Israeli 🇮🇱 Pegasus Spyware — Untold — Chinese Engineering — Samples 1 & 2.
The Israel, unable to create a smart spyware copied code for the app from China 🇨🇳 based APT and purchased Zero-Day from a security researcher from rhe money 💰 of primarily United States' 🇺🇸 taxpayers.
https://jonathandata1.medium.com/pegasus-spyware-untold-chinese-engineering-samples-1-2-e5aba2a0b20b
The Israel, unable to create a smart spyware copied code for the app from China 🇨🇳 based APT and purchased Zero-Day from a security researcher from rhe money 💰 of primarily United States' 🇺🇸 taxpayers.
https://jonathandata1.medium.com/pegasus-spyware-untold-chinese-engineering-samples-1-2-e5aba2a0b20b
Medium
Pegasus Spyware — Untold — Chinese Engineering — Samples 1 & 2
A Short Background
● Telegram Messenger (as per my analysis) becomes the largest public collection of DarkWeb content, resources, breached data and similar.
Zero-Day: Critical F5 BIG-IP flaw allows device takeover (CVE-2022-1388).
https://www.helpnetsecurity.com/2022/05/05/cve-2022-1388/
https://www.helpnetsecurity.com/2022/05/05/cve-2022-1388/
Help Net Security
Critical F5 BIG-IP flaw allows device takeover, patch ASAP! (CVE-2022-1388)
F5 Networks‘ BIG-IP multi-purpose networking devices/modules are vulnerable to unauthenticated RCE attacks via CVE-2022-1388.
Speed-Hack: WordPress sites getting hacked ‘within seconds’ of TLS certificates being issued.
https://portswigger.net/daily-swig/wordpress-sites-getting-hacked-within-seconds-of-tls-certificates-being-issued
https://portswigger.net/daily-swig/wordpress-sites-getting-hacked-within-seconds-of-tls-certificates-being-issued
The Daily Swig | Cybersecurity news and views
WordPress sites getting hacked ‘within seconds’ of TLS certificates being issued
Attackers pounce before site owners can activate the installation wizard
An advanced threat actor has leaked data of multiple institutions, organizations, nation-states and civilians in varying forms (PII, documents, credentials and similar).
The data collage is huge and we (t.me/ckure) have received the copy.
Some leaks were previously public. However, some are either new or were previously unreported.
The data collage is huge and we (t.me/ckure) have received the copy.
Some leaks were previously public. However, some are either new or were previously unreported.
Telegram
cKure
﷽
This channel was created in 2018 and contains content from the information security domain.
This channel is primarily run by AI bots (n8n).
Archive: ckure.esy.es
Criticals: @ckuRED
linkedin.com/company/ckure
Support 📨 i@ckure.org
This channel was created in 2018 and contains content from the information security domain.
This channel is primarily run by AI bots (n8n).
Archive: ckure.esy.es
Criticals: @ckuRED
linkedin.com/company/ckure
Support 📨 i@ckure.org
Well written from A to Z: Exploiting a Use-After-Free for code execution in every version of Python 3.
https://pwn.win/2022/05/11/python-buffered-reader.html
https://pwn.win/2022/05/11/python-buffered-reader.html
pwn.win
Exploiting a Use-After-Free for code execution in every version of Python 3
A while ago I was browsing the Python bug tracker, and I stumbled upon this bug - “memoryview to freed memory can cause segfault”. It was created in 2012, originally present in Python 2.7, but remains open to this day, 10 years later. This piqued my interest…
Multiple bugs chained to takeover Facebook Accounts which uses Gmail. ($42K)
https://ysamm.com/?p=763
https://ysamm.com/?p=763
Proof-of-concept exploit release: nginx mp4 module DoS & Infoleak Vulnerability (2018) by @alisaesage.
Proof-of-concept exploit that demonstrates an out of bounds read in nginx v1.15.5 heap. This can be worked up to an information disclosure exploit with a bit of extra work. The bug itself, and potentially the exploit, affects earlier nginx versions to some extent.
https://zerodayengineering.com/exploits/nginx-mp4-infoleak.html
Proof-of-concept exploit that demonstrates an out of bounds read in nginx v1.15.5 heap. This can be worked up to an information disclosure exploit with a bit of extra work. The bug itself, and potentially the exploit, affects earlier nginx versions to some extent.
https://zerodayengineering.com/exploits/nginx-mp4-infoleak.html
"Masato Kinugawa vs Microsoft Teams" live from Pwn2Own Vancouver 2022.
https://t.co/EeQLS2Sbwfhttps://youtu.be/3fWo0E6Pa34
https://t.co/EeQLS2Sbwfhttps://youtu.be/3fWo0E6Pa34
Zero-Day: When Windows Active Directory is newly installed and settings are not changed, any user can create 10 computer accounts.
using this command
"djoin /PROVISION /DOMAIN <fqdn> /MACHINE cKPC /SAVEFILE C:\temp\cKPC.txt /DEFPWD /PRINTBLOB /NETBIOS cKPC"
This will create the computer account named cKPC with the password cKPC.
Credits: Qusai Alhaddad
using this command
"djoin /PROVISION /DOMAIN <fqdn> /MACHINE cKPC /SAVEFILE C:\temp\cKPC.txt /DEFPWD /PRINTBLOB /NETBIOS cKPC"
This will create the computer account named cKPC with the password cKPC.
Credits: Qusai Alhaddad
Zero-Day: A critical security flaw has been uncovered in UNISOC's smartphone chipset that could be potentially weaponized to disrupt a smartphone's radio communications through a malformed packet.
https://research.checkpoint.com/2022/vulnerability-within-the-unisoc-baseband/
https://research.checkpoint.com/2022/vulnerability-within-the-unisoc-baseband/
Check Point Research
Vulnerability within the UNISOC baseband opens mobile phones communications to remote hacker attacks - Check Point Research
Introduction Do you remember push-button telephones? Many of them were based on chips from Spreadtrum Communications Inc., a Chinese chip manufacturer founded in 2001. In 2011, over half of all phones in China were powered by Spreadtrum chips. In 2018, Spreadtrum…
Zero-Day: New Windows Search zero-day added to Microsoft protocol nightmare.
https://www.bleepingcomputer.com/news/security/new-windows-search-zero-day-added-to-microsoft-protocol-nightmare/
https://www.bleepingcomputer.com/news/security/new-windows-search-zero-day-added-to-microsoft-protocol-nightmare/
BleepingComputer
New Windows Search zero-day added to Microsoft protocol nightmare
A new Windows Search zero-day vulnerability can be used to automatically open a search window containing remotely-hosted malware executables simply by launching a Word document.
Exclusive | Zero-Day: A high severity EoP bug has been identified by a fellow researcher in SolarWinds Orion platform.
● The bug is not patched and latest version of the software is vulnerable. We (ckure) have confirmed the bug with the researcher and will disclose once researcher and SolarWinds release a stable patch or a workaround.
● The bug is not patched and latest version of the software is vulnerable. We (ckure) have confirmed the bug with the researcher and will disclose once researcher and SolarWinds release a stable patch or a workaround.
Google Researchers Detail 5-Year-Old Apple Safari Vulnerability Exploited in the Wild.
The issue, tracked as CVE-2022-22620 (CVSS score: 8.8), concerns a case of a use-after-free vulnerability in the WebKit component that could be exploited by a piece of specially crafted web content to gain arbitrary code execution.
https://googleprojectzero.blogspot.com/2022/06/an-autopsy-on-zombie-in-wild-0-day.html
The issue, tracked as CVE-2022-22620 (CVSS score: 8.8), concerns a case of a use-after-free vulnerability in the WebKit component that could be exploited by a piece of specially crafted web content to gain arbitrary code execution.
https://googleprojectzero.blogspot.com/2022/06/an-autopsy-on-zombie-in-wild-0-day.html
Blogspot
An Autopsy on a Zombie In-the-Wild 0-day
Posted by Maddie Stone, Google Project Zero Whenever there’s a new in-the-wild 0-day disclosed, I’m very interested in understanding t...
Spyware: The curious tale of a fake Carrier.app targeting users from Italy 🇮🇹 and Kazakhstan 🇰🇿
https://googleprojectzero.blogspot.com/2022/06/curious-case-carrier-app.html
https://googleprojectzero.blogspot.com/2022/06/curious-case-carrier-app.html
Blogspot
The curious tale of a fake Carrier.app
Posted by Ian Beer, Google Project Zero NOTE: This issue was CVE-2021-30983 was fixed in iOS 15.2 in December 2021. Towards the ...
‘Syslogk’; a Linux kernel rootkit found under development in the wild.
https://decoded.avast.io/davidalvarez/linux-threat-hunting-syslogk-a-kernel-rootkit-found-under-development-in-the-wild/
(Based on --> adore-ng): Linux rootkit adapted for 2.6 and 3.x: https://github.com/yaoyumeng/adore-ng
https://decoded.avast.io/davidalvarez/linux-threat-hunting-syslogk-a-kernel-rootkit-found-under-development-in-the-wild/
(Based on --> adore-ng): Linux rootkit adapted for 2.6 and 3.x: https://github.com/yaoyumeng/adore-ng
Gendigital
Linux Threat Hunting: ‘Syslogk’ a kernel rootkit found under development in the wild
Syslogk Rootkit Revealed: Analysis
Privilege-Escalation: This cheasheet is aimed at the CTF Players and Beginners to help them understand the fundamentals of Privilege Escalation with examples.
https://github.com/Ignitetechnologies/Privilege-Escalation
https://github.com/Ignitetechnologies/Privilege-Escalation
GitHub
GitHub - Ignitetechnologies/Privilege-Escalation: This cheasheet is aimed at the CTF Players and Beginners to help them understand…
This cheasheet is aimed at the CTF Players and Beginners to help them understand the fundamentals of Privilege Escalation with examples. - Ignitetechnologies/Privilege-Escalation
This media is not supported in your browser
VIEW IN TELEGRAM
Cyber-War: Lithuania 🇱🇹 has been hit by cyber-attacks after an ultimatum from Russian 🇷🇺 Killnet hackers.
● Pasted 'ckure' emoji at bottom right of the video to obscure profanity.
● Pasted 'ckure' emoji at bottom right of the video to obscure profanity.
Cyber-War: Iran 🇮🇷 has been hit with a strong SCADA based cyber-attack as multiple organisations capitulate under the physical damages that have been caused.
Please note that this is 1-sided information by the threat actor who did not contact us directly.
In their message; they said, "Today, we, "Gonjeshke Darande", carried out cyberattacks against Iran's steel industry which affiliated with the IRGC and the Basij: the Khouzestan Steel Company (KSC), the Mobarakeh Steel Company (Isfahan) (MSC) and the Hormozgan Steel Company (HOSCO). These companies are subject to international sanctions and continue their operations despite the restrictions. These cyberattacks, being carried out carefully so to protect innocent individuals, are in response to the aggression of the Islamic Republic.
As you can see in attached video, these cyberattacks have been carried out carefully so to protect innocent individuals. We also expose here evidence of our access to these companies."
Please note that this is 1-sided information by the threat actor who did not contact us directly.
In their message; they said, "Today, we, "Gonjeshke Darande", carried out cyberattacks against Iran's steel industry which affiliated with the IRGC and the Basij: the Khouzestan Steel Company (KSC), the Mobarakeh Steel Company (Isfahan) (MSC) and the Hormozgan Steel Company (HOSCO). These companies are subject to international sanctions and continue their operations despite the restrictions. These cyberattacks, being carried out carefully so to protect innocent individuals, are in response to the aggression of the Islamic Republic.
As you can see in attached video, these cyberattacks have been carried out carefully so to protect innocent individuals. We also expose here evidence of our access to these companies."