Dissecting a complex vulnerability and achieving arbitrary code execution in Ichitaro Word
Research conducted by Cisco Talos last year has uncovered multiple vulnerabilities that were rated as low-severity despite their ability to allow for full arbitrary code execution. This article examines the exploitation process step-by-step.
https://blog.talosintelligence.com/exploiting-low-severity-vulnerability-using-a-frame-pointer-overwrite/
π@malwr
Research conducted by Cisco Talos last year has uncovered multiple vulnerabilities that were rated as low-severity despite their ability to allow for full arbitrary code execution. This article examines the exploitation process step-by-step.
https://blog.talosintelligence.com/exploiting-low-severity-vulnerability-using-a-frame-pointer-overwrite/
π@malwr
Cisco Talos
Dissecting a complex vulnerability and achieving arbitrary code execution in Ichitaro Word
Research conducted by Cisco Talos last year uncovered multiple vulnerabilities rated as low severity despite their ability to allow for full arbitrary code execution.
Attributing I-SOON: Private Contractor Linked to Multiple Chinese State-sponsored Groups
Insikt Group uncovers ties between I-SOON and multiple Chinese state-sponsored cyber groups like RedAlpha and RedHotel.
https://www.recordedfuture.com/attributing-i-soon-private-contractor-linked-chinese-state-sponsored-groups
π@malwr
Insikt Group uncovers ties between I-SOON and multiple Chinese state-sponsored cyber groups like RedAlpha and RedHotel.
https://www.recordedfuture.com/attributing-i-soon-private-contractor-linked-chinese-state-sponsored-groups
π@malwr
π₯1
2024-03-19: DarkGate infection
https://www.malware-traffic-analysis.net/2024/03/19/index.html
π@malwr
https://www.malware-traffic-analysis.net/2024/03/19/index.html
π@malwr
β€1
Rescoms rides waves of AceCryptor spam
Insight into ESET telemetry statistics about AceCryptor in H2 2023 with a focus on Rescoms campaigns in European countries
https://www.welivesecurity.com/en/eset-research/rescoms-rides-waves-acecryptor-spam/
π@malwr
Insight into ESET telemetry statistics about AceCryptor in H2 2023 with a focus on Rescoms campaigns in European countries
https://www.welivesecurity.com/en/eset-research/rescoms-rides-waves-acecryptor-spam/
π@malwr
Welivesecurity
Rescoms rides waves of AceCryptor spam
ESET research shares insights into AceCryptor, one of the most popular and prevalent cryptors-as-a-service (CaaS) in the second half of 2023, with a focus on Rescoms campaigns in European countries
π1
What is the primary purpose of Command and Control (C&C) servers in relation to malware?
Final Results
4%
To encrypt user data
2%
To block access to websites
4%
To increase internet speed
91%
To remotely control infected devices
New details on TinyTurlaβs post-compromise activity reveal full kill chain
We now have new information on the entire kill chain this actor uses, including the tactics, techniques and procedures (TTPs) utilized to steal valuable information from their victims and propagate through their infected enterprises.
https://blog.talosintelligence.com/tinyturla-full-kill-chain/
π@malwr
We now have new information on the entire kill chain this actor uses, including the tactics, techniques and procedures (TTPs) utilized to steal valuable information from their victims and propagate through their infected enterprises.
https://blog.talosintelligence.com/tinyturla-full-kill-chain/
π@malwr
Cisco Talos
New details on TinyTurlaβs post-compromise activity reveal full kill chain
We now have new information on the entire kill chain this actor uses, including the tactics, techniques and procedures (TTPs) utilized to steal valuable information from their victims and propagate through their infected enterprises.
Vulnerabilities in CDeX software
CERT Poland has received a report about three vulnerabilities (from CVE-2024-2463 to CVE-2024-2465) found in CDeX software.
https://cert.pl/en/posts/2024/03/CVE-2024-2463/
π@malwr
CERT Poland has received a report about three vulnerabilities (from CVE-2024-2463 to CVE-2024-2465) found in CDeX software.
https://cert.pl/en/posts/2024/03/CVE-2024-2463/
π@malwr
cert.pl
Vulnerabilities in CDeX software
CERT Poland has received a report about three vulnerabilities (from CVE-2024-2463 to CVE-2024-2465) found in CDeX software.
Bluetooth vulnerability allows unauthorized user to record and play audio on Bluetooth speakers
https://www.mobile-hacker.com/2024/03/22/bluetooth-vulnerability-allows-unauthorized-user-to-record-and-play-audio-on-bluetooth-speakers/?utm_source=rss&utm_medium=rss&utm_campaign=bluetooth-vulnerability-allows-unauthorized-user-to-record-and-play-audio-on-bluetooth-speakers
π@malwr
https://www.mobile-hacker.com/2024/03/22/bluetooth-vulnerability-allows-unauthorized-user-to-record-and-play-audio-on-bluetooth-speakers/?utm_source=rss&utm_medium=rss&utm_campaign=bluetooth-vulnerability-allows-unauthorized-user-to-record-and-play-audio-on-bluetooth-speakers
π@malwr
Mobile Hacker
Bluetooth vulnerability allows unauthorized user to record and play audio on Bluetooth speakers
This critical security issue allows third party user to record audio from Bluetooth speaker with built-in microphone in vicinity, even when it is already paired and connected with another device. This can result in eavesdropping on private conversations usingβ¦
π3
New Go loader pushes Rhadamanthys stealer
https://www.malwarebytes.com/blog/threat-intelligence/2024/03/new-go-loader-pushes-rhadamanthys
π@malwr
https://www.malwarebytes.com/blog/threat-intelligence/2024/03/new-go-loader-pushes-rhadamanthys
π@malwr
ThreatDown by Malwarebytes
New Go loader pushes Rhadamanthys stealer
A malicious ad for the popular admin tool PuTTY leads victims to a fake site that downloads malware.
Rescoms rides waves of AceCryptor spam
Insight into ESET telemetry statistics about AceCryptor in H2 2023 with a focus on Rescoms campaigns in European countries
https://www.welivesecurity.com/en/eset-research/rescoms-rides-waves-acecryptor-spam/
π@malwr
Insight into ESET telemetry statistics about AceCryptor in H2 2023 with a focus on Rescoms campaigns in European countries
https://www.welivesecurity.com/en/eset-research/rescoms-rides-waves-acecryptor-spam/
π@malwr
Welivesecurity
Rescoms rides waves of AceCryptor spam
ESET research shares insights into AceCryptor, one of the most popular and prevalent cryptors-as-a-service (CaaS) in the second half of 2023, with a focus on Rescoms campaigns in European countries
π₯1
Agenda Ransomware Propagates to vCenters and ESXi via Custom PowerShell Script
This blog entry discusses the Agenda ransomware group's use of its latest Rust variant to propagate to VMWare vCenter and ESXi servers.
https://www.trendmicro.com/en_us/research/24/c/agenda-ransomware-propagates-to-vcenters-and-esxi-via-custom-pow.html
π@malwr
This blog entry discusses the Agenda ransomware group's use of its latest Rust variant to propagate to VMWare vCenter and ESXi servers.
https://www.trendmicro.com/en_us/research/24/c/agenda-ransomware-propagates-to-vcenters-and-esxi-via-custom-pow.html
π@malwr
Trend Micro
Agenda Ransomware Propagates to vCenters and ESXi via Custom PowerShell Script
This blog entry discusses the Agenda ransomware group's use of its latest Rust variant to propagate to VMWare vCenter and ESXi servers.
π1
BlueDucky automates exploitation of Bluetooth pairing vulnerability that leads to 0-click code execution
https://www.mobile-hacker.com/2024/03/26/blueducky-automates-exploitation-of-bluetooth-pairing-vulnerability-that-leads-to-0-click-code-execution/
π@malwr
https://www.mobile-hacker.com/2024/03/26/blueducky-automates-exploitation-of-bluetooth-pairing-vulnerability-that-leads-to-0-click-code-execution/
π@malwr
Mobile Hacker
BlueDucky automates exploitation of Bluetooth pairing vulnerability that leads to 0-click code execution
BlueDucky solves the problem of auto device discovery, locally stores found Bluetooth devices and utilized Rubber Ducky scripts that are injected from separated
Borrower beware: Common loan scams and how to avoid them
Personal loan scams prey on your financial vulnerability and might even trap you in a vicious circle of debt. Hereβs how to avoid being scammed when considering a loan.
https://www.welivesecurity.com/en/scams/borrower-beware-common-loan-scams/
π@malwr
Personal loan scams prey on your financial vulnerability and might even trap you in a vicious circle of debt. Hereβs how to avoid being scammed when considering a loan.
https://www.welivesecurity.com/en/scams/borrower-beware-common-loan-scams/
π@malwr
Welivesecurity
Borrower beware: How to avoid being scammed when looking for a loan
Personal loan scams prey on your financial vulnerability and might even trap you in a vicious circle of debt. Hereβs how to avoid being scammed when considering a loan.
Do you like to read security related tweets here? To read these tweets you should have twitter app.
Final Results
46%
I have twitter and I want to read these posts
54%
I don't have twitter and I can't read these posts
Violent Extremists Dox Executives, Enabling Physical Threats
Domestic violent extremists are increasingly doxing senior U.S. leaders β publishing their personally identifiable information without their consent and with malicious intent.
https://www.recordedfuture.com/violent-extremists-dox-executives-enabling-physical-threats
π@malwr
Domestic violent extremists are increasingly doxing senior U.S. leaders β publishing their personally identifiable information without their consent and with malicious intent.
https://www.recordedfuture.com/violent-extremists-dox-executives-enabling-physical-threats
π@malwr
π1
Shielder - Hunting for Unauthenticated n-days in Asus Routers
Notes on patch diffing, reverse engineering and exploiting CVE-2023-39238, CVE-2023-39239, and CVE-2023-39240.
https://www.shielder.com/blog/2024/01/hunting-for-~~un~~authenticated-n-days-in-asus-routers/
π@malwr
Notes on patch diffing, reverse engineering and exploiting CVE-2023-39238, CVE-2023-39239, and CVE-2023-39240.
https://www.shielder.com/blog/2024/01/hunting-for-~~un~~authenticated-n-days-in-asus-routers/
π@malwr
Shielder
Shielder - Hunting for ~~Un~~authenticated n-days in Asus Routers
Notes on patch diffing, reverse engineering and exploiting CVE-2023-39238, CVE-2023-39239, and CVE-2023-39240.
Agent Tesla [Part 1: Unpacking] | Ryan Weil
Introduction
https://ryan-weil.github.io/posts/AGENT-TESLA-1/
π@malwr
Introduction
https://ryan-weil.github.io/posts/AGENT-TESLA-1/
π@malwr
Ryan Weil
Agent Tesla Analysis [Part 1: Unpacking]
Introduction
π1
Agent Tesla [Part 2: Deobfuscation] | Ryan Weil
Introduction
https://ryan-weil.github.io/posts/AGENT-TESLA-2/
π@malwr
Introduction
https://ryan-weil.github.io/posts/AGENT-TESLA-2/
π@malwr
Ryan Weil
Agent Tesla Analysis [Part 2: Deobfuscation]
Introduction
π1
Release Ghidra 11.0.2 Β· NationalSecurityAgency/ghidra Β· GitHub
https://github.com/NationalSecurityAgency/ghidra/releases/tag/Ghidra_11.0.2_build
π@malwr
https://github.com/NationalSecurityAgency/ghidra/releases/tag/Ghidra_11.0.2_build
π@malwr
GitHub
Release Ghidra 11.0.2 Β· NationalSecurityAgency/ghidra
What's New
Change History
Installation Guide
SHA-256: 4f16ae3f288f8c01fd1872e8e55b25c79744e7b1e8a9383c5e576668ca7d1906
Change History
Installation Guide
SHA-256: 4f16ae3f288f8c01fd1872e8e55b25c79744e7b1e8a9383c5e576668ca7d1906