A vulnerability (CVE-2020-2100), discovered by Adam Thorn from the University of Cambridge, may allows attacker to abuse internet-facing Jenkins servers to mount and amplify reflective DDoS attacks.

The OWASP Amass Project is tool developed to help information security professionals during the mapping process of attack perimeter.

It allows DNS enumeration, attack surface mapping & external assets discovery, using open source information gathering and active reconnaissance techniques.

This week: new layout and a lots of interesting links!

SpiderFoot is an OSINT automation tool for reconnaissance process, written in Python 3 and GPL-licensed.

Recently, developers of famous messaging app acknowledged and patched a major vulnerability that gave malicious users the ability to access files on a victim’s computer.

A target user may fall prey to this attack simply clicking a disguised link preview sent via the messaging app: a really easy mistake for users to make. 

Is it really possible to create a fake traffic jam on Google Maps?

Some server issues, this week! So few links, sorry!

Some funny thoughts about information technology on a post-apocalyptic environment, and some info about a more serious project!

Last December, in a talk at 36th Chaos Communication Congress, Samuel Groß presented a technical report about the infamous iOS vulnerability that allowed remote code execution on all iDevices up to iOS 12.4, within a couple of minutes and without user interaction.

A team of researchers from University of Michigan (Stephan van Schaik, Marina Minkin, Andrew Kwong and Daniel Genkin) and University of Adelaide (Yuval Yarom) recently presented a new attack technique that targets Intel CPUs.