SSRF in PDF export with PhantomJs() https://xhzeem.me/posts/SSRF-in-PDF-export-with-PhantomJs/read/
xhzeem.me
Hi there, I'm Anas Roubi ... A hacker.
Multiple threat actors, including a ransomware gang, exploiting Exchange ProxyShell vulnerabilities https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c
Medium
Multiple threat actors, including a ransomware gang, exploiting Exchange ProxyShell vulnerabilities
These vulnerabilities are worse than ProxyLogon, the Exchange vulnerabilities revealed in March.
Muhstik Takes Aim at Confluence CVE 2021-26084 https://www.lacework.com/blog/muhstik-takes-aim-at-confluence-cve-2021-26084/
Phishing Android Malware Targets Taxpayers in India https://www.mcafee.com/blogs/other-blogs/mcafee-labs/phishing-android-malware-targets-taxpayers-in-india/
McAfee Blog
Phishing Android Malware Targets Taxpayers in India | McAfee Blog
Authored by ChanUng Pak McAfee’s Mobile Research team recently found a new Android malware, Elibomi, targeting taxpayers in India. The
Apache Dubbo: All roads lead to RCE https://securitylab.github.com/research/apache-dubbo/
RCE in Citrix ShareFile Storage Zones Controller (CVE-2021-22941) – A Walk-Through https://codewhitesec.blogspot.com/2021/09/citrix-sharefile-rce-cve-2021-22941.html
Blogspot
CODE WHITE | Blog: RCE in Citrix ShareFile Storage Zones Controller (CVE-2021-22941) – A Walk-Through
Citrix ShareFile Storage Zones Controller uses a fork of the third party library NeatUpload. Versions before 5.11.20 are affected by a rela...
Beginners Guide to 0day/CVE AppSec Research https://0xboku.com/2021/09/14/0dayappsecBeginnerGuide.html
Boku
Beginners Guide to 0day/CVE AppSec Research
Mama Always Told Me Not to Trust Strangers without Certificates https://blog.grimm-co.com/2021/09/mama-always-told-me-not-to-trust.html
Bughound: open-source static code analysis tool https://securityonline.info/bughound-open-source-static-code-analysis-tool/
Cybersecurity News
Bughound: open-source static code analysis tool
Bughound is an open-source static code analysis tool that analyzes your code and sends the results to Elasticsearch and Kibana
Reverse Engineering Adventures: League of Legends Wild Rift (IL2CPP) https://katyscode.wordpress.com/2021/01/15/reverse-engineering-adventures-league-of-legends-wild-rift-il2cpp/
Katy's Code
Reverse Engineering Adventures: League of Legends Wild Rift (IL2CPP)
The most common issue I receive on the tracker for Il2CppInspector is “this file won’t load”. Oftentimes this is due to a bug in the tool, but sometimes it leads me down a reverse…
A Journey Into the Beauty of DNSRebinding (part 1& part 2): https://blog.mindedsecurity.com/2021/02/journey-into-beauty-of-dnsrebinding.html https://blog.mindedsecurity.com/2021/08/a-journey-into-beauty-of-dnsrebinding.html
Mindedsecurity
A Journey Into the Beauty of DNSRebinding - Part 1
Authors Giovanni Guido Alessandro Braccio Abstract In this first blog post about DNS rebinding topic, we are going to show a practical exa...
The Art of the Device Code Phish https://0xboku.com/2021/07/12/ArtOfDeviceCodePhish.html
Boku
The Art of the Device Code Phish
Nice collection of Windows process injection methods https://github.com/odzhan/injection
Bluetooth → Wi-Fi Code Execution & Wi-Fi Debugging https://naehrdine.blogspot.com/2021/04/bluetooth-wi-fi-code-execution-wi-fi.html
Blogspot
Bluetooth → Wi-Fi Code Execution & Wi-Fi Debugging
Wireless and firmware hacking, PhD life, Technology
iOS14.8: Patch CVE-2021-1740 again silently https://jhftss.github.io/CVE-2021-1740-Invalid-Patch/
jhftss.github.io
iOS14.8: Patch CVE-2021-1740 again silently
As well known, iOS14.8 patched two 0 days in the wild, one of which is the pegasus 0-click vulnerability. You can get the root cause and more interesting findings by reading my analysis from here.
Great reading on micro-architectural attacks » Battle for Secure Caches: Attacks and Defenses on Randomized Caches https://www.sigarch.org/battle-for-secure-caches-attacks-and-defenses-on-randomized-caches/
SIGARCH
Battle for Secure Caches: Attacks and Defenses on Randomized Caches
There is a battle ongoing in the realm of secure caches. Cache side-channels are a serious security problem as they allow an attacker to monitor a victim program’s execution and leak sensitive data…