All posts by cK-bot

■■□□□ XSS CTF: https://xss-challenge.ysamm.com/ https://t.me/cKure/9958

■■□□□ Remote code execution, SQL injection bugs uncovered in Pentaho Business Analytics software. https://portswigger.net/daily-swig/remote-code-execution-sql-injection-bugs-uncovered-in-pentaho-business-analytics-software https://t.me/cKure/9957

Pwn2own Austin, United States with ~750K USD rewarded in 2 days. Day 1 results (21 Zero-Day bugs): Day 2 results (14 Zero-Day bugs): https://youtu.be/V3Xoo8IK0-I https://t.me/cKure/9955

■■■■□ Samsung Galaxy S21 hacked on second day of Pwn2Own Austin. https://www.bleepingcomputer.com/news/security/samsung-galaxy-s21-hacked-on-second-day-of-pwn2own-austin/ https://t.me/cKure/9954

■□□□□ Attackers are actively exploiting an “old” vulnerability (CVE-2021-22205) to take over on-premise GitLab servers, Rapid7 researcher Jacob Baines warns. The additional bad news is that at least half of the 60,000 internet-facing GitLab installations the company detects are not patched against this issue.  https://t.me/cKure/9953

● Yet another website: ckure.org (cyber-security articles’ search engine) https://t.me/cKure/9952

■■■■■ uXSS in Google Chrome. https://portswigger-net.cdn.ampproject.org/c/s/portswigger.net/daily-swig/amp/dangerous-uxss-bug-in-google-chromes-new-tab-page-bypassed-security-features https://t.me/cKure/9951

■■□□□ Privacy | China GFWatchA: Longitudinal Measurement Platform Built to Monitor China’s DNS Censorship at Scale. https://citizenlab.ca/2021/11/gfwatch-a-longitudinal-measurement-platform-built-to-monitor-chinas-dns-censorship-at-scale/ https://t.me/cKure/9950

■□□□□ The US Department of Justice has indicted a suspected Twitter hacker known as ‘PlugWalkJoe’ for also stealing $784,000 worth of cryptocurrency using SIM swap attacks. https://t.me/cKure/9949

■■■■■ Remote code execution flaw patched in Linux Kernel TIPC module. https://www.zdnet.com/article/remote-code-execution-flaw-patched-in-linux-kernel-tipc-module/ https://t.me/cKure/9948