■■■■■ Fileless Remote Code Execution on Juniper Firewalls - Blog - VulnCheck.
https://vulncheck.com/blog/juniper-cve-2023-36845
https://vulncheck.com/blog/juniper-cve-2023-36845
VulnCheck
VulnCheck - Outpace Adversaries
Vulnerability intelligence that predicts avenues of attack with speed and accuracy.
Forwarded from cKure Red
● Real world OSINT challenge.
United States' military loses F35B over its territory. Unable to track, the US government has requested civilian help to find the missing plane.
https://twitter.com/flightradar24/status/1703827299412455459
https://twitter.com/TeamCharleston/status/1703523385475534968
https://www.businessinsider.com/missing-f35-flying-after-pilot-ejected-soviet-jet-cold-war-2023-9
United States' military loses F35B over its territory. Unable to track, the US government has requested civilian help to find the missing plane.
https://twitter.com/flightradar24/status/1703827299412455459
https://twitter.com/TeamCharleston/status/1703523385475534968
https://www.businessinsider.com/missing-f35-flying-after-pilot-ejected-soviet-jet-cold-war-2023-9
X (formerly Twitter)
Flightradar24 (@flightradar24) on X
The US military is searching for a missing F-35B in South Carolina after the pilot ejected yesterday and the jet kept flying. If you have seen an F-35 in the woods, please contact the US Marines.
■■■□□ Data-Leak: Researchers from vx-underground reported that FBI hacker ‘USDoD‘ leaked sensitive data from consumer credit reporting agency TransUnion.
https://securityaffairs.com/150968/data-breach/transunion-data-leak.html
https://securityaffairs.com/150968/data-breach/transunion-data-leak.html
Security Affairs
FBI hacker USDoD leaks highly sensitive TransUnion data
Researchers from vx-underground reported that FBI hacker 'USDoD' leaked sensitive data from consumer credit reporting agency TransUnion.
■□□□□ Data-leak: The Clorox Company admits cyberattack causing 'widescale disruption'
Back to 'manual' order processing for $7B household cleaning biz, financial impact will be 'material'.
https://www.theregister.com/2023/09/19/the_clorox_company_admits_cyber/
Back to 'manual' order processing for $7B household cleaning biz, financial impact will be 'material'.
https://www.theregister.com/2023/09/19/the_clorox_company_admits_cyber/
The Register
The Clorox Company admits cyberattack causing 'widescale disruption'
Back to 'manual' order processing for $7B household cleaning biz, financial impact will be 'material'
■■■■■ The Not So Pleasant Password Manager.
https://www.mdsec.co.uk/2023/09/the-not-so-pleasant-password-manager/
https://www.mdsec.co.uk/2023/09/the-not-so-pleasant-password-manager/
MDSec
The Not So Pleasant Password Manager - MDSec
Overview During a recent adversary simulation, the MDSec ActiveBreach red team were asked to investigate the organisation’s Password Manager solution, with the key objective of compromising stored credentials, ideally from...
Forwarded from cKure Red
Signal adds quantum-resistant encryption to its E2EE messaging protocol.
https://signal.org/blog/pqxdh/
https://www.bleepingcomputer.com/news/security/signal-adds-quantum-resistant-encryption-to-its-e2ee-messaging-protocol/
https://signal.org/blog/pqxdh/
https://www.bleepingcomputer.com/news/security/signal-adds-quantum-resistant-encryption-to-its-e2ee-messaging-protocol/
Signal
Quantum Resistance and the Signal Protocol
The Signal Protocol is a set of cryptographic specifications that provides end-to-end encryption for private communications exchanged daily by billions of people around the world. After its publication in 2013, the Signal Protocol was adopted not only by…
■■■■□ android-luks: An app that allows secure LUKS unlocking using usb accessory mode without typing your LUKS password.
https://github.com/full-disclosure/android-luks
https://github.com/full-disclosure/android-luks
GitHub
GitHub - full-disclosure/android-luks: An app that allows secure LUKS unlocking using usb accessory mode without typing your LUKS…
An app that allows secure LUKS unlocking using usb accessory mode without typing your LUKS password - full-disclosure/android-luks
■■■■■ Frida & Objection without Jailbreak!
https://infosecwriteups.com/frida-objection-without-jailbreak-27a66501bf38
https://infosecwriteups.com/frida-objection-without-jailbreak-27a66501bf38
Medium
Frida & Objection without Jailbreak! 🔥🔥
So are you the one who stops security testing if Jailbreak Detection is not bypassed?? No worries, we have got you covered! A method to…
■■■■■ HeaderLessPE: A memory PE loading technique used by the Icedid Trojan. Based on this technology, we propose a new way of file-less attack using HVNC . This enhancement allows to inject HeaderLessPE into execute graphical hacking tools.
https://github.com/M01N-Team/HeaderLessPE
https://github.com/M01N-Team/HeaderLessPE
GitHub
GitHub - M01N-Team/HeaderLessPE
Contribute to M01N-Team/HeaderLessPE development by creating an account on GitHub.
■■■■■ Hacking Some More Secure USB Flash Drives (Part II).
https://blog.syss.com/posts/hacking-usb-flash-drives-part-2/
https://blog.syss.com/posts/hacking-usb-flash-drives-part-2/
SySS Tech Blog
Hacking Some More Secure USB Flash Drives (Part II)
In the second article of this series, SySS IT security expert Matthias Deeg presents security vulnerabilities found in another crypto USB flash drive with AES hardware encryption.
Forwarded from cKure Red
Telegram policy violated privacy 🔏 as the platform chores any government with "high democracy index" can request information of any telegram account and telegram shall comply with IP address of the username.
The following thread from Kashmir deals with such a request from telegram. Forget a similar incident was reported by the Dutch.
https://twitter.com/R_J_0ppenheimer/status/1704842373476520329
The following thread from Kashmir deals with such a request from telegram. Forget a similar incident was reported by the Dutch.
https://twitter.com/R_J_0ppenheimer/status/1704842373476520329
■■■■■ Apple emergency updates fix 3 new zero-days exploited in attacks.
https://www.bleepingcomputer.com/news/apple/apple-emergency-updates-fix-3-new-zero-days-exploited-in-attacks/
https://www.bleepingcomputer.com/news/apple/apple-emergency-updates-fix-3-new-zero-days-exploited-in-attacks/
BleepingComputer
Apple emergency updates fix 3 new zero-days exploited in attacks
Apple released emergency security updates to patch three new zero-day vulnerabilities exploited in attacks targeting iPhone and Mac users, for a total of 16 zero-days patched this year.
■■■□□ Cyber Mercenaries: A Call to Action for the Quad.
https://www.orfonline.org/research/cyber-mercenaries-a-call-to-action-for-the-quad/
https://www.orfonline.org/research/cyber-mercenaries-a-call-to-action-for-the-quad/
ORF
Cyber Mercenaries: A Call to Action for the Quad
Introduction Events like the Russia-Ukraine war, disruptions during the COVID-19 pandemic, and the US-China trade war have collectively demonstrated the fragile nature of the interconnected world that we live in today. The conflict in Europe, in particular…
■■■■■ Privacy: Egyptian presidential hopeful targeted by Predator spyware
Rare ‘zero-day’ exploit used in failed hacking attempt that researchers say was probably conducted by the Egyptian government.
https://www.washingtonpost.com/investigations/2023/09/23/predator-egypt-hack-spyware-iphone/
Rare ‘zero-day’ exploit used in failed hacking attempt that researchers say was probably conducted by the Egyptian government.
https://www.washingtonpost.com/investigations/2023/09/23/predator-egypt-hack-spyware-iphone/
■■■■■ New stealthy and modular Deadglyph malware used in government attacks.
https://www.bleepingcomputer.com/news/security/new-stealthy-and-modular-deadglyph-malware-used-in-govt-attacks/
https://www.bleepingcomputer.com/news/security/new-stealthy-and-modular-deadglyph-malware-used-in-govt-attacks/
BleepingComputer
New stealthy and modular Deadglyph malware used in govt attacks
A novel and sophisticated backdoor malware named 'Deadglyph' was seen used in a cyberespionage attack against a government agency in the Middle East.