Picture Wall - 142 pics

A GitHub Issue Title Compromised 4,000 Developer Machines | grith
Hudson Rock Identifies Real-World Infostealer Infection Targeting OpenClaw Configurations | InfoStealers
The DJI Romo robovac had security so poor, this man remotely accessed thousands of them | The Verge
The SQLite strict Guide | slatecave.net
Notepad++ supply chain attack breakdown | Securelist
The Chrysalis Backdoor: A Deep Dive into Lotus Blossom’s toolkit
GitHub - iagox86/dnscat2
TM SGNL, the obscure unofficial Signal app Mike Waltz uses to text with Trump officials
Windows RDP lets you log in using revoked passwords. Microsoft is OK with that. - Ars Technica
Billions of Infostealer Logs Exposed: How Web Hosts React to Abuse Complaints
Massive botnet that appeared overnight is delivering record-size DDoSes - Ars Technica
Splitting the email atom: exploiting parsers to bypass access controls | PortSwigger Research
Google Cloud Blog
veorq/awesome-post-quantum: A curated list of resources about post-quantum cryptography
Security flaws found in all Nvidia GeForce GPUs. Update drivers ASAP! | PCWorld
FortiGate admins report active exploitation 0-day. Vendor isn’t talking. - Ars Technica
Spectre revient hanter les processeurs Intel et AMD
How Low Can You Go? An Analysis of 2023 Time-to-Exploit Trends | Google Cloud Blog
1 bug, $50,000+ in bounties, how Zendesk intentionally left a backdoor in hundreds of Fortune 500 companies
Palo Alto Expedition: From N-Day to Full Compromise – Horizon3.ai
Bruteforcing Windows Defender Exclusions - YouTube
How I found a P2 Misrouting issue affecting all Google Cloud Load Balancers
Perfctl, un malware Linux tenace - Next
How the FBI and Mandiant caught a 'serial hacker' who tried to fake his own death | TechCrunch
Tony Hawk’s Pro Strcpy – I Code 4 Coffee
How to defend against SS7 vulnerabilities? | Cyberkite blog
Leaked credentials detection | Cloudflare Web Application Firewall (WAF) docs
Critical Vulnerability in Kia Cars Allowed Arbitrary Remote Control
PoC for critical SolarWinds Web Help Desk vulnerability released (CVE-2024-28987) - Help Net Security
CVE-2024-47076, CVE-2024-47175, CVE-2024-47176, CVE-2024-47177: Frequently Asked Questions About Common UNIX Printing System (CUPS) Vulnerabilities - Blog | Tenable®
Attacking UNIX Systems via CUPS, Part I
NIST proposes barring some of the most nonsensical password rules | Ars Technica
Security_Engineer_Interview_Questions/security-interview-questions.md at master · tadwhitaker/Security_Engineer_Interview_Questions · GitHub
DeTT&CT : Mapping detection to MITRE ATT&CK  – NVISO Labs
D3FEND Matrix | MITRE D3FEND™
Fortinet Data Breach: Hacker Leaks 440GB of Stolen Data
We Spent $20 To Achieve RCE And Accidentally Became The Admins Of .MOBI
Threat hunting with Microsoft Graph activity logs
Persistence – Service Control Manager – Penetration Testing Lab
GitHub - herrbischoff/country-ip-blocks: CIDR country-level IP data, straight from the Regional Internet Registries, updated hourly. This is a read-only mirror.
Security Advisory YSA-2024-03 | Yubico
YubiKeys are vulnerable to cloning attacks thanks to newly discovered side channel | Ars Technica
Bypassing airport security via SQL injection
Advanced Persistent Threat Targeting Vietnamese Human Rights Defenders | Huntress
Sinkclose : tous les processeurs AMD sont vulnérables à l’insertion de code malveillant - Next
Troy Hunt: Inside the "3 Billion People" National Public Data Breach
Sophos MDR hunt tracks Mimic ransomware campaign against organizations in India – Sophos News
AT&T Paid a Hacker $370,000 to Delete Stolen Phone Records | WIRED
"Nearly all" AT&T customers had phone records stolen in new data breach disclosure | Malwarebytes
The Rise of Packet Rate Attacks: When Core Routers Turn Evil - OVHcloud Blog
Security Alert: Update to the Authy Android (v25.1.0) and iOS App (v26.1.0) | Twilio
regreSSHion: Remote Unauthenticated Code Execution Vulnerability in OpenSSH server | Qualys Security Blog
More than 100k websites targeted in web supply chain attack - c/side
South Korean telecom company attacks customers with malware — over 600,000 torrent users report missing files, strange folders, and disabled PCs | Tom's Hardware
New Wi-Fi Takeover Attack—All Windows Users Warned To Update Now
Baldur
Malicious VSCode extensions with millions of installs discovered
Bypassing Windows Hello Without Masks or Plastic Surgery
Hacking Millions of Modems (and Investigating Who Hacked My Modem)
xaitax/TotalRecall: This tool extracts and displays data from the Recall feature in Windows 11, providing an easy way to access information about your PC's activity snapshots.
Yet more ransomware uses BitLocker to encrypt victims' files • The Register
QNAP QTS - QNAPping At The Wheel (CVE-2024-27130 and friends)
Dell warns of data breach, 49 million customers allegedly affected
Novel attack against virtually all VPN apps neuters their entire purpose | Ars Technica
Millions of Docker repos found pushing malware, phishing sites
Email DNS Records Cheatsheet
Kobold letters – Lutra Security
xz/liblzma: Bash-stage Obfuscation Explained - gynvael.coldwind//vx.log
xz-utils backdoor situation
Signed but not secure
Salt Labs research finds security flaws within ChatGPT Ecosystem (Remediated)
BitLocker encryption broken in 43 seconds with sub-$10 Raspberry Pi Pico — key can be sniffed when using an external TPM | Tom's Hardware
Three million malware-infected smart toothbrushes used in Swiss DDoS attacks — botnet causes millions of euros in damages | Tom's Hardware
Docker et d'autres moteurs de conteneurs touchés par des failles - Le Monde Informatique
AnyDesk and the disruptions: There may be something up | Born's IT and Windows blog
SVG images are accepted but not sanitized · Issue #38 · berthubert/trifecta
GitLab Critical Security Release: 16.7.2, 16.6.4, 16.5.6 | GitLab
Dutch man sabotaged Iranian nuclear program without Dutch government's knowledge: report | NL Times
Qualcomm chip vulnerability enables remote attack by voice call | SC Media
Octave Klaba sur LinkedIn : 1/2 En Décembre, OVHcloud a reçu les exigences techniques qui sont… | 16 commentaires
SMTP Smuggling - Spoofing E-Mails Worldwide - SEC Consult
Just about every Windows and Linux device vulnerable to new LogoFAIL firmware attack
Vulnerability Disclosure: A First-Hand View | RIPE Labs
1Password discloses security incident linked to Okta breach
Chez Microsoft, un rocambolesque vol de données via une clé trouvée dans un rapport de plantage
Downfall
Ransomware infection wipes all CloudNordic servers • The Register
acme.sh runs arbitrary commands from a remote server · Issue #4659 · acmesh-official/acme.sh
Data Center Fires: A Detailed Breakdown with 19 Examples - Dgtl Infra
MOVEit Transfer Critical Vulnerability CVE-2023-34362 Rapid Response
FTC Says Ring Employees Illegally Surveilled Customers, Failed to Stop Hackers from Taking Control of Users' Cameras | Federal Trade Commission
Free VPN Service SuperVPN Exposes 360 Million User Records
Most hacked passwords revealed as UK cyber survey exposes... - NCSC.GOV.UK
deleting system32\curl.exe | daniel.haxx.se
Sharpforce/MyExpense: MyExpense is a vulnerable web application
Google: Turn off VoLTE, Wi-Fi calling due to Exynos vulnerability
Massive Twitter data breach worse that reported; multiple hacks
Les techniques d'attaque : comprendre l'ARP poisoning
Exploited Windows zero-day lets JavaScript files bypass security warnings
Nvidia GeForce RTX 4090 : la carte graphique pour jouer...ou craquer des mots de passe
Burp Suite - Application Security Testing Software - PortSwigger
GitHub - robertdavidgraham/masscan: TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes.
GIFShell attack creates reverse shell using Microsoft Teams GIFs
Scanner de vulnérabilités avec un Raspberry Pi et Greenbone
Cybersécurité : des chercheurs qui ne manquent pas d’air
How I Hacked my Car :: Programming With Style
Récit : comment Manutan s’est sorti de la cyberattaque du 21 février
La plateforme No More Ransom, lancée il y a 6 ans, propose 136 outils anti-rançongiciels
APT Hackers Weaponizing The Red-Team Pentesting Tool To Evade Detection
New Microsoft Office zero-day used in attacks to execute PowerShell
Microsoft finds Linux desktop flaw that gives root to untrusted users | Ars Technica
When “secure” isn’t secure at all: High‑impact UEFI vulnerabilities discovered in Lenovo consumer laptops | WeLiveSecurity
L’ANSSI dresse un bilan inquiétant des évolutions de la cybercriminalité
Reflets s'invite par hasard dans les voitures de police ukrainiennes | Reflets.info
Linux system service bug gives root on all major distros, exploit released
GitHub - phanan/htaccess: ✂A collection of useful .htaccess snippets.
ChaosDB: How we hacked thousands of Azure customers’ databases | Wiz Blog
EXCLUSIVE Microsoft warns thousands of cloud customers of exposed databases | Reuters
Cloudflare thwarts 17.2M rps DDoS attack — the largest ever reported
Critical bug impacting millions of IoT devices lets hackers spy on you
DarkRadiation ransomware targeting RedHat, Debian Linux distributions
“I’m totally screwed.” WD My Book Live users wake up to find their data deleted | Ars Technica
Cybersécurité : l’année 2020 vue par l’ANSSI, avec deux fois plus d’« incidents »
US Soldiers Expose Nuclear Weapons Secrets Via Flashcard Apps - bellingcat
Let’s Enhance! How we found @rogerkver’s $1,000 wallet obfuscated private key
Détails des durcissements des sysctl sous Linux : sysctl réseau | Commandes et Système | IT-Connect
Détails des durcissements des sysctl sous Linux : sysctl système | Commandes et Système | IT-Connect
Ce que révèlent les offres d'emploi de la DGSI
Ransomware Attack Shuts Down Biggest U.S. Gasoline Pipeline - Bloomberg
OVH : un rapport de Bureau Veritas révèle les manques de la sécurité incendie du site de Roubaix
La petite histoire du mot de passe
Your Car Is Spying on You. A CBP Contract Shows the Risks.
Paiements discrets, frais de remédiation et données perdues, le coût caché d’une attaque par ransomware - Le Parisien
Signal >> Blog >> Exploiting vulnerabilities in Cellebrite UFED and Physical Analyzer from an app's perspective
‘Counter Strike’ Bug Allows Hackers to Take Over a PC With a Steam Invite
Critical Zoom vulnerability triggers remote code execution without user input | ZDNet
Have I Been Pwned: Check if your email has been compromised in a data breach
Windows Sysinternals - Windows Sysinternals | Microsoft Docs
ANSSI · GitHub
Sauvegarder... un sujet (très) complexe
Cyberespionnage SolarWinds : VictimTotal, un anti-VirusTotal
Sécurité web : l'indispensable à savoir - Je suis un dev