Microsoft Details Phishing Campaign Targeting 35,000 Users Across 26 Countries

Microsoft has disclosed details of a large-scale credential theft campaign that has leveraged a combination of code of conduct-themed lures and legitimate email services to direct users to attacker-controlled domains and steal authentication tokens. The multi-stage campaign, observed between Apri...

Breaking the code: Multi-stage ‘code of conduct’ phishing campaign leads to AiTM token compromise

In this article 1. Multi-step social engineering campaign leading to credential theft 2. Mitigation and protection guidance 3. Microsoft Defender detections 4. Hunting queries 5. Indicators of compromise Phishing campaigns continue to improve sophistication and refinement in blending social...

Breaking the code: Multi-stage ‘code of conduct’ phishing campaign leads to AiTM token compromise

In this article 1. Multi-step social engineering campaign leading to credential theft 2. Mitigation and protection guidance 3. Microsoft Defender detections 4. Hunting queries 5. Indicators of compromise Phishing campaigns continue to improve sophistication and refinement in blending social...

Cybersecurity Skills in New Graduates: A Philippine Perspective

This study investigates the key skills and competencies needed by new cybersecurity graduates in the Philippines for entry-level positions. Using a descriptive cross-sectional research design, it combines analysis of job listings from Philippine online platforms with surveys of students, teachers...

KitHack

This is a collection of tools and scripts for the KitHack framework, a penetration testing tool. The repository includes a Python script, clean.sh, which is used to clean up the tools directory. The script checks if the user has root permissions and, if so, removes any tools that are not empty. T...

personal-security-checklist-1

This repository is an open-source project for a curated checklist of 300+ tips for protecting digital security and privacy in 2022. It is a community-driven project that allows contributors to suggest and submit points to be added, amended, or removed from the list. The project has a code of...

personal-security-checklist

It is an offensive tool for community guidelines and contributor policies. The repository contains a curated checklist of 300+ tips for protecting digital security and privacy in 2022. The primary CVE ID is not present in the provided context. The target product/service or framework is not...

Microsoft Office Spoofing Vulnerability (CNVD-2024-02719)

Microsoft Office is an office software suite of products from the U.S. company Microsoft Microsoft. The product's common components include Word, Excel, Access, Powerpoint, FrontPage, and so on. Microsoft Office has a spoofing vulnerability that can be exploited by attackers to conduct spoofing...

Steps Involved In Penetration Testing And Their Methodology In Cybersecurity

By Owais Sultan Lets explore the steps involved in penetration testing and the methodology employed by cybersecurity professionals to conduct effective… This is a post from HackRead.com Read the original post: Steps Involved In Penetration Testing And Their Methodology In Cybersecurity...

Broken Access Control in Vote/Friend Function

Description Unauthorized conduct by modifying, closing/re open a poll created by someone else. Delete friend of other account via id Proof of Concept Step 1: Use account 1 to create a poll\ \ account 2 not have perrmison edit/close/open on poll \ Step 2: Intercept request when account 1 edit,...

How to help your child manage their online reputation

Whether your child has been socially active online for a while now or you just handed your young one their first ever smartphone, now is an excellent time to think about managing their online reputation. The concept may sound overwhelming, but doing it is easy. Since you're no doubt talking to yo...

School Dormitory Management System SQL Injection Vulnerability

School Dormitory Management System is a school dormitory management system. SQL injection vulnerability exists in School Dormitory Management System, which can be exploited by attackers to conduct SQL injection attacks...

Automotive Shop Management System SQL注入漏洞

Automotive Shop Management System is an automotive shop management system. SQL injection vulnerability exists in Automotive Shop Management System v1.0. The vulnerability can be exploited by attackers to conduct SQL injection attacks via /asms/classes/Master.php?f=deleteproduct...

Covid-19 Travel Pass Management System SQL Injection Vulnerability (CNVD-2022-85124)

Covid-19 Travel Pass Management System is a Covid-19 travel pass management system. Covid-19 Travel Pass Management System v1.0 has a SQL injection vulnerability, which originates from ctpms/admin/?page=user/manageuser&id=lack of filtering and escaping for parameters, which can be exploited by...

phpMyAdmin HTTP Response Splitting Vulnerability

CRLF injection vulnerability in bsdispasmimetype.php in the BLOB streaming feature in phpMyAdmin before 3.1.3.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the 1 ctype and possibly 2 filetype parameters...

Design/Logic Flaw

IBM WebSphere Application Server - Liberty 17.0.0.3 through 22.0.0.1 could allow a remote authenticated attacker to conduct an LDAP injection. By using a specially crafted request, an attacker could exploit this vulnerability and could result in in granting permission to unauthorized resources. I...

Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

log4j-remediation-tools Tools for finding and reproducing...

nuclei-templates

This is a community-curated list of templates for the nuclei engine to find security vulnerabilities in applications. The repository contains various templates for the scanner provided by the team and contributed by the community. The templates are the core of the nuclei scanner, which powers the...

Directory traversal

An issue was discovered in Grafana Loki through 2.2.1. The header value X-Scope-OrgID is used to construct file paths for rules files, and if crafted to conduct directory traversal such as ae ../../sensitive/path/in/deployment pathname, then Loki will attempt to parse a rules file at that locatio...

Binance receives the ban hammer from UK’s FCA

Binance, the worlds largest and most popular cryptocurrency exchange network, has had a rough few days. First, Japans financial regulator, the Financial Services Agency FSA, issued its second warning to Binance on Friday, 25 June, for operating in the country without permission The first warning...