Bogus URL Shorteners Redirect Thousands of Hacked Sites in AdSense Fraud Campaign
Learn how fake URL shorteners are redirecting hacked website traffic to crypto themed websites to generate fraudulent AdSense revenue.
#infosec
Infosec: Seeking advice regarding CVSS scoring.
One of the hardest tasks in my dayjob (at WPScan.com) is to assign CVSS scores. Particularly the Availability impact metric is a source of internal arguments. Personally I think the CVSS v3.1 Users Guide is quite clear on the subject, but we still end up arguing how this should be understood in the context of WordPress plugins.
Typically the argument is that if a vulnerability lets an attacker upload arbitrary files or execute arbitrary code, that amounts to a high impact on availability. The way I read the CVSS docs, this would only affect the Confidentiality and Integrity impact metrics, leaving Availability at None or at most Low.
Does anybody have any advice or insights into how we should understand and score this metric?
how to completely own an airline in 3 easy steps
https://maia.crimew.gay/posts/how-to-hack-an-airline/
Sounds like fun ;)
I've written about a vulnerability I've been researching at work. Forking your dependencies without really knowing what you do may cause unintended consequences. If your project happens to be a WordPress plugin, you may risk that it appears on our blog. Don't appear on our blog!
https://jetpack.com/blog/vulnerabilities-found-in-the-3dprint-premium-plugin/
I recommend anyone who wants a solid intro to finding and exploiting weaknesses in C and C++ code to check out the training from @Patricia@social.vivaldi.net at NDC-security in Oslo in January!
#infosec #training #NDC #C++ #C
I’ve adjusted my training to be targeted towards security professionals who want hands-on experience with binary exploitation and vulnerabilities.
Premiering at NDC Security, January 2023
(In)Secure C++: Sec Edition
https://ndc-security.com/workshops/in-secure-cpp-sec-edition/91f417ab387b
In France, highest appeal court ruled that refusing to give up a password to your smartphones or unlocking it is considered "a crime" and may be punished by imprisonment (up to 3 years).
Absolutely surreal and disgraceful, and frankly a violation of right to privacy.
#France #Privacy #GDPR #Encryption #Surveillance #InfoSec #Fascism #WelcomeTo1984 #Politics #EU
https://www.thelocal.fr/20221109/france-criticised-for-forcing-suspects-to-unlock-phones/
Screenshot_20220725_154605.png
(Media description: A presenter at a conference displaying a slide saying "Over 90 WordPress themes, plugins backdoored in supply chain attack.")
Cool to see my work mentioned in a conference talk by @{https://mastodon.technology/@rysiek}. It was a very interesting talk too, definitely one to check out for the more technically inclined people interested in a more decentralised and open web!
https://media.ccc.de/v/mch2022-198-trusted-cdns-without-gatekeepers
#infosec #libresilient #mch2022 #web #cdn #resilienceHarald Eilertsen posted a new photo to 2022
If you just entered the domain of mobile security, or always wanted to but didn't know where to start, this workshop is ideal for you. Join #OWASP for this insightful training led by @bsd_daemon. Register NOW: https://whova.com/web/S01MAxzRa49H60XWA6U3vkikTxPUTwLpY4t6Ro00Hx0%3D/
#devsecops #cybersecurity #infosec #appsec https://nitter.bus-hit.me/owasp/status/1550073230429388802#m
If you just entered the domain of mobile security, or always wanted to but didn't know where to start, this workshop is ideal for you. Join #OWASP for this insightful training led by @bsd_daemon. Register NOW: https://whova.com/web/S01MAxzRa49H60XWA6U3vkikTxPUTwLpY4t6Ro00Hx0%3D/
#devsecops #cybersecurity #infosec #appsec https://nitter.bus-hit.me/owasp/status/1549876965620031499#m
ANNOUNCING NEW WEBINARS!
-Intro to Browser FIngerprinting
-Secure your SDLC using OWASP SAMM
-Attacking Application Supply Chain
-Purple Team AWS
-Adv. White Board Hacking - AKA Threat Modeling
REGISTER TODAY: http://owasp.org/events/
#cybersecurity #infosec #devsecops https://nitter.bus-hit.me/owasp/status/1549635337831546881#m
Why can't we have nice things?
Microsoft. Microsoft is why we can't have nice things.
♲ Michael Downey 🚩 - 2022-06-29 06:19:45 GMT
⚠️ TIL
If you use #Microsoft #Outlook, it scans all of your arriving #email and sends the URLs to #Bing for indexing.
😬 #infosec
Matt Jay auf Twitter: „Imagine being in infosec and proudly announcing all the false positives you blocked.“ / Twitter
#infosec indeed
WordCamp EU CTF - solution
The solution to our Capture the Flag exercise that we ran during this years WordCamp EU is now public:
https://jetpack.com/blog/capture-the-flag-at-wordcamp-europe-2022/
You can still download the source code and a docker setup for playing along if you want to check for yourself.
Be safe out there, folks. #Pride #LGBTQ #InfoSec
Pridefall Discord Attack 2022 | How To Recover From Scams?
We have updated our CTF-challenge with one more task. In case you found the tree first ones too easy, have a go at the last one. We will present the solutions to the challenges at the end of the day tomorrow at the Jetpack booth at WordCamp EU in Porto.
Our team Jetpack is running a WordPress security mini-CTF (Capture The Flag) during WordCamp EU this year. Ever wanted to train your Hacker mindset? Read between the lines (of code!), and break stuff?
You want to try this!
Be sure to visit our booth from tomorrow!