All posts in Uncategorized

■■■■□ A Glossary of Blind SSRF Chains. https://blog.assetnote.io/2021/01/13/blind-ssrf-chains/ https://t.me/cKure/6691

■■■□□ Irremovable Facebook group album photos and entire album under certain circumstances. https://theshubh77.medium.com/irremovable-facebook-group-album-photos-and-entire-album-under-certain-circumstances-bounty-1000-b1b2a870b8e0 https://t.me/cKure/6690

■■■□□ The US  National Security Agency (NSA) says that companies should avoid using third party DNS resolvers to block threat actors’ DNS traffic eavesdropping and manipulation attempts and to block access to internal network information.  https://t.me/cKure/6689

■■■■■ Google reveals sophisticated Windows and Android hacking operation via Watering hole attack. https://www.zdnet.com/google-amp/article/google-reveals-sophisticated-windows-android-hacking-operation/ https://t.me/cKure/6688

■■■■□ The US Cybersecurity and Infrastructure Security Agency (CISA) said today that threat actors bypassed multi-factor authentication (MFA) authentication protocols to compromise cloud service accounts. Attackers changed pass the cookie and brute force to advice the feat. https://www.bleepingcomputer.com/news/security/cisa-hackers-bypassed-mfa-to-access-cloud-service-accounts/ https://t.me/cKure/6686

■□□□□ #Iran Charming Kitten’s Christmas Gift. https://blog.certfa.com/posts/charming-kitten-christmas-gift/ https://t.me/cKure/6685

■■□□□ Going Rogue- a Mastermind behind Android Malware Returns with a New RAT https://research.checkpoint.com/2021/going-rogue-a-mastermind-behind-android-malware-returns-with-a-new-rat/ https://t.me/cKure/6684

■■■□□ The ContentFilterExclusionList has been removed in macOS 11.2 beta 2. This feature allowed Apple’s apps to bypass macOS firewalls and VPNs. https://www.zdnet.com/article/apple-removes-feature-that-allowed-its-apps-to-bypass-macos-firewalls-and-vpns/ https://t.me/cKure/6683

■■■□□ #Zeroday: Windows 10 bug corrupts your hard drive on seeing this file’s icon. https://www.bleepingcomputer.com/news/security/windows-10-bug-corrupts-your-hard-drive-on-seeing-this-files-icon/ https://t.me/cKure/6682

■■■■□ SolarWinds hack update. Microsoft recently informed Mimecast that a Mimecast-issued certificate provided to certain customers to authenticate Mimecast Sync and Recover, Continuity Monitor, and IEP products to Microsoft 365 Exchange Web Services has been compromised by a sophisticated threat actor affecting approximately 10% of customers. Official Statement: https://www.mimecast.com/blog/important-update-from-mimecast/ https://t.me/cKure/6680