QNAP QTS - QNAPping At The Wheel (CVE-2024-27130 and friends) #QNAP #QTS #CVE-2024-27130 #bugdiscovery #NASdevices https://labs.watchtowr.com/qnap-qts-qnapping-at-the-wheel-cve-2024-27130-and-friends/
watchTowr Labs
QNAP QTS - QNAPping At The Wheel (CVE-2024-27130 and friends)
Infosec is, at it’s heart, all about that data. Obtaining access to it (or disrupting access to it) is in every ransomware gang and APT group’s top-10 to-do-list items, and so it makes sense that our research voyage would, at some point, cross paths with…
Discover Proton Mail registration date with one weird trick… https://iq.thc.org/discover-proton-mail-registration-date-with-one-weird-trick
Microsoft Entra Private Access for on-prem users #Microsoft #PrivateAccess #OnPrem #Security #HybridWork https://techcommunity.microsoft.com/t5/microsoft-entra-blog/microsoft-entra-private-access-for-on-prem-users/ba-p/3905450
TECHCOMMUNITY.MICROSOFT.COM
Microsoft Entra Private Access for on-prem users | Microsoft Community Hub
Enable secure access to private apps that use Domain Controller for authentication
Emulating inline decryption for triaging C++ malware #C++ #Malware #ReverseEngineering #InlineDecryption #Emulation https://viuleeenz.github.io/posts/2024/05/emulating-inline-decryption-for-triaging-c-malware/
Security Undisguised
Emulating inline decryption for triaging C++ malware
What we need to know? C and C++ binaries share several commonalities, however, some additional features and complexities introduced by C++ can make reverse engineering C++ binaries more challenging compared to C binaries. Some of the most important features…
“Beeeeeeeeep!”. How Malware Uses the Beep WinAPI Function for Anti-Analysis #Malware #BeepFunction #AntiAnalysis #SecurityLiterate #WinAPI https://securityliterate.com/beeeeeeeeep-how-malware-uses-the-beep-winapi-function-for-anti-analysis/
Kyle Cucci's Cyber Ramblings
“Beeeeeeeeep!”. How Malware Uses the Beep WinAPI Function for Anti-Analysis
I was recently analyzing a malware sample that abuses the Beep function as an interesting evasion tactic. The Beep function basically plays an audible tone notification for the user. The Beep funct…
CVE-2024-4040-SSTI-LFI-PoC: CVE-2024-4040 CrushFTP SSTI LFI & Auth Bypass | Full Server Takeover | Wordlist Support #GitHub #CVE-2024-4040 #SSTI #LFI #PoC https://github.com/Stuub/CVE-2024-4040-SSTI-LFI-PoC
GitHub
GitHub - Stuub/CVE-2024-4040-SSTI-LFI-PoC: CVE-2024-4040 CrushFTP SSTI LFI & Auth Bypass | Full Server Takeover | Wordlist Support
CVE-2024-4040 CrushFTP SSTI LFI & Auth Bypass | Full Server Takeover | Wordlist Support - Stuub/CVE-2024-4040-SSTI-LFI-PoC
system32 important files #OffensiveSecurity #SystemIntegrity #MalwareDetection #FileAbuse https://redteamrecipe.com/system32-important-files
ExpiredDomains.com
redteamrecipe.com is for sale! Check it out on ExpiredDomains.com
Buy redteamrecipe.com for 100 on GoDaddy via ExpiredDomains.com. This premium expired .com domain is ideal for establishing a strong online identity.
🥱1
Leveraging DNS Tunneling for Tracking and Scanning #DNSTunneling #Tracking #Scanning #Security #ThreatResearch https://unit42.paloaltonetworks.com/three-dns-tunneling-campaigns/
Unit 42
Leveraging DNS Tunneling for Tracking and Scanning
We provide a walkthrough of how attackers leverage DNS tunneling for tracking and scanning, an expansion of the way this technique is usually exploited.
CFG in Windows 11 24H2 #CFG #Windows11 #Hotpatching #SCPCFG #Reversing https://ynwarcs.github.io/Win11-24H2-CFG
###
CFG in Windows 11 24H2
Hotpatching has been looming over Windows 11 for a while now, having already been shipped on the server & cloud deployments. It first came out in March that the first major version to include it will be 24H2, which can now be confirmed in a few minutes of…
🔥1
HiddenArt – A Russian-linked SS7 Threat Actor #HiddenArt #RussianSS7Threat #EneaSolutions #NetworkSecurity #CyberSecurity https://www.enea.com/insights/the-hunt-for-hiddenart/
Enea
HiddenArt - A Russian-linked SS7 Threat Actor
From research on how SS7 network attacks could be used in hybrid warfare we reveal the Russian-connected HiddenArt mobile threat actor
Hunting for Unauthenticated n-days in Asus Routers #Shielder #AsusRouters #Exploit #Vulnerability #IoTSecurity https://www.shielder.com/blog/2024/01/hunting-for-~~un~~authenticated-n-days-in-asus-routers/
Shielder
Shielder - Hunting for ~~Un~~authenticated n-days in Asus Routers
Notes on patch diffing, reverse engineering and exploiting CVE-2023-39238, CVE-2023-39239, and CVE-2023-39240.
CVE-2023-34992: Fortinet FortiSIEM Command Injection Deep-Dive #Fortinet #CVE-2023-34992 #CommandInjection #Horizon3ai #NodeZero https://www.horizon3.ai/attack-research/disclosures/cve-2023-34992-fortinet-fortisiem-command-injection-deep-dive/
Horizon3.ai
CVE-2023-34992: Fortinet FortiSIEM Command Injection Deep-Dive
CVE-2023-34992 Fortinet FortiSIEM Command Injection Deep-Dive and Indicators of Compromise. This blog details a command injection vulnerability which allows an unauthenticated attacker to access the FortiSIEM server as root to execute arbitrary commands.
Linguistic Lumberjack: Attacking Cloud Services via Logging Endpoints (Fluent Bit - CVE-2024-4323) #LinguisticLumberjack #CloudServices #FluentBit #CVE20244323 #TenableBlog https://www.tenable.com/blog/linguistic-lumberjack-attacking-cloud-services-via-logging-endpoints-fluent-bit-cve-2024-4323
Tenable®
Linguistic Lumberjack: Attacking Cloud Services via Logging Endpoints (Fluent Bit - CVE-2024-4323)
Tenable Research has discovered a critical memory corruption vulnerability dubbed Linguistic Lumberjack in Fluent Bit, a core component in the monitoring infrastructure of many cloud services.
New SamsStealer Malware Targets Passwords in Windows Systems #SamsStealer #Malware #WindowsSystems #CYFIRMA #DataBreaches https://cyberinsider.com/new-samsstealer-malware-targets-passwords-in-windows-systems/
CyberInsider
New SamsStealer Malware Targets Passwords in Windows Systems
CYFIRMA researchers have identified a new information-stealing malware named "SamsStealer" that targets Windows systems.
Response Filter Denial of Service (RFDoS): shut down a website by triggering WAF rule #RFDoS #WebsiteShutdown #WAFRule #ResponseFilter #DenialofService https://blog.sicuranext.com/response-filter-denial-of-service-a-new-way-to-shutdown-a-website/
Sicuranext Blog
Response Filter Denial of Service (RFDoS): shut down a website by triggering WAF rule
TL;DR: Basically, if a target website is protected by a WAF using the OWASP Core Rule Set or Comodo Rule Set or Atomicorp Rule Set, you can send the string ORA-1234 or OracleDrive or ASL-CONFIG-FILE in a comment, product review, registration form, e-commerce…
CVE-2024-4367 – Arbitrary JavaScript execution in PDF.js #JavaScript #CVE-2024-4367 #ArbitraryExecution https://codeanlabs.com/blog/research/cve-2024-4367-arbitrary-js-execution-in-pdf-js/
codeanlabs
CVE-2024-4367 - Arbitrary JavaScript execution in PDF.js - Codean Labs
A vulnerability in PDF.js found by Codean Labs. PDF.js is a JavaScript-based PDF viewer maintained by Mozilla. This bug allows an attacker to execute arbitrary JavaScript code as soon as a malicious PDF file is opened. This affects all Firefox users (
Abusing url handling in iTerm2 and Hyper for code execution #TerminalEscapeSequences #iTerm2 #Hyper #Vulnerabilities #CodeExecution https://vin01.github.io/piptagole/escape-sequences/iterm2/hyper/url-handlers/code-execution/2024/05/21/arbitrary-url-schemes-terminal-emulators.html
Vin01’s Blog
Abusing url handling in iTerm2 and Hyper for code execution
What are escape sequences
Heap overflow in WebRtcAudioSink #Chromium https://issues.chromium.org/issues/41485743
Remote Desktop Protocol: The Series #RDP #IncidentResponse #RemoteDesktopProtocol #Cybersecurity #SophosNews https://news.sophos.com/en-us/2024/03/20/remote-desktop-protocol-the-series/
Sophos News
Remote Desktop Protocol: The Series
What is RDP, why is it a very nearly ubiquitous finding in incident response, and how can investigators run it to ground it when it goes wrong? An Active Adversary Special Report