Skip to main content

Search

Items tagged with: infosec


🟣 Time to update: 🧅 #TorBrowser 11.5.10 (Android) is now available. This is an Android-only release which fixes crashes on Android 12+ devices caused by the targetSdkVersion update in 11.5.9. #InfoSec https://blog.torproject.org/new-release-tor-browser-11510/


GitHub dorks are now possible under cs.github.com !

First dorks like:
/ssh:\/\/.*:.*@.*target\.com/
/ftp:\/\/.*:.*@.*target\.com/

can be used to find SSH/FTP passwords in the connection strings.

regex is powerful :ablobcatbongokeyboard:

#infosec #hacking #dorks #github #githubdorks


The elephant in the #Mastodon messaging privacy room smells fishy - almost like a red herring. The truth about Mastodon #privacy for new users to the community - of which I am one, of course.

By me at #Forbes.

#infosec #advice #encryption #truth

https://www.forbes.com/sites/daveywinder/2022/11/27/what-twitter-users-need-to-know-about-mastodon-privacy/


Oh, and #Slack, #Discord, #Steam, etc., all down the line too. Unless they have end-to-end #encryption where *you* and *only you* have the *only* private key, it’s not #private. No exceptions.

#privacy #security #InfoSec #cybersecurity


ATTENTION EVERYONE WRINGING THEIR HANDS OVER “#MASTODON ADMINS CAN READ MY DIRECT MESSAGES”: #SysAdmins have *always* been able to read your #email and DMs unless encrypted, including at the big #SocialNetworks and Internet providers. We used to have t-shirts that said, “I READ YOUR EMAIL.”

It’s just hitting now because you got used to places where the admins were kept away in their cubicles and data centers instead of greeting you at the front door.

#privacy #security #InfoSec #cybersecurity


Ran a CTF today and had a safe as a semi-guided physical security challenge. Bunch of students went home being able to say they've cracked a safe :hackaday:
#ctf #lockpicking #infosec


E-ink screen in a frame, with a Conway's Game of Life grid on it. There is a cluster of activity happening on the left side of the grid, representing an ongoing bot attack.


Happy Turkey Day to my friends! I appreciate you every day, but today we get to appreciate with turkey.

Thank you for being there.
Thank you for being you.


Does anyone else despise mandatory password expirations as an #infosec security practice? Key rotations are good. Password expirations are terrible and encourage users to make and reuse terrible passwords, making small modifications to them to cheat the system. How is this so commonplace?


Content warning: Question about InfoSec threat intel sources


⚠️ 🇬🇧 UK Online Safety Bill Threatens Jail For Users For w/They Say Online & Enforces Automated Content Scanning, Compromising 🔓 #Encryption

#Infosec #crypto #HumanRights #Autonomy #OnlineSafetyBill #UnitedKingdom #FreeSpeech #Law #censorship #cybersecurity

https://www.eff.org/deeplinks/2022/11/experts-condemn-uk-online-safety-bill-harmful-privacy-and-encryption


Please, follow this account.
👉 @Hackread
#infoSec #CyberSecurity

🔗 https://nitter.net/HackRead
🔗
https://www.hackread.com

Twitter account of the most reliable cybersecurity news platforms bringing exclusive dark web, tech, and hacking news. Contact: admin@hackread.com.

In an attempt to protect your privacy, links to Twitter in this posting were replaced by links to the Nitter instance at https://nitter.net


Remote File Inclusion
#cybersecurity #hacking #pentesting #redteam #infosec #bugbountytips

Tweet 👇​
https://nitter.net/xNaughtyHack/status/1594370306969419777


In an attempt to protect your privacy, links to Twitter in this posting were replaced by links to the Nitter instance at https://nitter.net


Anyone that has ever used @shodanhq knows how insecure webcams are, especially baby cam monitors. So why do so many vendors still get away with not securing their products? #PrivacyIsARight #infosec #Hacking #GDPR #networking #IoT #privacymatters #privacy


Hey all!!

We're also on here now and looking to see you all at Hackfest 2023!

You can even book your hotel right now https://hackfest.ca/en/hf15

#HF15 #HF2023 #infosec #ctf #cfp #cybersecurity #hacking #canada



Referenced link: https://thehackernews.com/2022/11/critical-rce-flaw-reported-in-spotifys.html
Discuss on https://discu.eu/q/https://thehackernews.com/2022/11/critical-rce-flaw-reported-in-spotifys.html

Originally posted by The Hacker News / @TheHackersNews@twitter.com: https://nitter.net/TheHackersNews/status/1592825555136614401#m

Researchers have discovered a critical remote code execution #vulnerability (CVSS score: 9.8) in #Spotify's Backstage #software catalog and developer platform.

Details: https://thehackernews.com/2022/11/critical-rce-flaw-reported-in-spotifys.html

#infosec #cybersecurity #hacking

In an attempt to protect your privacy, links to Twitter in this posting were replaced by links to the Nitter instance at https://nitter.net


I’ve asked this on Twitter before but let’s also try it here in the hope to reach more people outside of the #infosec bubble.

Do you use a password manager?

Reblogs appreciated!

  • Yes (82%, 4126 votes)
  • No (13%, 689 votes)
  • What’s a password manager? (1%, 78 votes)
  • Show results (2%, 128 votes)
5021 voters. Poll end: 2 weeks ago


Open URL Redirection
Common injection parameters
#bugbountytips #infosec #cybersecurity #hacking #pentesting #redteam

/{payload}
?next={payload}
?url={payload}
?target={payload}
?rurl={payload}
?dest={payload}
?destination={payload}
?redir={payload}
?redirect_uri={payload}
?redirect_url={payload}
?redirect={payload}
/redirect/{payload}
/cgi-bin/redirect.cgi?{payload}
/out/{payload}
/out?{payload}
?view={payload}
/login?to={payload}
?image_url={payload}
?go={payload}
?return={payload}
?returnTo={payload}
?return_to={payload}
?checkout_url={payload}


@Rickster
Oh, friend... this is what we do.

Those hackers did NOT hack any passwords.

They SPECIFICALLY found a way that passwords COULD be hacked (and demonstrated it with their own passwords).

Probably a better term for this sort of activity is: Security Quality Assurance

They TESTED the security. Found a part that needed to be fixed. And brought it to the attention of the Mastodon/Glitch developers - who fixed it.

They didn't CREATE a vulnerability. They FOUND a vulnerability that already existed.

Because of their actions, Mastodon is currently MORE SECURE than it was before they put their attention to it.

#infosec #hacking #HackingIsNotACrime



Referenced link: https://thehackernews.com/2022/11/critical-rce-flaw-reported-in-spotifys.html
Discuss on https://discu.eu/q/https://thehackernews.com/2022/11/critical-rce-flaw-reported-in-spotifys.html

Originally posted by The Hacker News / @TheHackersNews@twitter.com: https://nitter.net/TheHackersNews/status/1592563614174830592#m

Researchers have discovered a critical remote code execution #vulnerability (CVSS score: 9.8) in #Spotify's Backstage #software catalog and developer platform.

Details: https://thehackernews.com/2022/11/critical-rce-flaw-reported-in-spotifys.html

#infosec #cybersecurity #hacking

In an attempt to protect your privacy, links to Twitter in this posting were replaced by links to the Nitter instance at https://nitter.net


One downside to the #fediverse is that when a security issue comes along everyone’s not patched at once #infosec


Referenced link: https://thehackernews.com/2022/11/researchers-reported-critical-sqli-and.html
Discuss on https://discu.eu/q/https://thehackernews.com/2022/11/researchers-reported-critical-sqli-and.html

Originally posted by The Hacker News / @TheHackersNews@twitter.com: https://nitter.net/TheHackersNews/status/1592515377094877184#m

Researchers have disclosed details of recently reported vulnerabilities in the #Zendesk Explore analytics service that could have allowed attackers to gain unauthorized access to information from customer accounts.

Read: https://thehackernews.com/2022/11/researchers-reported-critical-sqli-and.html

#infosec #hacking #cybersecurity

In an attempt to protect your privacy, links to Twitter in this posting were replaced by links to the Nitter instance at https://nitter.net


WiPri (WiFi Privacy) Updated Today (any Linux):

Many custom/classic options: unique mac address spoof + hostname + signal strength + SSID (including customized boot options added today) w/unique settings (including multiple types of continual changing randomization or device/brand mimic randomization) + protection checks from leaks (on static settings) (Continued...)

#Privacy #HumanRights #Linux #WiPri #metadata #anonymous #Infosec

Tor Download: http://gg6zxtreajiijztyy5g6bt5o6l3qu32nrg7eulyemlhxwwl6enk6ghad.onion/RightToPrivacy/WiPri/archive/master.tar.gz

Opening screenshots:



Referenced link: https://thehackernews.com/2022/11/new-earth-longzhi-apt-targets-ukraine.html
Discuss on https://discu.eu/q/https://thehackernews.com/2022/11/new-earth-longzhi-apt-targets-ukraine.html

Originally posted by The Hacker News / @TheHackersNews@twitter.com: https://nitter.net/TheHackersNews/status/1592252529231859713#m

Researchers have identified a previously undocumented subgroup of APT41 that has been targeting entities located in East and Southeast Asia and Ukraine with custom Cobalt Strike loader.

Read: https://thehackernews.com/2022/11/new-earth-longzhi-apt-targets-ukraine.html

#infosec #cybersecurity #hacking

In an attempt to protect your privacy, links to Twitter in this posting were replaced by links to the Nitter instance at https://nitter.net


Referenced link: https://thehackernews.com/2022/11/new-kmsdbot-malware-hijacking-systems.html
Discuss on https://discu.eu/q/https://thehackernews.com/2022/11/new-kmsdbot-malware-hijacking-systems.html

Originally posted by The Hacker News / @TheHackersNews@twitter.com: https://nitter.net/TheHackersNews/status/1592149600877481985#m

Researchers have discovered new "KmsdBot" #malware leveraging weak SSH credentials to compromise systems with the goal of mining #cryptocurrency and conducting targeted #DDoS attacks.

Read: https://thehackernews.com/2022/11/new-kmsdbot-malware-hijacking-systems.html

#infosec #cybersecurity #hacking

In an attempt to protect your privacy, links to Twitter in this posting were replaced by links to the Nitter instance at https://nitter.net



Hey #InfoSec Fedi,

I am looking for a new Job!

I would be interested in an offensive Security Position, preferred Red Teaming.

100% Remote is OK, but I need to be employable in Austria!

I have two years of professional Pentesting Experience + Trained Trainees IT Basics/programming, 5+ years Linux System Administration, 7+ Year CTFs.

I will make another post later where my CV will be available.

If you have questions, PM me!

:boost_ok: Boost appreciated!
#lookingforwork #work #job #search