■■■■■ Browser exploit via side channel attack: Researchers have discovered a new side-channel that they say can be reliably exploited to leak information from web browsers that could then be leveraged to track users even when JavaScript is completely disabled. “This is a side-channel attack which doesn’t require any JavaScript to run,” the researchers said.…
All posts tagged telegram
March 11, 2021 at 11:38PM
■■■■■ Browser exploitation (beginner video tutorial / story). https://youtu.be/yJewXMwj38s https://t.me/cKure/7132
March 11, 2021 at 11:28PM
■□□□□ ProxyLogon PoC Exploit Released; Likely to Fuel More Disruptive Cyber Attacks. https://thehackernews.com/2021/03/proxylogon-exchange-poc-exploit.html https://t.me/cKure/7131
March 11, 2021 at 04:07PM
■□□□□ The security loophole in the Plus Addons for Elementor plugin of WordPress was used in active zero-day attacks prior to a patch being issued. https://threatpost.com/cyberattackers-exploiting-critical-wordpress-plugin-bug/164663/ https://t.me/cKure/7124
March 11, 2021 at 03:26PM
■□□□□ SSRF PoC for CVE-2021-26855. https://github.com/projectdiscovery/nuclei-templates/blob/master/cves/2021/CVE-2021-26855.yaml https://t.me/cKure/7123
March 11, 2021 at 03:24PM
■□□□□ Interesting thread https://mobile.twitter.com/nav1n0x/status/1369743606320406532 https://t.me/cKure/7122
March 11, 2021 at 03:16PM
■□□□□ Microsoft confirms Windows 10 crash issue due to March updates. https://t.me/cKure/7121
March 11, 2021 at 11:19AM
■■■■■ F5 #Zeroday: Application security company F5 Networks on Wednesday published an advisory warning of four critical vulnerabilities impacting multiple products that could result in a denial of service (DoS) attack and even unauthenticated remote code execution on target networks. The patches concern a total of seven related flaws (from CVE-2021-22986 through CVE-2021-22992), two of which were discovered and reported by…
March 10, 2021 at 10:31PM
■□□□□ Threat actors prevented the Williams Formula 1 team from giving fans a first look at their car’s latest version via an ‘augmented reality’ app. In the wake of the malicious intrusion, Williams canceled their plan to launch its FW43B and claimed that the app was “hacked prior to launch”. ‘Williams’ were planning to reveal…
March 10, 2021 at 10:30PM
■■■■□ Thanks to the Solarwinds security blunders, we’re all aware now of how vital it is to protect our software supply chain from unauthorized changes. Now, the Linux Foundation and partners have created a new free cryptographic software signing to improve open-source program security. https://www.zdnet.com/article/linux-foundation-announces-new-open-source-software-signing-service/ https://t.me/cKure/7117