■■■■■ Interesting thread! MY2022, an app mandated for use by all attendees of the 2022 Olympic Games in Beijing, has a simple but devastating flaw where encryption protecting users’ voice audio and file transfers can be trivially sidestepped. https://twitter.com/citizenlab/status/1483379681206415361 https://t.me/cKure/10577
All posts tagged hack
January 18, 2022 at 01:32PM
■■■□□ The pre-release announcement for Critical Patch Update (CPU) for January 2022 states that Oracle will fix 483 new flaws. This pre-release announcement for Critical Patch Update (CPU) for January 2022 confirms that Oracle security updates will address 483 new security patches. The Critical Patch Update for January will be released on Tuesday, January 18,…
January 18, 2022 at 11:41AM
■■■■□ Finding and Fixing DOM-based XSS with Static Analysis. https://blog.mozilla.org/attack-and-defense/2021/11/03/finding-and-fixing-dom-based-xss-with-static-analysis/?s=09 https://t.me/cKure/10575
January 18, 2022 at 10:14AM
■■■□□ How iOS Malware Can Spy on Users Silently. https://blog.zecops.com/research/how-ios-malware-can-spy-on-users-silently/ https://t.me/cKure/10574
January 18, 2022 at 10:01AM
■■■□□ The Cyber Plumber’s Handbook – The definitive guide to Secure Shell (SSH) tunneling, port redirection, and bending traffic like a boss. https://github.com/opsdisk/the_cyber_plumbers_handbook https://t.me/cKure/10573
January 18, 2022 at 09:55AM
■■■□□ Tool: LDAP Password Hunter. https://portswigger.net/daily-swig/same-origin-violation-vulnerability-in-safari-15-could-leak-a-users-website-history-and-identity https://t.me/cKure/10572
January 17, 2022 at 11:28PM
■■■■■ Safari’s SOP bypass: Same-origin violation vulnerability in Safari 15 could leak a user’s website history and identity. https://portswigger.net/daily-swig/same-origin-violation-vulnerability-in-safari-15-could-leak-a-users-website-history-and-identity https://t.me/cKure/10571
January 17, 2022 at 10:46PM
■■■■□ Untested code: ReverseRDP_RCE:反向RCE连接此RDP的客户端 PS:稍微加工下,连接上RDP自动静默运行后RCE,杀人于无形?蜜罐里? https://github.com/klinix5/ReverseRDP_RCE?s=09 https://t.me/cKure/10570
January 17, 2022 at 10:32PM
■■□□□ Californian technology company Accellion Inc has reached an $8.1m settlement to resolve a legal claim relating to a data breach in December 2020. https://t.me/cKure/10567
January 17, 2022 at 07:50PM
■■■■□ There’s a problem with the implementation of the IndexedDB API in Safari’s WebKit engine, which could result in leaking browsing histories and even user identities to anyone exploiting the flaw. https://www.bleepingcomputer.com/news/security/safari-bug-leaks-your-google-account-info-browsing-history/ https://t.me/cKure/10566