MalDoc in PDF - Detection bypass by embedding a malicious Word file into a PDF file.

https://blogs.jpcert.or.jp/en/2023/08/maldocinpdf.html

🚨 BLASTPASS NSO Group iPhone Zero-Click, Zero-Day Exploit Captured in the Wild.

● Update your Apple devices.

https://citizenlab.ca/2023/09/blastpass-nso-group-iphone-zero-click-zero-day-exploit-captured-in-the-wild/

Active North Korean campaign targeting security researchers.

https://blog.google/threat-analysis-group/active-north-korean-campaign-targeting-security-researchers/

United States: Cyber-Terrorism; Washington DC-based group targeted in apparent Pegasus hack by NSO Group (an Israeli state sponsored cyber-terrorist organization).

Citizen Lab discovers alleged attack using ‘zero-click exploit’ on individual employed by DC organization.

https://www.theguardian.com/us-news/2023/sep/08/pegasus-hack-washington-dc-group-nso

In a first, spyware is found on phone of prominent Russian journalist.

● This is highly likely that Russia deployed the same Zero-Day vulnerability in the (almost) publicly available mobile application hosting a false flag Cyber-Attack on the victim.

https://www.washingtonpost.com/technology/2023/09/13/pegasus-infection-meduza-founder/

● Real world OSINT challenge.

United States' military loses F35B over its territory. Unable to track, the US government has requested civilian help to find the missing plane.

https://twitter.com/flightradar24/status/1703827299412455459

https://twitter.com/TeamCharleston/status/1703523385475534968

https://www.businessinsider.com/missing-f35-flying-after-pilot-ejected-soviet-jet-cold-war-2023-9

Signal adds quantum-resistant encryption to its E2EE messaging protocol.

https://signal.org/blog/pqxdh/

https://www.bleepingcomputer.com/news/security/signal-adds-quantum-resistant-encryption-to-its-e2ee-messaging-protocol/

Telegram policy violated privacy 🔏 as the platform mentions that any government with "high democracy index" can request information of any telegram account and telegram shall comply with IP address of the username.

The following thread from Kashmir deals with such a request from telegram. Forget a similar incident was reported by the Dutch.

https://twitter.com/R_J_0ppenheimer/status/1704842373476520329

Mozilla: Say (an encrypted) hello to a more private internet.

https://blog.mozilla.org/en/products/firefox/encrypted-hello/

● Thought of sharing: There are high changes that I will reject a candidate in an interview, if they are a bug-bounty hunter.

Following are some reasons for most and not all the hunters.

1. They are technically not sound. They only have limited information about the bug they identified or they usually identify like web based attacks or sometimes mobile apps.

2. They are mostly check-lists and tool reliant people.

3. They know very few bugs and start spraying on multiple targets. They are nuclei attackers (maybe this is a right term to have them associated).

4. They omit hard bugs almost always. They go for easy rewarding bugs. And not for zero-days or tricky RCEs.

5. Most hunters cannot perform a pentest. Since they're good (not in depth though) in specific bug or set of bugs.

6. Most of them are not researchers (as they are often called). They do not have patents, CVEs or published researches.

On the other hand, some top CTF players are excellent. And those who perform research are good for the job.

In an interview, I ask candidate what vulnerability class or type they are comfortable. They choose the easiest like IDOR or XSS or even SQLi. And are almost always web based attacks.

And then I ask them to tell me what mutation or universal XSS is. They be; we know reflected and stored and a bit about DOM (since they automate DOM).

For SQLi, 90% rely upon SQL-Map. The remaining use single quote combos 😂

If this skillset is at my gate. I'll choose to outsource through hacker-one; since they have bounty hunters.

I would need something more professional in the organisation to find issues. Because our goal is not to protect against nuclei templates but APT groups' that are nation-state.

Cordyceps: C++ self-Injecting dropper based on various EDR evasion techniques.

This project consists of a simple C++ self-Injecting dropper focused on EDR evasion. To implement it, I have combined the use of Windows Thread Pooling to hide the call stack and the use of indirect syscalls to avoid hooking in the NTDLL.

https://github.com/pard0p/Cordyceps

DARPA worried battlefield mixed reality vulnerable to 'cognitive attacks'.

Hacks, physical tricks could turn headsets into vomit extractors, but tests already show no ops needed for that.

https://www.theregister.com/2023/10/12/darpa_worried_battlefield_mixed_reality/

GAP by x.com/xnl_h4ck3r

A BurpSuite extension that can help you bruteforce and enumerate undiscovered parameters!

This is an evolution of the original getAllParams extension for Burp. Not only does it find more potential parameters for you to investigate, but it also finds potential links to try these parameters on, and produces a target specific wordlist to use for fuzzing.

https://github.com/xnl-h4ck3r/GAP-Burp-Extension

A backdoor is implanted on Cisco devices by exploiting a pair of zero-day flaws in IOS XE software that has been modified by the threat actor so as to escape visibility via previous fingerprinting methods.

The attacks entail fashioning CVE-2023-20198 (CVSS score: 10.0) and CVE-2023-20273 (CVSS score: 7.2) into an exploit chain that grants the threat actor the ability to gain access to the devices, create a privileged account, and ultimately deploy a Lua-based implant on the devices.

https://thehackernews.com/2023/10/backdoor-implant-on-hacked-cisco.html