Abcbot, an evolving botnet https://blog.netlab.360.com/abcbot_an_evolving_botnet_en/
360 Netlab Blog - Network Security Research Lab at 360
Abcbot, an evolving botnet
Background
Business on the cloud and security on the cloud is one of the industry trends in recent years. 360Netlab is also continuing to focus on security incidents and trends on the cloud from its own expertise in the technology field. The following is…
Business on the cloud and security on the cloud is one of the industry trends in recent years. 360Netlab is also continuing to focus on security incidents and trends on the cloud from its own expertise in the technology field. The following is…
Deep Dive into a Fresh Variant of Snake Keylogger Malware https://www.fortinet.com/blog/threat-research/deep-dive-into-a-fresh-variant-of-snake-keylogger-malware
Fortinet Blog
Deep Dive into a Fresh Variant of Snake Keylogger Malware
FortiGuard Labs recently discovered a fresh variant of the Snake Keylogger malware. Learn how it is downloaded and executed through a captured Excel sample, what techniques this variant uses to pro…
Exchange Exploit Leads to Domain Wide Ransomware https://thedfirreport.com/2021/11/15/exchange-exploit-leads-to-domain-wide-ransomware/
The DFIR Report
Exchange Exploit Leads to Domain Wide Ransomware
In late September 2021, we observed an intrusion in which initial access was gained by the threat actor exploiting multiple vulnerabilities in Microsoft Exchange. The threat actors in this case wer…
Flare-On 2021: known https://0xdf.gitlab.io/flare-on-2021/known
0xdf hacks stuff
Flare-On 2021: known
known presented a ransomware file decrypter, as well as a handful of encrypted files. If I can figure out the key to give the decrypter, it will decrypt the files, one of which contains the flag. I’ll use Ghidra to determine the algorithm, then recreate it…
Seamlessly Discovering Netgear Universal Plug-and-Pwn (UPnP) 0-days https://blog.grimm-co.com/2021/11/seamlessly-discovering-netgear.html
AFL++ on Android with QEMU support https://alephsecurity.com/2021/11/16/fuzzing-qemu-android/
Alephsecurity
AFL++ on Android with QEMU support
TensorFlow Python Code Injection: More eval() Woes https://jfrog.com/blog/tensorflow-python-code-injection-more-eval-woes/
JFrog
TensorFlow Python Code Injection: More eval() Woes
Background JFrog security research team (formerly Vdoo) has recently disclosed a code injection issue in one of the utilities shipped with TensorFlow, a popular Machine Learning platform that’s widely used in the industry. The issue has been assigned to CVE…
Hands-On Muhstik Botnet: crypto-mining attacks targeting Kubernetes https://sysdig.com/blog/muhstik-malware-botnet-analysis/
Sysdig
Hands-On Muhstik Botnet: crypto-mining attacks targeting Kubernetes | Sysdig
How to detect the Muhstik Botnet attacking a Kubernetes Pod to control the Pod and mine cryptocurrency and DDoS.
When renting a hitman online goes horribly wrong https://blog.malwarebytes.com/privacy-2/2021/11/when-renting-a-hitman-online-goes-horribly-wrong/
Malwarebytes Labs
When renting a hitman online goes horribly wrong
We look at the long history of a site which claims to offer hitman services to the masses - with an inevitable twist in the tail.
Introduction to Dharma - Part 1https://blog.haboob.sa/blog/introduction-to-dharma-part-1
Haboob
Introduction to Dharma - Part 1 — Haboob
While targeting Adobe Acrobat JavaScript APIs, we were not only focusing on performance and the number of cases generated per second, but also on effective generation of valid inputs that cover different functionalities and uncover new vulnerabilities. Obtaining…
Windows Security Updates for Hackers https://bitsadm.in/blog/windows-security-updates-for-hackers
Debugging a weird 'file not found' error https://jvns.ca/blog/2021/11/17/debugging-a-weird--file-not-found--error/
Julia Evans
Debugging a weird 'file not found' error
A tool for profiling heap usage and memory management https://github.com/zznop/vizzy
GitHub
GitHub - zznop/vizzy: Tool for profiling heap usage and memory management
Tool for profiling heap usage and memory management - zznop/vizzy
The Art of PerSwaysion: Investigation of a Long-Lived Phishing Kit https://www.seclarity.io/resources/blog/the-art-of-perswaysion-phishing-kit/
www.seclarity.io
Blog - The Art of PerSwaysion: Investigation of a Long-Lived Phishing Kit
Instant. Actionable. Insights.
[Conti] Ransomware Group In-Depth Analysis https://www.prodaft.com/resource/detail/conti-ransomware-group-depth-analysis
PRODAFT
PRODAFT – Cyber Threat Intelligence and Risk Intelligence
Explore advanced cybersecurity solutions, providing proactive defense against emerging threats. Learn more about our tailored intelligence, and cybercrime investigation solutions.
Abusing Google Drive's Email File Functionality https://mrd0x.com/abusing-google-drives-email-file-functionality/
Mrd0X
Security Research | mr.d0x
Providing security research and red team techniques
Nice summary of router security vulnerabilities » https://modemly.com/m1/pulse
Modemly
Router Bugs and Security Vulnerabilities
Router Bugs, Hacks, Security Vulnerabilities and remediation checklists
Vulnerability Spotlight: Use-after-free vulnerability in Google Chrome could lead to code execution https://blog.talosintelligence.com/2021/11/vulnerability-spotlight-user-after-free.html
Cisco Talos Blog
Vulnerability Spotlight: Use-after-free vulnerability in Google Chrome could lead to code execution
Marcin Towalski of Cisco Talos discovered this vulnerability.
Cisco Talos recently discovered an exploitable use-after-free vulnerability in Google Chrome.
Google Chrome is a cross-platform web browser — and Chromium is the open-source version of the browser…
Cisco Talos recently discovered an exploitable use-after-free vulnerability in Google Chrome.
Google Chrome is a cross-platform web browser — and Chromium is the open-source version of the browser…
Skrull: run malware on the victim using the Process Ghosting technique https://securityonline.info/skrull-run-malware-on-the-victim-using-the-process-ghosting-technique/
Cybersecurity News
Skrull: run malware on the victim using the Process Ghosting technique
Skrull is a malware DRM. It generates launchers that can run malware on the victim using the Process Ghosting technique
The Complete Guide to Understanding Apple Mac Security for Enterprise https://www.sentinelone.com/blog/the-complete-guide-to-understanding-apple-mac-security-for-enterprise-read-the-free-ebook/
SentinelOne
The Complete Guide to Understanding Apple Mac Security for Enterprise | Read the Free Ebook
Learn how to secure macOS devices in the enterprise with this in-depth review of the strengths and weaknesses of Apple's security technologies.