Search results

At a minimum, this will disclose your GITHUB_TOKEN secret, which expires when the workflow is finished or after 24 hours (whichever comes first). By default it's not a very permissive role, but there's always opportunity to over-privilege it. If however your workflow is using other secrets...

It has a decent API, it covers a broad range of topics, it's predominately short-form text content, it's human moderated, it's categorized and there's even up/down voting to help with reinforcement learning. It's basically easy mode for ML engineers, which is why Reddit now charges serious...

Sip and stare

Fantastic, great move, well done Angus (Steakhouse)

That's likely to be exactly what was already happening. These ransomware gangs often have relationships with Russian law enforcement & intelligence services. Bribes are pretty well a part of doing business, and there's a general understanding that they'll have free reign provided they don't...

The word "somehow" in here is making me nervous. Unless UHG isn't sharing the particular details around how the password was obtained, does this imply they simply don't know? Reading between the lines still it seems that it wasn't likely brute-forced or sprayed, so do they have insufficient...

**Sea shanties intensify

This is some high art hacking right here. Kudos to the authors for such a good write-up, double kudos to Fabian for hopping on this thread and providing clarification. To all my fellow blue teamers, Christmas has come early once again! Time to brew up some buckets of coffee and get cracking on...

If you commit AWS API keys to a public repo, AWS seems to pick up on it pretty quick (like, within a few minutes) and notify you via email of your blunder. There also appears to be some sort of anti-fraud flag that curtails your usage limits, to prevent 50x top dollar instances with GPUs being...

It very much depends on your adversary. If you're being targeted by folks who know what they're doing, have a long-term goal and want to fly under the radar so to speak, then yes they may very well patch the vulnerability once they're in. This isn't just limited to state-sponsored actors or...

That's a neat little XSS find, although looking at those URIs like "/saveMessage" or "/checkMessagesExist" makes me wonder if the folks at ESET also found a "/downloadMessages" (or similar) option.

Playing around with the sample on catbox[.]moe, the "Images.ico" executable drops this image "fu.png", weighing in at 43MB: The above is a screenshot of said image, as the original is crammed full of Visual Basic code, along with some other weirdness like references to some Drop Box malware &...

Also telling is that they activated their IR retainer for this apparently unsuccessful user compromise. Speaking from experience that's not something you do on a whim just to double-check, particularly if you already have an internal SIRT. Never mind that the investigation apparently took...

I dunno, if I had to roll out a critical patch to corporate endpoints within a short time-frame I would likely appreciate that Jamf kills the target process to ensure the update is applied immediately, rather than having to do a full restart first. I do know that in security I _really_...

I've been playing it on PC since release, and absolutely loving it. There's a staggering amount of content in this game, the character work is fantastic, combat is entertaining and the atmosphere they've managed to create is very engaging. Even the bugs I encounter don't detract from the...

Because the security team is much smaller than the entire IT faculty, and if you own/maintain a system then you're ultimately accountable for its security, just as you're accountable for its availability or running costs. Obviously it's not fair to expect every sysadmin to be a security expert...

Yet another RCE through improper de-serialization for WebLogic. If you're still leaving WebLogic open to the internet, particularly after the last crypto-hijack campaigns in 2018, you seriously need to reassess your priorities. It's up there with exposing RDP or SMB, except you could at least...

Can't really seem to find any official explanation for the name from Novetta, but all the threat intel players have different names for these groups (and different definitions for said groups). E.g. Crowdstrike calls DPNK groups "[name] CHOLLIMA" (always all-caps because all-caps is cool). The...

Agreed, this is where offsite backups come into play. There's no need to take the gamble of paying the ransom or the (often fruitless) effort of trying to get the encryption key out of memory if you can just re-image and restore from backup. Hence it's an availability control. File-level...

Defense in depth *is* other security measures. By definition, it's about layering security controls to provide greater redundancy and protection of data. As well, file-level encryption and offsite backups isn't that thin. It's something large enterprises struggle to implement consistently, and...