Port 22

~ 19 Apr 2019 ~

A public database exposed medical records of 150k rehab patients

Protected tweets leakage through URL detection #XSSearch #BugBounty

Zero-day XML External Entity (XXE) Injection Vulnerability in Internet Explorer Can Let Attackers Steal Files, System Info

Researchers Find Clues for Dramatically Reducing IDS Traffic Volume

Iranian Cyber-Espionage Tools Leaked Online

APT34 Toolset, Victim Data Leaked via Telegram

Free Princeton Application Provides IoT Traffic Insight

Why We Need a 'Cleaner Internet'

Third-Party Cyber-Risk by the Numbers

Hacker Breaks Into French Government's New Secure Messaging App

Unmasked: An Analysis of 10 Million Passwords

How the Boeing 737 Max Disaster Looks to a Software Developer

BlueCommand: Dashboarding and Tooling front-end for PowerShell Empire using PowerShell Universal Dashboard

~ 18 Apr 2019 ~

Simple Tool for Testing CVE Mitigation in Web Apps

Using Slack as a C2 Channel (Download Code)

Wipro Intruders Targeted Other Major IT Firms

Creator of Hub for Stolen Credit Cards Sentenced to 90 Months

Must watch (IMHO) Securing Vendor Webapps - A Vulnerability Assessment on HELK

The Cybersecurity Automation Paradox

User privileges in Docker containers

Facebook Stored Millions of Instagram Users' Passwords in Plaintext

Embracing creativity to improve cyber-readiness

RCE in EA's Origin Desktop Client

APT34 Hacking Tools Leak

Drop-by-Drop: Bleeding through libvips (CVE-2019-6976)

pipetap.sh: Remote wireshark. Invoke tcpdump over ssh piping to STDOUT, for importation to a local Wireshark via STDIN.

New DNS Hijacking Attacks

The Complete CompTIA Certification Training Bundle: Lifetime Access | StackSocial

Facebook Collected Contacts from 1.5 Million Email Accounts Without Users' Permission

~ 17 Apr 2019 ~

Reverse-engineering Broadcom wireless chipsets

PolyLogyx osquery Extension for Windows Extension to osquery that enhances it with real-time telemetry, log monitoring and other endpoint data collection

How Not to Acknowledge a Data Breach

Tips for the Aftermath of a Cyberattack

Bug in EAs Origin client left gamers open to attacks

How NOT to use the PAM trust - Leveraging Shadow Principals for Cross Forest Attacks

Drupal Releases Core CMS Updates to Patch Several Vulnerabilities

CERT Notice of VPN Vulns

Ever-Sophisticated Bad Bots Target Healthcare, Ticketing

Inside the Dark Web's How-To Guides for Teaching Fraud

Jailbreaking Subaru StarLink

Researcher Hijacks a Microsoft Service Using Loophole in Azure Cloud Platform

Potential Targeted Attack Uses AutoHotkey and Malicious Script Embedded in Excel File to Avoid Detection

Password Spraying- Common mistakes and how to avoid them

Microsoft Edge Uses a Secret Trick And Breaks Internet Explorer's Security

Arjun : API Testing Tool (Finds HTTP Parameters)

7 Tips for an Effective Employee Security Awareness Program

Subdomain Takeover: Microsoft loses control over Windows Tiles - Golem.de

Over 100 Million JustDial Users' Personal Data Found Exposed On the Internet

DHCP security in Windows 10: critical vulnerability CVE-2019-0726

~ 16 Apr 2019 ~

Decoding a 'New' Elite Cyber Espionage Team

GitHub - MITRE ATT&CK TTP Automation for Metasploit Framework

My Personal OSINT Techniques, Part 1 of 2: Key & Layer, Contingency Seeding

Your Android phone can now double as a security key

Meet Scranos: New Rootkit-Based Malware Gains Confidence

How Domain Fronting helped the most at-risk users on Tor, Telegram and Signal and Why It's Dying

Massive eGobbler Malvertising Campaign Leverages Chrome Vulnerability To Target iOS Users [r/adops x-post]

IT Outsourcing Firm Wipro Investigates Data Breach

More on the Triton Malware

GitHub - HA71/pywhatcms: Unofficial WhatCMS API package

Delta Industrial Automation CNCSoft

WAGO Series 750-88x and 750-87x

PLC Cycle Time Influences

Malware creators convicted of hijacking 400,000 computers

Privilege Escalation in ManageEngine ADManager Plus 6.6

CVE-2019-0841: Windows Local Privilege Escalation through Windows Apps