• Feb 18, 2020

    SweynTooth: Bluetooth vulnerabilities expose many BLE devices to attacks

    There's no rest for the (bluetooth) wearables A team of security researchers have discovered numerous vulnerabilities in the Bluetooth Low Energy (BLE) implementations of major vendors. Bluetooth Low Energy is a wireless communication technology (consisting of a set of standardized… read more »
  • Feb 17, 2020

    My Weekly RoundUp #127

    Some reading to start the week! Cybersecurity Abused Cloudflare Workers Service Used to Inject Korean SEO Spam ... After further investigation, it was found that the website was actually loading SEO spam content through Cloudflare’s Workers service. This service allows… read more »
  • Feb 14, 2020

    TLDR #2: Cross-Site Request Forgery

    Cross-Site Request Forgery (CSRF) is a type of attack that allows a malicious web site, email, blog, instant message, or program to causes a user’s web browser to perform an unwanted action on a trusted site, when the user is… read more »
  • Feb 13, 2020

    BlueFrag (CVE-2020-0022): a critical bluetooth vulnerability in Android

    Security researchers at ERNW disclosed a vulnerability in Android bluetooth stack that lets attackers silently deliver malware to and steal data from nearby phones simply knowing the Bluetooth MAC address of the target (easy to guess just by looking at… read more »
  • Feb 12, 2020

    CVE-2020-2100: Jenkins servers can be exploited to perform DDoS attacks

    A vulnerability (CVE-2020-2100), discovered by Adam Thorn from the University of Cambridge, may allows attacker to abuse internet-facing Jenkins servers to mount and amplify reflective DDoS attacks. Using a single, spoofed UDP packet can force vulnerable Jenkins servers [1] into… read more »
  • Feb 11, 2020

    OWASP Amass: in-depth attack surface mapping and asset discovery

    The OWASP Amass Project is tool developed to help information security professionals during the mapping process of attack perimeter. It allows DNS enumeration, attack surface mapping & external assets discovery, using open source information gathering and active reconnaissance techniques. OWASP… read more »
  • Feb 10, 2020

    My Weekly RoundUp #126

    This week: new layout and a lots of interesting links! Privacy WhatsApp contains ‘dangerous’ and deliberate backdoors, claims Telegram founder in a scathing blog post, Telegram Messenger’s founder, Pavel Durov, has added insult to the Facebook-owned instant messaging app’s injury by… read more »
  • Feb 7, 2020

    SpiderFoot 3.0: OSINT reconnaissance tool

    SpiderFoot is an OSINT automation tool for reconnaissance process, written in Python 3 and GPL-licensed. Recently, Steve Micallef released on GitHub [1] a new version (3) of SpiderFoot, with a lot of interesting enhancements. Web based UI or CLI Over 170 modules (see… read more »