Pentesting News

10/12/2023

What to know about the HTTP/2 Rapid Reset DDoS attacks

https://blog.talosintelligence.com/http-2-rapid-reset-ddos-attacks/

Cisco Talos BlogWhat to know about the HTTP/2 Rapid Reset DDoS attacksCisco Talos is actively tracking the novel distributed denial-of-service (DDoS) attacks cloud services provider Cloudflare disclosed earlier this week. The techniques described in Cloudflare’s blog post resulted in a record-breaking DDoS attack and could facilitate much larger attacks in the future.

CVE-2023-44487

CVE-2023-44487, a vulnerability in the HTTP/2

Cisco Talos is actively tracking the novel distributed denial-of-service (DDoS) attacks cloud services provider Cloudflare disclosed earlier this week. The techniques described in Cloudflare’s blog post resulted in a record-breaking DDoS attack and could facilitate much larger attacks in the futur...

10/12/2023

10 zero-day vulnerabilities in industrial cell router could lead to code ex*****on, buffer overflows

https://blog.talosintelligence.com/vulnerability-roundup-webkit-and-yifan-router/

Cisco Talos Blog10 zero-day vulnerabilities in industrial cell router could lead to code ex*****on, buffer overflowsAttackers could exploit these vulnerabilities in the Yifan YF325 to carry out a variety of attacks, in some cases gaining the ability to execute arbitrary shell commands on the targeted device.

Attackers could exploit these vulnerabilities in the Yifan YF325 to carry out a variety of attacks, in some cases gaining the ability to execute arbitrary shell commands on the targeted device.

10/12/2023

Multiple Citrix NetScaler Flaw Leads to DoS Attack and Data Exposure

https://gbhackers.com/multiple-citrix-netscaler-flaw/

GBHackers - Latest Cyber Security News | Hacker NewsMultiple Citrix NetScaler Flaw Leads to DoS Attack and Data ExposureCritical vulnerabilities in citrix NetScaler ADC and NetScaler Gateway have been found, resulting in sensitive information exposure and a denial of service attack.

Critical vulnerabilities in citrix NetScaler ADC and NetScaler Gateway have been found, resulting in sensitive information exposure and a denial of service attack.

10/12/2023

How LLM-like Models like ChatGPT patch the Security Gaps in SoC Functions

https://cybersecuritynews.com/how-llm-like-models-like-chatgpt/

Cyber Security NewsHow LLM-like Models like ChatGPT patch the Security Gaps in SoC FunctionsThe emergence of Large Language Models (LLMs) is transforming NLP, enhancing performance across NLG, NLU, and information retrieval tasks.

The emergence of Large Language Models (LLMs) is transforming NLP, enhancing performance across NLG, NLU, and information retrieval tasks.

10/12/2023

North Korean Hackers Continue to Refine Their Arsenal of Tactics & Techniques

https://gbhackers.com/north-korean-hackers-continue-to-refine-their-arsenal-of-tactics-techniques/

GBHackers - Latest Cyber Security News | Hacker NewsNorth Korean Hackers Continue to Refine Their Arsenal of Tactics & TechniquesThe DPRK's [Democratic People’s Republic of Korea’s] offensive program is always developing, demonstrating the regime's resolve to keep employing cyber incursions.

The DPRK's [Democratic People’s Republic of Korea’s] offensive program is always developing, demonstrating the regime's resolve to keep employing cyber incursions.

10/12/2023

Mirai-based DDoS botnet IZ1H9 added 13 payloads to target routers

https://securityaffairs.com/152333/malware/mirai-based-iz1h9-botnet-surge.html

Security AffairsMirai-based botnet IZ1H9 added 13 payloads to target routersA Mirai-based DDoS botnet tracked as IZ1H9 has added thirteen new exploits to target routers from different vendors.

A Mirai-based DDoS botnet tracked as IZ1H9 has added thirteen new exploits to target routers from different vendors.

10/12/2023

rollingshells

https://kalilinuxtutorials.com/rollingshells/

Kali Linux Tutorialsrollingshellsrollingshells - A simple tool that uses the Shodan API to search for an open shell and save it to use later randomly.

10/12/2023

WcamPhish – Unauthorized remote camera access via link

https://kalilinuxtutorials.com/wcamphish-unauthorized-remote-camera-access-via-link/

Kali Linux TutorialsWcamPhish - Unauthorized remote camera access via linkWcamPhish - Unauthorized remote camera access via link. It is a method for capturing images of a target's we**am or front camera on a phone.

WcamPhish - Unauthorized remote camera access via link. It is a method for capturing images of a target's we**am or front camera on a phone.

10/12/2023

BucketLoot: an automated S3-compatible bucket inspector

https://securityonline.info/bucketloot-an-automated-s3-compatible-bucket-inspector/

securityonline.infoBucketLoot: an automated S3-compatible bucket inspectorBucketLoot is an automated S3-compatible Bucket inspector that can help users extract assets, flag secret exposures

BucketLoot is an automated S3-compatible Bucket inspector that can help users extract assets, flag secret exposures

10/12/2023

Long-awaited curl vulnerability flops

https://cyberscoop.com/curl-vulnerability-open-source/

CyberScoopLong-awaited curl vulnerability flopsThe flaw in the widely used open source software package was expected to be the next great catastrophe in computer security.

The flaw in the widely used open source software package was expected to be the next great catastrophe in computer security.

10/11/2023

Shaco – C linux agent for the Havoc framework

https://kalilinuxtutorials.com/shaco-c-linux-agent-for-the-havoc-framework/

Kali Linux TutorialsShaco - C linux agent for the Havoc frameworkShaco is a simple C linux agent for the Havoc framework. Utilizing a hardcoded socket, Shaco communicates with the server over http.

Shaco is a simple C linux agent for the Havoc framework. Utilizing a hardcoded socket, Shaco communicates with the server over http.

10/11/2023

Microsoft patches 12 critical vulnerabilities, nine of which are in Layer 2 Tunneling Protocol

https://blog.talosintelligence.com/microsoft-patch-tuesday-october-2023/

Cisco Talos BlogMicrosoft patches 12 critical vulnerabilities, nine of which are in Layer 2 Tunneling ProtocolTwo other vulnerabilities that Microsoft is fixing Tuesday — CVE-2023-36563 in Microsoft WordPad and CVE-2023-41763 in the Skype communication platform — have already been publicly exploited in the wild and have proof-of-concept code available.

Two other vulnerabilities that Microsoft is fixing Tuesday — CVE-2023-36563 in Microsoft WordPad and CVE-2023-41763 in the Skype communication platform — have already been publicly exploited in the wild and have proof-of-concept code available.

10/11/2023

TRY HARDER: A Cybersecurity Retro Game for OSCP Preparation

https://kalilinuxtutorials.com/try-harder-a-cybersecurity-retro-game/

Kali Linux TutorialsTRY HARDER: A Cybersecurity Retro Game for OSCP Preparation"Try Harder" is a cybersecurity retro game created by Milosilo. It offers an immersive experience and a retro aesthetic.

"Try Harder" is a cybersecurity retro game created by Milosilo. It offers an immersive experience and a retro aesthetic.

10/11/2023

Air Europa data breach exposed customers’ credit cards

https://securityaffairs.com/152316/data-breach/airline-air-europa-data-breach.html

Security AffairsAir Europa data breach exposed customers' credit cardsAirline Air Europa disclosed a data breach and warned customers to cancel their credit cards after threat actors accessed their card information.

Airline Air Europa disclosed a data breach and warned customers to cancel their credit cards after threat actors accessed their card information.

10/11/2023

Impulse Denial-of-service ToolKit

https://kalilinuxtutorials.com/impulse-denial-of-service-toolkit/

Kali Linux TutorialsImpulse Denial-of-service ToolKitImpulse is a modern Denial service toolkit available on GitHub. This tool is used to perform call and SMS bombing on the target phone numbers.

Impulse is a modern Denial service toolkit available on GitHub. This tool is used to perform call and SMS bombing on the target phone numbers.

10/11/2023

Nation-state Hackers Exploiting Confluence Zero-day Vulnerability

https://cybersecuritynews.com/confluence-zero-day-vulnerability/

Cyber Security NewsNation-state Hackers Exploiting Confluence Zero-day VulnerabilityMicrosoft has detected the nation-state threat actor Storm-0062, also known as DarkShadow or Oro0lxy, exploiting CVE-2023-22515.

Microsoft has detected the nation-state threat actor Storm-0062, also known as DarkShadow or Oro0lxy, exploiting CVE-2023-22515.

10/11/2023

Bark

https://kalilinuxtutorials.com/bark-toolkit/

Kali Linux TutorialsBark Toolkit Installation GuideBark Toolkit is a set of tools that provide denial-of-service attacks. Bark Toolkit includes an SMS attack tool, an HTTP attack tool, and many other exciting attack tools.

Bark Toolkit is a set of tools that provide denial-of-service attacks. Bark Toolkit includes an SMS attack tool, an HTTP attack tool, and many other exciting attack tools.

10/11/2023

Top 10 Best SaaS Security Tools

https://cybersecuritynews.com/best-saas-security-tools/

Cyber Security NewsTop 10 Best SaaS Security ToolsTop 10 Best SaaS Security Tools. 1. DoControl, 2. Splunk, 3. Zscaler, 4. Qualys, 5. Proofpoint, 6. Veracode, 7. Okta, 8. Trend Micro.

Top 10 Best SaaS Security Tools. 1. DoControl, 2. Splunk, 3. Zscaler, 4. Qualys, 5. Proofpoint, 6. Veracode, 7. Okta, 8. Trend Micro.