Aggregator

via the c

AWS has released an important new feature that allows you to apply permission boundaries around reso

DNS Reaper DNS Reaper is yet another subdomain takeover tool, but with an emphasis on accuracy, speed, and the number of signatures in our arsenal! We can scan around 50 subdomains per second, testing...

The post dnsReaper: subdomain takeover tool for attackers, bug bounty hunters and the blue team appeared first on Penetration Testing Tools.

Secure Stager This project demonstrates an x64 position-independent stager that verifies the stage it downloads prior to executing it. This offers a safeguard against man-in-the-middle attacks for those who are concerned about such things....

The post Secure Stager: An x64 position-independent shellcode stager appeared first on Penetration Testing Tools.

FISSURE – The RF Framework Frequency Independent SDR-based Signal Understanding and Reverse Engineering FISSURE is an open-source RF and reverses engineering framework designed for all skill levels with hooks for signal detection and classification,...

The post FISSURE: Frequency Independent SDR-based Signal Understanding and Reverse Engineering appeared first on Penetration Testing Tools.

闲鱼注册用户数破 6 亿；特斯拉中国回应「FSD 入华后将授权上汽」：假的

Fake Bitwarden password manager advertisements on Facebook are pushing a malicious Google Ch

E' stata pubblicata la Direttiva UE 2024/2853 da titolo "Sulla responsabilità per danno da prodotti

This week on the Lock and Code podcast…The month, a consumer rights

A vulnerability was found in mbed TLS 3.5.x. It has been classified as problematic. Affected is an unknown function of the component ClientHello Handler. The manipulation leads to inadequate encryption strength. This vulnerability is traded as CVE-2024-28836. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Huawei HarmonyOS and EMUI. This issue affects some unknown processing of the component Lock Screen Module. The manipulation leads to permission issues. The identification of this vulnerability is CVE-2023-52717. The attack can only be initiated within the local network. There is no exploit available.

A vulnerability was found in WPMU Forminator Plugin up to 1.28.x on WordPress. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to unrestricted upload. This vulnerability is known as CVE-2024-28890. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Aten PE6208 2.3.228/2.4.232. Affected is an unknown function of the component HTTP GET Request Handler. The manipulation leads to improper access controls. This vulnerability is traded as CVE-2023-43843. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability classified as problematic was found in LB-LINK BL-W1210M 2.0. This vulnerability affects unknown code. The manipulation leads to improper restriction of excessive authentication attempts. This vulnerability was named CVE-2024-33373. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in DESIGNA Abacus up to 18. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component QR Code Handler. The manipulation leads to enforcement of behavioral workflow. This vulnerability is known as CVE-2024-31802. The attack needs to be approached within the local network. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in Advanced Custom Fields Plugin and Secure Custom Fields Plugin on WordPress. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2024-49593. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

Threat Intelligence / RansomwareCybersecurity researchers have shed light on a new stealthy malwa

Hello JavaScript Enthusiasts!Welcome to this week’s edition of “This Week In JavaScript”!Today, we

第二届BUGPWN2024挑战邀请赛（暨TSCM商业安全团队技术交流闭门会），致力为国内商业级TSCM安全技术团队创建以交流国内外最新检测技术、经验、装备与行业威胁情报等集实用与前瞻性为一体的互动平台，协助企业商业秘密保护架构的建设，助力国内企业内部TSCM技术团队的共同成长与进步，从而为推进中国TSCM行业的健康发展做出积极的贡献。   本届BUGPWN2024首度启动为期一天的「商商业秘密保护题」开放研讨会（暨个人隐私保护赛&厂商市集），旨在推动交流国内外最新商业秘密保护与隐私领域的法律法规、前沿概念的同时，也能够为不断增长的企业商业秘密保护、知识产权保护、企业出海安全、高管隐私保护与行业威胁情报等需求提供更多的解决方案与思路，同时也为更多有口碑有实力的合作方提供能力展示机会，创造互助互利多赢的积极生态环境与平台。   期待在BUGPWN2024开放研讨会与您相见，一起开启创新与合作的新篇章！

看似庞大杂乱