Excellent piece of work by investigative journalist Raphael from Rueters on India 🇮🇳 based mercenary hackers used to target lawyers, firms to gain competitive advantage.
https://www.reuters.com/investigates/special-report/usa-hackers-litigation/
https://www.reuters.com/investigates/special-report/usa-hackers-litigation/
Reuters
How mercenary hackers sway litigation battles
A trove of thousands of emails uncovered by Reuters reveals Indian cyber mercenaries hacking parties involved in lawsuits around the world – showing how hired spies have become the secret weapon of litigants seeking an edge.
Zero-Day: Microsoft found and shared a critical one-click exploit in the Android TikTok app.
https://www.microsoft.com/security/blog/2022/08/31/vulnerability-in-tiktok-android-app-could-lead-to-one-click-account-hijacking/
https://alternativeto.net/news/2022/9/microsoft-found-and-shared-a-critical-one-click-exploit-in-the-android-tiktok-app/
https://www.microsoft.com/security/blog/2022/08/31/vulnerability-in-tiktok-android-app-could-lead-to-one-click-account-hijacking/
https://alternativeto.net/news/2022/9/microsoft-found-and-shared-a-critical-one-click-exploit-in-the-android-tiktok-app/
Microsoft News
Vulnerability in TikTok Android app could lead to one-click account hijacking
Microsoft discovered a high-severity vulnerability in the TikTok Android application, now identified as CVE-2022-28799 and fixed by TikTok, which could have allowed attackers to compromise users' accounts with a single click.
Malware developer backdoors own malware to steal data from other hackers.
https://www.bleepingcomputer.com/news/security/dev-backdoors-own-malware-to-steal-data-from-other-hackers/amp/
https://www.bleepingcomputer.com/news/security/dev-backdoors-own-malware-to-steal-data-from-other-hackers/amp/
BleepingComputer
Dev backdoors own malware to steal data from other hackers
Cybercriminals using Prynt Stealer to collect data from victims are being swindled by the malware developer, who also receives a copy of the info over Telegram messaging service.
Zero-Day: Thread on CVE-2022-36804 Atlassian Bitbucket Command Injection Vulnerability.
https://twitter.com/_0xf4n9x_/status/1572052954538192901
https://twitter.com/_0xf4n9x_/status/1572052954538192901
SSRF in Functional Administrative Support Tool pdf generator.
Vulnerable Software: Functional Administrative Support Tool (FAST) v1.0.
https://hackerone.com/reports/1628209
Vulnerable Software: Functional Administrative Support Tool (FAST) v1.0.
https://hackerone.com/reports/1628209
HackerOne
U.S. Dept Of Defense disclosed on HackerOne: SSRF in Functional...
## Summary:
I found that it is possible to inject a javascript payload during the PDF form creation process, which is then executed by the checklist application server.
## Vulnerable Software:...
I found that it is possible to inject a javascript payload during the PDF form creation process, which is then executed by the checklist application server.
## Vulnerable Software:...
Tool 🔧 VirusTotalC2: Abusing VirusTotal API to host our C2 traffic, usefull for bypassing blocking firewall rules if VirusTotal is in the target white list.
https://github.com/D1rkMtr/VirusTotalC2
https://github.com/D1rkMtr/VirusTotalC2
A tool 🔧 to spray Shadow Credentials across an entire domain in hopes of abusing long forgotten GenericWrite/GenericAll DACLs over other objects in the domain.
https://github.com/Dec0ne/ShadowSpray/
https://github.com/Dec0ne/ShadowSpray/
GitHub
GitHub - Dec0ne/ShadowSpray: A tool to spray Shadow Credentials across an entire domain in hopes of abusing long forgotten Gen…
A tool to spray Shadow Credentials across an entire domain in hopes of abusing long forgotten GenericWrite/GenericAll DACLs over other objects in the domain. - Dec0ne/ShadowSpray
Converting LFI into RCE by chaining PHP encoding filters.
https://www.synacktiv.com/publications/php-filters-chain-what-is-it-and-how-to-use-it.html
https://www.synacktiv.com/publications/php-filters-chain-what-is-it-and-how-to-use-it.html
Synacktiv
PHP filters chain: What is it and how to use it
Zero-Day: Critical Remote Code Execution issue impacts popular post-exploitation toolkit Cobalt Strike .
https://www.cobaltstrike.com/blog/out-of-band-update-cobalt-strike-4-7-2
https://securityaffairs.co/wordpress/137284/hacking/cobalt-strike-rce.html
https://www.cobaltstrike.com/blog/out-of-band-update-cobalt-strike-4-7-2
https://securityaffairs.co/wordpress/137284/hacking/cobalt-strike-rce.html
cKure Red
Exclusive | Zero-Day: A high severity EoP bug has been identified by a fellow researcher in SolarWinds Orion platform. ● The bug is not patched and latest version of the software is vulnerable. We (ckure) have confirmed the bug with the researcher and will…
Insecure Direct Object Reference Vulnerability: SolarWinds Platform 2022.3 (CVE-2022-36966).
https://www.solarwinds.com/trust-center/security-advisories/cve-2022-36966
https://www.solarwinds.com/trust-center/security-advisories/cve-2022-36966
Exploit Archaeology: A Forensic History Of In-the-wild NSO Group Exploits.
https://github.com/blackorbird/APT_REPORT/blob/master/NSOGroup/VB2022-Exploit-archaeology-a-forensic-history-of-in-the-wild-NSO-Group-exploits.pdf
https://github.com/blackorbird/APT_REPORT/blob/master/NSOGroup/VB2022-Exploit-archaeology-a-forensic-history-of-in-the-wild-NSO-Group-exploits.pdf
GitHub
APT_REPORT/NSOGroup/VB2022-Exploit-archaeology-a-forensic-history-of-in-the-wild-NSO-Group-exploits.pdf at master · blackorbird/APT_REPORT
Interesting APT Report Collection And Some Special IOCs - blackorbird/APT_REPORT
● Exclusive - Zero-Day: A medium to high severity vulnerability in SAP portal allows a low privileged authenticated user to escalate privileges within the system abusing certain API end-points.
The latest software / CMS is vulnerable and possibly all previous versions as well.
SAP has been informed about the bug who have confirmed it and have planned to roll out the fix by mid-2023 (Seems SAP does not prioritize security).
No CVE was assigned. Researcher: Aamer
The latest software / CMS is vulnerable and possibly all previous versions as well.
SAP has been informed about the bug who have confirmed it and have planned to roll out the fix by mid-2023 (Seems SAP does not prioritize security).
No CVE was assigned. Researcher: Aamer
Zero-Day writeup: Accidental $70k Google Pixel Lock 🔐 Screen Bypass.
https://bugs.xdavidhu.me/google/2022/11/10/accidental-70k-google-pixel-lock-screen-bypass
https://bugs.xdavidhu.me/google/2022/11/10/accidental-70k-google-pixel-lock-screen-bypass
bugs.xdavidhu.me
Accidental $70k Google Pixel Lock Screen Bypass
David Schütz's bug bounty writeups
cKure Red
Zero-Day writeup: Accidental $70k Google Pixel Lock 🔐 Screen Bypass. https://bugs.xdavidhu.me/google/2022/11/10/accidental-70k-google-pixel-lock-screen-bypass
YouTube
Pixel 6 Full Lockscreen Bypass POC
Accompanying blog post: Accidental $70k Google Pixel Lock Screen Bypass
https://bugs.xdavidhu.me/google/2022/11/10/accidental-70k-google-pixel-lock-screen-bypass/
I found a vulnerability affecting seemingly all Google Pixel phones where if you gave me any…
https://bugs.xdavidhu.me/google/2022/11/10/accidental-70k-google-pixel-lock-screen-bypass/
I found a vulnerability affecting seemingly all Google Pixel phones where if you gave me any…