Кібератака групи UAC-0051 (unc1151) на державні організації України з використанням шкідливої програми MicroBackdoor (CERT-UA#4109) https://cert.gov.ua/article/37626
cert.gov.ua
CERT-UA
Урядова команда реагування на комп’ютерні надзвичайні події України, яка функціонує в складі Державної служби спеціального зв’язку та захисту інформації України.
TeaBot is now spreading across the globe https://www.cleafy.com/cleafy-labs/teabot-is-now-spreading-across-the-globe
Cleafy
TeaBot is now spreading across the globe | Cleafy Labs
Since TeaBot first discovery in 2021, Cleafy's Threat Intelligence Team has been following this banking trojan's trails to understand how it acts against banks. To know more, read here our latest report.
Leaks of Conti Ransomware Group Paint Picture of a Surprisingly Normal Tech Start-Up… Sort Of https://research.checkpoint.com/2022/leaks-of-conti-ransomware-group-paint-picture-of-a-surprisingly-normal-tech-start-up-sort-of/
Check Point Research
Leaks of Conti Ransomware Group Paint Picture of a Surprisingly Normal Tech Start-Up... Sort Of - Check Point Research
Introduction You’ve probably heard of the Conti ransomware group. After their 2020 emergence, they’ve accumulated at least 700 victims, where by “victims” we mean ‘big fish’ corporations with millions of dollars in revenue; unlike your average neighborhood…
PROPHET SPIDER Exploits Citrix ShareFile Remote Code Execution Vulnerability CVE-2021-22941 to Deliver Webshell https://www.crowdstrike.com/blog/prophet-spider-exploits-citrix-sharefile/
crowdstrike.com
PROPHET SPIDER Exploits Citrix ShareFile | CrowdStrike
Read our blog post to learn how PROPHET SPIDER continues to evolve their tradecraft while continuing to exploit known web-server vulnerabilities.
interesting » New Linux Vulnerability CVE-2022-0492 Affecting Cgroups: Can Containers Escape? https://unit42.paloaltonetworks.com/cve-2022-0492-cgroups/
Unit 42
New Linux Vulnerability CVE-2022-0492 Affecting Cgroups: Can Containers Escape?
CVE-2022-0492 is the third recent kernel vulnerability that allows malicious containers to escape. We offer root cause analysis and mitigations.
An unexpected Redis sandbox escape affecting only Debian, Ubuntu, and other derivatives https://www.ubercomp.com/posts/2022-01-20_redis_on_debian_rce
SATCOM terminals under attack in Europe: a plausible analysis https://www.reversemode.com/2022/03/satcom-terminals-under-attack-in-europe.html
Reversemode
SATCOM terminals under attack in Europe: a plausible analysis.
------ Update 03/12/2022 Reuters has published new information on this incident, which initially matches the proposed scenario. You can find...
Exploit Development: Browser Exploitation on Windows - CVE-2019-0567, A Microsoft Edge Type Confusion Vulnerability (Part 1) https://connormcgarr.github.io/type-confusion-part-1/
Connor McGarr’s Blog
Exploit Development: Browser Exploitation on Windows - CVE-2019-0567, A Microsoft Edge Type Confusion Vulnerability (Part 1)
End-to-end ‘modern’ browser exploitation on Windows beginning with configuring a browser exploitation environment, exploring JavaScript intrinsics, and understanding type confusion vulnerabilities.
Good presentation at last BlueHat IL 2022 » "Compilers: The Old New Security Frontier" https://grsecurity.net/Compilers_The_Old_New_Security_Frontier_BlueHat_IL_2022.pdf
2022-02-23 - TRAFFIC ANALYSIS EXERCISE - SUNNYSTATION https://www.malware-traffic-analysis.net/2022/02/23/index.html
[BugTales] Exploiting CSN.1 Bugs in MediaTek Basebands https://labs.taszk.io/articles/post/mtk_baseband_csn1_exploitation/
labs.taszk.io
[BugTales] Exploiting CSN.1 Bugs in MediaTek Basebands
Investigating exploitable remote code execution vulnerabilities in the MediaTek baseband
Good old memories comes to my mind... :) » The original source code of Microsoft GW-BASIC from 1983 » https://github.com/microsoft/GW-BASIC
GitHub
GitHub - microsoft/GW-BASIC: The original source code of Microsoft GW-BASIC from 1983
The original source code of Microsoft GW-BASIC from 1983 - microsoft/GW-BASIC
How expensive is PssCaptureSnapshot? How fast is it? How much memory does it consume? https://devblogs.microsoft.com/oldnewthing/20220314-00/?p=106346
The Old New Thing
How expensive is PssCaptureSnapshot? How fast is it? How much memory does it consume?
Think of it as a copy-on-write copy, like the Volume Snapshot Service.
Making Sense of the Dirty Pipe Vulnerability (CVE-2022-0847) https://redhuntlabs.com/blog/the-dirty-pipe-vulnerability.html
RedHunt Labs
Making Sense of the Dirty Pipe Vulnerability (CVE-2022-0847) - RedHunt Labs
CVE-2022-0847 dubbed the "Dirty Pipe", is a privilege escalation vulnerability in the Linux Kernel. We demonstrate the vulnerability and analyze it in depth.
The Discovery and Exploitation of CVE-2022-25636 https://nickgregory.me/linux/security/2022/03/12/cve-2022-25636/
nickgregory.me
The Discovery and Exploitation of CVE-2022-25636 · Nick Gregory
Security research, programming, and more.
Exploring the archived APKs powering Android’s new app archiving feature https://blog.esper.io/android-dessert-bites-16-app-archiving-857169/
www.esper.io
Exploring the Archived APKs Powering Android’s New App Archiving Feature
Android's new app archiving feature can save loads of storage space thanks to a new archived APK file. Here's how it all works.
Reversing Common Obfuscation Techniques https://ferib.dev/blog.php?l=post/Reversing_Common_Obfuscation_Techniques&t=t