Fedora: Security Advisory for gfbgraph (FEDORA-2021-9c737bb848)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 33 Update: gfbgraph-0.2.4-1.fc33

GLib/GObject wrapper for the Facebook Graph API that integrates with GNOME Online Accounts...

[SECURITY] Fedora 34 Update: gfbgraph-0.2.4-1.fc34

GLib/GObject wrapper for the Facebook Graph API that integrates with GNOME Online Accounts...

Microsoft Defender for Endpoint: The Latest Versions of Antivirus Engine & Signatures

In a previous episode on Microsoft Defender for Endpoint, I described how to get a list of antivirus engine and signatures versions for the hosts in your infrastructure using the Microsoft Graph API. But the problem remains. You know the versions that are currently installed on the hosts. But whe...

TREVORspray - A Featureful Round-Robin SOCKS Proxy And Python O365 Sprayer Based On MSOLSpray Which Uses The Microsoft Graph API

TREVORproxy is a SOCKS proxy that round-robins requests through SSH hosts. TREVORspray is a A featureful Python O365 sprayer based on MSOLSpray which uses the Microsoft Graph API By @thetechr0mancer Microsoft is getting better and better about blocking password spraying attacks against O365...

InkySquid State Actor Exploiting Known IE Bugs

The InkySquid advanced persistent threat APT group, which researchers have linked to the North Korean government, was caught launching watering hole attacks against a South Korean newspaper using known Internet Explorer vulnerabilities. New analysis from Volexity reported its team of researchers...

How to get Antivirus-related Data from Microsoft Defender for Endpoint using Intune and Graph API

Hello everyone! In this episode, I would like to tell you how I tried to get automatically antivirus-related data current status, engine and signature version, last full scan date from Microsoft Defender for Endpoint using Microsoft Intune and the Graph API. Why is this necessary? You might assum...

DFIR-O365RC - PowerShell Module For Office 365 And Azure AD Log Collection

PowerShell module for Office 365 and Azure AD log collection Module description The DFIR-O365RC PowerShell module is a set of functions that allow the DFIR analyst to collect logs relevant for Office 365 Business Email Compromise investigations. The logs are generated in JSON format and retrieved...

O365-Attack-Toolkit - A Toolkit To Attack Office365

o365-attack-toolkit allows operators to perform an OAuth phishing attack and later on use the Microsoft Graph API to extract interesting information. Some of the implemented features are : Extraction of keyworded e-mails from Outlook. Creation of Outlook Rules. Extraction of files from...

Value 1 2 5 0 0 dollars to the Facebook album delete vulnerability-vulnerability warning-the black bar safety net

Overview: if your photo is deleted unknowingly, what will you do? Obviously, this problem is very annoying huh? This post is to say I found a vulnerability which allows a malicious user to delete Facebook on any album. Yes, any user, page, group, photo album can be deleted. The Graph API is the...

Facebook Vulnerability Allows Hacker to Delete Any Photo Album

A Serious vulnerability in Facebook has recently been reported that could allow anyone to delete your complete Facebook photo album without having authentication. Security Researcher Laxman Muthiyah told The Hacker News that the vulnerability actually resides in Facebook Graph API mechanism, whic...

Vulnerability in Facebook discloses Primary Email Address of any account

When you sign up on Facebook, you have to enter an email address and that email address becomes your primary email address on Facebook. In a recent disclosure by a Security researcher, Stephen Sclafani - The Social Networking site Facebook was vulnerable to disclosure of primary email address of...

Vulnerability in Facebook discloses Primary Email Address of any account

When you sign up on Facebook, you have to enter an email address and that email address becomes your primary email address on Facebook. In a recent disclosure by a Security researcher, Stephen Sclafani - The Social Networking site Facebook was vulnerable to disclosure of primary email address of...

Skype, Dropbox Patch Critical Facebook Authentication Bugs

UPDATE Popular applications Skype and Dropbox fixed holes in their websites this week that could have allowed an attacker to gain control of users’ Facebook accounts. In what’s technically being referred to as an “open direct vulnerability,” both applications failed to validate sites before sendi...