SQL Injection in Wordpress core (CVE-2022–21661) https://cognn.medium.com/sql-injection-in-wordpress-core-zdi-can-15541-a451c492897
Medium
SQL Injection in Wordpress core (CVE-2022–21661)
Giới thiệu
LoRaWAN's Protocol Stacks: The Forgotten Targets at Risk https://www.trendmicro.com/en_us/research/22/a/lorawans-protocol-stacks-the-forgotten-targets-at-risk.html
Trend Micro
LoRaWAN's Protocol Stacks: The Forgotten Targets at Risk
Attacking RDP from Inside: How we abused named pipes for smart-card hijacking, unauthorized file system access to client machines and more https://www.cyberark.com/resources/threat-research-blog/attacking-rdp-from-inside
Cyberark
Attacking RDP from Inside: How we abused named pipes for smart-card hijacking, unauthorized file system access to client machines…
In this blog post we are going to discuss the details of a vulnerability in Windows Remote Desktop Services, which we recently uncovered. We reported the vulnerability to Microsoft in a...
Intercepting 2FA: Over 1200 man-in-the-middle phishing toolkits detected https://blog.malwarebytes.com/reports/2022/01/intercepting-2fa-over-1200-man-in-the-middle-phishing-toolkits-detected/
Malwarebytes Labs
Intercepting 2FA: Over 1200 man-in-the-middle phishing toolkits detected
Evolved phishing toolkits that can intercept 2FA codes are called man-in-the-middle (MiTM) phishing kits. And they're growing in popularity.
Can You Trust a File’s Digital Signature? New Zloader Campaign exploits Microsoft’s Signature Verification putting users at risk https://research.checkpoint.com/2022/can-you-trust-a-files-digital-signature-new-zloader-campaign-exploits-microsofts-signature-verification-putting-users-at-risk/
Check Point Research
Can You Trust a File’s Digital Signature? New Zloader Campaign exploits Microsoft’s Signature Verification putting users at risk…
Research by: Golan Cohen Introduction Last seen in August 2021, Zloader, a banking malware designed to steal user credentials and private information, is back with a simple yet sophisticated infection chain. Previous Zloader campaigns, which were seen in…
Patchwork APT caught in its own web https://blog.malwarebytes.com/threat-intelligence/2022/01/patchwork-apt-caught-in-its-own-web/
ThreatDown by Malwarebytes
Patchwork APT caught in its own web
Patchwork is an Indian threat actor that has been active since December 2015 and usually targets Pakistan via spear phishing attacks….
Real-world Android Malware Analysis 1: eblagh.apk https://www.purpl3f0xsecur1ty.tech/2022/01/10/eblagh-re.html
Purpl3 F0x Secur1ty
Real-world Android Malware Analysis 1: eblagh.apk
Intro
Mejores sistemas protección red con sistemas IDS/IPS https://blog.elhacker.net/2022/01/mejores-sistemas-para-proteger-red-intrusos-amenazas-sistema-ids-ips.html
Blog elhacker.NET
Mejores sistemas protección red con sistemas IDS/IPS
Blog sobre informática, tecnología y seguridad con manuales, tutoriales y documentación sobre herramientas y programas
Wi-Fi Framework: creating PoC, automated experiments, test suites, fuzzers https://securityonline.info/wi-fi-framework-creating-poc-automated-experiments-test-suites-fuzzers-and-more/
Cybersecurity News
Wi-Fi Framework: creating PoC, automated experiments, test suites, fuzzers
Wi-Fi Framework can be used to create fuzzers, implement new attacks, create PoCs to test for vulnerabilities, automate experiments, implement test suites
TokyoX: DLL side-loading an unknown artifact (Part 2) https://lab52.io/blog/tokyox-dll-side-loading-an-unknown-artifact-part-2/
New SysJoker Backdoor Targets Windows, Linux, and macOS https://www.intezer.com/blog/malware-analysis/new-backdoor-sysjoker/
Intezer
New SysJoker Backdoor Targets Windows, Linux, and macOS
Malware targeting multiple operating systems has become no exception in the malware threat landscape. Vermilion Strike, which was documented just last September, is among the latest examples until now. In December 2021, we discovered a new multi-platform…
Active Directory Privilege Escalation (CVE-2021–42278) https://www.hackingarticles.in/active-directory-privilege-escalation-cve-2021-42278/
Hacking Articles
Windows Privilege Escalation: sAMAccountName Spoofing - Hacking Articles
This post discusses how CVE-2021-42278 allows potential attackers to gain high privileged user access (domain controllers Administrator level access) via a low privileged user (any
NightSky Ransomware – just a Rook RW fork in VMProtect suit https://github.com/Dump-GUY/Malware-analysis-and-Reverse-engineering/blob/main/NightSky_Ransomware%E2%80%93just_a_Rook_RW_fork_in_VMProtect_suit/NightSky_Ransomware%E2%80%93just_a_Rook_RW_fork_in_VMProtect_suit.md
GitHub
Malware-analysis-and-Reverse-engineering/NightSky_Ransomware–just_a_Rook_RW_fork_in_VMProtect_suit/NightSky_Ransomware–just_a_…
Some of my publicly available Malware analysis and Reverse engineering. - Dump-GUY/Malware-analysis-and-Reverse-engineering
Obfuscating Malicious, Macro-Enabled Word Docs https://depthsecurity.com/blog/obfuscating-malicious-macro-enabled-word-docs
Depth Security | A Konica Minolta Service
Obfuscating Malicious, Macro-Enabled Word Docs | Depth Security
Learn more about malicious word documents from the Depth Security team in this blog post. Depth Security provides an experienced take on the subject.
New contribution in @vxunderground, nice one » Playing around with COM objects - PART 1 by @T3nb3w https://papers.vx-underground.org/papers/VXUG/Mirrors/playing-around-com-objects-part-1.pdf
SpoofThatMail: Bash script to check if a domain or list of domains can be spoofed based in DMARC records https://github.com/v4d1/SpoofThatMail
GitHub
GitHub - v4d1/SpoofThatMail: Bash script to check if a domain or list of domains can be spoofed based in DMARC records
Bash script to check if a domain or list of domains can be spoofed based in DMARC records - v4d1/SpoofThatMail
Searching for Deserialization Protection Bypasses in Microsoft Exchange (CVE-2022–21969) https://medium.com/@frycos/searching-for-deserialization-protection-bypasses-in-microsoft-exchange-cve-2022-21969-bfa38f63a62d
Medium
Searching for Deserialization Protection Bypasses in Microsoft Exchange (CVE-2022–21969)
This story begins with a series of fails, but why? That is because of my special relationship with the Microsoft Exchange codebase…
Malicious modifications to open source projects affecting thousands – Sysdig Secure https://sysdig.com/blog/malicious-modifications-detection-sysdig/
Sysdig
Malicious modifications to open source projects affecting thousands - Sysdig Secure – Sysdig
Two extremely popular JavaScript open source packages, colors.js, and faker.js, were maliciously modified to the point of being unusable.