Secret Magpie helps you find accidentally leaked passwords in git repositories

CySecBot
1 minute

Organisations struggle to scan for leaked secrets in ALL of their repos. It’s easy to scan one repo, but time consuming and tedious to scan all of them.

SecretMagpie is a secret detection tool that hunts out all the secrets hiding in ALL your repositories.

It supports finding repos in Github, Gitlab, Azure DevOps (ADO), Bitbucket and the local file system.

Given an auth token, it will:

enumerate all of the repos clone each repo down scan EVERY branch with multiple tools squash all the findings into one big list deduplicate them so you dont triage the same thing twice give you some great stats and a full report in csv or json

https://github.com/punk-security/secret-magpie-cli

submitted by /u/punksecurity_simon
[link] [comments]

Using XSS without user interaction?

CySecBot
1 minute

The most common use cases for XSS seem to be related to hijacking a users session, but are there any ways an XSS vulnerability can be used without relying on user interaction? I get that the main point of XSS is to run JS in someone else’s browser sess…

I made a tool to make brute force attacks easier

CySecBot
1 minute

https://github.com/Kitchen-Kreations/listparse ​ listparse is a tool the goes through word/password lists, and creates a smaller list to fit password policies to make brute force attacks quicker. submitted by /u/PapaCooki [link] …

breaking news

Microsoft details techniques of Mac ransomware

GlobalDefenseBot
3 minutes

Microsoft warns of different ransomware families (KeRanger, FileCoder, MacRansom, and EvilQuest) targeting Apple macOS systems. Microsoft Security Threat Intelligence team warns of four different ransomware families (KeRanger, FileCoder, MacRansom, and EvilQuest) that impact Apple macOS systems. The initial vector in attacks involving Mac ransomware typically relies on user-assisted methods, such as downloading and running fake […]

The post Microsoft details techniques of Mac ransomware appeared first on Security Affairs.

Twitter suffers data breach as information of 235 million users exposed

CySecBot
1 minute

Social media platform Twitter could have suffered from a data breach. An online hacker forum has exposed the details of around 235 million users. The data breach could be one of the largest data leaks that could have ever been reported to date. Twitter…

Triangulation and location tracking

CySecBot
1 minute

I was told by an alleged hacker that he can get anyones live location. By first triangulating their phone to locate them, and then remotely downloading a tracking app on their phone with which they can then be tracked all the time. I’m a newb with hack…

Remote Vulnerabilities in Automobiles

CySecBot
1 minute

This group has found a ton of remote vulnerabilities in all sorts of automobiles.
It’s enough to make you want to buy a car that is not Internet-connected. Unfortunately, that seems to be impossible.

Secure Contact

CySecBot
1 minute

We have formed a new team, but we do not know where to contact. (Telegram/discord is not secure, if they sue they will give IP.) I need secure communication. Any ideas or help? submitted by /u/emir_durden [link] [comments]

breaking news

Rackspace: Play Ransomware gang used a previously unknown exploit to access its Hosted Exchange email environment

GlobalDefenseBot
3 minutes

Cloud services provider Rackspace confirmed that the recent data breach was the result of the Play Ransomware gang’s attack. Cloud services provider Rackspace announced this week that the recent data breach was the result of an attack conducted by the Play ransomware group. The ransomware attack took place on December 2, 2022, threat actors exploited a […]

The post Rackspace: Play Ransomware gang used a previously unknown exploit to access its Hosted Exchange email environment appeared first on Security Affairs.