The Hacker News
Popular Rust Crate liblzma-sys Compromised with XZ Utils Backdoor Files
April 12^th 2024 at 14:55

Popular Rust Crate liblzma-sys Compromised with XZ Utils Backdoor Files

By: Newsroom

"Test files" associated with the XZ Utils backdoor have made their way to a Rust crate known as liblzma-sys, new findings from Phylum reveal. liblzma-sys, which has been downloaded over 21,000 times to date, provides Rust developers with bindings to the liblzma implementation, an underlying library that is part of the XZ Utils data compression software. The

The Hacker News
Over 800 npm Packages Found with Discrepancies, 18 Exploit 'Manifest Confusion'
March 21^st 2024 at 14:26

Over 800 npm Packages Found with Discrepancies, 18 Exploit 'Manifest Confusion'

By: Newsroom

New research has discovered over 800 packages in the npm registry which have discrepancies from their registry entries, out of which 18 have been found to exploit a technique called manifest confusion. The findings come from cybersecurity firm JFrog, which said the issue could be exploited by threat actors to trick developers into running malicious code. "It's an actual threat since

The Hacker News
New Wi-Fi Vulnerabilities Expose Android and Linux Devices to Hackers
February 21^st 2024 at 16:16

New Wi-Fi Vulnerabilities Expose Android and Linux Devices to Hackers

By: Newsroom

Cybersecurity researchers have identified two authentication bypass flaws in open-source Wi-Fi software found in Android, Linux, and ChromeOS devices that could trick users into joining a malicious clone of a legitimate network or allow an attacker to join a trusted network without a password. The vulnerabilities, tracked as CVE-2023-52160 and CVE-2023-52161, have been discovered following a

The Hacker News
CISA and OpenSSF Release Framework for Package Repository Security
February 12^th 2024 at 10:41

CISA and OpenSSF Release Framework for Package Repository Security

By: The Hacker News

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) announced that it's partnering with the Open Source Security Foundation (OpenSSF) Securing Software Repositories Working Group to publish a new framework to secure package repositories. Called the Principles for Package Repository Security, the framework aims to establish a set of foundational rules for package

The Hacker News
Microsoft Introduces Linux-Like 'sudo' Command to Windows 11
February 12^th 2024 at 05:45

Microsoft Introduces Linux-Like 'sudo' Command to Windows 11

By: Newsroom

Microsoft said it's introducing Sudo for Windows 11 as part of an early preview version to help users execute commands with administrator privileges. "Sudo for Windows is a new way for users to run elevated commands directly from an unelevated console session," Microsoft Product Manager Jordi Adoumie said. "It is an ergonomic and familiar solution for users who want to elevate a command

The Hacker News
Tell Me Your Secrets Without Telling Me Your Secrets
November 24^th 2023 at 10:53

Tell Me Your Secrets Without Telling Me Your Secrets

By: The Hacker News

The title of this article probably sounds like the caption to a meme. Instead, this is an actual problem GitGuardian's engineers had to solve in implementing the mechanisms for their new HasMySecretLeaked service. They wanted to help developers find out if their secrets (passwords, API keys, private keys, cryptographic certificates, etc.) had found their way into public GitHub repositories. How

The Hacker News
Critical Vulnerabilities Uncovered in Open Source CasaOS Cloud Software
October 17^th 2023 at 14:37

Critical Vulnerabilities Uncovered in Open Source CasaOS Cloud Software

By: Newsroom

Two critical security flaws discovered in the open-source CasaOS personal cloud software could be successfully exploited by attackers to achieve arbitrary code execution and take over susceptible systems. The vulnerabilities, tracked as CVE-2023-37265 and CVE-2023-37266, both carry a CVSS score of 9.8 out of a maximum of 10. Sonar security researcher Thomas Chauchefoin, who discovered the bugs,

Holehe - Tool To Check If The Mail Is Used On Different Sites Like Twitter, Instagram And Will Retrieve Information On Sites With The Forgotten Password Function

By: Zion3R

Holehe Online Version

Summary

Efficiently finding registered accounts from emails.

Holehe checks if an email is attached to an account on sites like twitter, instagram, imgur and more than 120 others.

Retrieves information using the forgotten password function.
Does not alert the target email.
Runs on Python 3.

Installation

With PyPI

pip3 install holehe

With Github

git clone https://github.com/megadose/holehe.git
cd holehe/
python3 setup.py install

Quick Start

Holehe can be run from the CLI and rapidly embedded within existing python applications.

 CLI Example

holehe test@gmail.com

 Python Example

import trio
import httpx

from holehe.modules.social_media.snapchat import snapchat


async def main():
    email = "test@gmail.com"
    out = []
    client = httpx.AsyncClient()

    await snapchat(email, client, out)

    print(out)
    await client.aclose()

trio.run(main)

Module Output

For each module, data is returned in a standard dictionary with the following json-equivalent format :

{
  "name": "example",
  "rateLimit": false,
  "exists": true,
  "emailrecovery": "ex****e@gmail.com",
  "phoneNumber": "0*******78",
  "others": null
}

rateLitmit : Lets you know if you've been rate-limited.
exists : If an account exists for the email on that service.
emailrecovery : Sometimes partially obfuscated recovery emails are returned.
phoneNumber : Sometimes partially obfuscated recovery phone numbers are returned.
others : Any extra info.

Rate limit? Change your IP.

Maltego Transform : Holehe Maltego

Thank you to :

navlys
Chris
socialscan
UhOh365
soxoj
mxrch (and for the logo)
novitae

Donations

For BTC Donations : 1FHDM49QfZX6pJmhjLE5tB2K6CaTLMZpXZ

 License

GNU General Public License v3.0

Built for educational purposes only.

Modules

Name	Domain	Method	Frequent Rate Limit
aboutme	about.me	register	✘
adobe	adobe.com	password recovery	✘
amazon	amazon.com	login	✘
amocrm	amocrm.com	register	✘
anydo	any.do	login	✔
archive	archive.org	register	✘
armurerieauxerre	armurerie-auxerre.com	register	✘
atlassian	atlassian.com	register	✘
axonaut	axonaut.com	register	✘
babeshows	babeshows.co.uk	register	✘
badeggsonline	badeggsonline.com	register	✘
biosmods	bios-mods.com	register	✘
biotechnologyforums	biotechnologyforums.com	register	✘
bitmoji	bitmoji.com	login	✘
blablacar	blablacar.com	register	✔
blackworldforum	blackworldforum.com	register	✔
blip	blip.fm	register	✔
blitzortung	forum.blitzortung.org	register	✘
bluegrassrivals	bluegrassrivals.com	register	✘
bodybuilding	bodybuilding.com	register	✘
buymeacoffee	buymeacoffee.com	register	✔
cambridgemt	discussion.cambridge-mt.com	register	✘
caringbridge	caringbridge.org	register	✘
chinaphonearena	chinaphonearena.com	register	✘
clashfarmer	clashfarmer.com	register	✔
codecademy	codecademy.com	register	✔
codeigniter	forum.codeigniter.com	register	✘
codepen	codepen.io	register	✘
coroflot	coroflot.com	register	✘
cpaelites	cpaelites.com	register	✘
cpahero	cpahero.com	register	✘
cracked_to	cracked.to	register	✔
crevado	crevado.com	register	✔
deliveroo	deliveroo.com	register	✔
demonforums	demonforums.net	register	✔
devrant	devrant.com	register	✘
diigo	diigo.com	register	✘
discord	discord.com	register	✘
docker	docker.com	register	✘
dominosfr	dominos.fr	register	✔
ebay	ebay.com	login	✔
ello	ello.co	register	✘
envato	envato.com	register	✘
eventbrite	eventbrite.com	login	✘
evernote	evernote.com	login	✘
fanpop	fanpop.com	register	✘
firefox	firefox.com	register	✘
flickr	flickr.com	login	✘
freelancer	freelancer.com	register	✘
freiberg	drachenhort.user.stunet.tu-freiberg.de	register	✘
garmin	garmin.com	register	✔
github	github.com	register	✘
google	google.com	register	✔
gravatar	gravatar.com	other	✘
hubspot	hubspot.com	login	✘
imgur	imgur.com	register	✔
insightly	insightly.com	login	✘
instagram	instagram.com	register	✔
issuu	issuu.com	register	✘
koditv	forum.kodi.tv	register	✘
komoot	komoot.com	register	✔
laposte	laposte.fr	register	✘
lastfm	last.fm	register	✘
lastpass	lastpass.com	register	✘
mail_ru	mail.ru	password recovery	✘
mybb	community.mybb.com	register	✘
myspace	myspace.com	register	✘
nattyornot	nattyornotforum.nattyornot.com	register	✘
naturabuy	naturabuy.fr	register	✘
ndemiccreations	forum.ndemiccreations.com	register	✘
nextpvr	forums.nextpvr.com	register	✘
nike	nike.com	register	✘
nimble	nimble.com	register	✘
nocrm	nocrm.io	register	✘
nutshell	nutshell.com	register	✘
odnoklassniki	ok.ru	password recovery	✘
office365	office365.com	other	✔
onlinesequencer	onlinesequencer.net	register	✘
parler	parler.com	login	✘
patreon	patreon.com	login	✔
pinterest	pinterest.com	register	✘
pipedrive	pipedrive.com	register	✘
plurk	plurk.com	register	✘
pornhub	pornhub.com	register	✘
protonmail	protonmail.ch	other	✘
quora	quora.com	register	✘
rambler	rambler.ru	register	✘
redtube	redtube.com	register	✘
replit	replit.com	register	✔
rocketreach	rocketreach.co	register	✘
samsung	samsung.com	register	✘
seoclerks	seoclerks.com	register	✘
sevencups	7cups.com	register	✔
smule	smule.com	register	✔
snapchat	snapchat.com	login	✘
soundcloud	soundcloud.com	register	✘
sporcle	sporcle.com	register	✘
spotify	spotify.com	register	✔
strava	strava.com	register	✘
taringa	taringa.net	register	✔
teamleader	teamleader.com	register	✘
teamtreehouse	teamtreehouse.com	register	✘
tellonym	tellonym.me	register	✘
thecardboard	thecardboard.org	register	✘
therianguide	forums.therian-guide.com	register	✘
thevapingforum	thevapingforum.com	register	✘
tumblr	tumblr.com	register	✘
tunefind	tunefind.com	register	✔
twitter	twitter.com	register	✘
venmo	venmo.com	register	✔
vivino	vivino.com	register	✘
voxmedia	voxmedia.com	register	✘
vrbo	vrbo.com	register	✘
vsco	vsco.co	register	✘
wattpad	wattpad.com	register	✔
wordpress	wordpress	login	✘
xing	xing.com	register	✘
xnxx	xnxx.com	register	✔
xvideos	xvideos.com	register	✘
yahoo	yahoo.com	login	✔
zoho	zoho.com	login	✔

Download Holehe

The Hacker News
Enhancing Security Operations Using Wazuh: Open Source XDR and SIEM
August 7^th 2023 at 10:30

Enhancing Security Operations Using Wazuh: Open Source XDR and SIEM

By: The Hacker News

In today's interconnected world, evolving security solutions to meet growing demand is more critical than ever. Collaboration across multiple solutions for intelligence gathering and information sharing is indispensable. The idea of multiple-source intelligence gathering stems from the concept that threats are rarely isolated. Hence, their detection and prevention require a comprehensive

🏷️ My labels
- ❌
Article tags
August 7^th 2023 at 10:30

The Hacker News
Hackers Flood NPM with Bogus Packages Causing a DoS Attack
April 10^th 2023 at 12:45

Hackers Flood NPM with Bogus Packages Causing a DoS Attack

By: Ravie Lakshmanan

Threat actors flooded the npm open source package repository for Node.js with bogus packages that briefly even resulted in a denial-of-service (DoS) attack. "The threat actors create malicious websites and publish empty packages with links to those malicious websites, taking advantage of open-source ecosystems' good reputation on search engines," Checkmarx's Jossef Harush Kadouri said in a

The Hacker News
Attackers Flood NPM Repository with Over 15,000 Spam Packages Containing Phishing Links
February 22^nd 2023 at 11:17

Attackers Flood NPM Repository with Over 15,000 Spam Packages Containing Phishing Links

By: Ravie Lakshmanan

In what's a continuing assault on the open source ecosystem, over 15,000 spam packages have flooded the npm repository in an attempt to distribute phishing links. "The packages were created using automated processes, with project descriptions and auto-generated names that closely resembled one another," Checkmarx researcher Yehuda Gelb said in a Tuesday report. "The attackers referred to retail

The Hacker News
Threat Actors Turn to Sliver as Open Source Alternative to Popular C2 Frameworks
January 23^rd 2023 at 09:54

Threat Actors Turn to Sliver as Open Source Alternative to Popular C2 Frameworks

By: Ravie Lakshmanan

The legitimate command-and-control (C2) framework known as Sliver is gaining more traction from threat actors as it emerges as an open source alternative to Cobalt Strike and Metasploit. The findings come from Cybereason, which detailed its inner workings in an exhaustive analysis last week. Sliver, developed by cybersecurity company BishopFox, is a Golang-based cross-platform post-exploitation

The Hacker News
Google Launches OSV-Scanner Tool to Identify Open Source Vulnerabilities
December 13^th 2022 at 18:22

Google Launches OSV-Scanner Tool to Identify Open Source Vulnerabilities

By: Ravie Lakshmanan

Google on Tuesday announced the open source availability of OSV-Scanner, a scanner that aims to offer easy access to vulnerability information about various projects. The Go-based tool, powered by the Open Source Vulnerabilities (OSV) database, is designed to connect "a project's list of dependencies with the vulnerabilities that affect them," Google software engineer Rex Pan in a post shared

🏷️ My labels
- ❌
Article tags
December 13^th 2022 at 18:22

The Hacker News
Open Source Ransomware Toolkit Cryptonite Turns Into Accidental Wiper Malware
December 6^th 2022 at 06:11

Open Source Ransomware Toolkit Cryptonite Turns Into Accidental Wiper Malware

By: Ravie Lakshmanan

A version of an open source ransomware toolkit called Cryptonite has been observed in the wild with wiper capabilities due to its "weak architecture and programming." Cryptonite, unlike other ransomware strains, is not available for sale on the cybercriminal underground, and was instead offered for free by an actor named CYBERDEVILZ until recently through a GitHub repository. The source code and

WIRED
Their Photos Were Posted Online. Then They Were Bombed
August 26^th 2022 at 11:00

Their Photos Were Posted Online. Then They Were Bombed

By: Matt Burgess

An attack on Russian mercenaries shows how militaries are increasingly using open source data—with sometimes deadly consequences.

KitPloit - PenTest Tools!
Pocsploit - A Lightweight, Flexible And Novel Open Source Poc Verification Framework
May 26^th 2022 at 21:30

Pocsploit - A Lightweight, Flexible And Novel Open Source Poc Verification Framework

By: noreply@blogger.com (Unknown)

pocsploit is a lightweight, flexible and novel open source poc verification framework

Pain points of the POC framework in the market

There are too many params, I don't know how to get started, but only some of them are commonly used.
YAML poc framework(like nuclei & xray) is not flexible enough. the conversion cost is very high when writing poc. Sometimes it's hard when encountering non-http protocols. (only hex can be used)
Sometimes POC has false positives, which can be avoided by accurate fingerprint matching.
It is heavily dependent on the framework. Poc in pocsploit can be used in the framework and can also be used alone.

Advantages of pocsploit

Lighter, does not depend on the framework, a single poc can run
Easier to rewrite Poc
More flexible (compared to nuclei, xray, goby, etc.)
Fewer false positives, providing fingerprint prerequisite judgment, you can first judge whether the site has the fingerprint of a certain component, and then perform POC verification, which is more accurate
There are many ways to use, providing poc / exp
Detailed vulnerability information display
Poc ecological sustainability: I will continue to update the Poc to modules/, and welcome everyone to join us Contribute Poc

Encountered code/poc issues, please Submit issue

Poc Statistics

cve	cnnvd	others
345	7	102

Usage

Install requirements

pip3 install -r requirements.txt

poc to verify single website

python3 pocsploit.py -iS "http://xxxx/" -r "modules/" -t 100 --poc

specific poc

python3 pocslpoit.py -iS "http://xxxxx" -r "modules/vulnerabilities/thinkphp/thinkphp-5022-rce.py" --poc

exp to exploit many websites (with urls in a file)

python3 pocslpoit.py -iF "urls.txt" -r "modules/vulnerabilities/" --exp

Turn on fingerprint pre-verification, verify the fingerprint first, and then enter the poc verification after matching

python3 pocslpoit.py -iS "http://xxxxx" -r "modules/vulnerabilities/thinkphp/thinkphp-5022-rce.py" --poc --fp

Output to file & console quiet mode

python3 pocslpoit.py -iS "http://xxxx" -r "modules/vulnerabilities/" --poc -o result/result.log -q

Other Usage

python3 pocsploit.py --help

others

OOB

Please config conf/config.py

P.S. How to build your own DNSLog，please visit Hyuga-DNSLog

DNSLOG_URI: DNSLog Address
DNSLOG_TOKEN: Token
DNSLOG_IDENTIFY: your identity

Download Pocsploit

http://blog.trendmicro.com/feed
Removing Open Source Visibility Challenges for Security Operations Teams
August 25^th 2020 at 13:00

Removing Open Source Visibility Challenges for Security Operations Teams

By: Trend Micro

Identifying security threats early can be difficult, especially when you’re running multiple security tools across disparate business units and cloud projects. When it comes to protecting cloud-native applications, separating legitimate risks from noise and distractions is often a real challenge.

That’s why forward-thinking organizations look at things a little differently. They want to help their application developers and security operations (SecOps) teams implement unified strategies for optimal protection. This is where a newly expanded partnership from Trend Micro and Snyk can help.

Dependencies create risk

In today’s cloud-native development streams, the insatiable need for faster iterations and time-to-market can impact both downstream and upstream workflows. As a result, code reuse and dependence on third-party libraries has grown, and with it the potential security, compliance and reputational risk organizations are exposing themselves to.

Just how much risk is associated with open source software today? According to Snyk research, vulnerabilities in open source software have increased 2.5x in the past three years. https://info.snyk.io/sooss-report-2020. What’s more, a recent report claimed to have detected a 430% year-on-year increase in attacks targeting open source components, with the end goal of infecting the software supply chain. While open source code is therefore being used to accelerate time-to-market, security teams are often unaware of the scope and impact this can have on their environments.

Managing open source risk

This is why cloud security leader Trend Micro, and Snyk, a specialist in developer-first open source security, have extended their partnership with a new joint solution. It’s designed to help security teams manage the risk of open source vulnerabilities from the moment code is introduced, without interrupting the software delivery process.

This ambitious achievement helps improve security for your operations teams without changing the way your developer teams work. Trend Micro and Snyk are addressing open source risks by simplifying a bottom-up approach to risk mitigation that brings together developer and SecOps teams under one unified solution. It combines state-of-the-art security technology with collaborative features and processes to eliminate the security blind spots that can impact development lifecycles and business outcomes.

Available as part of Trend Micro Cloud One, the new solution being currently co-developed with Snyk will:

Scan all code repositories for vulnerabilities using Snyk’s world-class vulnerability scanning and database
Bridge the organizational gap between DevOps & SecOps, to help influence secure DevOps practices
Deliver continuous visibility of code vulnerabilities, from the earliest code to code running in production
Integrate seamlessly into the complete Trend Micro Cloud One security platform

CloudOne

This unified solution closes the gap between security teams and developers, providing immediate visibility across modern cloud architectures. Trend Micro and Snyk continue to deliver world class protection that fits the cloud-native development and security requirements of today’s application-focused organizations.

The post Removing Open Source Visibility Challenges for Security Operations Teams appeared first on .