Nearly 20% of Docker Hub Repositories were used to spread malware & phishing scams
submitted by /u/SRMish3
How an empty S3 bucket can make your AWS bill explode
submitted by /u/xiongchiamiov
From IcedID to Dagon Locker Ransomware in 29 Days
submitted by /u/TheDFIRReport
LSASS rings KsecDD ext. 0 – Overview of the recent KexecDD exploit
submitted by /u/clod81
Just-in-Time admin and production access using Azure PIM
submitted by /u/nindustries
Automating API Vulnerabilities Using Postman Workflows
submitted by /u/HayMiz
Exploiting the NT Kernel in 24H2: New Bugs in Old Code & Side Channels Against KASLR
submitted by /u/gabe_k
Postman users are exposing Thousands of live Passwords/API keys
submitted by /u/wifihack
Moriarty v1.2 has been released!
submitted by /u/Hubble_BC_Security
Exploring Vulnerabilities in Embedded Devices: A Case Study of an IP Phone
submitted by /u/security_aaudit
Cisco ASA exploit in the wild.
submitted by /u/MrSanford
18 vulnerabilities in Brocade SANnav
submitted by /u/PierreKimSec
SAP Threat Modeling Tool – Open Source Software
submitted by /u/vah_13
Nation-State Threat Actors Renew Publications to npm
submitted by /u/louis11
Dauthi – MDM Authentication Framework
submitted by /u/emptynebuli
BlackBerry MDM Has Some Authentication Flaws
submitted by /u/emptynebuli
An Analysis of the DHEat DoS Against SSH in Cloud Environments
submitted by /u/therealjoetesta
Backdooring Dotnet Applications
submitted by /u/lightgrains
EvilLsassTwin – PPL Bypass, Fast 12MB In-Memory Dumps
submitted by /u/EphReborn
Inside Ukraine’s Killer-Drone Startup Industry
Ukraine needs small drones to combat Russian forces—and is bootstrapping its own industry at home.
New Cuttlefish Malware Hijacks Router Connections, Sniffs for Cloud Credentials
A new malware called Cuttlefish is targeting small office and home office (SOHO) routers with the goal of stealthily monitoring all traffic through the devices and gather authentication data from HTTP GET and POST requests.
"This malware is modular, designed primarily to steal authentication material found...
A million Australian pubgoers wake up to find personal info listed on leak site
Allegations fly regarding unpaid contractors and iffy infosec Over a million records describing Australians who visited local pubs and clubs have apparently been posted online.…
Change Healthcare Cyberattack Was Due to a Lack of Multifactor Authentication, UnitedHealth CEO says
UnitedHealth CEO Andrew Witty said in a U.S. Senate hearing that his company is still trying to understand why the server did not have the additional protection.
The post Change Healthcare Cyberattack Was Due to a Lack of Multifactor Authentication,...
Dropbox dropped the ball on security, haemorrhaging customer and third-party info
Only from its digital doc-signing service, which is isolated from its cloudy storage Dropbox has revealed a major attack on its systems that saw customers' personal information accessed by unknown and unauthorized entities.…
