All posts by cK-bot

■■■■■ DOM clobbering: Escaping from HTML-injection to execute XSS even if the web page has proper mitigation to prevent script execution. https://portswigger.net/web-security/dom-based/dom-clobbering https://t.me/cKure/7858

■□□□□ Cyber-Attack on Belgium as massive DDoS Attack disrupts Belgium Parliament. https://threatpost.com/ddos-disrupts-belgium/165911/ https://t.me/cKure/7857

■■■■■ CVE-2020-11292 | Qualcomm | Android bug. A vulnerability in a 5G modem data service could allow mobile hackers to remotely target Android users by injecting malicious code into a phone’s modem – gaining the ability to execute code, access mobile users’ call histories and text messages, and eavesdrop on phone calls. A malicious app…

■□□□□ Moriya rootkit https://securelist.com/operation-tunnelsnake-and-moriya-rootkit/101831/ https://t.me/cKure/7854

■□□□□ Chrome on Windows turns on Intel, AMD chip-level defenses against malicious websites. https://go.theregister.com/feed/www.theregister.com/2021/05/06/chrome_code_protection/ https://t.me/cKure/7853

■■□□□ KubeArmor – Container-aware Runtime Security Enforcement System. https://github.com/accuknox/KubeArmor https://t.me/cKure/7852

■■■□□ Facebook blocks Signal from using ads to show Instagram data collection. Signal attempted to use the Facebook ad program to show how much data is being collected by Instagram to push targeted ads and got banned. https://www.hackread.com/facebook-blocks-signal-instagram-data-collected/ https://t.me/cKure/7850

■■□□□ mobile-mobile control. https://www.instagram.com/reel/COfhCHIgRdG/ https://t.me/cKure/7849

■□□□□ Anti-Spam WordPress Plugin Could Expose Website User Data. https://threatpost.com/anti-spam-wordpress-plugin-expose-data/165901/ https://t.me/cKure/7848

■■■■■ pentest lab: A local pentest lab leverages docker to spin multiple victim services and an attacker service running Kali Linux. https://github.com/oliverwiegers/pentest_lab https://t.me/cKure/7847