H2Csmuggler – HTTP Request Smuggling Over HTTP/2 Cleartext (H2C)

September 30, 2020 ~ Dade Murphy ~ Leave a comment

KitPloit - PenTest Tools!-- h2cSmuggler smuggles HTTP traffic past insecure edge-server proxy_pass configurations by establishing HTTP/2 cleartext (h2c) communications with h2c-compatible back-end servers, allowing a bypass of proxy rules and access controls. See my detailed write-up below for: Technical breakdown of the vulnerability Insecure-by-default services Remediation guidance Here: https://labs.bishopfox.com/tech-blog/h2c-smuggling-request-smuggling-via-http/2-cleartext-h2c How to test? Any proxy endpoint … Continue reading H2Csmuggler – HTTP Request Smuggling Over HTTP/2 Cleartext (H2C)

Cisco Issues Patches For 2 High-Severity IOS XR Flaws Under Active Attacks

September 30, 2020 ~ Dade Murphy ~ Leave a comment

The Hacker News-- Cisco yesterday released security patches for two high-severity vulnerabilities affecting its IOS XR software that were found exploited in the wild a month ago.Tracked as CVE-2020-3566 and CVE-2020-3569, details for both zero-day unauthenticated DoS vulnerabilities were made public by Cisco late last month when the company found hackers actively exploiting Cisco IOS … Continue reading Cisco Issues Patches For 2 High-Severity IOS XR Flaws Under Active Attacks

Introducing VideoBytes, by Malwarebytes Labs

September 30, 2020 ~ Dade Murphy ~ Leave a comment

Malwarebytes Labs-- We have exciting news for avid readers of Malwarebytes Labs: This week, we’re launching a new, monthly video series that will feature the research, insights, and commentary of our own Adam Kujawa, security evangelist and a director for Malwarebytes Labs. Welcome to VideoBytes, our little corner of threat cinema on the web. The … Continue reading Introducing VideoBytes, by Malwarebytes Labs

Vulnerability In Medium Partner Program Could Allow Siphoning Writers’ Earnings

September 30, 2020 ~ Dade Murphy ~ Leave a comment

Latest Hacking News-- The popular content writing and sharing platform Medium had a serious security flaw. The vulnerability basically existed in the Medium Vulnerability In Medium Partner Program Could Allow Siphoning Writers’ Earnings on Latest Hacking News. View original article on Latest Hacking News

French Logistics Giant CMA CGM Group Went Offline Following Malware Attack

September 30, 2020 ~ Dade Murphy ~ Leave a comment

Latest Hacking News-- The French logistics and maritime transport giant has recently fallen prey to a cyber attack. The CMA CGM Group faced French Logistics Giant CMA CGM Group Went Offline Following Malware Attack on Latest Hacking News. View original article on Latest Hacking News

UHS Hospital Network Suffered Ransomware Attack

September 30, 2020 ~ Dade Murphy ~ Leave a comment

Latest Hacking News-- Another ransomware attack surfaces online. The victim belongs to the health sector, thus affecting the patients. Reportedly, several hospitals in UHS Hospital Network Suffered Ransomware Attack on Latest Hacking News. View original article on Latest Hacking News

Fortinet VPN Flaw Exposes 200K Businesses To MiTM Attacks

September 30, 2020 ~ Dade Murphy ~ Leave a comment

Latest Hacking News-- While VPNs are supposed to protect users, the same tools can pose a threat to user security if found vulnerable. Fortinet VPN Flaw Exposes 200K Businesses To MiTM Attacks on Latest Hacking News. View original article on Latest Hacking News

Google Removed 17 Android Apps With Joker Malware From Play Store

September 30, 2020 ~ Dade Murphy ~ Leave a comment

Latest Hacking News-- Google Play Store is a platform where threat actors keep reappearing due to its popularity and widespread use. No matter Google Removed 17 Android Apps With Joker Malware From Play Store on Latest Hacking News. View original article on Latest Hacking News

KuCoin Cryptocurrency Exchange Hacked Losing $150M Worth Of Crypto

September 30, 2020 ~ Dade Murphy ~ Leave a comment

Latest Hacking News-- Another crypto exchange has suffered a loss of millions of dollars following a cyber attack. As reported, the latest victim KuCoin Cryptocurrency Exchange Hacked Losing $150M Worth Of Crypto on Latest Hacking News. View original article on Latest Hacking News

Pastebin Introduce New Security Features: “Burn After Read” And Password Protected Pastes

September 30, 2020 ~ Dade Murphy ~ Leave a comment

Latest Hacking News-- The popular content pasting platform (specifically used for pasting codes) Pastebin has recently announced two new security features. These are Pastebin Introduce New Security Features: “Burn After Read” And Password Protected Pastes on Latest Hacking News. View original article on Latest Hacking News