All posts by cK-bot

■■■□□ ICYMI: Securely view shortened URLs sandboxed. https://safecomputing.umich.edu/be-aware/phishing-and-suspicious-email/shortened-url-security https://t.me/cKure/9519

■■□□□ Tool | nocodb: Turns any MySQL, PostgreSQL, SQL Server, SQLite & MariaDB into a smart-spreadsheet. https://github.com/nocodb/nocodb https://t.me/cKure/9518

■■□□□ Data-Leak: African Bank Alerts of Data Breach With Personal Details Compromised. https://www.ehackingnews.com/2021/09/african-bank-alerts-of-data-breach-with.html https://t.me/cKure/9517

■□□□□ An actor claimed to have compromised a pharmaceutical organisation (https://raidforums.com/Thread-SELLING-900-GB-woah) with over 900 GB of data. However, the actor was contacted and apparently was scamming. https://t.me/cKure/9516

■■■■□ SSD Advisory – macOS Finder RCE. https://ssd-disclosure.com/ssd-advisory-macos-finder-rce/ https://t.me/cKure/9515

■■■■□ HashDB beta goes live. HashDB is a free community-sourced library of hashing algorithms used in malware, with an IDA plugin! API https://hashdb.openanalysis.net/ IDA Plugin https://github.com/OALabs/hashdb-ida Add Custom Algorithms https://github.com/OALabs/hashdb Source: https://twitter.com/herrcore/status/1441515001282535427 https://t.me/cKure/9514

■■□□□ Cyber-Attack on United States as Port of Houston Attacked Employing Zoho Zero-Day Vulnerability. CISA officers on 23rd of September reported about a potential government-backed hacker organization that has tried to break the Port of Houston networks, one of the major port agencies in the United States, employing zero-day vulnerabilities in a Zoho user authentication…

■■■■■ Report: Technical assessment of the security of Chinese 5G handsets sold in Lithuania – in built backdoors, censorship etc (*ANALYSIS OF PRODUCTS MADE BY Huawei, Xiaomi and OnePlus). PDF: https://www.nksc.lt/doc/en/analysis/2021-08-23_5G-CN-analysis_env3.pdf https://t.me/cKure/9511

■■■■■ Financially motivated actor breaks certificate parsing to avoid detection. Mr. Neel Mehta found an attacker using certificates that OpenSSL won’t parse but Windows will accept. https://blog.google/threat-analysis-group/financially-motivated-actor-breaks-certificate-parsing-avoid-detection/amp/ https://t.me/cKure/9510

■■■■□ CVE-2021-30869: Erye Hernandez of Google Threat Analysis Group, Clément Lecigne of Google Threat Analysis Group, and Ian Beer of Google Project Zero. https://support.apple.com/en-us/HT212825 https://twitter.com/ShaneHuntley/status/1441102086385455112 https://t.me/cKure/9509