Thousands of Vulnerable VMWare vCenter Servers Still Publicly Exposed (CVE-2021-21985, CVE-2021-21986) https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/thousands-of-vulnerable-vmware-vcenter-servers-still-publicly-exposed-cve-2021-21985-cve-2021-21986/
Trustwave
Thousands of Vulnerable VMWare vCenter Servers Still Publicly Exposed (CVE-2021-21985, CVE-2021-21986)
On May 25th, 2021, VMWare released patches to address VMSA-2021-0010, a critical security advisory for VMWare vCenter Server addressing two vulnerabilities. One of them was a remote code execution (RCE) in the vSphere Client (CVE-2021-21985) that exists due…
Analyzing CVE-2021-1665 – Remote Code Execution Vulnerability in Windows GDI+ https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-cve-2021-1665-remote-code-execution-vulnerability-in-windows-gdi/
McAfee Blog
Analyzing CVE-2021-1665 – Remote Code Execution Vulnerability in Windows GDI+ | McAfee Blog
Introduction Microsoft Windows Graphics Device Interface+, also known as GDI+, allows various applications to use different graphics functionality on
Yet Another Archive Format Smuggling Malware https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/another-archive-format-smuggling-malware/
Trustwave
Yet Another Archive Format Smuggling Malware
The use of novel disk image files to encapsulate malware distributed via spam has been a theme that we have highlighted over the past couple of years. As anticipated, we have seen more disk image file formats being used, in addition to .ISO, .IMG, and .DAA…
Google Compute Engine (GCE) VM takeover via DHCP flood https://github.com/irsl/gcp-dhcp-takeover-code-exec
GitHub
GitHub - irsl/gcp-dhcp-takeover-code-exec: Google Compute Engine (GCE) VM takeover via DHCP flood - gain root access by getting…
Google Compute Engine (GCE) VM takeover via DHCP flood - gain root access by getting SSH keys added by google_guest_agent - irsl/gcp-dhcp-takeover-code-exec
good write-up of a classic vuln >> pwnable.kr - bof https://aidenpearce369.github.io/pwn/3-bof/
aidenpearce369
pwnable.kr - bof
A classic buffer overflow challenge
Fuzzing with Grammars https://www.fuzzingbook.org/html/Grammars.html
www.fuzzingbook.org
Fuzzing with Grammars - The Fuzzing Book
In the chapter on "Mutation-Based Fuzzing", we have seen how to use extra hints – such as sample input files – to speed up test generation. In this chapter, we take this idea one step further, by providing a specification of the legal inputs to a program.…
Microsoft signed a malicious Netfilter rootkit https://www.gdatasoftware.com/blog/microsoft-signed-a-malicious-netfilter-rootkit
Gdatasoftware
Microsoft signed a malicious Netfilter rootkit
What started as a false positive alert for a Microsoft signed file turns out to be a WFP application layer enforcement callout driver that redirects traffic to a Chinese IP. How did this happen?
Crackonosh: A New Malware Distributed in Cracked Software https://decoded.avast.io/danielbenes/crackonosh-a-new-malware-distributed-in-cracked-software/
Gendigital
Crackonosh: A new malware distributed in cracked software
Overview of Crackonosh Malware
Zloader With a New Infection Technique https://www.mcafee.com/blogs/other-blogs/mcafee-labs/zloader-with-a-new-infection-technique/
McAfee Blog
Zloader With a New Infection Technique | McAfee Blog
This blog was written by Kiran Raj & Kishan N. Introduction In the last few years, Microsoft Office macro malware using social engineering as a means
The Most Prolific Ransomware Families: A Defenders Guide https://www.domaintools.com/resources/blog/the-most-prolific-ransomware-families-a-defenders-guide
DomainTools | Start Here. Know Now.
The Most Prolific Ransomware Families: A Defenders Guide - DomainTools | Start Here. Know Now.
In this article, DomainTools researchers provide a look at the three most prolific ransomware families and their toolsets.
Analysis of a use-after-free Vulnerability in Adobe Acrobat Reader DC https://blog.exodusintel.com/2021/04/20/analysis-of-a-use-after-free-vulnerability-in-adobe-acrobat-reader-dc/
Exodus Intelligence
Analysis of a use-after-free Vulnerability in Adobe Acrobat Reader DC - Exodus Intelligence
By Sergi Martinez This post analyses CVE-2020-9715, a use-after-free vulnerability affecting several versions of the Adobe Acrobat and Adobe Acrobat Reader products. The vulnerability was discovered by Mark Vincent Yason, who reported it to the Zero Day Initiative…
Inside commercial malware sandboxes https://albocoder.github.io/malware/2021/06/01/SandboxStudy.html
FRIDA-DEXDump: Fast search and dump dex on memory https://securityonline.info/frida-dexdump-fast-search-and-dump-dex-on-memory/
Cybersecurity News
FRIDA-DEXDump v2.0.1 releases: Fast search and dump dex on memory
FRIDA-DEXDump support fuzzy search broken header dex, fix struct data of dex-header, compatible with all android version(frida supported).
GHSL-2021-034_043: Multiple pre-auth RCEs in Apache Dubbo - CVE-2021-25641, CVE-2021-30179, CVE-2021-30180, CVE-2021-30181, CVE-2021-32824 https://securitylab.github.com/advisories/GHSL-2021-034_043-apache-dubbo/
GitHub Security Lab
GHSL-2021-034_043: Multiple pre-auth RCEs in Apache Dubbo - CVE-2021-25641, CVE-2021-30179, CVE-2021-30180, CVE-2021-30181, CVE…
Multiple vulnerabilities have been found in Apache Dubbo enabling attackers to compromise and run arbitrary system commands on both Dubbo consumers and providers.
MODeflattener - Miasm's OLLVM Deflattener https://mrt4ntr4.github.io/MODeflattener/
mrT4ntr4's Blog
MODeflattener - Miasm's OLLVM Deflattener
So recently a challenge(Layers) from 3kCTF featured control flow flattening using OLLVM. Although I did know about control flow flattening I hadn’t encountered it personally. And as I’ve been experime
Intercepting Flutter iOS Application https://bhattsameer.github.io/2021/06/23/Intercepting-flutter-iOS-application.html
bhattsameer.github.io
Intercepting Flutter iOS Application
TL;DR Hi, this is Debugger ready to debug Mobile Application. In this blog I will share how I have intercepted the traffic of Flutter based iOS application for dynamic analysis, Also we will see the root detection and SSL verification bypass method I have…
CVE-2021-31955 Windows Kernel Information Disclosure POC https://github.com/mavillon1/CVE-2021-31955-POC
Exploiting the Sudo Baron Samedit vulnerability (CVE-2021-3156) on VMWare vCenter Server 7.0
https://research.nccgroup.com/2021/07/06/exploiting-the-sudo-baron-samedit-vulnerability-cve-2021-3156-on-vmware-vcenter-server-7-0/
https://research.nccgroup.com/2021/07/06/exploiting-the-sudo-baron-samedit-vulnerability-cve-2021-3156-on-vmware-vcenter-server-7-0/
Realtek WiFi Firmware and a Fully 8051-based Keylogger Using RealWOW Technology https://8051enthusiast.github.io/2021/07/05/002-wifi_fun.html
sqlvet: performs static analysis on raw SQL queries https://securityonline.info/sqlvet-performs-static-analysis-on-raw-sql-queries/
Cybersecurity News
sqlvet v1.1.7 releases: performs static analysis on raw SQL queries
Sqlvet performs static analysis on raw SQL queries in your Go codebase to surface potential runtime errors at build time.