Share

RSS

More Articles…

• The SOAR benefits: simplifying investigation and response
• Security Code Review: How the service works
• Integration of the automated response: the automations in SOCaaS
• Coordination between CTI and SOC: how to further raise the defenses
• New Cloud Server: redundant internet
• Quality certificate for the SOCaaS of SOD
• Managed Detection and Response: a new preventive approach
• CLUSIT: our collaboration for better services

Categories …

• Backup as a Service (17)
  • Acronis Cloud Backup (11)
  • Veeam Cloud Connect (4)
• Cloud Conference (3)
• Cloud CRM (1)
• Cloud Server/VPS (22)
• Conferenza Cloud (4)
• ICT Monitoring (5)
• Log Management (2)
• News (21)
• ownCloud (4)
• Privacy (7)
• Secure Online Desktop (14)
• Security (170)
  • Cyber Threat Intelligence (CTI) (6)
  • Ethical Phishing (8)
  • Penetration Test (5)
  • SOCaaS (55)
    • SIEM (13)
    • SOAR (5)
    • UEBA (9)
  • Vulnerabilities (84)
• Web Hosting (15)

Tags

Dark Reading

• Twitter's Source Code Leak on GitHub a Potential Cyber Nightmare March 27, 2023
  Indicators point to Twitter's source code being publicly available for around 3 months, offering a developer security object lesson for businesses.
• 7 Women Leading the Charge in Cybersecurity Research & Analysis March 27, 2023
  From rising stars to veterans heading up research teams, check out our profiles of women making a big impact in cyber defense as the threat landscape expands.
• Drive to Pervasive Encryption Boosts Key Management March 27, 2023
  Key vaults, aka key-management-as-a-service (KMaaS), promise to allow companies to encrypt sensitive data across cloud and third parties with granular control.
• Cybersecurity vs. Everyone: From Conflict to Collaboration March 27, 2023
  Don't assume stakeholders outside security understand your goals and priorities, but consider how you'll communicate with them to gain their support.
• CyberSecure Announces Strategic Alliance March 24, 2023
  The joint partnership represents expanded market opportunities.
• Tesla Model 3 Hacked in Less Than 2 Minutes at Pwn2Own Contest March 24, 2023
  In two days, ethical researchers from 10 countries have unearthed more than 22 zero-day bugs in a wide range of technologies at the annual hacking contest.
• GitHub's Private RSA SSH Key Mistakenly Exposed in Public Repository March 24, 2023
  GitHub hastens to replace its RSA SSH host key after an exposure mishap threatens users with man-in-the-middle attacks and organization impersonation.
• Zoom Zoom: 'Dark Power' Ransomware Extorts 10 Targets in Less Than a Month March 24, 2023
  A new threat actor is racking up victims and showing unusual agility. Part of its success could spring from the use of the Nim programming language.
• Malicious ChatGPT Extensions Add to Google Chrome Woes March 24, 2023
  The second malicious ChatGPT extension for Chrome has been discovered, giving malicious actors access to users' Facebook accounts through stolen cookies.
• Red Teaming at Scale to Uncover Your Big Unknowns March 24, 2023
  A contrarian mindset with applied imagination allows security professionals to assess problems in their organizations, prevent failures, and mitigate vulnerabilities.

Full Disclosure

• Defense in depth -- the Microsoft way (part 84): (no) fun with %COMSPEC% March 24, 2023
  Posted by Stefan Kanthak on Mar 24Hi @ll, the documentation of the builtin START command of Windows NT's command processor CMD.EXE states: | When you run a command that contains the string "CMD" as the first | token without an extension or path qualifier, "CMD" is replaced | with the value of the COMSPEC variable. […]
• Invitation to the World Cryptologic Competition 2023 March 22, 2023
  Posted by Competition Administrator on Mar 21The WCC 2023 is a fully-online and open competition using GitHub. The language of the competition is English. The WCC 2023 has a total duration of 295 days, from Sunday January 1st 2023 to Monday October 23rd 2023. Teams and Judges must complete registration before Wednesday June 1st. The […]
• Insecure python cgi documentation and tutorials are vulnerable to XSS. March 22, 2023
  Posted by Georgi Guninski on Mar 21Is there low hanging fruit for the following observation? The documentation of the python cgi module is vulnerable to XSS (cross site scripting) https://docs.python.org/3/library/cgi.html ``` form = cgi.FieldStorage() print("name:", form["name"].value) print("addr:", form["addr"].value) ``` First result on google for "tutorial python cgi" is...
• Re: Microsoft PlayReady security research March 22, 2023
  Posted by Adam Gowdiak on Mar 21Hello, I feel obliged to provide additional comments to this paragraph as I start to believe that CANAL+ might not deserve sole blame here... While Microsoft claims there is absolutely no bug at its end, I personally start to perceive the company as the one that should be also […]
• Re: Defense in depth -- the Microsoft way (part 83): instead to fix even their most stupid mistaskes, they spill barrels of snakeoil to cover them (or just leave them as-is) March 22, 2023
  Posted by Arik Seils on Mar 21Hi there, One can use the Metasploit Framework Module post/windows/local/bypassua _fodhelper to achieve this. Greetings from Germany, A.Seils 17.03.2023 06:26:56 Stefan Kanthak :
• Re: Microsoft PlayReady security research March 21, 2023
  Posted by Security Explorations on Mar 21Hello, I feel obliged to provide additional comments to this paragraph as I start to believe that CANAL+ might not deserve sole blame here... While Microsoft claims there is absolutely no bug at its end, I personally start to perceive the company as the one that should be also […]
• Defense in depth -- the Microsoft way (part 83): instead to fix even their most stupid mistaskes, they spill barrels of snakeoil to cover them (or just leave them as-is) March 17, 2023
  Posted by Stefan Kanthak on Mar 16Hi @ll, with Windows 2000, Microsoft virtualised the [HKEY_CLASSES_ROOT] registry branch: what was just an alias for [HKEY_LOCAL_MACHINE\SOFTWARE\Classes] before became the overlay of [HKEY_LOCAL_MACHINE\SOFTWARE\Classes] and [HKEY_CURRENT_USER\Software\Classes] with the latter having precedence: Note: while [HKEY_LOCAL_MACHINE\SOFTWARE\Classes] is writable only by...
• [CFP] Security BSides Ljubljana 0x7E7 | June 16, 2023 March 17, 2023
  Posted by Andraz Sraka on Mar 16MMMMMMMMMMMMMMMMNmddmNMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM MMN..-..--+MMNy:...-.-/yNMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM MMy..ymd-.:Mm::-:osyo-..-mMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM MM:..---.:dM/..+NNyyMN/..:MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM Mm../dds.-oy.-.dMh--mMds++MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM My:::::/ydMmo..-hMMMmo//omMs/+Mm+++++shNMN+//+//+oMNy+///ohM MMMs//yMNo+hMh---m:-:hy+sMN..+Mo..os+.-:Ny--ossssdN-.:yyo+mM...
• Full Disclosure - Fastly March 12, 2023
  Posted by Andrey Stoykov on Mar 11Correspondence from Fastly declined to comment regarding new discovered vulnerabilities within their website. Poor practices regarding password changes. 1. Reset user password 2. Access link sent 3. Temporary password sent plaintext // HTTP POST request POST /user/mwebsec%40gmail.com/password/request_reset HTTP/2 Host: api.fastly.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:108.0) Gecko/20100101 […]
• Full Disclosure - Shopify Application March 12, 2023
  Posted by Andrey Stoykov on Mar 11Correspondence from Shopify declined to comment regarding new discovered vulnerabilities within their website. Although 'frontend' vulnerabilities are considered out of scope, person/tester foundhimself a beefy bugbounty from the same page that has been listed below, including similar functionality that has not been tested yet. Two emails and several reports, […]