CipherTechs discovered an admin authentication bypass 0day in JFrog Artifactory. https://t.co/iQcE01uSYS. Patches and work around are available. Be sure to find out if your in-house dev team uses Artifactory. Shout-outs to @jfrog for their vuln disclosure process!
- "... and then he said to sign my malware.exe with faked Microsoft cert to evade AVs/EDRs. Would you believe?"
( ̄y▽ ̄)╭ Ohohoho.....
Sign-Artifact.ps1 - based on @mattifestation research & implementation shamelessly borrowed here:
https://t.co/6LAVgCrOVN
@dio9sys We'd love to talk to you. Fully remote position, opportunities to work SOC, develop detections, automation, write Python, and get real-world DFIR experience
LAPSUS$ extortion group claims to have breached @Okta. They have released 8 photos as proof.
The photos we are sharing has been edited so no sensitive information or user identities are displayed.
Image 1 - 4 attached below.
Sandy Bacik, Director of Audit and Compliance at @CipherTechs, will present on PCI 4.0 next week at SecureWorld Philadelphia. See the conference agenda and register here: https://t.co/wXgScj3dwh #SWPHL22#GRC
Our researchers discovered a high-severity code vulnerability in the open-source monitoring platform Zabbix. Learn more about this authentication bypass in our latest publication🔥
https://t.co/WmS8EBzvST
#appsec#cve-2022-23131 #cve-2022-23134