Sneaky Malware Reconfigures Hive OS Wallet for Profit https://securehoney.net/blog/sneaky-malware-reconfigures-hive-os-wallet-for-profit.html
Secure Honey
Sneaky Malware Reconfigures Hive OS Wallet for Profit | Secure Honey
I recently observed some malware (uploaded to my honeypot) that targets Hive OS's wallet configuration -- to redirect mined coins to the attacker.
Conti Unpacked | Understanding Ransomware Development As a Response to Detection https://labs.sentinelone.com/conti-unpacked-understanding-ransomware-development-as-a-response-to-detection/
SentinelOne
Conti Unpacked | Understanding Ransomware Development As a Response to Detection - SentinelLabs
Conti's rapid encryption speed is matched only by its rapid evolution. SentinelLabs' deep dive explores its development in unprecedented detail.
PRINTNIGHTMARE NETWORK ANALYSIS https://labs.jumpsec.com/printnightmare-network-analysis/
JUMPSEC Labs
PRINTNIGHTMARE NETWORK ANALYSIS
DNSStager: hide and transfer your payload using DNS https://securityonline.info/dnsstager-hide-and-transfer-your-payload-using-dns/
Cybersecurity News
DNSStager v1.0 releases: hide and transfer your payload using DNS
DNSStager will create a malicious DNS server that handles DNS requests to your domain and return your payload as a response to specific record requests
Microsoft's Emergency Patch Fails to Fully Fix PrintNightmare RCE Vulnerability https://thehackernews.com/2021/07/microsofts-emergency-patch-fails-to.html
Playing with PrintNightmare https://0xdf.gitlab.io/2021/07/08/playing-with-printnightmare.html
0xdf hacks stuff
Playing with PrintNightmare
CVE-2021-34527, or PrintNightmare, is a vulnerability in the Windows Print Spooler that allows for a low priv user to escalate to administrator on a local box or on a remote server. This is especially bad because it is not uncommon for Domain Controllers…
Page Tables, VAD and PEB https://resources.infosecinstitute.com/topic/finding-enumerating-processes-within-memory-part-2/
Infosec Resources
Page tables, VAD and PEB | Infosec Resources
In this part of the series, we will understand how the process can be enumerated within memory. Just as a refresher in part 1 of this series we had a look
New tool automatically finds buffer overflow vulnerabilities (for RUST) https://cylab.cmu.edu/news/2021/07/09-SyRust.html
www.cylab.cmu.edu
New tool automatically finds buffer overflow vulnerabilities
A team of CyLab researchers have designed a new tool that automatically checks for memory bugs—the types of bugs that can lead to buffer overflow exploits, a commonly deployed cyberattack.
Exploit mitigations: keeping up with evolving and complex software/hardware https://research.nccgroup.com/2021/06/28/exploit-mitigations-keeping-up-with-evolving-and-complex-software-hardware/
UDP Technology IP Camera vulnerabilities
https://www.randorisec.fr/udp-technology-ip-camera-vulnerabilities/
https://www.randorisec.fr/udp-technology-ip-camera-vulnerabilities/
Examining Crypto and Bypassing Authentication in Schneider Electric PLCs (M340/M580) https://medium.com/tenable-techblog/examining-crypto-and-bypassing-authentication-in-schneider-electric-plcs-m340-m580-f37cf9f3ff34
Medium
Examining Crypto and Bypassing Authentication in Schneider Electric PLCs (M340/M580)
It looks like authentication, but is it really?
You ain’t got no problem, Jules. I’m on the Multifactor. https://curtbraz.medium.com/you-aint-got-no-problem-jules-i-m-on-the-multifactor-e05d5e2a6ade
Medium
You ain’t got no problem, Jules. I’m on the Multifactor.
Practical Bypasses for MFA with Poor Implementations
Remote code execution in cdnjs of Cloudflare https://blog.ryotak.me/post/cdnjs-remote-code-execution-en/
blog.ryotak.net
Remote code execution in cdnjs of Cloudflare
Preface
(日本語版も公開されています。)
Cloudflare, which runs cdnjs, is running a “Vulnerability Disclosure Program” on HackerOne, which allows hackers to perform vulnerability assessments.
This article describes vulnerabilities reported through this program and published…
(日本語版も公開されています。)
Cloudflare, which runs cdnjs, is running a “Vulnerability Disclosure Program” on HackerOne, which allows hackers to perform vulnerability assessments.
This article describes vulnerabilities reported through this program and published…
FickerStealer: A New Rust Player in the Market https://www.cyberark.com/resources/threat-research-blog/fickerstealer-a-new-rust-player-in-the-market
Cyberark
FickerStealer: A New Rust Player in the Market
This blog introduces a new information stealer, written in Rust and interestingly named FickerStealer. In this blog post, we provide an in-depth analysis of this new threat and its obfuscation...
Ecuador's state-run CNT under attack via RansomEXX Ransomware https://www.secureblink.com/cyber-security-news/ecuador's-state-run-cnt-under-attack-via-ransomexx-ransomware
Secure Blink
Ecuador's state-run CNT under attack via RansomEXX Ransomware | Secure Blink
CNT hit by RansomEXX ransomware. Customer and corporate data compromised and hosted on the breached website. 190 GB of data supposedly stolen...
Meet WiFiDemon – iOS WiFi RCE 0-Day Vulnerability, and a Zero-Click Vulnerability That Was Silently Patched https://blog.zecops.com/research/meet-wifidemon-ios-wifi-rce-0-day-vulnerability-and-a-zero-click-vulnerability-that-was-silently-patched/
Jamf
Jamf Threat Labs | Blog
CVE-2021-22555: Turning \x00\x00 into 10000$ https://google.github.io/security-research/pocs/linux/cve-2021-22555/writeup.html
security-research
CVE-2021-22555: Turning \x00\x00 into 10000$
This project hosts security advisories and their accompanying proof-of-concepts related to research conducted at Google which impact non-Google owned code.
Exploitation of a double free vulnerability in Ubuntu shiftfs driver (CVE-2021-3492) https://www.synacktiv.com/publications/exploitation-of-a-double-free-vulnerability-in-ubuntu-shiftfs-driver-cve-2021-3492.html
Synacktiv
Exploitation of a double free vulnerability in Ubuntu shiftfs driver
How the Kaseya VSA Zero Day Exploit Worked https://blog.truesec.com/2021/07/06/kaseya-vsa-zero-day-exploit/
Truesec
How the Kaseya VSA Zero Day Exploit Worked - Trulysuper
Learn about the pre-auth remote code execution exploit against Kaseya VSA Server that was used in the mass Revil ransomware attack on July 2, 2021.