Technical summary of breaking into Breach-Forums by FBI.
Apparently, Conor was using his personal internet connection to operate the darknet platform and apparently did not use TOR/VPN once in 2022 due to connection failure or forgetfulness. This IP led FBI to him.
It also seems that the FBI had access to the logs of the server somehow. Likely a Zero-day in the web component.
https://www.bleepingcomputer.com/news/security/fbi-confirms-access-to-breached-cybercrime-forum-database/
Apparently, Conor was using his personal internet connection to operate the darknet platform and apparently did not use TOR/VPN once in 2022 due to connection failure or forgetfulness. This IP led FBI to him.
It also seems that the FBI had access to the logs of the server somehow. Likely a Zero-day in the web component.
https://www.bleepingcomputer.com/news/security/fbi-confirms-access-to-breached-cybercrime-forum-database/
BleepingComputer
FBI confirms access to Breached cybercrime forum database
Today, the FBI confirmed they have access to the database of the notorious BreachForums (aka Breached) hacking forum after the U.S. Justice Department also officially announced the arrest of its owner
● An Android app from China executed a zero-day exploit on millions of devices.
Fast-growing e-commerce app Pinduoduo had an EvilParcel stow-away.
https://github-com.translate.goog/davinci1010/pinduoduo_backdoor
https://mp-weixin-qq-com.translate.goog/s/P_EYQxOEupqdU0BJMRqWsw
https://techcrunch.com/2023/03/20/google-flags-apps-made-by-popular-chinese-e-commerce-giant-as-malware/
https://arstechnica.com/information-technology/2023/03/android-app-from-china-executed-0-day-exploit-on-millions-of-devices/
Fast-growing e-commerce app Pinduoduo had an EvilParcel stow-away.
https://github-com.translate.goog/davinci1010/pinduoduo_backdoor
https://mp-weixin-qq-com.translate.goog/s/P_EYQxOEupqdU0BJMRqWsw
https://techcrunch.com/2023/03/20/google-flags-apps-made-by-popular-chinese-e-commerce-giant-as-malware/
https://arstechnica.com/information-technology/2023/03/android-app-from-china-executed-0-day-exploit-on-millions-of-devices/
TechCrunch
Google flags apps made by popular Chinese e-commerce giant as malware
Google has flagged several apps made by a Chinese e-commerce giant as malware, alerting users who had them installed, and suspended the company’s official app.
Wire-Tap by the Greece government on journalists and opposition parliamentarians by former PM after they used predator and other spyware softwares against civilians by botched law changes and legal loopholes.
https://youtu.be/SpitB6p7-W4
https://youtu.be/SpitB6p7-W4
YouTube
Greece’s spyware scandal | The Listening Post
Greece is facing an ongoing surveillance scandal after it was revealed that several journalists had their phones hacked by spyware employed for surveillance by the Greek intelligence service. While a scandal of this magnitude should typically attract the…
RedTeam: WinRAR SFX archives can run PowerShell without being detected.
https://www.bleepingcomputer.com/news/security/winrar-sfx-archives-can-run-powershell-without-being-detected/
https://www.bleepingcomputer.com/news/security/winrar-sfx-archives-can-run-powershell-without-being-detected/
BleepingComputer
WinRAR SFX archives can run PowerShell without being detected
Hackers are adding malicious functionality to WinRAR self-extracting archives that contain harmless decoy files, allowing them to plant backdoors without triggering the security agent on the target system.
Obfu[DE]scate is a de-obfuscation tool for Android APKs that uses fuzzy comparison logic to identify similarities between functions.
https://github.com/user1342/Obfu-DE-Scate
https://github.com/user1342/Obfu-DE-Scate
GitHub
GitHub - user1342/Obfu-DE-Scate: Obfu[DE]scate is a de-obfuscation tool for Android APKs that uses fuzzy comparison logic to identify…
Obfu[DE]scate is a de-obfuscation tool for Android APKs that uses fuzzy comparison logic to identify similarities between functions, even if they have been renamed as part of obfuscation. It compar...
CVE-2022-42845: 20-Year-Old XNU Use After Free Vulnerability in ndrv.c
https://adamdoupe.com/blog/2022/12/13/cve-2022-42845-xnu-use-after-free-vulnerability-in-ndrv-dot-c/
https://adamdoupe.com/blog/2022/12/13/cve-2022-42845-xnu-use-after-free-vulnerability-in-ndrv-dot-c/
Adamdoupe
CVE-2022-42845: 20-Year-Old XNU Use After Free Vulnerability in ndrv.c - Adam Doupé
I’ve been on a sabbatical this academic year, and my goal is to understand the state-of-the art in exploitation and vulnerability analysis by …
Spyware vendor QuaDream closes down after our citizenlab report.
● So they likely change their name and keep spreading corruption throughout the land.
https://twitter.com/jsrailton/status/1647649372069412867
● So they likely change their name and keep spreading corruption throughout the land.
https://twitter.com/jsrailton/status/1647649372069412867
3CX Software Supply Chain Compromise Initiated by a Prior Software Supply Chain Compromise; Suspected North Korean Actor Responsible.
https://www.mandiant.com/resources/blog/3cx-software-supply-chain-compromise
https://www.mandiant.com/resources/blog/3cx-software-supply-chain-compromise
Google Cloud Blog
3CX Software Supply Chain Compromise Initiated by a Prior Software Supply Chain Compromise; Suspected North Korean Actor Responsible…
Double zero-day vulnerabilities in Chrome and Edge – check your versions now.
CVE-2023-2033: Type confusion in V8 in Google Chrome prior to 112.0.5615.121. A remote attacker could potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High.
CVE-2023-2136: Integer overflow in Skia in Google Chrome prior to 112.0.5615.137. A remote attacker who had compromised the renderer process could potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High.
https://nakedsecurity.sophos.com/2023/04/24/double-zero-day-in-chrome-and-edge-check-your-versions-now/
CVE-2023-2033: Type confusion in V8 in Google Chrome prior to 112.0.5615.121. A remote attacker could potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High.
CVE-2023-2136: Integer overflow in Skia in Google Chrome prior to 112.0.5615.137. A remote attacker who had compromised the renderer process could potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High.
https://nakedsecurity.sophos.com/2023/04/24/double-zero-day-in-chrome-and-edge-check-your-versions-now/
Sophos News
Naked Security – Sophos News
● Satellite hacking [14Ts227]: Russia uses uplink/downlink jamming via Tobol program to disable StarLink in Ukraine amid ongoing war.
Starlink appears to be immune to EW at satellite frequencies, it has GPS in its structure, which is vulnerable to electronic interference. If the GPS signal is jammed, Starlink cannot register, and even after successful registration, its speed is reduced until the connection is completely lost.
https://dzen.ru/a/ZEFpV9yMqWP8Kuui
https://www.thespacereview.com/article/4060/1
https://www.washingtonpost.com/national-security/2023/04/18/discord-leaks-starlink-ukraine/
https://eurasiantimes.com/russias-tobol-ew-system-cuts-off-starlink-from-its-ground-terminals/
https://www.washingtonpost.com/world/2023/04/20/bakhmut-ukraine-war-leaked-documents/
Starlink appears to be immune to EW at satellite frequencies, it has GPS in its structure, which is vulnerable to electronic interference. If the GPS signal is jammed, Starlink cannot register, and even after successful registration, its speed is reduced until the connection is completely lost.
https://dzen.ru/a/ZEFpV9yMqWP8Kuui
https://www.thespacereview.com/article/4060/1
https://www.washingtonpost.com/national-security/2023/04/18/discord-leaks-starlink-ukraine/
https://eurasiantimes.com/russias-tobol-ew-system-cuts-off-starlink-from-its-ground-terminals/
https://www.washingtonpost.com/world/2023/04/20/bakhmut-ukraine-war-leaked-documents/
Send My: Arbitrary data transmission via Apple's Find My network.
https://positive.security/blog/send-my
https://positive.security/blog/send-my
positive.security
Send My: Arbitrary data transmission via Apple's Find My network | Positive Security
Apple AirTags: Arbitrary data can be uploaded from non-internet-connected devices by sending Find My BLE broadcasts to nearby Apple devices. We're releasing an ESP32 firmware that turns the microcontroller into an (upload only) modem, and a macOS application…
Microsoft Excel Remote Code Execution Vulnerability.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24953
https://twitter.com/TecR0c/status/1656306296931471365
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24953
https://twitter.com/TecR0c/status/1656306296931471365
Twitter
Discovered a Microsoft Excel Remote Code Execution vulnerability: CVE-2023-24953 🚨 Now patched in MS May Patch Tuesday :->
https://t.co/fJhjOytZpQ
Thanks @msftsecresponse in addressing this vulnerability!
https://t.co/fJhjOytZpQ
Thanks @msftsecresponse in addressing this vulnerability!
The Dangers of Google’s .zip TLD. First URL is of the domain .zip as an example.
https://medium.com/@bobbyrsec/the-dangers-of-googles-zip-tld-5e1e675e59a5
https://github.com∕kubernetes∕kubernetes∕archive∕refs∕tags∕@v1271.ziphttps://github.com/kubernetes/kubernetes/archive/refs/tags/v1.27.1.ziphttps://medium.com/@bobbyrsec/the-dangers-of-googles-zip-tld-5e1e675e59a5
Medium
The Dangers of Google’s .zip TLD
Can you quickly tell which of the URLs below is legitimate and which one is a malicious phish that drops evil.exe?
CVE-2023-28204 (Safari zero-day, may have been actively exploited) - commit e34edaa
https://github.com/WebKit/WebKit/commit/e34edaa74575ee13efcebdb7672b949a743ab32a
RegExpGlobalData::performMatch issue leading to OOB read https://github.com/WebKit/WebKit/commit/e34edaa74575ee13efcebdb7672b949a743ab32a
GitHub
[JSC] RegExpGlobalData::performMatch issue leading to OOB read · WebKit/WebKit@e34edaa
https://bugs.webkit.org/show_bug.cgi?id=254930
rdar://107436732
Reviewed by Alexey Shvayka.
Fixed two issues:
1) In YarrInterpreter.cpp::matchAssertionBOL() we were advancing the string position ...
rdar://107436732
Reviewed by Alexey Shvayka.
Fixed two issues:
1) In YarrInterpreter.cpp::matchAssertionBOL() we were advancing the string position ...
CVE-2022-3723_PoC.js
668 B
CVE-2022-3723 Exploit PoC: Type confusion in V8 in Google Chrome prior to 107.0.5304.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
● @ckure has not verified the authenticity of the exploit.
● @ckure has not verified the authenticity of the exploit.
⚠️ ‘Despicable’ iPhone Hacks In Armenia Find NSO Spyware ‘In Active Warzone’.
For the first time, the Israeli company’s spyware has been used in a conflict zone, according to researchers.
In mid-2021, Apple sent a warning to Anna Naghdalyan, then a spokesperson for Armenia’s foreign affairs agency, that her iPhone had possibly been hacked by a foreign government.
https://www.forbes.com/sites/thomasbrewster/2023/05/25/iphone-hacks-in-armenia-show-nso-spyware-in-warzone/?sh=4b76625f1a56
For the first time, the Israeli company’s spyware has been used in a conflict zone, according to researchers.
In mid-2021, Apple sent a warning to Anna Naghdalyan, then a spokesperson for Armenia’s foreign affairs agency, that her iPhone had possibly been hacked by a foreign government.
https://www.forbes.com/sites/thomasbrewster/2023/05/25/iphone-hacks-in-armenia-show-nso-spyware-in-warzone/?sh=4b76625f1a56
Forbes
‘Despicable’ iPhone Hacks In Armenia Find NSO Spyware ‘In Active Warzone’
For the first time, the Israeli company’s spyware has been used in a conflict zone, according to researchers.