iOS 15 iCloud Private Relay Vulnerability Identified.
https://fingerprintjs.com/blog/ios15-icloud-private-relay-vulnerability/
https://fingerprintjs.com/blog/ios15-icloud-private-relay-vulnerability/
Fingerprint
iOS 15 iCloud Private Relay Vulnerability Identified
Learn more about this vulnerability in Apple’s new iCloud Private Relay service and how you can prevent your data from being leaked.
Latest FinFisher spyware upgrades 'particularly worrying,' says Kaspersky.
Eight-month analysis finds four-layer obfuscation, two-stage loader, and a new UEFI attack
https://go.theregister.com/feed/www.theregister.com/2021/09/28/kasperky_finfisher_spyware_report/
Eight-month analysis finds four-layer obfuscation, two-stage loader, and a new UEFI attack
https://go.theregister.com/feed/www.theregister.com/2021/09/28/kasperky_finfisher_spyware_report/
The Register
Latest FinFisher spyware upgrades 'particularly worrying,' says Kaspersky
Eight-month analysis finds four-layer obfuscation, two-stage loader, and a new UEFI attack
● One of the android devices used to administer this channel was accessed remotely, a few hours ago by an unknown entity.
No modifications to data were noticed on the device.
No modifications to data were noticed on the device.
🔧 Tool: TrevorC2 - Command and Control via Legitimate Behavior over HTTP
https://github.com/trustedsec/trevorc2
https://github.com/trustedsec/trevorc2
GitHub
GitHub - trustedsec/trevorc2: TrevorC2 is a legitimate website (browsable) that tunnels client/server communications for covert…
TrevorC2 is a legitimate website (browsable) that tunnels client/server communications for covert command execution. - trustedsec/trevorc2
PANDORA PAPERS
The largest investigation in journalism history exposes a shadow financial system that benefits the world’s most rich and powerful.
https://www.icij.org/investigations/pandora-papers/
The largest investigation in journalism history exposes a shadow financial system that benefits the world’s most rich and powerful.
https://www.icij.org/investigations/pandora-papers/
Updated list of Hacking channels on telegram: https://t.me/cKure/7364
Telegram
cKure
● Sharing is Caring. Thenceforth, sharing some of the prominent hacking channels and groups on telegram.
The list is ordered as per content quality. However, there could be inconsistency in a few places.
Please note that some of the channels are owned…
The list is ordered as per content quality. However, there could be inconsistency in a few places.
Please note that some of the channels are owned…
Breaking: India 🇮🇳: Activists in Togo 🇹🇬 attacked by Indian made spyware.
OSINT report by Amnesty International of a Cyber-Crime apparently by an Indian company that has been linked to the infrastructure used by Donot Group and an Indian cybersecurity company Innefu Labs.
Report: https://github.com/blackorbird/APT_REPORT/blob/master/Donot/Donot%20Group%20%26%20Innefu%20Labs.pdf
OSINT report by Amnesty International of a Cyber-Crime apparently by an Indian company that has been linked to the infrastructure used by Donot Group and an Indian cybersecurity company Innefu Labs.
Report: https://github.com/blackorbird/APT_REPORT/blob/master/Donot/Donot%20Group%20%26%20Innefu%20Labs.pdf
GitHub
APT_REPORT/Donot/Donot Group & Innefu Labs.pdf at master · blackorbird/APT_REPORT
Interesting APT Report Collection And Some Special IOCs - blackorbird/APT_REPORT
Deepfence ThreatMapper helps you to monitor and secure your running applications, in Cloud, Kubernetes, Docker, and Fargate Serverless.
https://github.com/deepfence/ThreatMapper
https://github.com/deepfence/ThreatMapper
GitHub
GitHub - deepfence/ThreatMapper: Open Source Cloud Native Application Protection Platform (CNAPP)
Open Source Cloud Native Application Protection Platform (CNAPP) - deepfence/ThreatMapper
Old but Gold: Bypassing the Air-Gap system for sensitive info.
Your body reveals your password by interfering with Wi-Fi
https://dl.acm.org/doi/10.1145/2976749.2978397
http://www.theregister.co.uk/2016/11/13/researchers_point_finger_at_handy_smartphone_exploit/
Your body reveals your password by interfering with Wi-Fi
https://dl.acm.org/doi/10.1145/2976749.2978397
http://www.theregister.co.uk/2016/11/13/researchers_point_finger_at_handy_smartphone_exploit/
The Register
Your body reveals your password by interfering with Wi-Fi
Wave goodbye to security if crims can pop a MIMO router
CVE-2021-35052: WinRar remote code execution.
WinRAR’s vulnerable trialware: when free software isn’t free.
https://swarm.ptsecurity.com/winrars-vulnerable-trialware-when-free-software-isnt-free/
https://thehackernews.com/2021/10/bug-in-free-winrar-software-could-let.html
WinRAR’s vulnerable trialware: when free software isn’t free.
https://swarm.ptsecurity.com/winrars-vulnerable-trialware-when-free-software-isnt-free/
https://thehackernews.com/2021/10/bug-in-free-winrar-software-could-let.html
PT SWARM
WinRAR’s vulnerable trialware: when free software isn’t free
In this article we discuss a vulnerability in the trial version of WinRAR which has significant consequences for the management of third-party software. This vulnerability allows an attacker to intercept and modify requests sent to the user of the application.…
CVE-2021-30573 PoC for Google Chrome
Google Chrome Use After Free vulnerability reported by S4E Team.
https://github.com/s4e-lab/CVE-2021-30573-PoC-Google-Chrome
Google Chrome Use After Free vulnerability reported by S4E Team.
https://github.com/s4e-lab/CVE-2021-30573-PoC-Google-Chrome
GitHub
GitHub - s4eio/CVE-2021-30573-PoC-Google-Chrome: Google Chrome Use After Free vulnerability reported by S4E Team
Google Chrome Use After Free vulnerability reported by S4E Team - s4eio/CVE-2021-30573-PoC-Google-Chrome
Breaking from Iran 🇮🇷 as Nationwide Cyber-Attack shuts down "smart fuel network," gas stations across the country rendering them dysfunctional as per state media.
Data-Leak of ~20K personnel of Israel 🇮🇱 defence forces (regular army) leaked by a Cyber-Crime group called Moses-Staff including names, ID, phone number, personal photographs, address and similar.
Refer: https://t.me/cKure/9860
Refer: https://t.me/cKure/9860
cKure Red
Data-Leak of ~20K personnel of Israel 🇮🇱 defence forces (regular army) leaked by a Cyber-Crime group called Moses-Staff including names, ID, phone number, personal photographs, address and similar. Refer: https://t.me/cKure/9860
Data-Leak from Israel 🇮🇱 as threat actor from unknown origin has posted tens of GBs of leaked data from the ministry of defense, Israel.
All Windows versions impacted by new LPE zero-day vulnerability.
A public proof-of-concept (PoC) exploit and technical details for an unpatched Windows zero-day privilege elevation vulnerability has been disclosed that allows users to gain SYSTEM privileges under certain conditions.
https://www.bleepingcomputer.com/news/security/all-windows-versions-impacted-by-new-lpe-zero-day-vulnerability/
A public proof-of-concept (PoC) exploit and technical details for an unpatched Windows zero-day privilege elevation vulnerability has been disclosed that allows users to gain SYSTEM privileges under certain conditions.
https://www.bleepingcomputer.com/news/security/all-windows-versions-impacted-by-new-lpe-zero-day-vulnerability/
BleepingComputer
All Windows versions impacted by new LPE zero-day vulnerability
A security researcher has disclosed technical details for a Windows zero-day privilege elevation vulnerability and a public proof-of-concept (PoC) exploit that gives SYSTEM privileges under certain conditions.