Malware News
A Twitter Hacking Spree Hits Musk, Obama, Apple, and More π£zr0_day π@malwr
All the messages appear to lead back to the same digital wallet, which received its first incoming transaction at 3:03 pm EDT. It has recorded around 300 transactions since, although several of those are outgoing. It's not clear at this time to where.
π@malwr
π@malwr
Malware News
All the messages appear to lead back to the same digital wallet, which received its first incoming transaction at 3:03 pm EDT. It has recorded around 300 transactions since, although several of those are outgoing. It's not clear at this time to where. π@malwr
At 10:38pm ET, the official Twitter Support account gave a more detailed explanation of the company's findings so far. "We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools," the thread states. "We know they used this access to take control of many highly-visible (including verified) accounts and Tweet on their behalf.
π@malwr
π@malwr
CVE-2020-13405: MicroWeber Unauthenticated User Database Disclosure
π£hackers_and_builders
π@malwr
π£hackers_and_builders
π@malwr
Rhino Security Labs
CVE-2020-13405: MicroWeber Unauthenticated User Database Disclosure
This blog describes how a vulnerability was identified in MicroWeber, an open-source Content Management System (CMS) written in PHP
Cisco Talos on election security - 4 years of research on election infrastructure, the goals of our adversaries, and how the cybersecurity community can help
π£WorksAtCisco
π@malwr
π£WorksAtCisco
π@malwr
Talosintelligence
What to expect when youβre electing: Talosβ 2020 election security primer
A blog from the world class Intelligence Group, Talos, Cisco's Intelligence Group
PhD thesis (2020) by Guo Li / UC San Diego: "An Empirical Analysis on [Cyber Threat Intelligence: Data Characteristics and Real-World Uses"](https://escholarship.org/uc/item/5h9983b0)
π£mrkoot
π@malwr
π£mrkoot
π@malwr
escholarship.org
An Empirical Analysis on Threat Intelligence: Data Characteristics and Real-World Uses
Author(s): Li, Guo | Advisor(s): Savage, Stefan; Levchenko, Kirill | Abstract: Threat Intelligence, both as a concept and a product, has been increasingly gaining prominence in the security industry. At a high-level, it is the βknowledgeβ that helps organizationsβ¦
Container escape for Windows Server Containers explained
π£pingpongfifa
Correct me if I'm wrong, but when have containers ever been safe from attacks trying to break out of the container? I thought that the consensus was that if you want more safety, you should run a virtual machine instead.
π€david171971
Is Windows Sandbox in Windows 10 also based on Containers or on Hyper-V? Does it have the same escape issues?
π€tubularobot
In other news, Microsoft adds yet another technology to Windows with security as a tertiary concern.
π€riskable
π@malwr
π£pingpongfifa
Correct me if I'm wrong, but when have containers ever been safe from attacks trying to break out of the container? I thought that the consensus was that if you want more safety, you should run a virtual machine instead.
π€david171971
Is Windows Sandbox in Windows 10 also based on Containers or on Hyper-V? Does it have the same escape issues?
π€tubularobot
In other news, Microsoft adds yet another technology to Windows with security as a tertiary concern.
π€riskable
π@malwr
Unit 42
Windows Server Containers Are Open, and Here's How You Can Break Out
We demonstrate a complete technique to escalate privileges and escape Windows Server Containers.
Z80 Explorer -- Zilog Z80 netlist-level simulator running Z80 machine code, with features that can help reverse-engineer and understand this chip better
π£r_retrohacking_mod2
This is fantastic stuff!
I can see uses for this with my own work, indeed.
π€heriomortis
There are also other interesting Z80 articles on that site.
π€r_retrohacking_mod2
π@malwr
π£r_retrohacking_mod2
This is fantastic stuff!
I can see uses for this with my own work, indeed.
π€heriomortis
There are also other interesting Z80 articles on that site.
π€r_retrohacking_mod2
π@malwr
Baltazar Studios
Z80 Explorer - Baltazar Studios
Z80 Explorer is a Z80 netlist-level simulator capable of running Z80 machine code and also an educational tool with features that help reverse engineer and understand this chip better.
Process Monitor for Linux (Preview)
Process Monitor (Procmon) is a Linux reimagining of the classic Procmon tool from the Sysinternals suite of tools for Windows. Procmon provides a convenient and efficient way for Linux developers to trace the syscall activity on the system.
https://github.com/microsoft/ProcMon-for-Linux
https://i.redd.it/d8qkly8c9hb51.gif
π£r00tsuz
π@malwr
Process Monitor (Procmon) is a Linux reimagining of the classic Procmon tool from the Sysinternals suite of tools for Windows. Procmon provides a convenient and efficient way for Linux developers to trace the syscall activity on the system.
https://github.com/microsoft/ProcMon-for-Linux
https://i.redd.it/d8qkly8c9hb51.gif
π£r00tsuz
π@malwr
GitHub
GitHub - microsoft/ProcMon-for-Linux: A Linux version of the Procmon Sysinternals tool
A Linux version of the Procmon Sysinternals tool. Contribute to microsoft/ProcMon-for-Linux development by creating an account on GitHub.
The Pwning Machine β a new bug bounty testing environment from YesWeHack
π£breach_house
π@malwr
π£breach_house
π@malwr
The Daily Swig | Cybersecurity news and views
The Pwning Machine β a new bug bounty testing environment from YesWeHack
Docker-based suite includes a DNS server, HTTP router, web server, and pipeline runner