Talkback

Talkback

AI Powered Infosec Resource Aggregator to Boost Productivity.

Developed by elttam

Sign in to customize your weekly newsletter.

Trending Resources See all
Zero Day Initiative — Pwn2Own Ireland - The Full Schedule exp

Pwn2Own Ireland 2024 is the inaugural event in Ireland offering over $1,000,000 in cash and prizes, featuring teams targeting various devices in categories like Smart Speakers, Printers, Surveillance, and Network Attached Storage, with results shared live on the blog and video highlights on social media platforms.

Mon 21 Oct zerodayinitiative.com
ARCrypter Ransomware Expands Its Operations From Latin America to the World mal

ARCrypter ransomware targets government and institutional computer systems globally, dropping a ransom note before encrypting files with a unique delivery mechanism.

Mon 21 Oct blogs.blackberry.com
Attackers Target Exposed Docker Remote API Servers With perfctl Malware cloud net

Exploiting exposed Docker remote API servers requires securing, monitoring, updating, and auditing for protection against attack campaigns.

Mon 21 Oct trendmicro.com
Hooked by the Call: A Deep Dive into The Tricks Used in Callback Phishing Emails social

Trustwave SpiderLabs observed a 140% increase in callback phishing spam campaigns, where attackers combine email spam and phone calls to deceive victims into divulging sensitive information or downloading malware, using evasion techniques like text obfuscation and exploiting legitimate platforms like PayPal and Xero.

Mon 21 Oct trustwave.com
Total Identity Compromise: Microsoft Incident Response lessons on securing Active Directory net sys

Microsoft Incident Response focuses on securing Active Directory environments by reducing privilege, improving credential hygiene, and actively monitoring for signs of compromise.

Mon 21 Oct techcommunity.microsoft.com
CVE-2024-41874 exp app

CVE-2024-41874 is a critical unauthenticated remote code execution vulnerability in Adobe ColdFusion versions 2021 before Update 16 and 2023 before Update 10, allowing attackers to overwrite global scopes and execute code.

Mon 21 Oct attackerkb.com
Trending Vulnerabilities See all
CVE-2024-44912 7.5
Analyzed

NASA CryptoLib v1.3.0 was discovered to contain an Out-of-Bounds read via the TM subsystem (crypto_tm.c).

Fri 27 Sep
CVE-2024-44911 7.5
Analyzed

NASA CryptoLib v1.3.0 was discovered to contain an Out-of-Bounds read via the TC subsystem (crypto_aos.c).

Fri 27 Sep
CVE-2024-44910 7.5
Analyzed

NASA CryptoLib v1.3.0 was discovered to contain an Out-of-Bounds read via the AOS subsystem (crypto_aos.c).

Fri 27 Sep
CVE-2024-41874 9.8
Analyzed

ColdFusion versions 2023.9, 2021.15 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user. An attacker could exploit this vulnerability by providing c…

Fri 13 Sep
CVE-2024-5243 7.5
Awaiting Analysis

TP-Link Omada ER605 Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Omada ER605 routers. Authentication is not required to exploit thi…

Thu 23 May
CVE-2024-1179 7.5
Awaiting Analysis

TP-Link Omada ER605 DHCPv6 Client Options Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Omada ER605 routers. Authenticat…

Mon 1 Apr
Trending Topics See all
Brute Ratel
Project
  • Exception Junction - Where All Exceptions Meet Their Handler
  • GitHub - johnjhacking/badgerDAPS: Brute Ratel LDAP filtering and sorting tool. Easily take BR log output and pull hostnames for ease of use with other red team tooling. Supports OU filtering and removes disabled hosts.
  • Release v1.7 - Pandemonium
  • ...
Mon 21 Oct
Windows Microsoft
Operating System
  • Exception Junction - Where All Exceptions Meet Their Handler
  • North Korea-linked APT37 exploited IE zero-day in a recent attack
  • Globe Life extorted following subsidiary breach
  • ...
Mon 21 Oct
BloodHound BloodHound
Active Directory tool
  • Total Identity Compromise: Microsoft Incident Response lessons on securing Active Directory
  • knowsmore: A swiss army knife tool for pentesting Microsoft Active Directory
  • GitHub - seriotonctf/AD-Tools: List of some AD tools I frequently use
  • ...
Mon 21 Oct
AD Explorer Sysinternals
Active Directory tool
  • Total Identity Compromise: Microsoft Incident Response lessons on securing Active Directory
  • FalconForce
  • Domain Goodness - How I Learned to LOVE AD Explorer
  • ...
Mon 21 Oct
AdFind Sysinternals
Active Directory tool
  • Total Identity Compromise: Microsoft Incident Response lessons on securing Active Directory
  • From IcedID to Dagon Locker Ransomware in 29 Days
  • Budworm: APT Group Uses Updated Custom Tool in Attacks on Government and Telecoms Org
  • ...
Mon 21 Oct
Microsoft Incident Response Microsoft
Incident Response
  • Total Identity Compromise: Microsoft Incident Response lessons on securing Active Directory
  • The art and science behind Microsoft threat hunting: Part 3
  • Octo Tempest: Hybrid identity compromise recovery
  • ...
Mon 21 Oct

Indexed Resources