Jump to content
OpenSecurity.global

All Activity

This stream auto-updates     

  1. Last week
  2. Earlier
  3. I meant to post this earlier, but just now re-ran across a video with the source info. It may be old news to some of you but Zerodium, which pays researchers for zero days, had to halt their Apple iOS program because they just had too many submissions.
  4. https://www.defcon.org/html/defcon-safemode/dc-safemode-index.html
  5. HBO Westworld (has a simulation in the plot, but does not suggest we are living in one) FX HULU series Devs Netflix Series The Midnight Gospel with comedian Duncan Trussell https://www.youtube.com/watch?v=0kQWAqjFJS0
  6. Nobody tell them very few people run this version of Windows, nor are still vulnerable.
  7. https://havoc.hackersacademy.com/
  8. SoFi forces password resets after claiming a small set of passwords were leaked to a third party....haven't seen this in the news yet.
  9. Greetings all. I've been a unix/linux sysadmin since 1998 and working in IT security since 2007 or so. I just finished the first Splunk class and passed my Splunk Certified Core User certification. I decided that was a good path to choose when my contract was pulled in January. Now I'm looking for a remote security position where I can use my experience to help a company with their projects and switch my career path finally entirely into security. I've attached my resume for your perusal. This is a very trying time for all of us, and being unemployed makes it more complex and difficult. I'd appreciate any help I can get with finding a position. Thanks! Be safe and well out there. resume_brad_woodcock_2020-NoContactInfo.pdf
  10. They updated the advisory https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200006, and
  11. https://www-zdnet-com.cdn.ampproject.org/c/s/www.zdnet.com/google-amp/article/microsoft-warns-of-windows-zero-day-exploited-in-the-wild/ not checked personally
  12. Hello all, Do you know any orgazation, platform or web site where articles for increasing public awareness on cyber security are published? The articles should not be so technical that general public can also understand the contents.
  13. Seeing some minor variation of BlueKeep attack behaviour (maybe attackers updated Metasploit finally), I'm seeing some stable'ish exploitation of Windows 7 this week however they're failing to run commands properly. Example commands; Additional IoCs. Application event 1000, spawning Powershell.exe: This event spawns from C:\Windows\system32\UI0Detect.exe and UI0Detect.exe 224 (224 is the parameter). spoolsv.exe crash: They check the device has more than 3.5gb of RAM, and is 64 bit, then try running a payload. Network IOC 78.46.124.69 port 10095
  14. So I saw some exploitation of this in wild yesterday, looks like: Obviously the POST statements aren't there. Triggers code execution like this:
  15. There’s a public write up for triggering this vulnerability now (not RCE). https://www.coresecurity.com/blog/dejablue-vulnerabilities-windows-7-windows-10-cve-2019-1181-and-cve-2019-1182 @MalwareTech
  1. Load more activity
×
×
  • Create New...

Important Information

We use cookies as we're cookie monsters. Privacy Policy