Security Leftovers
-
4 CTF Cloud and Linux Security Challenges Now Open - Pentesting Cloud
PenTesting.Cloud, a free learning platform, has released their first 4 challenges. Utilize your Linux and Cloud Computing skills to exploit vulnerabilities in a lab environment. New challenges are released every two weeks. They are setup in a CTF style, where you can earn points and compete against other members.
Most challenges require Linux and/or Python experience to solve, along with Cloud knowledge. If you don’t have access to a Linux box, you can use an EC2 instance. Users with strong Linux and shell scripting skills will be able to earn the most points.
The site was launched to promote free learning in the realms of Linux and Cloud security. It focuses on using Linux skills to discover and remediate common misconfigurations in the Cloud. The website is totally free, however you may incur a small AWS charge for the labs which require you to run them in your personal AWS sandbox account.
-
Revolut data breach: 50,000+ users affected - Help Net Security
Revolut customers began noticing something was wrong on September 11, when some of them reported receiving “inappropriate wording via chat.”
-
Uber hack linked to hardcoded secrets spotted in PowerShell script
Uber is purported to rely on multi-factor authentication (MFA). Third-party experts have commented that an attacker may have been able to circumvent these controls by establishing a fake domain and any relaying authentication codes submitted to the genuine domain using a manipulator-in-the-middle (MitM) attack.
-
Thoughts on the use of noVNC for phishing campaigns
Dear Fellowlship, today’s homily is a rebuke to all those sinners who have decided to abandon the correct path of reverse proxies to bypass 2FA. Penitenziagite!