Peneter =>
https://blog.peneter.com
@learnpentest
@Peneter_News
@Peneter_Media
@Peneter_Tools
@peneter_com Q&A
https://discord.gg/h7VqYzfuje Q&A | present
https://bit.ly/3xLwfaT کلاب هاوس شنبه ها به وقت ایران 19:30 تا 20:30
https://www.instagram.com/peneter_admin/
Youtube video : https://www.youtube.com/channel/UCewDE8winhc8DSPFnpSksTA/featured

Iran’s railroad system was hit by a cyberattack, hackers posted fake messages about delays or cancellations of the trains on display boards at stations across the country.
#raja
https://securityaffairs.co/wordpress/119942/hacking/irans-railroad-system-cyberattack.html?utm_source=feedly&utm_medium=rss&utm_campaign=irans-railroad-system-cyberattack

Report: Unskilled hackers can breach about 3 out of 4 companies
Positive Technologies found in a recent study that criminals with few skills can hack a company in less than 30 minutes.
https://www.techrepublic.com/article/report-unskilled-hackers-can-breach-3-out-of-4-of-companies/

How to enable Controlled folder access to protect data from ransomware on Windows 10
Windows 10 can protect your files from ransomware and other malicious programs, and this guide outlines the different ways to enable the security feature.
https://www.windowscentral.com/how-enable-controlled-folder-access-windows-10-fall-creators-update?amp&__twitter_impression=true
#ransomware #mitigation

Restricting SMB-based lateral movement in a Windows environment
Lateral movement via Windows Server Message Block (SMB) is consistently one of the most effective techniques used by adversaries. In our engagements with the SpecterOps team, this mechanism is consistently targeted for abuse.
https://blog.palantir.com/restricting-smb-based-lateral-movement-in-a-windows-environment-ed033b888721
#SMB #Leteralmovement


Fault Injection :
#hardware #FI #Glitching
https://research.nccgroup.com/2021/07/07/an-introduction-to-fault-injection-part-1-3/
https://research.nccgroup.com/2021/07/08/software-based-fault-injection-countermeasures-part-2-3/
https://research.nccgroup.com/2021/07/09/alternative-approaches-for-fault-injection-countermeasures-part-3-3/


FUD concept :
Exploiting (Almost) Every Antivirus Software
https://www.rack911labs.com/research/exploiting-almost-every-antivirus-software/
#FUD
Top 16 Active Directory Vulnerabilities
https://www.infosecmatter.com/top-16-active-directory-vulnerabilities/
#activedirectoy #AD
Analysing an O.MG cable
Setting up an O.MG cable for keystroke injection attacks, and then forensically dumping the firmware for analysis.
https://www.techanarchy.net/analysing-an-o-mg-cable/
#firmware #analysis
AWS Incident Response Playbooks
https://github.com/aws-samples/aws-incident-response-playbooks/releases/tag/v1.1
#AWS #IR

Splunk and using to set up a detection lab
https://krishnasaimarella9.medium.com/splunk-and-using-to-set-up-a-detection-lab-d483636d08d8
#splunk #SOC

DELL EMC vulnerability privilege Escalation CVE-2021-21589
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21589
#DELL #EMC
Dell EMC plain-text password storage vulnerability CVE-2021-21590
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21590
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21591

Apache Tomcat
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33037
#DOS
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30639
#RCE #tomcat
tomcat 7, 8, 9 and 10 released before April 2020. This most certainly means you have to update your instance of tomcat in order not to be vulnerable
https://www.redtimmy.com/apache-tomcat-rce-by-deserialization-cve-2020-9484-write-up-and-exploit/

#sharepoint #rce
خیلی جاها شیرپوینت دارند فاکتور از دیگر اسیب پذیری ها RCE خیلی خطرناکه
https://t.iss.one/learnpentest/312

#openvpn #MITM
OpenVPN 3 Core Library version 3.6 and 3.6.1 allows a man-in-the-middle attacker to bypass the certificate authentication by issuing an unrelated server certificate using the same hostname found in the verify-x509-name option in a client configuration.
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3547


SolarWinds patches critical Serv-U vulnerability exploited in the wild
https://www.bleepingcomputer.com/news/security/solarwinds-patches-critical-serv-u-vulnerability-exploited-in-the-wild/
#solarwinds #supplychainattack

FortiClient for Mac 6.4.3 and below may allow an non-privileged user to execute arbitrary privileged shell commands during installation phase.
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26089
#forticlient



Malicious Macros for Script Kiddies
https://www.trustedsec.com/blog/malicious-macros-for-script-kiddies/?hss_channel=tw-403811306
#VBA #MACRO #socialengineering


Hackers Spread BIOPASS Malware via Chinese Online Gambling Sites
#APT41 #BIOPASS #RAT
BIOPASS RAT :
file system assessment!
remote desktop access
file exfiltration
shell command execution
C2 protocol was RTMP Real-Time Messaging Protocol & socket.io
خود رت در قالب یک برنامه قانونی نصب و اپدیت میشده روی سایت معروفی که قبلا هکر ها ازش دسترسی گرفتند! این شیوه هک کردن خیلی فراگیرتر شده نسبت به قبل
https://thehackernews.com/2021/07/hackers-spread-biopass-malware-via.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+TheHackersNews+%28The+Hackers+News+-+Cyber+Security+Blog%29
https://www.trendmicro.com/en_us/research/21/g/biopass-rat-new-malware-sniffs-victims-via-live-streaming.html
https://malpedia.caad.fkie.fraunhofer.de/actor/axiom


Critical RCE Vulnerability in ForgeRock OpenAM Under Active Attack Upgrade or Workaround CVE-2021-35464
Access Management, a commercial access-management platform, is based on the OpenAM open-source access-management platform for web applications. The platform front-ends web apps and remote-access setups in many enterprises.
https://github.com/frohoff/ysoserial
#RCE #FORGEROCK #OPENAM


Google checks rise of DOM XSS with Trusted Types
https://portswigger.net/daily-swig/google-checks-rise-of-dom-xss-with-trusted-types
#DOMXSS #GOOGLE
https://brutelogic.com.br/blog/xss-via-http-headers/
If you know how #XSS works via HTTP headers, don’t waste your time reading this!
#bugbountytips

🚨 🚨 🚨 🚨 🚨 🚨 🚨
https://www.vmware.com/security/advisories/VMSA-2021-0010.html
پچ کنید قبل از ....
Patch it before ...
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/vmware_vcenter_vsan_health_rce.rb
Patch :
https://docs.vmware.com/en/VMware-vSphere/6.7/rn/vsphere-vcenter-server-67u3n-release-notes.html
https://technet24.ir/full-patch-for-vmware-vcenter-server-appliance-6-7-14552

Mitigation for ::::
https://www.bleepingcomputer.com/news/security/solarwinds-patches-critical-serv-u-vulnerability-exploited-in-the-wild/

=»»»>
Microsoft discovers SolarWinds zero-day exploited in the wild

-CVE-2021-35211: RCE in Serv-U file transfer technology
-disabling SSH on affected products prevents exploitation
-affected products include: Serv-U Managed File Transfer and Serv-U Secure FTP
https://therecord.media/microsoft-discovers-a-solarwinds-zero-day-exploited-in-the-wild/

Mikrotik RouterOs before stable version 6.47 Denial of Service CVE-2020-20250
میکروتیک اپدیت کنید
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-20250
#Mikrotik #DOS
Apache Tomcat did not correctly parse the HTTP transfer-encoding request CVE-2021-33037
اپدیت اومده براش
header in some circumstances leading to the possibility to request
smuggling when used with a reverse proxy.
https://mail-archives.us.apache.org/mod_mbox/www-announce/202107.mbox/%3Cd050b202-b64e-bc6f-a630-2dd83202f23a%40apache.org%3E
#apache #httpsmuggling

ModiPwn flaw in Modicon PLCs bypasses security mechanisms CVE-2021-22779
The experts demonstrated that chaining the above issue with other vulnerabilities (CVE-2018-7852, CVE-2019-6829 and CVE-2020-7537) in the UMAS (Unified Messaging Application Services) protocol and discovered over the past years it was possible to take over the device.
#RCE #PLC #IOT
https://securityaffairs.co/wordpress/120045/security/modipwn-modipwn-plcs.html?utm_source=feedly&utm_medium=rss&utm_campaign=modipwn-modipwn-plcs


Windows 10 cumulative updates KB5004237 & KB5004245 released
As part of the July 2021 Patch Tuesday, Microsoft has released new KB5004237 and KB5004245 cumulative updates for recent versions of Windows. Today's cumulative updates include security fixes for PCs with May 2021 Update, October 2020 Update and May 2020 Update.
https://www.bleepingcomputer.com/news/microsoft/windows-10-cumulative-updates-kb5004237-and-kb5004245-released/
#printnightmare #patch #windows10

How data collected in gaming can be used to breach user privacy
خلاصه مقاله جالبه اگر وقت خوندن مقاله ندارید
کسب اطلاعات از افراد مختلف از طریق GPS ، شناسایی سخت افزار تارگت ، شناسایی سیستم عامل تارگت ، اتصال به شبکه های اجتماعی ( رسیدن به ارتباطات افراد و ... ) ، ساعت بازی رسیدن به ساعت خواب و ... ، چت های بازی ، ارتباطات تو بازی و ...
طراحی بازی ویدیویی می تونه یک پروژه جمع آوری اطلاعات باشه و high profile target رو شناسایی و ارتباطات شناسایی و پس از کسب نقاط ضعف شروع به نفوذ به آن ها باشه نصب بازی های ویدیویی روی گوشی و سیستم های دیگری که با آن ها کارها حرفه ای یا شخصی می کنید همیشه تهدید افشای اطلاعات شخصی و نقض حریم شخصی بر عهده داره قانونی حریم شخصی GDPR که همه می شناسیم چون هر سایت هر روز باز می کنیم از ما می خواد تایید کنیم که cookie سایت داره ما track میکنه .
پ.ن کلا تو اینترنت همیشه در حال مانیتور هستیم چه ISP چه صاحبان شبکه های اجتماعی چه search engine . همیشه باید سعی کنیم تو مینیممترین حالت ممکن اطلاعات شخصی کاری خودمون منتشر کنیم.
https://www.hackread.com/gaming-data-collection-breach-user-privacy/
مقاله قبلا ضمیمه شد
https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3881279
#privacy #gamming

Operation SpoofedScholars!!!

Iranian hackers posing as scholars are targeting think tanks, journalists and professors in Middle-East through sophisticated social engineering attacks.
https://thehackernews.com/2021/07/iranian-hackers-posing-as-scholars.html
#irannianhackers #scholars #spoof

We Got the Phone the FBI Secretly Sold to Criminals
نظارت به این شکل صرف نظر نقض حریم شخصی ایده جالبیه !
https://www.vice.com/en/article/n7b4gg/anom-phone-arcaneos-fbi-backdoor
#FBI #BACKDOOR #ANOM

WechatDecrypt
https://github.com/JustYoomoon/WechatDecrypt
#wechat #decryptor

The July 2021 Security Update Review
https://www.zerodayinitiative.com/blog/2021/7/13/the-july-2021-security-update-review
https://msrc.microsoft.com/update-guide/vulnerability
#ADOBE #Windows #exchange #kernel #RCE #excell #Sharepoint #report #RCE #DOS #Eop

Google Reports
How We Protect Users From 0-Day Attacks
Chrome CVE-2021-21166 https://googleprojectzero.github.io/0days-in-the-wild/0day-RCAs/2021/CVE-2021-21166.html
Race Condition
Chrome CVE-2021-30551 https://googleprojectzero.github.io/0days-in-the-wild/0day-RCAs/2021/CVE-2021-30551.html
Logic issue
Internet Explorer CVE-2021-33742 https://googleprojectzero.github.io/0days-in-the-wild/0day-RCAs/2021/CVE-2021-33742.html
Out-of-bounds write
Safari CVE-2021-1879 https://googleprojectzero.github.io/0days-in-the-wild/0day-RCAs/2021/CVE-2021-1879.html
Use-after-free
https://blog.google/threat-analysis-group/how-we-protect-users-0-day-attacks/
#google #0day #chrome #IE #safari

Google Chrome will add HTTPS-First Mode to keep your data safe
https://www.bleepingcomputer.com/news/security/google-chrome-will-add-https-first-mode-to-keep-your-data-safe/
#chrome #MITM

RDP hijacking attacks explained, and how to mitigate them
https://www.csoonline.com/article/3566917/rdp-hijacking-attacks-explained-and-how-to-mitigate-them.html
#rdp #sessionhijacking #mitigation #apt

Trickbot updates its VNC module for high-value targets
https://www.bleepingcomputer.com/news/security/trickbot-updates-its-vnc-module-for-high-value-targets/
#trickbot #vnc #botnet #ransomware

DevSecAI: GitHub Copilot prone to writing security flaws
https://portswigger.net/daily-swig/devsecai-github-copilot-prone-to-writing-security-flaws
#github #copilot #securityflaws

Solarwinds 0day Patterns
Detects patterns as noticed in exploitation of Serv-U CVE-2021-35211 vulnerability by threat group DEV-0322
https://github.com/SigmaHQ/sigma/blob/master/rules/windows/process_creation/win_susp_servu_exploitation_cve_2021_35211.yml
Detects a suspicious process pattern which could be a sign of an exploited Serv-U service
https://github.com/SigmaHQ/sigma/blob/master/rules/windows/process_creation/win_susp_servu_process_pattern.yml
Source :
https://www.microsoft.com/security/blog/2021/07/13/microsoft-discovers-threat-actor-targeting-solarwinds-serv-u-software-with-0-day-exploit/
#solarwinds #0day #pattern

Analysis of Satisfyer Toys: Discovering an Authentication Bypass with r2 and Frida
https://bananamafia.dev/post/satisfyer/
#IoT #sextoy #reverseengineering

Critical vulnerabilities in open source text editor Etherpad could lead to remote takeover
https://portswigger.net/daily-swig/critical-vulnerabilities-in-open-source-text-editor-etherpad-could-lead-to-remote-takeover
#Xss #Etherpad #editor #opensource

REvil banned from Xss
https://twitter.com/malwrhunterteam/status/1415062414702354433
#Revil

CVE-2021-22555
A heap out-of-bounds write affecting Linux since v2.6.19-rc1 was discovered in net/netfilter/x_tables.c. This allows an attacker to gain privileges or cause a DoS (via heap memory corruption) through user name space
Write up :
CVE-2021-22555: Turning \x00\x00 into 10000$
https://google.github.io/security-research/pocs/linux/cve-2021-22555/writeup.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22555
POC :
https://github.com/google/security-research/tree/master/pocs/linux/cve-2021-22555
#privilegeEscalation #writeup
Guided tour inside WinDefender’s network inspection driver
Sadly, the bugs I found can not be triggered due to the DACL on the device object, but it was a great code analysis exercise.
https://blog.quarkslab.com/guided-tour-inside-windefenders-network-inspection-driver.html
#windefender

🚨 🚨 🚨 🚨 🚨 🚨 🚨
#printnightmare - Episode 3 You know that even patched, with default config (or security enforced with #Microsoft settings), a standard user can load drivers as SYSTEM? - Local Privilege Escalation - #feature


https://twitter.com/gentilkiwi/status/1415520478693888004

https://video.twimg.com/tweet_video/E6TwDx-XsAco41L.mp4

#cybersecurity #infosec

🚨Police cars revolving lightMAJOR REPORT in collaboration with Microsoft

exposing spyware company Candiru. [ based in Tel Aviv, Israel, is a mercenary spyware firm that markets “untraceable” spyware to government customers. Their product offering includes solutions for spying on computers, mobile devices, and cloud accounts. ]

Targets: journalists, human rights defenders, around world.

Report : https://citizenlab.ca/2021/07/hooking-candiru-another-mercenary-spyware-vendor-comes-into-focus/
#Israel #0day #Candiru
Vuls :
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31979
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-33771
پ.ن شرکت ماکروسافت این ماه ،یکی از سخت ترین ماه بوده که داشته و این پایان نیست با پچ هایی که داده چون همین Print nightmare تازه شروع فاجعه هست.
زیاد پی شرکت و کشورها نباشیم پی کاهش مخاطره باشیم (کمی !)
https://msrc.microsoft.com/update-guide/releaseNote/2021-Jul
لیست تمام آسیب پذیری رو بررسی کنید البته گزارش ZDI خیلی خوبه چون با موج جدید از حملات قرار روبرو بشیم ( 2 شب پیش قرار داده شد).
https://www.zerodayinitiative.com/blog/2021/7/13/the-july-2021-security-update-review
https://msrc.microsoft.com/update-guide/vulnerability
#microsoft #vulnerablity #0day

Ransomware’s Russia problem
https://blog.malwarebytes.com/malwarebytes-news/2021/07/ransomwares-russia-problem/
#ransomware #russia

Linux version of HelloKitty ransomware targets VMware ESXi servers
هشدار دادیم در مورد RCE vcenter پابلیک شده ...
https://www.bleepingcomputer.com/news/security/linux-version-of-hellokitty-ransomware-targets-vmware-esxi-servers/
#Vmware #ESXI #ransomware #HelloKitty
WooCommerce fixes vulnerability exposing 5 million sites to data theft
https://www.bleepingcomputer.com/news/security/woocommerce-fixes-vulnerability-exposing-5-million-sites-to-data-theft/
#sqlinjection #wordpress #woocommerce

Bypassing Windows Hello Without Masks or Plastic Surgery
We’re excited to present our findings at Black Hat 2021 on August 4-5, 2021
https://www.cyberark.com/resources/threat-research-blog/bypassing-windows-hello-without-masks-or-plastic-surgery
https://www.youtube.com/c/BlackHatOfficialYT/videos
#windows #bypass #blackhat #recognition #face

Safari Zero-Day Used in Malicious LinkedIn Campaign
از آسیب پذیری هایی که گوگل کشف کردش دیشب لینک گزارش گذاشتیم مشخص شده برای هک شدن highprofile target ها استفاده می شده !4 اکسپلویت که برای مرورگرهای safari chrome IE بوده 2 تاش البته برای خود کروم بوده .
پ.ن کروم ناامن نیست هر سرویس vendor که مارکت بیش تر داره security researcher و هکرها بیشتر روش کار میکنن تا آسیب پذیری کشف کنند مثل ویندوز سولار وایندز گوگل کروم و ....
https://threatpost.com/safari-zero-day-linkedin/167814/

Ransomware Attacks Targeting Unpatched EOL SonicWall SMA 100 VPN Appliances
reports :
https://thehackernews.com/2021/07/ransomware-attacks-targeting-unpatched.html
VPN exploit :
https://thehackernews.com/2021/06/emerging-ransomware-targets-dozens-of.html
Sonicwall mitigations :
https://www.sonicwall.com/support/product-notification/urgent-security-notice-critical-risk-to-unpatched-end-of-life-sra-sma-8-x-remote-access-devices/210713105333210/
#sonicwall #vulnerablity #ransomware

Facebook is firing three engineers per month for accessing user data
پ.ن شاید پشت فیسبوک گوگل و ... کلی حرف باشه که حریم خصوصی رو زیر سوال می برند ولی تو ظاهر حداقل کارمندایی که دارن سواستفاده می کنند اخراج می کنند !
https://www.cybersecurity-insiders.com/facebook-is-firing-three-engineers-per-month-for-accessing-user-data/
#facebook #fire #privacy

Advance Bug Bounty Hunting & Penetration Testing Course 2021
Limited Free
#bugbounty
Enrollment link:
https://www.udemy.com/course/advance-bug-bounty-hunting-penetration-testing-course-2021-t/?ranMID=39197&ranEAID=*7W41uFlkSs&ranSiteID=.7W41uFlkSs-3s4GiJvWPn0FvdiX5NPgKQ&LSNPUBID=*7W41uFlkSs&utm_source=aff-campaign&utm_medium=udemyads&couponCode=CE31077A41040DA4B51E

MSRC has release CVE-2021-34481 today.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34481
https://twitter.com/gentilkiwi/status/1415965037425053696
#printnightmare

Remote code execution in cdnjs of Cloudflare
This vulnerability could have been used against 12.7%1 of all websites on the internet, if security researcher ryotkak
⁩ would not have found it and reported it.
کلادفلیر به کمک گزارش ryotkak آسیب پذیری RCE را پچ می کند که که بر 12.7 درصد کل سایت های اینترنت تاثیر می گذارد .
https://blog.ryotak.me/post/cdnjs-remote-code-execution-en/
#cloudflare #rce #cdnjs

فردا شب ساعت ۲۳ تا ۲۴ osint
شروع گفت گو در مورد osint

https://www.clubhouse.com/join/penetercom/hLCeuLmp/MzrzZ6r4

#OSSINT #MichaelBazzell

#printnightmare new VuL LOL
ماکروسافت بنده خدا هنوز داشت قبلی درست میکرد یکی دیگه کشف شده و گزارش شده و اقای بانیز گفته من هیچ جزییاتی منتشر نمی کنم تا defcon !
CVE-2021-34481 discovered by jacob baines save for defcon! (I HOPE ! ) reported the issue via MSRC on June 18.
https://twitter.com/Junior_Baines/status/1416020556537794564
https://www.theregister.com/2021/07/16/spooler_service_local_privilege_escalation/

New target added to our temporary #0day bounties:
گویا ransomware hellokitty داره با 0day روی vmware vcenter اجرا میشه 100 هزار دلار بانتی برای کسی گزارش کنه گذاشتند !
- [$100,000] VMWare vCenter Server Pre-Auth RCE
More details at: https://zerodium.com/temporary.html
https://securityaffairs.co/wordpress/120170/hacking/zerodium-vmware-vcenter-server-exploits.html
#vmware #vcenter #bounty


CVE-2021-31956 Exploiting the Windows Kernel (NTFS with WNF) – Part 1
https://research.nccgroup.com/2021/07/15/cve-2021-31956-exploiting-the-windows-kernel-ntfs-with-wnf-part-1/
#windows #microsoft #ntfs #LPE

Fail2ban CVE-2021-32749 let attack MITM
چند وقت پیش یک write-up در موردش تو gitlab منتشر شده بود cve ثبت شد.
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32749
#Fail2ban #MITM


Critical Juniper Bug Allows DoS, RCE Against Carrier Networks
Telecom providers, including wireless carriers, are at risk of disruption of network service if the bug in SBR Carrier is exploited.
https://threatpost.com/critical-juniper-bug-dos-rce-carrier/167869/
#juniper #RCE

Aruba in Chains: Chaining Vulnerabilities for Fun and Profit
https://alephsecurity.com/2021/07/15/aruba-instant/
#firmware #Aruba #router #rce

Hidden Bugs in The Mines: Examining Vulnerabilities within Cryptocurrency Miners
دوستان ماینر که از xmrig استفاده می کنن برای mine حواسشون باشه!
Arbitrary file writing w/ specific extension of “_config.json“.
Default configuration overwrite via client “worker-id” leading to potential client takeover.
Persistent XSS via client “worker-id”.
Remote Denial of Service via client “worker-id”.

https://www.lacework.com/blog/hidden-bugs-in-the-mines-examining-vulnerabilities-within-cryptocurrency-miners/
#xmrigcc #miner #cryptocurrency

U.S Govt launches new website to fight ransomware, help victims
The US government is also offering $10 million in rewards for information on foreign hackers involved in ransomware attacks on the United States.
#biden #reward #ransomware #USA

Fake Zoom App Dropped by New APT ‘LuminousMoth’
First comes spear-phishing, next download of malicious DLLs that spread to removable USBs, dropping Cobalt Strike Beacon, and then, sometimes, a fake Zoom app.
https://threatpost.com/zoom-apt-luminous-moth/167822/
write-up APT ‘LuminousMoth’
https://securelist.com/apt-luminousmoth/103332/
#zoom #APT #‘LuminousMoth

Google fights DOM XSS with Trusted Types
https://securityboulevard.com/2021/07/google-fights-dom-xss-with-trusted-types/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+SecurityBloggersNetwork+%28Security+Bloggers+Network%29
Mitigate cross-site scripting (XSS) with a strict Content Security Policy (CSP)
https://web.dev/strict-csp/
#Google #CSP #XSS #DOM

D-Link issues hotfix for hard-coded password router vulnerabilities
CVE-2021-21816 - Syslog information disclosure vulnerability
CVE-2021-21817 - Zebra IP Routing Manager information disclosure vulnerability
CVE-2021-21818 - Zebra IP Routing Manager hard-coded password vulnerability
CVE-2021-21819 - Libcli command injection vulnerability
CVE-2021-21820 - Libcli Test Environment hard-coded password vulnerability
D-Link has issued a firmware hotfix to address multiple vulnerabilities in the DIR-3040 AC3000-based wireless internet router.
https://www.bleepingcomputer.com/news/security/d-link-issues-hotfix-for-hard-coded-password-router-vulnerabilities/
#dlink #hardcoded #IoT #backdoor

macOS: Bashed Apples of Shlayer and Bundlore
Uptycs threat research team analyzed macOS malware threat landscape and discovered that Shlayer and Bundlore are the most predominant malware.
https://securityaffairs.co/wordpress/120128/malware/macos-bashed-apples-of-shlayer-and-bundlore.html?utm_content=173156379&utm_medium=social&utm_source=twitter&hss_channel=tw-771758396810952704
#macos #malware #Shlayer #Bundlore #scripts #flashplayer

China has issued new regulations requiring cybersecurity researchers to mandatorily share details of critical zero-day security vulnerabilities first-hand with government authorities within two days of filing a report.
اجبار دولت چین (قانون ) برای تحویل 0day بعد از حداکثر دو روز گزارش مشکل امنیتی !
https://thehackernews.com/2021/07/chinas-new-law-requires-researchers-to.html
#cybersecurity #zeroday #goverment

Cisco Release security update which flaw resides in the software cryptography module of both ASA and FTD software, an attacker in a man-in-the-middle position could exploit the issue to trigger a DoS condition and cause an unexpected reload of a vulnerable device.
https://securityaffairs.co/wordpress/120231/security/cisco-dos-flaw-asa-ftd.html
#cisco #DOS #update

SonicWall has issued an urgent security alert to warn customers of “an imminent ransomware campaing” targeting EOL equipment.
https://securityaffairs.co/wordpress/120147/security/sonicwall-warns-ransomware-attack.html
#sonicwall #ransomware

Pentesting and Securing Web Applications (Ethical Hacking)

#udemy #couponcode
Enrollment link:
https://www.udemy.com/course/web-security-fundamentals-how-to-hack-and-secure-web-apps/?ranMID=39197&ranEAID=*7W41uFlkSs&ranSiteID=.7W41uFlkSs-k_IOmIznXEeA1.Lz7Ra7NA&LSNPUBID=*7W41uFlkSs&utm_source=aff-campaign&utm_medium=udemyads&couponCode=JULY2021