BishopFox

@BishopFox@infosec.exchange

A leading provider of offensive #security solutions & contributor to the #infosec community. #pentesting #appsec #netsec

This profile is from a federated server and may be incomplete. Browse more on the original instance.

nono2357, to infosec

A Practical Guide to PrintNightmare in 2024
https://itm4n.github.io/printnightmare-exploitation/
#infosec

Cappyjax, to infosec
@Cappyjax@mastodon.social avatar

Ostorlab KEV: a one-command tool to detect most remotely known exploitable vulnerabilities 🐞🔍

https://github.com/Ostorlab/KEV

verge, to random
@verge@mastodon.social avatar

Bitconned is a scammer’s guide to crypto https://www.theverge.com/24035066/bitconned-ray-trapani-centra-tech?utm_content=buffera35a4&utm_medium=social&utm_source=bufferapp.com&utm_campaign=buffer

campuscodi, to random
@campuscodi@mastodon.social avatar

CISA says that threat actors are exploiting a vulnerability in Microsoft SharePoint servers.

Tracked as CVE-2023-29357, the bug was patched in June of last year.

The vulnerability is an elevation of privilege that can be chained with other SharePoint bugs to achieve remote code execution attacks.

Loads of technical write-ups and public PoCs on how to perform such attacks have been available online since September of last year.

https://www.cisa.gov/news-events/alerts/2024/01/10/cisa-adds-one-known-exploited-vulnerability-catalog

BishopFox, to random

Organizations on average experience 700+ social engineering attacks a year.

Dardan Prebreza is your host as we explore stages from planning to execution, common techniques, and the necessity of ongoing vigilance and proactive strategies to combat this pervasive issue. Don't miss out!

https://bfx.social/3SbtRHe

campuscodi, to random
@campuscodi@mastodon.social avatar

The AWS team has published a guide covering best practices for configuring AWS security services.

This is a guide for how to configure AWS security tools, not how to secure AWS infrastructure.

https://aws.github.io/aws-security-services-best-practices/

BleepingComputer, to random

With it being the first week of the New Year and some still away on vacation, it has been slow with ransomware news, attacks, and new information.

https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-january-5th-2024-secret-decryptors/

BleepingComputer, to random

Hackers are increasingly targeting verified accounts on X (formerly Twitter) belonging to government and business profiles and marked with 'gold' and 'grey' checkmarks to promote cryptocurrency scams.

https://www.bleepingcomputer.com/news/security/hackers-hijack-govt-and-business-accounts-on-x-for-crypto-scams/

sethsec, to random

CloudFox v.1.13.0 is out with 2 new AWS commands and a bunch of updates.

  • The new workloads command looks at EC2, Lambda, and ECS and highlights any workload that has an admin role attached, as well as any role that can privesc to admin!

  • The new api-gws command contributed by Wyatt Dahlenburg finds all API gw endpoints and crafts custom curl commands for you with any API keys found in the endpoint metadata)

  • The env-vars command has been upgraded to help you find secrets stored in environment variables. It highlights interesting variable names and creates a separate output file with just the interesting items.

  • The role-trusts command has been upgraded to help you find overly permissive role trusts, particularly those that trust :root, without an ExternalID.

https://github.com/BishopFox/cloudfox

mttaggart, to random

Enjoy this banger from @BishopFox about a Java deserialization vulnerability in GWT that's gone unpatched for the better part of a decade. bishopfox.com/blog/gwt-unpatched-unauthenticated-java-deserialization-vulnerability

cactuscon, to random

Hi friends!

We will be releasing another small batch of free tickets this FRIDAY at 10AM AZ so set your clocks. We've still got guaranteed badges available and as always we appreciate your continued support of our community con.

applsec, to apple

📣 EMERGENCY UPDATES 📣

Apple pushed additional updates for 2 zero-days that may have been actively exploited.

🐛 CVE-2023-42916 (WebKit),
🐛 CVE-2023-42917 (WebKit):

  • iOS and iPadOS 16.7.3
  • tvOS 17.2
  • watchOS 10.2

mttaggart, to random

Right now, one of our Faculty has teams of hackers learning @BishopFox's Sliver C2 in private labs as part of @thetaggartinstitute's live classes for members. It's really amazing to see what's possible when you get talented instructors together with small groups of dedicated learners. They're getting experiences and wisdom hard to come by on most learning platforms.

I couldn't be prouder.

verge, to random
@verge@mastodon.social avatar

Amazon scammers used hacks and bribes to make millions off fake returns https://www.theverge.com/2023/12/8/23993573/amazon-rekk-refund-return-fraud-lawsuit?utm_content=bufferd5261&utm_medium=social&utm_source=bufferapp.com&utm_campaign=buffer

YourAnonRiots, to infosec Japanese

🕵️‍♂️ warns of an ongoing cyber threat targeting government servers via an Adobe ColdFusion (CVE-2023-26360).

https://thehackernews.com/2023/12/hackers-exploited-coldfusion.html

Update your software now.

BishopFox, to Cybersecurity

How do you get organizational buy-in to stop viewing as a cost and start seeing it as an investment? Join Ryan Basden to learn how the adoption of Purple Teaming initiatives can help demonstrate ROI and secure revenue.

https://bfx.social/3QS1dcc

BleepingComputer, to random

The Kinsing malware operator is actively exploiting the CVE-2023-46604 critical vulnerability in the Apache ActiveMQ open-source message broker to compromise Linux systems.

https://www.bleepingcomputer.com/news/security/kinsing-malware-exploits-apache-activemq-rce-to-plant-rootkits/

fr0gger, to gpt

Last week, I've created an "awesome repository" that lists all the GPTs related to cybersecurity. Take a look – the list is continuously growing and there are already many use cases! Feel free to add yours 👇

https://github.com/fr0gger/Awesome-GPT-Agents

hexamander, to infosec

I just boosted like half of @Lemniscate 's big thread about Getting Into . If that's at all relevant to your interests, don't just look at the parts I like most- go read the whole thing.

tsupasat, to Cybersecurity

This is a really great article about how this lady got a cybersecurity job building on her software development skills.

She gives direct advice at the bottom of the post.

https://taeluralexis.com/breaking-in-my-journey-from-code-to-cybersecurity/

BleepingComputer, to random

Security and data analytics company Sumo Logic disclosed a security breach after discovering that its AWS (Amazon Web Services) account was compromised last week.

https://www.bleepingcomputer.com/news/security/sumo-logic-discloses-security-breach-advises-api-key-resets/

BishopFox, to LLMs

When you attend our fireside chat with @moveworks, expect to get a thorough understanding of , enabling you to harness their potential & drive your enterprise toward success. You’ll learn how you can stay ahead of the curve and embrace the future of , while safeguarding your enterprise’s !

https://bfx.social/49aiTYY

briankrebs, to random

Don't forget to patch your CVSS, people. We're now at 4.0!

https://www.bleepingcomputer.com/news/security/new-cvss-40-vulnerability-severity-rating-standard-released/

danaepp, to random

Let me show you how to use the AI in Eyeballer from BishopFox to help identify interesting targets during recon of your web apps & APIs.

https://danaepp.com/api-recon-tip-using-ai-to-eyeball-your-targets

campuscodi, to random
@campuscodi@mastodon.social avatar

Elastic's security team published a breakdown of KANDYKORN, a macOS malware strain used by Lazarus in attacks targeting blockchain software engineers

"Attackers impersonated blockchain engineering community members on a public Discord frequented by members of this community. The attacker social-engineered their initial victim, convincing them to download and decompress a ZIP archive containing malicious code. The victim believed they were installing an arbitrage bot"

https://www.elastic.co/security-labs/elastic-catches-dprk-passing-out-kandykorn

  • All
  • Subscribed
  • Moderated
  • Favorites
  • JUstTest
  • ngwrru68w68
  • InstantRegret
  • thenastyranch
  • magazineikmin
  • tacticalgear
  • rosin
  • osvaldo12
  • cubers
  • Youngstown
  • slotface
  • khanakhh
  • kavyap
  • DreamBathrooms
  • provamag3
  • ethstaker
  • everett
  • normalnudes
  • GTA5RPClips
  • modclub
  • Durango
  • Leos
  • mdbf
  • cisconetworking
  • anitta
  • tester
  • megavids
  • lostlight
  • All magazines
    •