Port 22

~ 22 Feb 2019 ~

Drupalgeddon 2019: Code Injection, Langsec

Exploiting Drupal8's REST RCE (SA-CORE-2019-003, CVE-2019-6340)

Linux Kernel Through 4.20.10 Found Vulnerable to Arbitrary Code Execution

Lessons From the War on Malicious Mobile Apps

New Malware Campaign Targets Job Seekers

Cyber-extortionists take aim at lucrative targets

Vulnerabilities in Swiss E-Voting Code (Public Intrusion Test)

Week in security with Tony Anscombe

Gen. Nakasone on US CyberCommand

New Legislation Builds on California Data Breach Law

To Mitigate Advanced Threats, Put People Ahead of Tech

ML-era in cybersecurity: A step toward a safer world or the brink of chaos?

How to Stop Facebook App From Tracking Your Location In the Background

Hacking Virtual Reality Researchers Exploit Popular Bigscreen VR App

Drupal core - Highly critical - Remote Code Execution - CVE-2019-6340

~ 21 Feb 2019 ~

Sensitive Information Disclosure in Android Banking App

144 Million MyFitnessPal accounts now out there from the breach one year ago

Attack Campaign Experiments with Rapid Changes in Email Lure Content

Human Negligence to Blame for the Majority of Insider Threats

Cloud Based fully Automated Reconnaissance Tool

Breaking out of Docker via runC - Explaining CVE-2019-5736

Why Cybersecurity Burnout Is Real (and What to Do About It)

Hacking Jenkins Part 2 - Abusing Meta Programming for Unauthenticated RCE!(EN) | DEVCORE

Hacking Jenkins Part 1 - Play with Dynamic Routing (EN) | DEVCORE

MikroTik Firewall & NAT Bypass

Venom - A Multi-hop Proxy for Penetration Testers Written in Go

New Free Tool Scans for Chrome Extension Safety

New Breed of Fuel Pump Skimmer Uses SMS and Bluetooth

IDS/IPS malware download evasion | GitHub

Why Social Network Analysis Is Important

Cyber Extortionists Can Earn $360,000 a Year

Abusing autoresponders and email bounces

How costly are sweetheart swindles?

Reverse Location Search Warrants

Security Analysts Are Only Human

VPN for marketing

Threats to users of adult websites in 2018

Paperclip to a House: Turning Useless Data into an Authenticated User

Drupal core - Highly critical - Remote Code Execution - SA-CORE-2019-003

Almost Half A Million Delhi Citizens' Personal Data Exposed Online

Analyzing HijaIyh (APPLE SCAMPAGE V2) phishing kit

Drupal core - Highly critical - Remote Code Execution - SA-CORE-2019-003

Another Critical Flaw in Drupal Discovered Update Your Site ASAP!

~ 20 Feb 2019 ~

Pown Recon - target reconnaissance framework powered by graph theory

Warning: Critical WinRAR Flaw Affects All Versions Released In Last 19 Years

WordPress 5.0.0 Remote Code Execution can lead to a full remote takeover

Never-ending WordPress vulnerabilities

Chomp Scan - A tool for bug bounty/penetration test domain reconnaissance.

As Businesses Move Critical Data to Cloud, Security Risks Abound

Detecting Web Attacks with a Seq2Seq Autoencoder

Mastercard, GCA Create Small Business Cybersecurity Toolkit

Extracting a 19 Year Old Code Execution from WinRAR - Check Point Research

9 Years After: From Operation Aurora to Zero Trust

Combine a subtle bug in shrinkwrap software with unsafe ADI DNS defaults and you get more NTLM hashes than you can wish for. Even in a hardened environment.

Details on Recent DNS Hijacking

Microsoft Expands AccountGuard to Help Europe Prep for Cyberattacks

Monero Miner-Malware Uses RADMIN, MIMIKATZ to Infect, Propagate via Vulnerability

Detecting Web Attacks with a Seq2Seq Autoencoder

Siegeware: When criminals take over your smart building

[Bug Bounty] UBER REWARDS INDIAN HACKER FOR FINDING A BUG IN UBER DEVELOPER PORTAL

Once hailed as unhackable, blockchains are now getting hacked

Bug Writeup: FBCTF IDOR

'Formjacking' Compromises 4,800 Sites Per Month. Could Yours Be One?

~ 19 Feb 2019 ~

Amtrak Mobile APIs - Multiple Vulnerabilities

Password Managers: Under the Hood of Secrets Management. Popular password managers expose master password and secrets in memory even after locking.