://t.co/KNGk5c8rXK https://t.co/VJvPNVDtp4 Link to Tweet

RedDrip7: Our tool is different from @ollypwn (https://t.co/RqcvTgsc8R) which just checks protocol version to identify the vulnerability and hence becomes inaccurate after the patch. Our approach is different and is able to detect vulnerable systems accurately. https://t.co/mfkvBXSi4M Link to Tweet

inj3ct0r: #0daytoday #Centreo 19.10.8 - (DisplayServiceStatus) Remote Code Execution #Exploit #RCE

https://t.co/sneGErRmuU Link to Tweet

inj3ct0r: #0daytoday #SharePoint Workflows XOML Injection #Exploit https://t.co/XPnwqbeuQa Link to Tweet

inj3ct0r: #0daytoday #Linux PTRACE_TRACEME Local Root #Exploit https://t.co/894Gz3y05y Link to Tweet

inj3ct0r: #0daytoday #Android Bluetooth Remote Denial Of Service #Exploit https://t.co/Zu6kiEwaIv Link to Tweet

inj3ct0r: #0daytoday #TPLink Archer C50 3 - Denial of Service #Exploit https://t.co/cOmagWZsbc Link to Tweet

malwrhunterteam: @virqdroid @CCNCERT The xn--covid19-gncelsalgnvakalar-nwc35l[.]com is covid19-güncelsalgınvakalar[.]com, that is the quoted tweet. Link to Tweet

malwrhunterteam: There were campaign like this before, with other languages. For example: https://t.co/6017t7Kxpg

cc @CCNCERT Link to Tweet

malwrhunterteam: "covid19_mapa_v1.0.3.apk": 98338c83e7e89c0f913de151ffa6219504116561328a1bbede46f78d910137b4

cc @LukasStefanko @virqdroid https://t.co/cNR92NItl9 Link to Tweet

malwrhunterteam: "Ac19-V1.2.0.apk": 0ac6c6709bcfb13cb7a5aa92b6389bd39808afdea745371178b9cacd2e64f5a7

cc @LukasStefanko @virqdroid https://t.co/fHoSSPh94U Link to Tweet

malwrhunterteam: @virqdroid Are these real "customers" or can be random people or researchers who registered to check it out after the tweets? Link to Tweet

blackorbird: Github problems,fake certificate.

https://t.co/yNjxLgDYgP https://t.co/7ze6ea6r6V Link to Tweet

blackorbird: Two report about

https://t.co/RLV4jrXlcW https://t.co/whY3noG0qC Link to Tweet

blackorbird: Exploit in wild? #0day

https://t.co/WkLfhP3Y9A https://t.co/RDiLTXcixn Link to Tweet

wugeej: [PoC] Liferay Portal JSON Web Service RCE Vulnerabilities CVE-2020-7961

https://t.co/WX6foF0EMI https://t.co/Ebe57Y7Cjf Link to Tweet

wugeej: Joomla! com_hdwplayer 4.2 search.php SQL Injection

https://t.co/DiQnlRqH3e https://t.co/kRM6jzNQbN Link to Tweet

wugeej: Google Chrome 80.0.3987.87 - Heap-Corruption Remote Denial of Service (PoC)

https://t.co/Tl6yUBsUri https://t.co/x6iD8Fs702 Link to Tweet

malware_traffic: @notwhickey Appreciate the assistance! Checking the reference, it's interesting that /60 has been around for a few years, since the beginning, really. I don't recall noticing it until now. I always see /81, /83, and /90 on the ones I routinely generate. Ah, well. Link to Tweet

malware_traffic: 2020-03-27 - I'm not familiar with the #Trickbot module that generates HTTP traffic over TCP port 8082 with a URL that ends in "/60/" - It's on a Win10 host, so I don't have any module names. Anyone know about this one? Infection generated with EXE from doha-media[.]com/QW5.exe https://t.co/yh71LHRgpo Link to Tweet

malware_traffic: 2020-03-27 - price_request_9830.doc pushes #IcedID (#Bokbot) - A very VM-aware infection chain - #pcap of the traffic, malware/artifacts, and the associated IOCs available at: https://t.co/VnzkGiIJjP https://t.co/cgGuFomjUD Link to Tweet

malware_traffic: @DynamicAnalysis I saw something similar as well--the #Valak, not the email - https://t.co/68BpLe3Mm1 Link to Tweet

malware_traffic: 2020-03-26 - information_03_26.doc from German #malspam using password-protected zip attachments (password: 111) pushes #ZLoader - #pcap of the infection traffic, email example, malware/artifacts, and IOCs at: https://t.co/UhU6RhhfrF https://t.co/8zJ8ZrmrDC Link to Tweet

James_inthe_box: If you're biggest concern about #COVID19 #CoronaVirus is how your country looks to the rest of the world (over your people), then maybe you shouldn't be in office...

https://t.co/gXxPHNkypz Link to Tweet

James_inthe_box: @pmelson @pastebin Pimpy thanks Paul! Link to Tweet

James_inthe_box: @hopper_live @albertzsigovits @demonslay335 @VK_Intel @f0wlsec @Amigo_A_ @BleepinComputer @malwrhunterteam @siri_urz Oh dear :( Link to Tweet

James_inthe_box: @GossiTheDog If it doesn't come from @WHO or @CDCgov I've been viciously ignoring it. Link to Tweet

James_inthe_box: @jorgemieres #guloader dropping #netwire (cars_encrypted_369CE40.bin), c2:

77.245.76.115 Link to Tweet