Malware News
15.1K subscribers
1.63K photos
7 videos
130 files
7.96K links
The latest NEWS about malwares, DFIR, hacking, security issues, thoughts and ...

Partner channel: @cveNotify

For ads: https://telega.io/c/malwr
Download Telegram
SIGRed - Resolving Your Way into Domain Admin: Exploiting a 17 Year-old Bug in Windows DNS Servers - Check Point Research
๐Ÿ—ฃdigicat

We are all remediated now but this is an ugly ugly hole that is going to lead to some multi million dollar hacks against companies who donโ€™t patch promptly.
๐Ÿ‘คafwaller

Seems kinda bold of them to give the world only a few hours head start to patch their systems given that it's not thought to be in the wild yet. Shoulda bought CheckPoint IPS I guess /shrug.
๐Ÿ‘คOnARedditDiet


๐ŸŽ–@malwr
TSK/Autopsy - Web Artifacts Opera
Hello,

i was wondering why the history of the opera web browser is not detected.
I know that on the web page it says Firefox, Chrome and Internet Explorer. Is it anywhere documented why the Opera browser is not included?
๐Ÿ—ฃguyizda

As to why I don't know. It does seem it is an sqllite database, much like Chrome/Firefox.

Looks like there is a reference in their github for android:
https://github.com/sleuthkit/autopsy/blob/646a7a9e12148512de8db6ab030f78f297248394/InternalPythonModules/android/operabrowser.py

Mention to the windows location here:
https://github.com/sleuthkit/autopsy/blob/ab60e9c29ed8be6a43f918ffa29f228a6cdf270a/thirdparty/plaso/plaso-20180818-Win32/artifacts/webbrowser.yaml
๐Ÿ‘คAnalyzeAllTheLogs

Autopsy is generally...not that good. Opera is Chromium based and uses WebKit (Blink now?), so it is probably sorted under the Chrome history.
๐Ÿ‘คFunkeDope


๐ŸŽ–@malwr
Malware News
A Twitter Hacking Spree Hits Musk, Obama, Apple, and More ๐Ÿ—ฃzr0_day ๐ŸŽ–@malwr
All the messages appear to lead back to the same digital wallet, which received its first incoming transaction at 3:03 pm EDT. It has recorded around 300 transactions since, although several of those are outgoing. It's not clear at this time to where.


๐ŸŽ–@malwr
Malware News
All the messages appear to lead back to the same digital wallet, which received its first incoming transaction at 3:03 pm EDT. It has recorded around 300 transactions since, although several of those are outgoing. It's not clear at this time to where. ๐ŸŽ–@malwr
At 10:38pm ET, the official Twitter Support account gave a more detailed explanation of the company's findings so far. "We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools," the thread states. "We know they used this access to take control of many highly-visible (including verified) accounts and Tweet on their behalf.


๐ŸŽ–@malwr
APT29 targets COVID-19 vaccine development
๐Ÿ—ฃrectumnearlykilledum


๐ŸŽ–@malwr
The Fake Cisco
๐Ÿ—ฃigor_sk


๐ŸŽ–@malwr
Container escape for Windows Server Containers explained
๐Ÿ—ฃpingpongfifa

Correct me if I'm wrong, but when have containers ever been safe from attacks trying to break out of the container? I thought that the consensus was that if you want more safety, you should run a virtual machine instead.
๐Ÿ‘คdavid171971

Is Windows Sandbox in Windows 10 also based on Containers or on Hyper-V? Does it have the same escape issues?
๐Ÿ‘คtubularobot

In other news, Microsoft adds yet another technology to Windows with security as a tertiary concern.
๐Ÿ‘คriskable


๐ŸŽ–@malwr