SSRF Through PDF Generation
This week on a BugBounty program which I left aside I found my first SSRF, here is my writeup. Recon The scope is restricted to…
Month: March 2023
3CX customers targeted via trojanized desktop app
Suspected state-sponsored threat actors have trojanized the official Windows desktop app of the widely used 3CX softphone solution, a number of cybersecurity companies began warning…
AlienFox Malware Targets API Keys and Secrets from AWS, Google, and Microsoft Cloud Services
Mar 30, 2023Ravie LakshmananCloud Security / Cyber Threat A new “comprehensive toolset” called AlienFox is being distributed on Telegram as a way for threat actors…
3CX unified comms users hit by supply chain attacks
Customers of 3CX, a unified communications technology supplier, are being targeted by a North Korea-linked advanced persistent threat (APT) actor in a supply chain attack…
New Burp Suite API: we want your feedback! | Blog
Sean Burns | 08 December 2022 at 10:45 UTC If you follow the Burp Suite roadmap, then you’ll know that we’re working on a complete…
New AlienFox toolkit steals credentials for 18 cloud services
A new modular toolkit called ‘AlienFox’ allows threat actors to scan for misconfigured servers to steal authentication secrets and credentials for cloud-based email services. The…
LOKKER Web Privacy Risk Score helps organizations measure and mitigate online privacy threats
LOKKER has released its LOKKER Web Privacy Risk Score, the assessment tool that provides businesses with a clear, numeric rating of their privacy risk across…
Multi-Extortion Tactics On A Rise, Data Theft Up By 70%
Multi-extortion has been increasing, and companies are harassed in many ways to extract a ransom payment in return. Ransomware attacks typically involve making system data…
The World’s 1st Open Source Bug Bounty Guide – Methodology, Tools, Resources by Mik317 (50+ CVEs)
The World’s 1st Open Source Bug Bounty Guide – Methodology, Tools, Resources by Mik317 (50+ CVEs) Source link
The best defense against cyber threats for lean security teams
H0lyGh0st, Magecart, and a slew of state-sponsored hacker groups are diversifying their tactics and shifting their focus to… you. That is, if you’re in charge…
3CX Desktop App Supply Chain Attack Leaves Millions at Risk
Mar 30, 2023Ravie LakshmananSupply Chain / Software Security 3CX said it’s working on a software update for its desktop app after multiple cybersecurity vendors sounded…
Cloud Hacking: The Basics
Cloud Hacking: The Basics Source link