Aggregator

Summary SOCRadar, a cyber intelligence company, has reported that they have discovered a data leakfrom a Microsoft Azure Blob Storage location. Microsoft has acknowledged the incident. However, details on the severity of the leak vary between Microsoft and the SOCRadar report. Threat Type Data Leak Overview Microsoft has published a blog on their Security Response Center in response to a report from a cyber intelligence company called SOCRadar. SOCRadar discovered and reported on a data leak in a misconfig

PenTest Magazine Open Source Toolkit: ropci

Embrace The Red

2 years 5 months ago

Great news! An article about ropci is in the latest free issue of the Pentest Magazine! The article has a lot more info then my ropci blog post or the info on the ropci Github repo. Get your copy and check it out! It also has an article about Nuclei, one of my favorite tools. Cheers. Link: https://pentestmag.com/product/pentest-open-source-pentesting-toolkit

ROPC - So, you think you have MFA?

Embrace The Red

2 years 5 months ago

This post will highlight a pattern I have seen across multiple production Microsoft Azure Active Directory tenants which led to MFA bypasses using ROPC. The key take-away: Always enforce MFA! Sounds easy, but there are often misconfigurations and unexpected exceptions. So, test your own AAD tenant for ROPC based MFA bypass opportunities. Github: https://github.com/wunderwuzzi23/ropci Update: The latest free issue of Pentest Magazine has a ropci article. Check it out. What is ROPC?

Securing Applications in a Multicloud World

The Akamai Blog

2 years 5 months ago

Widespread adoption of multicloud architecture presents challenges in securing applications. Learn about the benefits of deploying security controls on the edge.

Pavel Despot

Student Insights on Cybersecurity Careers

NIST | Cybersecurity Insights

2 years 5 months ago

Hi, our names are Aubrie, Kyle, and Lindsey! We participated in internships at the National Initiative for Cybersecurity Education (NICE) Program Office this past year. This is a career pivot for Aubrie, meaning this is her introduction to cybersecurity from another career; she is earning her master’s with a concentration in cybersecurity. Kyle was an undergraduate intern majoring in Computer Engineering. He is almost finished with his education and will soon be transitioning into the workforce. Lindsey is a high school member of the program. The three of us come from different academic and

Aubrie Kendall, Kyle Truong, Lindsey Walter

Trustlook's Integration with OKC (OKX Chain)

Trustlook

2 years 5 months ago

San Jose, California, Oct. 19, 2022, Trustlook, the global leader of AI-powered cybersecurity, today announced an integration with OKC (OKX Chain) an EVM-compatible L1 built on Cosmos with a focus on true interoperability (IBC) and maximized performance. Trustlook will provide their extensive portfolio of blockchain security products to OKC, which

Lifan Xu

Java Apache Commons Text Vulnerability

X-Force Exchange - Collection Feed

2 years 5 months ago

Summary A remote code execution vulnerability has been disclosed in Java Apache Commons Text. This vulnerability affects all versions prior to 1.10.0. Users of Apache Commons Text are advised to upgrade in order to mitigate this vulnerability. Threat Type Vulnerability Overview ***Update #1, October 19, 2022*** A proof-of-concept has been released by SeanWrightSec on GitHub. At present, there is no indication of this exploit being used in the wild. However, with a PoC released, organizations should be on

CTF-Previse HackTheBox渗透测试（五）

红日安全

2 years 5 months ago

大家好，我是你们好朋友小峰。陆陆续续为大家推出CTF-Horizontall HackTheBox 系列

Who?s Scanning the IPv6 Space? And, Frankly, Why Do We Even Care?

The Akamai Blog

2 years 5 months ago

Securing IPv6 is no longer optional, it's a necessity. In this first of its kind empirical study on the vulnerability scanning landscape of IPv6, you'll learn the challenges and differences between IPv6 and IPv4 to be better prepared for the future.

Philipp Richter