Hello Hacking8!

Ransomware attacks have reached a record high this year, with nearly 250 attacks recorded to date and months to go. As we’ve seen with major attacks like Kaseya and Colonial Pipeline, cybercriminals have continued to innovate, developing new tools … (more…)
The post GUEST ESSAY: Ransomware pivot 2021: attackers now grab, threaten to leak sensitive data appeared first on Security Boulevard.
今年的勒索软件攻击达到了历史新高，截至目前已经记录了近250起攻击事件，还有几个月就要发生了。正如我们在 Kaseya 和 Colonial Pipeline 等主要攻击中看到的那样，网络犯罪分子不断创新，开发新工具... (更多...)
后嘉宾文章: 勒索软件枢纽2021: 攻击者现在抓住，威胁泄露敏感数据首先出现在安全大道。

Android's vold's incremental-fs APIs trust paths from system_server for mounting. There is supposed to be privilege separation between vold (TCB) and system_server (privileged process). However, vold's IPC handlers related to incremental-fs (mountIncFs, unmountIncFs, bindMount) allow system_server to specify semi-arbitrary paths, allowing system_server to trigger mounting on directories that shouldn't be under system_server control.

Since its inception, WP 2FA has evolved to become one of the top WordPress 2FA plugins – thanks to the hard work of the team and our customers who have shown faith in us and our products and provided us with invaluable feedback. WordPress security continues to become an increasingly hot topic, more so as […]
The post A new chapter for WP 2FA appeared first on WP White Security.
The post A new chapter for WP 2FA appeared first on Security Boulevard.
自成立以来，WP 2FA 已经发展成为顶级的 WordPress 2FA 插件之一——多亏了团队和我们的客户的辛勤工作，他们对我们和我们的产品表示了信任，并为我们提供了宝贵的反馈。WordPress 安全继续成为一个越来越热门的话题，尤其是[ ... ]
2FA 的新篇章首次出现在 WP White Security 上。
2FA 的新篇章首先出现在安全大道上。

Ubuntu Security Notice 5168-2 - Tavis Ormandy discovered that NSS, included with Thunderbird, incorrectly handled verifying DSA/RSA-PSS signatures. A remote attacker could use this issue to cause Thunderbird to crash, resulting in a denial of service, or possibly execute arbitrary code.

We are in the midst of many generations who have grown up building things with Lego blocks. Guess what! software is being snapped together in part pieces as well. You don’t have to write every last bit of code yourself. You can also mix your code with open source code and deliver finished applications much […]
The post Building Software that is Resilient to Supply Chain Attacks (includes link to download Cheat Sheet) appeared first on Security Boulevard.
我们生活在一个用乐高积木搭建物品的世代之中。你猜怎么着！软件也被一部分一部分地折叠在一起。你不必自己编写每一个代码。您还可以将代码与开源代码混合使用，并交付完成的应用程序[ ... ]
后建设软件，是弹性的供应链攻击(包括链接下载欺骗表)首次出现在安全大道。

Ubuntu Security Notice 5168-1 - Tavis Ormandy discovered that NSS incorrectly handled verifying DSA/RSA-PSS signatures. A remote attacker could use this issue to cause NSS to crash, resulting in a denial of service, or possibly execute arbitrary code.

This month we’re rolling out new agent support and integration features, JumpCloud Protect™ (push MFA) for devices, and new SSO connectors.
The post November ’21 Newsletter appeared first on JumpCloud.
The post November ’21 Newsletter appeared first on Security Boulevard.
这个月，我们将推出新的代理支持和集成特性、设备的 JumpCloud ProtectTM (push MFA)以及新的 SSO 连接器。
11月21日的《通讯》首次出现在 JumpCloud 上。
《十一月二十一日通讯》首次出现在安全大道上。

I2P is an anonymizing network, offering a simple layer that identity-sensitive applications can use to securely communicate. All data is wrapped with several layers of encryption, and the network is both distributed and dynamic, with no trusted parties. This is the source code release version.

Ubuntu Security Notice 5168-3 - USN-5168-1 fixed a vulnerability in NSS. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Tavis Ormandy discovered that NSS incorrectly handled verifying DSA/RSA-PSS signatures. A remote attacker could use this issue to cause NSS to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.

Infosec skills don’t necessarily transfer to CISO skills, but CISO skills are 100% transferable to whatever your infosec career looks like. Richard Kaufmann VP/CISO at Amedisys discusses how growth begins outside of your comfort zone and why some of the CISO skills you can work on now include executive storytelling, internal coalition building, and how to be comfortable being uncomfortable - check it out...
The post CISO Stories Podcast: Skills I Needed to be a First-Time CISO appeared first on Security Boulevard.
信息安全技能并不一定转化为 CISO 技能，但是 CISO 技能可以100% 转化为你的信息安全职业。Amedisys 的副总裁/CISO 理查德•考夫曼(Richard Kaufmann)讨论了在舒适区之外的成长是如何开始的，以及为什么你现在可以学习的 CISO 技能包括高管讲故事、内部联盟建设，以及如何适应不舒服——看看吧... ..。
后 CISO 故事播客: 我需要成为第一次 CISO 的技能第一次出现在安全大道。

Red Hat Security Advisory 2021-4904-05 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications.

You’re not the only one holding back applause. You’re certainly not the only one wondering, “why would a zero trust company be announcing a VPN-like feature? It’s counterproductive to the goal of zero trust.” And your intuition may be correct: our research suggests that organizations are finding it challenging to justify legacy VPN infrastructure in […]
The post Introducing Banyan’s Service Tunnel first appeared on Banyan Security.
The post Introducing Banyan’s Service Tunnel appeared first on Security Boulevard.
你不是唯一不鼓掌的人。你肯定不是唯一一个想知道，“为什么一个零信托公司会宣布一个类似 vpn 的功能？这与零信任的目标背道而驰。”你的直觉可能是正确的: 我们的研究表明，企业发现，在[ ... ]证明传统 VPN 基础设施的合理性具有挑战性
介绍榕树服务隧道的帖子最早出现在榕树安全网上。
介绍榕树服务隧道的帖子最早出现在安全大道上。

Red Hat Security Advisory 2021-4903-05 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications.

With a ‘work from anywhere’ workforce culture firmly established, we know how important it is to verify the right people have the right access to...
The post The one about protecting machine and human identities | Dynamically Speaking appeared first on Axiomatics.
The post The one about protecting machine and human identities | Dynamically Speaking appeared first on Security Boulevard.

Red Hat Security Advisory 2021-4902-06 - The release of RHACS 3.67 provides the following new features, bug fixes, security patches and system changes: OpenShift Dedicated support RHACS 3.67 is thoroughly tested and supported on OpenShift Dedicated on Amazon Web Services and Google Cloud Platform. 1. Use OpenShift OAuth server as an identity provider If you are using RHACS with OpenShift, you can now configure the built-in OpenShift OAuth server as an identity provider for RHACS. Issues addressed include denial of service, information leakage, memory exhaustion, remote shell upload, and traversal vulnerabilities.

The key takeaway from UK news about their Ranger Regiment design is that they’re claiming a need to move from training/advisory to “expeditionary” roles that go into the field with the forces they’re training. Training, advising and accompanying partner forces dealing with extremist organizations and hostile state threats… creation of land regional hubs in Oman, … Continue reading New UK “Ranger Regiment” to “match brainpower with firepower” →
The post New UK “Ranger Regiment” to “match brainpower with firepower” appeared first on Security Boulevard.

Red Hat Security Advisory 2021-4907-04 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications.

Red Hat Security Advisory 2021-4909-03 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications.

CA Technologies is alerting customers to a vulnerability in CA Network Flow Analysis (NFA). A vulnerability exists that can allow an authenticated user to perform SQL injection attacks and access sensitive data. CA published solutions to address this vulnerability and recommends that all affected customers implement these solutions. The vulnerability occurs due to insufficient input validation. An authenticated user can potentially access sensitive data. CA Network Flow Analysis versions 9.3.8, 9.5, 10.0, 10.0.2, 10.0.3, 10.0.4, 10.0.5, 10.0.6, 10.0.7, and 21.2.1 are affected.

有不少琐碎的知识点，在此记录一二

A automatic bypass 403 Burpsuite plugin

DNSLog-GO 是一款golang编写的监控 DNS 解析记录的工具，自带WEB界面

大佬们，关于调试的问题有点整迷糊了，希望能指点下。 ysoserial AspectJWeaver file write gadget - Y4er的博... 我跟了一下y4er的文章，在某处瞎打了个断点，然后跟着debug到了图2处，点过去发现是跳到/j...

Businesses like yours have different reasons to move to the cloud. Some do it primarily to save on hardware. Others go further and outsource services to reduce the need for their own resources. Those who want to outsource administration and related services often believe that...
Read more
The post The false sense of security in the cloud appeared first on Acunetix.
The post The false sense of security in the cloud appeared first on Security Boulevard.
像你们这样的企业有不同的理由转向云计算。有些人这样做主要是为了节省硬件。其他公司则更进一步，将服务外包，以减少对自身资源的需求。那些希望将管理和相关服务外包的人通常认为... ..。
阅读更多
云中的虚假安全感最早出现在 Acunetix 上。
虚假的安全感首先出现在安全大道上。

1. IoT The Internet of Things (IoT) defines the network of physical objects including sensors, software, and other technologies for the purpose of data connection, exchange, and communication over the internet with other devices and systems. These gadgets range with sophisticated industrial tooling from basic home items. Fig.1: Description image for IoT   (Source: https://www.tibco.com/reference-center/what-is-iot)   [...]
The post Smart Grid, Energy Management and IoT appeared first on Speranza.
The post Smart Grid, Energy Management and IoT appeared first on Security Boulevard.
1.物联网物联网定义了包括传感器、软件和其他技术在内的物理对象的网络，用于通过互联网与其他设备和系统进行数据连接、交换和通信。这些小工具的范围从基本的家庭项目复杂的工业工具。图1: 物联网的描述图像(来源:  https://www.tibco.com/reference-center/what-is-IoT 地理杂志)[ ... ]
后智能电网、能源管理和物联网首先出现在 Speranza 上。
后智能电网、能源管理和物联网首先出现在安全大道上。

Les incidents liés à Active Directory prennent de nombreuses formes. Microsoft fournit un utilitaire de sauvegarde et de récupération natif, mais il est loin de fournir une protection complète contre les incidents AD. Dans cet article, nous examinerons certaines lacunes …
The post 5 fonctionnalités essentielles que toute solution Active Directory doit posséder [E-book] appeared first on ManageEngine Blog.
The post 5 fonctionnalités essentielles que toute solution Active Directory doit posséder [E-book] appeared first on Security Boulevard.

Five Defensive Solutions Healthcare Organizations Can Take Right Now The pandemic has affected every aspect of society, but the healthcare industry has been at the center of the changes. Telehealth services and patient portals became more important overnight, as patients needed to access information without visiting a physical location. But as healthcare expands to be a hybrid of in-person and ...
Read More
The post Locking Down Patient Portals appeared first on Enzoic.
The post Locking Down Patient Portals appeared first on Security Boulevard.

Broward County School District backtracks after ransomware attack

Senior developer also accused of posing as anonymous whistleblower

A extract & decryption and pack & encryption tools for typora.

A extract & decryption and pack & encryption tools for typora.

影响厂商:QIWI 奖励: 危险等级:high
透过网址 https://reklama.tochka.com/重设密码接管帐户

Burp extension to create target specific and tailored wordlist from burp history.

Serverless 扫描技术研究及应用.

Dragon CTF 2021 - CRC Recursive Challenge.

955 不加班的公司名单 - 工作 955，work–life balance (工作与生活的平衡)

A repository that maps commonly used attacks using MSRPC protocols to ATT&CK

Antwerp (Belgium), December 2nd, 2021 – Intigriti, the global bug bounty platform and fastest-growing ethical hacker community, is proud to announce it has been selected by Intel, the industry ICT leader in the design and manufacturing of semiconductors, as its bug bounty vulnerability management platform. The program will be officially activated on December 6th, 2021. […]
The post Intel chooses Intigriti as its bug bounty vulnerability management platform appeared first on Intigriti.

An IDS (Intrusion detection system) and firewall are the security mechanisms intended to prevent an unauthorized person from accessing a network. However, even IDS and firewalls have some security limitations.
Firewalls and IDS intend to avoid malicious traffic from entering into a network but certain techniques can be used to send intended packets to the target and evade IDS/Firewalls.
Some techniques that we will cover are:-
· Packet Fragmentation- send fragmented probe packets to the intended target, which re-assembles it after receiving all the fragments.
· Source Port Manipulation- manipulate the actual source port with the common source port to evade IDS/firewall
· IP address spoofing /Decoy IP- generate or manually specify the IP address of the decoy so that the IDS/firewall cannot determine the actual IP.
· Create custom packets:- Send custom packets to scan the intended target beyond the firewalls.
· Spoofing MAC address:- Spoofing our MAC address to hide our actual identity
Lab requirements:- Window

Posture management is still one of the least mature areas in security, even though 86% of organizations believe they follow best practices for security hygiene and posture management. These were among the results from a study commissioned by JupiterOne and carried out by Enterprise Strategy Group (ESG), which surveyed nearly 400 IT and cybersecurity professionals..
The post Security Hygiene, Posture Management Remain Challenging appeared first on Security Boulevard.

Attackers can gain access to secrets across all namespaces
The high severity alert known otherwise as CVE-2021-25742, was recently brought to the public’s attention and has prompted us to believe that it may be worthwhile to do a deeper dive into what this vulnerability really is and what it means for today’s organizations. Let’s jump right in!
Here’s the CVE itself:
CVE-2021-25742: Ingress-nginx custom snippets allows retrieval of ingress-nginx serviceaccount token and secrets across all namespaces
The post AWS SageMaker Notebook Takeover Vulnerability appeared first on Security Boulevard.

2021年12月02日，360CERT监测发现 `Mozilla` 发布了 `Mozilla NSS 缓冲区堆溢出` 的风险通告，漏洞编号为 `CVE-2021-43527` ，漏洞等级： `严重` ，漏洞评分： `9.8` 。

boy-hack starred xjasonlyu/tun2socks
Dec 2, 2021
xjasonlyu/tun2socks
tun2socks - powered by gVisor TCP/IP stack
Go
438 Updated Nov 27

tom0li starred pppscn/SmsForwarder
Dec 2, 2021
pppscn/SmsForwarder
短信转发器——监控Android手机短信、来电、APP通知，并根据指定规则转发到其他手机：钉钉机器人、企业微信群机器人、飞书机器人、企业微信应用消息、邮箱、bark、webhook、Telegram机器人、Server酱、PushPlus、手机短信等。PS.这个APK主要是学习与自用，如有BU…
Java
1.9k Updated Dec 3

tun2socks - powered by gVisor TCP/IP stack

2021年12月02日，360CERT监测发现 `Mozilla`    发布了 `Mozilla NSS 缓冲区堆溢出`    的风险通告，漏洞编号为 `CVE-2021-43527`    ，漏洞等级： `严重`   ，漏洞评分： `9.8`   。

Takes host/port as input and tries to identify their transport layers. (PLAIN/TLS,http,mysql,redis ... )

PortBender是一款功能强大的TCP端口重定向工具

这已经是Flubot恶意软件第二次大规模攻击芬兰安卓用户，第一次大规模攻击活动出现在2021年6-8月。

11月30日，Twitter官方发布推文表示，将禁止未经当事人许可，分享其照片或视频。这一规定被认为是Twitter隐私政策的进一步完善。