Flame JK

20/11/2024

To learn hacking and cyber security most follow this page.

page link : https://www.facebook.com/profile.php?id=61566759882941&mibextid=ZbWKwL

Wordfence has identified a severe authentication bypass vulnerability in the WordPress plugin ‘Really Simple Security’, previously known as ‘Really Simple SSL’. This critical flaw affects both the free and Pro versions of the plugin, which is used on over four million websites.

20/11/2024

Chinese threat actor BrazenBamboo has been exploiting a previously undisclosed zero-day vulnerability in Fortinet’s FortiClient Windows VPN client using a modular post-exploitation toolkit named DeepData. This flaw enables the attackers to extract VPN credentials directly from memory after users authenticate.

20/11/2024

To learn hacking and cyber security most follow this page.

page link : https://www.facebook.com/profile.php?id=61566759882941&mibextid=ZbWKwL

"Zero-Day Danger: FortiClient Vulnerability Used for Credential Theft"

Cybersecurity researchers have uncovered a campaign by BrazenBamboo, exploiting an unpatched zero-day vulnerability in Fortinet’s FortiClient VPN software for Windows. The attack uses a modular malware framework, DEEPDATA, to steal sensitive VPN credentials and harvest data from chat apps, email clients, and browsers.

Reported to Fortinet in July 2024, the flaw remains unpatched, leaving systems vulnerable. DEEPDATA, alongside tools like DEEPPOST and LightSpy, highlights BrazenBamboo’s advanced espionage capabilities, likely linked to state-sponsored operations.

Organizations using FortiClient should monitor for updates, implement security workarounds, and strengthen defenses to mitigate risks.

10/11/2024

To learn hacking and cyber security most follow this page.

page link : https://www.facebook.com/profile.php?id=61566759882941&mibextid=ZbWKwL

"North Korean Hackers Target Crypto Firms with Advanced Malware"

North Korean hackers, likely linked to BlueNoroff, have intensified attacks on cryptocurrency firms, using advanced multi-layered malware tools like RustDoor and ThiefBucket. The “Hidden Risk” group delivers malware through phishing emails posing as crypto-news PDFs, increasing credibility with real research papers. One email links to a “Bitcoin ETF document” that deploys macOS malware disguised as a Swift app.

The malware establishes itself through a decoy PDF, downloading a malicious binary and bypassing macOS security—a sign of North Korea’s evolving threat to crypto businesses.

10/11/2024

To learn hacking and cyber security most follow this page.

page link : https://www.facebook.com/profile.php?id=61566759882941&mibextid=ZbWKwL

08/11/2024

To learn hacking and cyber security most follow this page.

page link : https://www.facebook.com/profile.php?id=61566759882941&mibextid=ZbWKwL

Method no:1 to find account takeover Vulnerability.

Credential Stuffing Vulnerability Testing

Credential stuffing is a common Account Takeover technique where attackers use previously leaked username-password combinations to access user accounts. Many users reuse passwords across sites, making credential stuffing an effective method for attackers.

Suppose you’re testing an e-commerce platform. You can attempt login attempts with commonly reused credentials, such as “admin123” or “password123,” across multiple accounts. If the site lacks rate limiting or CAPTCHA protections, you may be able to attempt multiple logins without restriction, which is a potential vulnerability. A secure site should implement mechanisms like CAPTCHA or rate limiting to prevent such attacks.

08/11/2024

To learn hacking and cyber security most follow this page.

page link : https://www.facebook.com/profile.php?id=61566759882941&mibextid=ZbWKwL

Account Takeover (ATO) vulnerabilities are a prime target for bug hunters, as they can lead to unauthorized access, data theft, and serious security breaches. Ethical hackers and security researchers look for these vulnerabilities to protect users and organizations from malicious attacks. In this post, we’ll cover the top 10 methods for identifying Account Takeover vulnerabilities, complete with examples to help you understand how to spot these weaknesses.

04/11/2024

To learn hacking and cyber security most follow this page.

page link : https://www.facebook.com/profile.php?id=61566759882941&mibextid=ZbWKwL

02/11/2024

02/11/2024

To learn hacking and cyber security most follow this page.

page link : https://www.facebook.com/profile.php?id=61566759882941&mibextid=ZbWKwL