IM
IronMonkey Threat Research
LIVE
|
Articles 27,084
|
CVEs 348,609
|
APT Groups 800
|
Tools 2,196
|
Updated recently
Today Yesterday All 27,052 articles — Page 839 of 902
Cloud Threat Landscape ·

Wiz Research has detected an ongoing threat campaign dubbed “SeleniumGreed” that exploits exposed Selenium Grid services to deploy cryptominers. Selenium is a popular open-source suite used for...

Energy
Wiz Blog | RSS feed ·

Wiz is excited to announce "Prompt Airlines," a new cloud security Capture The Flag (CTF) event focused on AI vulnerabilities.

Transportation Systems Information Technology
Research & Threat Intel News- Outpost24 Blog ·

In November 2023, while conducting a security assessment on a client’s instance of the Oracle Integration Cloud Platform, I discovered a medium severity vulnerability nestled within the handling...

Information Technology
FalconForce - Medium ·

TL;DR In my previous blog post, I showed the impact that an unregistered reply URL can have in an Azure tenant and how to enumerate them for single tenant applications. This time, we take it one...

Information Technology
Research & Threat Intel News- Outpost24 Blog ·

Every month, we bring you some of the key findings from Outpost24’s Threat Intelligence team, KrakenLabs. Here’s what you need to know from July. Threat actor of the month: Volcano demon –...

Velvet Ant Critical Manufacturing Information Technology
Maxwell Dulin's Resources ·

The authors decided to take a look at the TP-Link ER605 router and attack it from the WAN network. When looking at the attack surface, they decided to check out the dynamic DNS (DDNS) provider...

Information Technology Transportation Systems
Maxwell Dulin's Resources ·

In the wide world of technology, there are many different byte encoding standards such as UTF-8, UTF-16 and Big5. In particular, we need a way to map bytes to characters. When we do this, there is...

Maxwell Dulin's Resources ·

LiFi is a DEX aggregation protocol. Recently, they added a new contract to the code. This contract took in input for a swap but allowed the calling of an arbitrary address with arbitrary data...

Transportation Systems
Wiz Blog | RSS feed ·

Secure your code and the entire development pipeline with the Wiz Security Graph, comprehensive configuration checks, and advanced code scanning.

Energy Chemical
ICS Medical Advisories ·

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.0 ATTENTION: Low attack complexity Vendor: Philips Equipment: Vue PACS Vulnerabilities: Allocation of Resources Without Limits or Throttling, Use of...

Critical Manufacturing Healthcare and Public Health
GreyNoise Labs ·

What is C2? In cybersecurity, Command and Control (or simply C2) term refers to the infrastructure - computer systems and communication methods - used by attackers to maintain connection with...

Information Technology c2 101
Wiz Blog | RSS feed ·

Wiz Research uncovers vulnerabilities in SAP AI Core, allowing malicious actors to take over the service and access customer data.

Critical Manufacturing Information Technology
Cloud Threat Landscape ·

On 2024-07-15, an incident was reported, involving NullBulge, gaining initial access via End-user compromise, targeting Slack to achieve Data exfiltration.

Maxwell Dulin's Resources ·

Dark pools are private asset exchanges designed to provide additional liquidity and anonymity for trading large blocks of securities away from the public eye. Zellic was auditing a dark pool to...

Critical Manufacturing Financial Services
Maxwell Dulin's Resources ·

ServiceNow is a business platform similar to Salesforce. It has data from HR, to employee management, to many other things. ServiceNow is mostly cloud hosted but there is a self-hosted version...

Nuclear Energy
Maxwell Dulin's Resources ·

Gogs is an open source solution for self-hosting source code with similar functionality to Github and Gitlab. Under the hood, Gogs users allow for pushing and pulling to Git repos over SSH via the...

Information Technology
maxwelldulin ·

The article begins with discussions on how communication can be done from isolated contexts in browsers. Between webpages, there is postMessage. From content scripts, there is sendMessage. For...

Critical Manufacturing
McAfee Labs | McAfee Blogs ·

Authored by Yashvi Shah and Vignesh Dhatchanamoorthy McAfee Labs has discovered a highly unusual method of malware delivery, referred to... The post ClickFix Deception: A Social Engineering Tactic...

Financial Services Commercial Facilities
maxwelldulin ·

Keycloak is an open source IAM solution with user management and SSO. They decided to tackle some race conditions within the system relating to user management. From reading the James Kettle post...

Healthcare and Public Health
Cloud Threat Landscape ·

The Sysdig Threat Research Team (TRT) identified a threat actor named CRYSTALRAY, who has significantly expanded its operations since its initial detection in February 2024. CRYSTALRAY exploits...

Wiz Blog | RSS feed ·

Add Wiz’s cloud and container security context to your organization's ServiceNow CMDB, vulnerability response, and IT service management solutions

Information Technology Chemical
Bitdefender Labs ·

Sponsored social media content has become increasingly present on feeds. Sponsored ads can often be beneficial as they are customized to suit online personas, offering relevant content tailored...

Healthcare and Public Health Financial Services
Bitdefender Labs ·

Sponsored social media content has become increasingly present on feeds. Sponsored ads can often be beneficial as they are customized to suit online personas, offering relevant content tailored...

Healthcare and Public Health Financial Services
Wiz Blog | RSS feed ·

Wiz enables our GRC team to maximize efficiency and impact. Here's how.

Information Technology Energy
Orange Cyberdefense ·

Everyday we’re faced with a choice – some glaringly obvious, others more subtle. The choice to give, or to take, is something that I believe is deeply rooted in each of us, and choosing to give,...

Cybercrime Diaries ·

In this blog we will explore the current state of Bulletproof Hosting (BPH) services on two major Russian-language cybercrime forums: XSS...

Financial Services Information Technology
Cloud Threat Landscape ·

On 2024-07-08, a research was reported, involving , gaining initial access via Exposed secret, while using Registry secret scanning, targeting GitHub to achieve Resp. disclosure.

Cloud Threat Landscape ·

Researchers discovered attackers targeting misconfigurations in the Jenkins Script Console to execute malicious Groovy scripts, leading to activities such as deploying cryptocurrency miners. By...

Financial Services
maxwelldulin ·

The fee grant module in the Cosmos SDK is used for setting up a different account to pass for gas on your behalf. After an allowlisted amount was set for a given user, they were given a specific...

Orange Cyberdefense ·

While doing an internal assessment, I was able to compromise multiple computers and servers but wasn’t able to dump the LSA secrets because of a particular EDR being installed and pretty...