The MarkdownTime Vulnerability: How to Avoid This DoS Attack on Business Critical Services https://www.legitsecurity.com/blog/dos-via-software-supply-chain-innumerable-projects-exposed-to-a-markdown-library-vulnerability
Legitsecurity
The MarkdownTime Vulnerability Explained & How to Prevent It
Explore our findings on a common markdown syntax vulnerability and its potential to cause Denial-of-Service (DoS) attacks.
Technical Advisory – U-Boot – Unchecked Download Size and Direction in USB DFU (CVE-2022-2347) https://research.nccgroup.com/2023/01/20/technical-advisory-u-boot-unchecked-download-size-and-direction-in-usb-dfu-cve-2022-2347/
Dissecting and Exploiting TCP/IP RCE Vulnerability “EvilESP” https://securityintelligence.com/posts/dissecting-exploiting-tcp-ip-rce-vulnerability-evilesp/
Security Intelligence
Dissecting and Exploiting TCP/IP RCE Vulnerability “EvilESP”
See how one IBM X-Force researcher reverse engineered the patch for CVE-2022-34718, and unpack the affected protocols, how the bug was identified, and how it was reproduced.
How macOS schedules background activities https://eclecticlight.co/2023/01/21/how-macos-schedules-background-activities/
The Eclectic Light Company
How macOS schedules background activities
The story of how Mac OS X went from cron, to launchd, and ended up with Duet Activity Scheduler, to schedule background activities like backups.
👍2
A step-by-step introduction to the use of ROP gadgets to bypass DEP https://cybergeeks.tech/a-step-by-step-introduction-to-the-use-of-rop-gadgets-to-bypass-dep/
We thought they were potatoes but they were beans (from Service Account to SYSTEM again) https://decoder.cloud/2019/12/06/we-thought-they-were-potatoes-but-they-were-beans/
Decoder's Blog
We thought they were potatoes but they were beans (from Service Account to SYSTEM again)
This post has been written by me and two friends: @splinter_code and 0xea31This is the “unintended” result of a research we did on Juicypotato exploit in order to find a possible …
CVE-2023-24068 && CVE-2023-24069: Abusing Signal Desktop Client for fun and for Espionage https://johnjhacking.com/blog/cve-2023-24068-cve-2023-24069/
Johnjhacking
CVE-2023-24068 && CVE-2023-24069: Abusing Signal Desktop Client for fun and for Espionage
A flaw in how files are stored in Signal Desktop ≤ 6.2.0 allows a threat actor to potentially obtain sensitive attachments sent in messages. Subsequently, a similar issue with Signal Desktop ≤ 6.2.0 exists, allowing an an attacker to modify conversation attachments…
Avoiding Detection with Shellcode Mutator https://labs.nettitude.com/blog/shellcode-source-mutations/
LRQA
Avoiding Detection with Shellcode Mutator
Today we are releasing a new tool to help red teamers avoid detection. Shellcode is a small piece of code that is typically used as the payload in an exploit, and can often be detected by its “signature”, or unique pattern
🔥1
Polish Cyber Defenses and the Russia-Ukraine War https://www.cfr.org/blog/polish-cyber-defenses-and-russia-ukraine-war
Council on Foreign Relations
Polish Cyber Defenses and the Russia-Ukraine War
Polish Cyber Defenses and the Russia-Ukraine War The crisis between NATO countries and Russia following Russia’s invasion of Ukraine has involved aggressive rhetoric, military warnings, sabotage of critical infrastructure, nuclear saber-rattling, and cyberattacks.…
New version of Remcos RAT uses direct syscalls to evade detection https://minerva-labs.com/blog/new-version-of-remcos-rat-uses-direct-syscalls-to-evade-detection/
Rapid7
Rapid7 Cybersecurity - Command Your Attack Surface
Level up SecOps with the only endpoint to cloud, unified cybersecurity platform. Confidently act to prevent breaches with a leading MDR partner. Request demo!
Pwning the all Google phone with a non-Google bug https://github.blog/2023-01-23-pwning-the-all-google-phone-with-a-non-google-bug/
The GitHub Blog
Pwning the all Google phone with a non-Google bug
It turns out that the first “all Google” phone includes a non-Google bug. Learn about the details of CVE-2022-38181, a vulnerability in the Arm Mali GPU. Join me on my journey through reporting the vulnerability to the Android security team, and the exploit…
Good to understand how conditional jumps internally work » Reverse-engineering the conditional jump circuitry in the 8086 processor https://www.righto.com/2023/01/reverse-engineering-conditional-jump.html
Righto
Reverse-engineering the conditional jump circuitry in the 8086 processor
Intel introduced the 8086 microprocessor in 1978 and it had a huge influence on computing. I'm reverse-engineering the 8086 by examining t...
Bitwarden design flaw: Server side iterations https://palant.info/2023/01/23/bitwarden-design-flaw-server-side-iterations/
Almost Secure
Bitwarden design flaw: Server side iterations
Bitwarden is a hot candidate for a LastPass replacement. Looking into how they encrypt data, it doesn’t do things that much better however.
👍2
Tampering User Attributes In AWS Cognito User Pools https://blog.doyensec.com/2023/01/24/tampering-unrestricted-user-attributes-aws-cognito.html
Doyensec
Tampering User Attributes In AWS Cognito User Pools
The challenge for the data-import CloudSecTidbit is basically reading the content of an internal bucket. The frontend web application is using the targeted bucket to store the logo of the app.
Analyzing Malicious OneNote Documents https://blog.didierstevens.com/2023/01/22/analyzing-malicious-onenote-documents/
Didier Stevens
Analyzing Malicious OneNote Documents
About a week ago, I was asked if I had tools for OneNote files. I don’t, and I had no time to take a closer look. But last Thursday night, I had some time to take a look. I looked at this One…
Exploiting null-dereferences in the Linux kernel https://googleprojectzero.blogspot.com/2023/01/exploiting-null-dereferences-in-linux.html
projectzero.google
Exploiting null-dereferences in the Linux kernel
Posted by Seth Jenkins, Project Zero For a fair amount of time, null-deref bugs were a highly e...
Getting to know memblock https://insecuremode.com/post/2021/12/14/getting-to-know-memblock.html
Insecure mode
Getting to know memblock
Less than five seconds – that’s how long you need to wait to get your Linux kernel up and running. But it’s hardly an idle time for Linux – the system has to process configuration, perform architecture-specific setups and initialize many subsystems.
We've started a new series of blog posts on the history of malware! You can already read the first part, which summarizes the 70s. Enjoy the reading! » A Brief History of Malware (Part 1) https://reversea.me/index.php/a-brief-history-of-malware-part-1/
Exploiting a Critical Spoofing Vulnerability in Windows CryptoAPI
https://www.akamai.com/blog/security-research/exploiting-critical-spoofing-vulnerability-microsoft-cryptoapi
https://www.akamai.com/blog/security-research/exploiting-critical-spoofing-vulnerability-microsoft-cryptoapi
Akamai
Exploiting a Critical Spoofing Vulnerability in Windows CryptoAPI | Akamai
Akamai researchers have analyzed a critical vulnerability in Microsoft's CryptoAPI that would allow an attacker to masquerade as a legitimate entity.