[SECURITY] Fedora 36 Update: golang-github-pact-foundation-1.5.1-6.fc36

Pact Go enables consumer driven contract testing, providing a mock service and DSL for the consumer project, and interaction playback and verification for t he service provider project...

[SECURITY] Fedora 36 Update: golang-github-onsi-ginkgo-2-2.1.4-2.fc36

A Modern Testing Framework for Go...

[SECURITY] Fedora 36 Update: golang-github-mock-1.6.0-3.fc36

GoMock is a mocking framework for the Go programming language. It integrates well with Go's built-in testing package, but can be used in other contexts to o...

[SECURITY] Fedora 36 Update: golang-github-gucumber-0-0.23.20190703git7d5c79e.fc36

An implementation of Cucumber BDD-style testing for Go...

[SECURITY] Fedora 36 Update: golang-github-google-martian-3.1.0-9.fc36

Martian Proxy is a programmable HTTP proxy designed to be used for testing. Martian is a great tool to use if you want to: - Verify that all or some subset of requests are secure - Mock external services at the network layer - Inject headers, modify cookies or perform other mutations of HTTP...

[SECURITY] Fedora 36 Update: golang-github-gohugoio-testmodbuilder-0-0.10.20201030git72e1e0c.fc36

Some helper scripts used for Hugo testing...

SharpWSUS - CSharp tool for lateral movement through WSUS

SharpWSUS is a CSharp tool for lateral movement through WSUS. There is a corresponding blog https://labs.nettitude.com/blog/introducing-sharpwsus/ which has more detailed information about the tooling, use case and detection. Credits Massive credit to the below resources that really did 90% of th...

2022 0-day In-the-Wild Exploitation…so far

Posted by Maddie Stone, Google Project Zero This blog post is an overview of a talk, “ 0-day In-the-Wild Exploitation in 2022…so far”, that I gave at the FIRST conference in June 2022. The slides are available here. For the last three years, we’ve published annual year-in-review reports of 0-days...

Jwtear - Modular Command-Line Tool To Parse, Create And Manipulate JWT Tokens For Hackers

A modular command-line tool to parse, create and manipulate JSON Web TokenJWT tokens for security testing purposes. Features Complete modularity. All commands are plugins. Easy to add new plugins. Support JWS and JWE tokens. Easy interface for plugins. follow the template example Flexible token...

How SAST Will Improve Your Overall Security: Intro

By Owais Sultan Application testing is a process that helps ensure the quality and safety of your software applications, whether the… This is a post from HackRead.com Read the original post: How SAST Will Improve Your Overall Security: Intro...

This Week in Spring - June 28th, 2022

Hi, Spring fans! Welcome to another installment of This Week in Spring! Im writing this from the Big Apple, New York City! Im here for the SpringOne Tour 2022 NYC event. This is my first time back in New York City since before the pandemic and it has been so much fun. Ive been catching up with...

The vulnerability of the Core component in Oracle VM VirtualBox allows a hacker to trigger a service failure.

The vulnerability of the Core component in Oracle VM VirtualBox exists due to insufficient testing of input data. Exploiting this vulnerability can allow an attacker to cause a service failure...

Authcov - Web App Authorisation Coverage Scanning

Web app authorisation coverage scanning. Introduction AuthCov crawls your web application using a Chrome headless browser while logged in as a pre-defined user. It intercepts and logs API requests as well as pages loaded during the crawling phase. In the next phase it logs in under a different us...

Exploit for Off-by-one Error in Sudo_Project Sudo

CVE-2021-3156: Heap-Based Buffer Overflow in Sudo Baron Samed...

Malicious Package

Overview rainbow-bridge-testing is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this...

The vulnerability of the Outside In Filters component of the Oracle Outside In Technology toolset allows a perpetrator to trigger a service failure.

The vulnerability of the Outside In Filters component within the Oracle Outside In Technology toolset exists due to insufficient testing of input data. Exploiting this vulnerability could allow a malicious actor to cause service failures using the HTTP protocol...

The vulnerability of the Intel Ethernet ixgbe driver for Linux allows a hacker to trigger a service failure.

The vulnerability of the Intel Ethernet ixgbe driver for Linux exists due to insufficient testing of input data. Exploiting this vulnerability can allow attackers to cause service failures...

The vulnerability of the Outside In Filters component within the Oracle Outside In Technology SDK allows a hacker to trigger a service failure.

The vulnerability of the Outside In Filters component within Oracle’s software development kit SDK “Outside In Technology” exists due to insufficient testing of input data. Exploiting this vulnerability could allow a malicious actor to cause service failures using the HTTP protocol...

Securing your IoT with Edge Secured-core devices

A recent study conducted by Microsoft in partnership with Ponemon Institute included a survey of companies that have adopted IoT solutions and 65 percent of them mentioned that security is a top priority when implementing IoT. Attacks targeting IoT devices put businesses at risk. Impacted devices...

Malicious code in evil-testing (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3d5712e6aa578ce6e0155c58afd67199a6e5b205a0c4b3fcdf19ea860bfd4c09 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...