A week in security (November 20 – November 26)
A list of topics we covered in the week of November 20 to November 26 of 2023
A list of topics we covered in the week of November 20 to November 26 of 2023
The U.K. and U.S., along with international partners from 16 other countries, have released new guidelines for the development of secure artificial intelligence (AI) systems.
“The approach prioritizes ownership of security outcomes for customers, embra…
Mass bruteforce network protocols Info Simple personal script to quickly mass bruteforce common services in a large scale of network. It will check for default credentials on ftp, ssh, mysql, mssql…etc. This was made for authorized red team pen…
OSINT framework focused on gathering information from free tools or resources. The intention is to help people find free OSINT resources. Some of the sites included might require registration or offer more data for $$$, but you should be able to get …
An unspecified government entity in Afghanistan was targeted by a previously undocumented web shell called HrServ in what’s suspected to be an advanced persistent threat (APT) attack.
The web shell, a dynamic-link library (DLL) named “hrserv.dll,” exhi…
The maintainers of the open-source file-sharing software ownCloud have warned of three critical security flaws that could be exploited to disclose sensitive information and modify files.
A brief description of the vulnerabilities is as follows –
Discl…
Obviously any known vulnerabilities are not great, but I’m curious how much I should be concerned about them.
I’ve seen plenty of articles that talk about the rise in malware/spam in npm packages:
NPM malware attack goes unnoticed for a y…
Researchers have found several weaknesses in the fingerprint authentication for Windows Hello on popular laptops.
Citrix Bleed is being actively exploited by at least six cybercrime groups.
More details have emerged about a malicious Telegram bot called Telekopye that’s used by threat actors to pull off large-scale phishing scams.
“Telekopye can craft phishing websites, emails, SMS messages, and more,” ESET security researcher Radek Jizba…