Mastodon

3 posts3 participants0 posts today

OWASP FoundationMaster Modern Web App Security at OWASP Global AppSec EU 2025 in Barcelona!2-Day Training | May 27-28, 2025 Level: Intermediate | Trainer: Abraham Aranguren Take a 100% hands-on deep dive into the OWASP Security Testing Guide and Application Security Verification Standard (ASVS) in this action-packed course. Register now ⬇️ <a href="https://owasp.glueup.com/event/123983/register/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://owasp.glueup.com/event/123983/register/</a><a href="https://infosec.exchange/tags/OWASP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OWASP</a> <a href="https://infosec.exchange/tags/AppSecEU2025" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#AppSecEU2025</a> <a href="https://infosec.exchange/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Cybersecurity</a> <a href="https://infosec.exchange/tags/PenTesting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#PenTesting</a> <a href="https://infosec.exchange/tags/WebSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#WebSecurity</a> <a href="https://infosec.exchange/tags/DevSecOps" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DevSecOps</a> <a href="https://infosec.exchange/tags/NodeJS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#NodeJS</a> <a href="https://infosec.exchange/tags/Infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Infosec</a> <a href="https://infosec.exchange/tags/Barcelona" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Barcelona</a>

Bug Hunter CatBest source of infosec and cybersecurity news and information? (Social Media) It is to evaluate which one I choose as my main one. <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infosec</a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a> <a href="https://infosec.exchange/tags/hacking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#hacking</a> <a href="https://infosec.exchange/tags/pentesting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#pentesting</a> <a href="https://infosec.exchange/tags/bugbounty" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#bugbounty</a> <a href="https://infosec.exchange/tags/webappsecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#webappsecurity</a>

IT NewsPhysical Key Copying Starts With a Flipper Zero - A moment’s inattention is all it takes to gather the information needed to make a ... - <a href="https://hackaday.com/2025/03/25/physical-key-copying-starts-with-a-flipper-zero/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://hackaday.com/2025/03/25/physical-key-copying-starts-with-a-flipper-zero/</a> <a href="https://schleuss.online/tags/lockpickinghacks" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#lockpickinghacks</a> <a href="https://schleuss.online/tags/duplicating" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#duplicating</a> <a href="https://schleuss.online/tags/flipperzero" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#flipperzero</a> <a href="https://schleuss.online/tags/lockpicking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#lockpicking</a> <a href="https://schleuss.online/tags/locksports" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#locksports</a> <a href="https://schleuss.online/tags/pentesting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#pentesting</a>

FlorianWhen I started the IC_Null channel the idea was to cover topics primarily about <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a>, <a href="https://infosec.exchange/tags/hacking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#hacking</a>, <a href="https://infosec.exchange/tags/pentesting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#pentesting</a> etc. from a <a href="https://infosec.exchange/tags/blind" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#blind</a> perspective. Blind as in <a href="https://infosec.exchange/tags/screenReader" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#screenReader</a> user, that is. But an overarching topic is showing off what jobs are (up to a point) doable for this demographic and where the obstacles are. Today's stream leans that way: we'll be looking at the premier <a href="https://infosec.exchange/tags/translation" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#translation</a> and <a href="https://infosec.exchange/tags/localization" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#localization</a> tool, Trados Studio. Supposedly they have upped their <a href="https://infosec.exchange/tags/accessibility" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#accessibility</a> as of late. I'll be the judge of that 💀 I'll see you all on <a href="https://infosec.exchange/tags/youtube" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#youtube</a> and <a href="https://infosec.exchange/tags/twitch" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#twitch</a> just under 1.5 hours from now. https://twitch.tvic_null <a href="https://youtube.com/@blindlyCoding" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://youtube.com/@blindlyCoding</a> <a href="https://infosec.exchange/tags/selfPromo" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#selfPromo</a> <a href="https://infosec.exchange/tags/stream" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#stream</a> <a href="https://infosec.exchange/tags/trados" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#trados</a>

0x40kWow, things are getting wild in the Kubernetes world! The name alone – "IngressNightmare" – gives me chills! 🤯 It's crucial to know this affects the Ingress NGINX Controller, *not* the NGINX Ingress Controller. That's a big difference!Wiz really uncovered something huge. We're talking over 6,500 vulnerable clusters, with the potential for some serious Remote Code Execution (RCE). Ouch! They found that a scary 43% of cloud environments are impacted.It appears, that these kinds of vulnerabilities often slip past standard scans. You really need manual penetration testing to catch them. And as a pentester myself, I can tell you, it's frequently like digging for buried treasure! 😅Here are the CVEs to watch out for: CVE-2025-24513, CVE-2025-24514, CVE-2025-1097, CVE-2025-1098, CVE-2025-1974. These have a CVSS score of 9.8! So, you'll want to update to 1.12.1, 1.11.5, or 1.10.7 *immediately*. Another crucial step? See if your Admission Webhook Endpoint is exposed. Make sure you're limiting access. Don't need it? Then, turn it off!So, what are your experiences with K8s security? I'm curious, what tools do you swear by? 🤔<a href="https://infosec.exchange/tags/kubernetes" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#kubernetes</a> <a href="https://infosec.exchange/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#security</a> <a href="https://infosec.exchange/tags/pentesting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#pentesting</a> <a href="https://infosec.exchange/tags/devsecops" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#devsecops</a> <a href="https://infosec.exchange/tags/cloudsecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cloudsecurity</a>

nickbearded🚀 BashCore in action! 🚀Running Lynx on BashCore to browse Metasploitable2, followed by a WhatWeb scan to identify web technologies. All inside VirtualBox, powered by my awesome BashLab! 🖥️🔍<a href="https://bashcore.org" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://bashcore.org</a><a href="https://mastodon.social/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CyberSecurity</a> <a href="https://mastodon.social/tags/Pentesting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Pentesting</a> <a href="https://mastodon.social/tags/Linux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Linux</a> <a href="https://mastodon.social/tags/BashCore" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#BashCore</a> <a href="https://mastodon.social/tags/EthicalHacking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#EthicalHacking</a> <a href="https://mastodon.social/tags/Infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Infosec</a> <a href="https://mastodon.social/tags/Terminal" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Terminal</a> <a href="https://mastodon.social/tags/MinimalistLinux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#MinimalistLinux</a> <a href="https://mastodon.social/tags/Lynx" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Lynx</a> <a href="https://mastodon.social/tags/Metasploitable2" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Metasploitable2</a> <a href="https://mastodon.social/tags/WhatWeb" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#WhatWeb</a> <a href="https://mastodon.social/tags/VirtualBox" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#VirtualBox</a> <a href="https://mastodon.social/tags/BashLab" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#BashLab</a>

Teri RadichelSeeking signs of <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a> posts on this platform. Or information on <a href="https://infosec.exchange/tags/pentesting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#pentesting</a> <a href="https://infosec.exchange/tags/bugbounty" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#bugbounty</a> what’s causing <a href="https://infosec.exchange/tags/databreach" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#databreach</a> es and how to stop them.

0x40kAlright, Okta and similar tools are cool and all, but don't think they're a get-out-of-jail-free card for security! 😉 I frequently see IAM systems configured incorrectly. For instance, MFA is often forgotten. What about outdated accounts? Or giving admin rights to everyone? Boom! You've got a potential breach on your hands. 💥Listen up: IAM isn't just about setting it up and forgetting about it; you've *got* to *live* it! Automation definitely helps, but it's no substitute for manual checks. Regular pentests are a must, and certificates only tell part of the story. 📃So, what IAM best practices do you use (beyond the standard documentation)? 🤔 Let's share some insights! <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infosec</a> <a href="https://infosec.exchange/tags/pentesting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#pentesting</a> <a href="https://infosec.exchange/tags/okta" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#okta</a> <a href="https://infosec.exchange/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#security</a>

0x40kSeriously, CSS for spam? Mind. Blown. 🤯 Ran into a situation today where CSS in emails caused total mayhem. It's crazy what people are doing with it!Turns out, CSS, that styling language we all know, is getting abused. Think hidden text, user tracking – it's all happening! 😩 Who even considers that kind of stuff?CSS isn't just about making things look pretty anymore. Spammers are using stuff like `text_indent` and `opacity` to hide content. Cisco Talos even exposed this. The danger? Phishing and tracking, mainly. The fix? Improved filters and privacy proxies are a good start.It kinda reminds me of a pentest where we almost missed a CSS-based phishing page! Sometimes it's the small details that get you, right?So, what's the craziest CSS trick you've ever seen used maliciously? I'm all ears! 🤔<a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infosec</a> <a href="https://infosec.exchange/tags/pentesting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#pentesting</a> <a href="https://infosec.exchange/tags/emailsecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#emailsecurity</a>

BillHey <a href="https://infosec.exchange/tags/appsec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#appsec</a> people. How do you handle organization of testing artifacts when you are dealing with tons of apps? I have a new client in deep water, their app suite is 20 years old and shows it. They have 53 endpoints. My testing strategy is not designed for that.How do you keep things organized? Is there a cool tool I need to know about? Is it Burp Suite Enterprise time for POINT? How do you keep your notes?I know a lot of this is kinda up to your own personal philosophy for testing, but I thought it would make for informative conversation fodder for St. Paddy. ☘️ <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infosec</a> <a href="https://infosec.exchange/tags/pentesting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#pentesting</a>

Phillemon CEH | CTH🎭💻 Think Like a Black Hat, Act Like a White Hat! 👁️‍🗨️ Let's Face-It ! -> 🕵‍♂️ To Outsmart cybercriminals, you must think like one—but use your skills for defense, not destruction. Learn the mindset of hackers and the strategies ethical hackers use to strengthen cybersecurity. 🔍🔐📖 Read more: <a href="https://wardenshield.com/think-like-a-black-hat-and-act-like-a-white-hat" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://wardenshield.com/think-like-a-black-hat-and-act-like-a-white-hat</a><a href="https://mastodon.social/tags/EthicalHacking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#EthicalHacking</a> <a href="https://mastodon.social/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CyberSecurity</a> <a href="https://mastodon.social/tags/WhiteHat" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#WhiteHat</a> <a href="https://mastodon.social/tags/BlackHat" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#BlackHat</a> <a href="https://mastodon.social/tags/PenTesting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#PenTesting</a> <a href="https://mastodon.social/tags/CyberDefense" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CyberDefense</a> <a href="https://mastodon.social/tags/WardenShield" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#WardenShield</a> <a href="https://mastodon.social/tags/ThreatIntelligence" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ThreatIntelligence</a>

Lenin alevski 🕵️💻New Open-Source Tool Spotlight 🚨🚨🚨Sqlmap is an open-source tool for automating SQL injection detection and exploitation. It supports multiple databases like MySQL, PostgreSQL, Oracle, and more. Widely used for penetration testing, it includes features like database dumping, password cracking, and file system access. Remember: powerful tools require responsible use. <a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CyberSecurity</a> <a href="https://infosec.exchange/tags/PenTesting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#PenTesting</a>🔗 Project link on <a href="https://infosec.exchange/tags/GitHub" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#GitHub</a> 👉 <a href="https://github.com/sqlmapproject/sqlmap" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://github.com/sqlmapproject/sqlmap</a><a href="https://infosec.exchange/tags/Infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Infosec</a> <a href="https://infosec.exchange/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Cybersecurity</a> <a href="https://infosec.exchange/tags/Software" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Software</a> <a href="https://infosec.exchange/tags/Technology" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Technology</a> <a href="https://infosec.exchange/tags/News" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#News</a> <a href="https://infosec.exchange/tags/CTF" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CTF</a> <a href="https://infosec.exchange/tags/Cybersecuritycareer" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Cybersecuritycareer</a> <a href="https://infosec.exchange/tags/hacking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#hacking</a> <a href="https://infosec.exchange/tags/redteam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#redteam</a> <a href="https://infosec.exchange/tags/blueteam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#blueteam</a> <a href="https://infosec.exchange/tags/purpleteam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#purpleteam</a> <a href="https://infosec.exchange/tags/tips" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#tips</a> <a href="https://infosec.exchange/tags/opensource" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#opensource</a> <a href="https://infosec.exchange/tags/cloudsecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cloudsecurity</a>— ✨ 🔐 P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking 💻🏴‍☠️

pentest-tools.comWe tested 15 HTML sanitizers and managed to break 3 of them! How We Found XSS in Odoo & GiteaLast December two of our security researchers - Alex & Catalin - put 15 HTML sanitizers to the test across Python, Go, JavaScript, and Ruby. The result? Three critical vulnerabilities that impact major platforms used by millions!Key findings: ✅ Python (lxml.html.clean) – Vulnerability found in Odoo (5M+ users) ✅ Go (BlueMonday) – XSS in Gitea (used by Google, MasterCard, OpenStack)👉 The research exposed how sanitizers fail to handle edge cases, leading to security risks in chat systems, forums, and self-hosted git platforms.🎥 Watch the full keynote for more insights: <a href="https://youtu.be/0M4e347tMds" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://youtu.be/0M4e347tMds</a> <a href="https://infosec.exchange/tags/pentesting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#pentesting</a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a> <a href="https://infosec.exchange/tags/ethicalhacking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ethicalhacking</a> <a href="https://infosec.exchange/tags/offensivesecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#offensivesecurity</a>

The New Oil<a href="https://mastodon.thenewoil.org/tags/Hetty" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Hetty</a>: <a href="https://mastodon.thenewoil.org/tags/OpenSource" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OpenSource</a> <a href="https://mastodon.thenewoil.org/tags/HTTP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#HTTP</a> toolkit for security research<a href="https://www.helpnetsecurity.com/2025/03/10/hetty-open-source-http-toolkit-security-research/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.helpnetsecurity.com/2025/03/10/hetty-open-source-http-toolkit-security-research/</a><a href="https://mastodon.thenewoil.org/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a> <a href="https://mastodon.thenewoil.org/tags/PenTesting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#PenTesting</a>

Konstantin WeddigeDoes anyone have experience with different on-prem pentest management software to plan pentests with different pentest vendors, track vulnerabilities, etc.? Multi-tenant capability would be nice as well.<a href="https://gruene.social/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infosec</a> <a href="https://gruene.social/tags/pentesting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#pentesting</a>

nickbeardedRunning without a GUI strips away all the bloat and lets <a href="https://mastodon.social/tags/BashCore" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#BashCore</a> unleash raw speed and efficiency. It’s like driving a race car—no frills, just performance. Full system resources go to your tasks, not a graphical interface.Ideal for power users who thrive on the command line, <a href="https://mastodon.social/tags/BashCore" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#BashCore</a> is a beast for <a href="https://mastodon.social/tags/Pentesting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Pentesting</a>, <a href="https://mastodon.social/tags/NetworkDiagnostics" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#NetworkDiagnostics</a>, and <a href="https://mastodon.social/tags/Automation" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Automation</a>. <a href="https://mastodon.social/tags/Linux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Linux</a> <a href="https://mastodon.social/tags/CLI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CLI</a><a href="https://bashcore.org" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://bashcore.org</a>

0x40kWhoa! Japanese companies are currently facing a serious threat due to a PHP vulnerability (CVE-2024-4577). It might sound like tech jargon, but trust me, it's a huge deal! 😬Attackers are exploiting this flaw to run malicious code and install Cobalt Strike (yeah, that penetration testing tool – go figure 🙄). And that's when things get really nasty: password theft, lateral movement within the network... 🤬The bottom line is this: vulnerabilities like these are like striking gold for cybercriminals. A quick update is absolutely essential! But what's even more critical? Regular, hands-on penetration tests! Automated tools often miss these types of vulnerabilities. ☝️I'm curious to know: What steps do you take to secure your PHP applications? What penetration testing methods do you find most effective? 🤔<a href="https://infosec.exchange/tags/Security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Security</a> <a href="https://infosec.exchange/tags/Pentesting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Pentesting</a> <a href="https://infosec.exchange/tags/PHP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#PHP</a>

0x40kAlright, Go developers, listen up! 🚨 Seriously crazy stuff is happening in the Go world right now. We're talking major typosquatting issues. Attackers are slithering in and spreading malware via fake packages, can you believe it?So, for goodness sake, pay super close attention to the names of your modules! One little typo and bam! You've got yourself a nasty infection. As a pentester, I see this kind of thing all the time, sadly. Tiny mistakes, HUGE consequences. This malware then installs a backdoor. Totally not cool, right?Therefore, check your imports, folks! And make sure you're getting your devs trained up on security. Automated scans? Nice to have, sure, but they're absolutely no substitute for a manual pentest! What are your go-to tools for fighting this kind of attack? Oh, and yeah, IT security *has* to be in the budget, that's just the way it is.<a href="https://infosec.exchange/tags/golang" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#golang</a> <a href="https://infosec.exchange/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#security</a> <a href="https://infosec.exchange/tags/typosquatting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#typosquatting</a> <a href="https://infosec.exchange/tags/pentesting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#pentesting</a>

passboltOver the last four months, passbolt underwent three independent assessments to evaluate and strengthen our security posture.These assessments help us identify and address areas for improvement while confirming our existing security strengths. Read more about the latest security reviews: <a href="https://hubs.li/Q039csDh0" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://hubs.li/Q039csDh0</a>See the findings in the thread.<a href="https://mastodon.social/tags/SecurityAudit" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SecurityAudit</a> <a href="https://mastodon.social/tags/Cryptography" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Cryptography</a> <a href="https://mastodon.social/tags/OpenSource" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OpenSource</a> <a href="https://mastodon.social/tags/PasswordSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#PasswordSecurity</a> <a href="https://mastodon.social/tags/SOC2" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SOC2</a> <a href="https://mastodon.social/tags/Pentesting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Pentesting</a>

0x40kOkay folks, the new CISA KEV list is out... and wow, there are some serious vulnerabilities on it this time! 💥 Especially CVE-2023-20118 – looks like Cisco routers are in the crosshairs. Sadly, those routers are often the very first thing attackers go after. 🎯 So, definitely take a look and see if you are affected.The big issue is, lots of people aren't patching their systems quickly enough. Then, they're shocked when something goes wrong! 💣 Think of the CISA KEV list as the "Most Wanted" list for exploits, ya know?Seriously though, hands up: who's actually checked their router firmware lately? 🙋‍♂️ I wonder. <a href="https://infosec.exchange/tags/questionable" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#questionable</a>Remember, security isn't just about buying a product. It's an ongoing process! And hey, if you need a hand with any of this, you know where to find me. 😉<a href="https://infosec.exchange/tags/cisa" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cisa</a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infosec</a> <a href="https://infosec.exchange/tags/pentesting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#pentesting</a>

Recent searches

Search options

Administered by:

Server stats:

#pentesting