security
Bypassing airport security via SQL injection
https://ian.sh/tsa
We discovered a serious vulnerability in the Known Crewmember (KCM) and Cockpit Access Security System (CASS) programs used by the Transportation Security Administration.
Added 1 month ago
Nuclei: Open-source vulnerability scanner - Help Net Security
https://www.helpnetsecurity.com/2024/08/26/nuclei-open-source-vulnerability-scanner/
Nuclei is a fast and customizable open-source vulnerability scanner powered by YAML-based templates. With its flexible templating system, Nuclei can be
Added 1 month ago
Local Networks Go Global When Domain Names Collide – Krebs on Security
https://krebsonsecurity.com/2024/08/local-networks-go-global-when-domain-names-collide/
The proliferation of new top-level domains (TLDs) has exacerbated a well-known security weakness: Many organizations set up their internal Microsoft authentication systems years ago using domain names in TLDs that didn't exist at the time. Meaning, they are continuously sending…
Added 1 month ago
OpenCTI: Open-source cyber threat intelligence platform - Help Net Security
https://www.helpnetsecurity.com/2024/08/21/opencti-open-source-cyber-threat-intelligence-platform/
OpenCTI is an open-source platform designed to help organizations manage their cyber threat intelligence (CTI) data and observables.
Added 1 month ago
https://auscert.org.au/resources/events/?s=09
https://auscert.org.au/resources/events/?s=09
Added 1 month ago
Open Source Firewall pfsense Vulnerable to Remote Code Execution Attacks
https://cybersecuritynews.com/open-source-firewall-pfsense-vulnerable/
A vulnerability in the popular open-source firewall software pfSense has been identified, allowing for remote code execution (RCE) attacks.
Added 1 month ago
New Flaws in Sonos Smart Speakers Allow Hackers to Eavesdrop on Users
https://thehackernews.com/2024/08/new-flaws-in-sonos-smart-speakers-allow.html?m=1
Added 1 month ago
How a cybersecurity researcher befriended then doxed the leader of LockBit
https://techcrunch.com/2024/08/09/how-a-cybersecurity-researcher-befriended-then-doxed-the-leader-of-lockbit-ransomware-gang/
Jon DiMaggio used sockpuppet accounts, then his own identity, to infiltrate LockBit and gain the trust of its alleged admin, Dmitry Khoroshev.
Added 1 month ago
Critical AWS Vulnerabilities Allow S3 Attack Bonanza
https://www.darkreading.com/remote-workforce/critical-aws-vulnerabilities-allow-s3-attack-bonanza
Added 1 month ago
https://www.scmagazine.com/news/critical-vulnerabilities-in-6-aws-services-disclosed-at-black-hat-usa
https://www.scmagazine.com/news/critical-vulnerabilities-in-6-aws-services-disclosed-at-black-hat-usa
Added 1 month ago
https://www.helpnetsecurity.com/2024/08/08/sshamble-test-ssh-services/
https://www.helpnetsecurity.com/2024/08/08/sshamble-test-ssh-services/
SSHamble helps security teams validate SSH implementations and test for uncommon but dangerous misconfigurations and software bugs.
Added 1 month ago
Traceeshark: Open-source plugin for Wireshark - Help Net Security
https://www.helpnetsecurity.com/2024/08/08/traceeshark-open-source-plugin-wireshark/
Traceeshark is a plugin for Wireshark that enables security practitioners to quickly investigate security incidents.
Added 1 month ago
https://www.crowdstrike.com/wp-content/uploads/2024/08/Channel-File-291-Incident-Root-Cause-Analysis-08.06.2024.pdf
https://www.crowdstrike.com/wp-content/uploads/2024/08/Channel-File-291-Incident-Root-Cause-Analysis-08.06.2024.pdf
Added 1 month ago
https://www.darkreading.com/cybersecurity-operations/implementing-identity-continuity-with-nist-cybersecurity-framework
https://www.darkreading.com/cybersecurity-operations/implementing-identity-continuity-with-nist-cybersecurity-framework
Added 1 month ago
Free Shadow IT Scanner
https://www.accessowl.io/scan
Discover all apps and their users using our free Shadow IT Scanner for Google Workspace and Microsoft 365.
Added 1 month ago
Introducing Artifact Attestations–now in public beta - The GitHub Blog
https://github.blog/news-insights/product-news/introducing-artifact-attestations-now-in-public-beta/
Generate and verify signed attestations for anything you make with GitHub Actions.
Added 1 month ago
Our audit of Homebrew | Trail of Bits Blog
https://blog.trailofbits.com/2024/07/30/our-audit-of-homebrew/
This is a joint post with the Homebrew maintainers; read their announcement here! Last summer, we performed an audit of Homebrew. Our audit’s scope included Homebrew/brew itself (home of the brew CLI), and three adjacent repositories responsible for various security-relevant aspects of Homebrew’s operation: Homebrew/actions: a repository of custom GitHub Actions used […]
Added 1 month ago
NIST releases open-source platform for AI safety testing | SC Media
https://www.scmagazine.com/news/nist-releases-open-source-platform-for-ai-safety-testing
Added 1 month ago
Cyber ransom payments will need to be disclosed by businesses under new law
https://www.abc.net.au/news/2024-07-30/cyber-ransom-payments-new-laws-before-parliament/104113038
Australian businesses are paying untold amounts in ransom to hackers but the government hopes to regain some control with a landmark cybersecurity law.
Added 1 month ago
All I Know About Certificates -- Certificate Authority | PixelsTech
https://www.pixelstech.net/article/1722045726-All-I-Know-About-Certificates----Certificate-Authority
CLIENTS,WEBSITE,CERTIFICATE,SSL CERTIFICATE.One of the crucial steps in the TLS handshake is for the server to prove its identity to the client. While there is plenty of content explaining the principles of the handshake, there's less informati
Added 1 month ago
Security overview dashboards secret scanning metrics and enablement trends
https://github.blog/changelog/2024-07-19-security-overview-dashboards-secret-scanning-metrics-and-enablement-trends-reports-are-now-generally-available/
Today, we’re excited to announce the general availability of our new organization and enterprise-level security overview dashboards, alongside enhanced secret scanning metrics and the enablement trends reports. These features are…
Added 1 month ago
Artifact Attestations is generally available
https://github.blog/changelog/2024-06-25-artifact-attestations-is-generally-available/
GitHub Artifact Attestations is generally available We’re thrilled to announce the general availability of GitHub Artifact Attestations! Artifact Attestations allow you to guarantee the integrity of artifacts built inside GitHub…
Added 1 month ago
https://github.com/nicanorflavier/spf-dkim-dmarc-simplified
https://github.com/nicanorflavier/spf-dkim-dmarc-simplified
Email security is a key part of internet communication. But what are SPF, DKIM, and DMARC, and how do they work? This guide will explain it all in simple terms to make these concepts clearer. - nicanorflavier/spf-dkim-dmarc-simplified
Added 1 month ago
https://training.opensecurity.com/landing?s=09
https://training.opensecurity.com/landing?s=09
Enhance your cybersecurity skills
Added 1 month ago