cK-bot

October 28, 2023 at 12:55AM

October 27, 2023cK-botUncategorized

■■■□□ Cyber-War: Cyber-Attack by APT28. France says Russian state hackers (fancy bear ) breached numerous critical networks. https://www.bleepingcomputer.com/news/security/france-says-russian-state-hackers-breached-numerous-critical-networks/ https://t.me/cKure/13112

October 28, 2023 at 12:45AM

October 27, 2023cK-botUncategorized

■■■■□ Nine Ways to Lose Data Using Serverless Without Even Knowing It. https://www.serverlesslife.com/Nine_Ways_How_to_Lose_Data_Using_Serverless_Without_Even_Knowing.html https://t.me/cKure/13111

October 27, 2023 at 11:33PM

October 27, 2023cK-botUncategorized

■■■■■ Compromising F5 BIG-IP With Request Smuggling | CVE-2023-46747 https://www.praetorian.com/blog/refresh-compromising-f5-big-ip-with-request-smuggling-cve-2023-46747/ https://t.me/cKure/13109

October 27, 2023 at 11:13PM

October 27, 2023October 27, 2023cK-botUncategorized

■■■■■ Zero-Day: CVE-2023-46747 (Score 9.8); an unauthenticated remote code execution vulnerability via a side-channel from the management interface (Traffic Management User Interface (TMUI) and is closely related to CVE-2022-26377 which is a HTTP request smuggling vulnerability). F5 has alerted customers of a critical security vulnerability impacting BIG-IP that could result in unauthenticated remote code execution…

Read

October 27, 2023 at 08:43PM

October 27, 2023cK-botUncategorized

■■■■□ Oh-Auth – Abusing OAuth to take over millions of accounts. https://salt.security/blog/oh-auth-abusing-oauth-to-take-over-millions-of-accounts https://t.me/cKure/13107

October 27, 2023 at 12:00PM

October 27, 2023cK-botUncategorized

■□□□□ Data-Breach: Japanese firm Toumei had over 100M records and 10GB of data breached this month. Included were 77k unique email addresses along with names, physical addresses and phone numbers. https://t.me/cKure/13106

October 27, 2023 at 11:58AM

October 27, 2023cK-botUncategorized

■■□□□ [Tool] Sliver: Open source cross-platform adversary emulation/red team framework, it can be used by organizations of all sizes to perform security testing. Sliver’s implants support C2 over Mutual TLS (mTLS), WireGuard, HTTP(S), and DNS and are dynamically compiled with per-binary asymmetric encryption keys. https://github.com/BishopFox/sliver https://t.me/cKure/13105

October 27, 2023 at 11:57AM

October 27, 2023cK-botUncategorized

■■■■■ curlshell: An encrypted reverse TCP shell through a proxy (using only cURL tool). It allows an attacker to access a remote shell (sh) when the remote system can access the Internet via a Proxy only (or the filesystem is mounted read-only/noexec). The target only needs to have curl and sh installed. Python is not…

Read

October 27, 2023 at 11:54AM

October 27, 2023cK-botUncategorized

■■■■□ CVE-2023-5360: Auto shell upload WordPress royal elementor 1.3.78 shell upload. https://github.com/phankz/Worpress-CVE-2023-5360 https://t.me/cKure/13102

October 27, 2023 at 10:18AM

October 27, 2023cK-botUncategorized

■■□□□ HTTP/2 Rapid Reset (CVE-2023-44487) https://thehackernews.com/2023/10/record-breaking-100-million-rps-ddos.html https://t.me/cKure/13101