Cyber Newsroom Feed
The "Cyber Newsroom Feed" module is a live feed of the latest cyber news enriched with CVE and vulnerability data. The feed is updated every 5 minutes and includes the latest news from the cyber security industry. The feed is designed to provide users with a comprehensive overview of the latest cyber security news and trends.
-
SentinelOne DE
Das Gute, das Schlechte und das Hässliche in der Cybersicherheit – Woche 28
In dieser Woche wurde ein großer Business Email Compromise-Betrugsversuch abgewehrt, der sich gegen Office 365 richtete. BEC oder Email Account Compromises waren im vergangenen Jahr für den größten An ... Read more
-
SentinelOne DE
Das Gute, das Schlechte und das Hässliche in der Cybersicherheit – Woche 28
In dieser Woche wurde ein großer Business Email Compromise-Betrugsversuch abgewehrt, der sich gegen Office 365 richtete. BEC oder Email Account Compromises waren im vergangenen Jahr für den größten An ... Read more
-
blogspot.com
If You Can't Patch Your Email Server, You Should Not Be Running It
CVE-2020-0688 Scan Results, per Rapid7 tl;dr -- it's the title of the post: "If You Can't Patch Your Email Server, You Should Not Be Running It." I read a disturbing story today with the following new ... Read more
-
Comae Technologies
How to Solve the Blindspots of Event-Driven Detection
A while back, I discussed how memory could be used as an ultimate form of the log as long as the analysis workflow and process is smooth.This blog post will start by explaining the blind spots created ... Read more
-
carnal0wnage.com
Jenkins - CVE-2018-1000600 PoC
second exploit from the blog post https://blog.orange.tw/2019/01/hacking-jenkins-part-1-play-with-dynamic-routing.html Chained with CVE-2018-1000600 to a Pre-auth Fully-responded SSRF https://jenkins. ... Read more
-
carnal0wnage.com
Jenkins - messing with exploits pt3 - CVE-2019-1003000
References: https://www.exploit-db.com/exploits/46453 http://blog.orange.tw/2019/02/abusing-meta-programming-for-unauthenticated-rce.html This post covers the Orange Tsai Jenkins pre-auth exploit Vuln ... Read more
-
carnal0wnage.com
Jenkins - SECURITY-180/CVE-2015-1814 PoC
Forced API token change SECURITY-180/CVE-2015-1814 Affected Versions All Jenkins releases <= 1.605 All LTS releases <= 1.596.1 PoC Tested against Jenkins 1.605 POST /user/user2/descriptorByName/jenkin ... Read more
-
carnal0wnage.com
Jenkins - SECURITY-200 / CVE-2015-5323 PoC
API tokens of other users available to admins SECURITY-200 / CVE-2015-5323 API tokens of other users were exposed to admins by default. On instances that don’t implicitly grant RunScripts permission t ... Read more
-
carnal0wnage.com
Jenkins Master Post
A collection of posts on attacking Jenkins http://www.labofapenetrationtester.com/2014/08/script-execution-and-privilege-esc-jenkins.html Manipulating build steps to get RCE https://medium.com/@uraniu ... Read more
-
carnal0wnage.com
Jenkins - messing with exploits pt2 - CVE-2019-1003000
After the release of Orange Tsai's exploit for Jenkins. I've been doing some poking. PreAuth RCE against Jenkins is something everyone wants. While not totally related to the blog post and tweet the f ... Read more