Vulnerabilities Identified in Wyze
Cam IoT Device https://www.bitdefender.com/files/News/CaseStudies/study/413/Bitdefender-PR-Whitepaper-WCam-creat5991-en-EN.pdf
Cam IoT Device https://www.bitdefender.com/files/News/CaseStudies/study/413/Bitdefender-PR-Whitepaper-WCam-creat5991-en-EN.pdf
Top 3 Stealer Malware Activity Research https://brandefense.io/top-3-stealer-malware-activity-report/
Brandefense
Top 3 Stealer Malware Activity Research - Brandefense
This research aims to share the Top 3 Different Stealer Malware behaviors and their properties. Malicious software attacks and their impacts continue to grow rapidly.
AcidRain | A Modem Wiper Rains Down on Europe https://www.sentinelone.com/labs/acidrain-a-modem-wiper-rains-down-on-europe/
SentinelOne
AcidRain | A Modem Wiper Rains Down on Europe
As the most impactful cyber attack of the Ukrainian invasion gets downplayed, SentinelLabs uncovers a more plausible explanation.
Threat Alert: First Python Ransomware Attack Targeting Jupyter Notebooks https://blog.aquasec.com/python-ransomware-jupyter-notebook
Aqua
Threat Alert: First Python Ransomware Attack Targeting Jupyter Notebooks
Team Nautilus uncovered and analyzed the first Python-based ransomware attack that targets misconfigured Jupyter Notebooks in the wild and encrypts files.
Spring4Shell (CVE-2022-22965) FAQ: Spring Framework Remote Code Execution Vulnerability https://www.tenable.com/blog/spring4shell-faq-spring-framework-remote-code-execution-vulnerability
Tenable®
Spring4Shell (CVE-2022-22965) FAQ: Spring Framework Remote Code Execution Vulnerability
A list of frequently asked questions related to Spring4Shell (CVE-2022-22965).
New spear phishing campaign targets Russian dissidents https://blog.malwarebytes.com/threat-intelligence/2022/03/new-spear-phishing-campaign-targets-russian-dissidents/
ThreatDown by Malwarebytes
New spear phishing campaign targets Russian dissidents - ThreatDown by Malwarebytes
This blog post was authored by Hossein Jazi. — Updated to clarify the two different campaigns (Cobalt Strike and Rat) Several threat actors have taken advantage of the war in Ukraine to launch a…
New Milestones for Deep Panda: Log4Shell and Digitally Signed Fire Chili Rootkits https://www.fortinet.com/blog/threat-research/deep-panda-log4shell-fire-chili-rootkits
Fortinet Blog
New Milestones for Deep Panda: Log4Shell and Digitally Signed Fire Chili Rootkits
FortiGuard Labs discovered a campaign by Deep Panda exploiting Log4Shell, along with a novel kernel rootkit signed with a stolen digital certificate also used by Winnti. Read to learn about these a…
Ransomware Spotlight: Hive https://www.trendmicro.com/vinfo/us/security/news/ransomware-spotlight/ransomware-spotlight-hive
Trendmicro
Ransomware Spotlight: Hive
Hive ransomware is one of the new ransomware families in 2021 that poses significant challenges to enterprises worldwide. We take an in-depth look at the ransomware group’s operations and discuss how organizations can bolster their defenses against it.
An Exercise in Dynamic Analysis: Analyzing the PayloadRestrictions.dll Export Address Filtering https://windows-internals.com/an-exercise-in-dynamic-analysis/
Video of the talk "Relaying to Greatness: Windows Privilege Escalation by abusing the RPC/DCOM protocols" at @BlueHatIL https://youtu.be/vfb-bH_HaW4
YouTube
BlueHat IL 2022 - Antonio Cocomazzi & Andrea Pierini - Relaying to Greatness
Relaying to Greatness: Windows Privilege Escalation by abusing the RPC/DCOM protocols
NTLM “Relaying” is a well known replay attack for Windows systems in which the attacker performs a man in the middle and acts on behalf of the victim while communicating…
NTLM “Relaying” is a well known replay attack for Windows systems in which the attacker performs a man in the middle and acts on behalf of the victim while communicating…
Xepor, a web routing framework for reverse engineers and security researchers, brings the best of mitmproxy & Flask https://github.com/xepor/xepor
GitHub
GitHub - xepor/xepor: Xepor, a web routing framework for reverse engineers and security researchers, brings the best of mitmproxy…
Xepor, a web routing framework for reverse engineers and security researchers, brings the best of mitmproxy & Flask - GitHub - xepor/xepor: Xepor, a web routing framework for reverse engine...
[QuickNote] Analysis of Pandora ransomware https://kienmanowar.wordpress.com/2022/03/21/quicknote-analysis-of-pandora-ransomware/
0day in {REA_TEAM}
[QuickNote] Analysis of Pandora ransomware
FOREWORD: Pandora’s code looks very weird and obfuscate complicated, so this analysis does not cover all its functions.I’m not a crypto expert, so I won’t dive into Pandora’…
Abusing Arbitrary File Deletes to Escalate Privilege and Other Great Tricks https://www.zerodayinitiative.com/blog/2022/3/16/abusing-arbitrary-file-deletes-to-escalate-privilege-and-other-great-tricks
Zero Day Initiative
Zero Day Initiative — Abusing Arbitrary File Deletes to Escalate Privilege and Other Great Tricks
We would like to thank researcher Abdelhamid Naceri for his great work in developing these exploit techniques, as well as for the vulnerabilities he has been reporting to our program. We look forward to seeing more from him in the future. Until then, follow…
Log4j postmortem: Developers are taking a hard look at software supply-chain security gaps https://www.techrepublic.com/article/log4j-postmortem-developers-are-taking-a-hard-look-at-software-supply-chain-security-gaps/
TechRepublic
Log4j postmortem: Developers are taking a hard look at software supply-chain security gaps
Developers are exploring new tools and methodologies to ensure the next log4j doesn’t happen. Will it work?
Suspected Conti Ransomware Activity in the Auto Manufacturing Sector https://www.dragos.com/blog/industry-news/suspected-conti-ransomware-activity-in-the-auto-manufacturing-sector/
Dragos
Suspected Conti Ransomware Activity in the Auto Manufacturing Sector
Dragos is observing evidence of multiple automotive manufacturers compromised by Emotet. A malware strain & a cybercrime operation.
Russian Nationals Indicted for Epic Triton/Trisis and Dragonfly Cyberattacks on Energy Firms https://www.darkreading.com/attacks-breaches/russian-state-sponsored-hackers-behind-epic-trisis-attack-indicted-for-targeting-energy-firms
Dark Reading
Russian Nationals Indicted for Epic Triton/Trisis and Dragonfly Cyberattacks on Energy Firms
Four Russian government employees were charged by the DoJ for attack campaigns targeting hundreds of energy sector companies and organizations in 135 countries, including the US.
Fake e‑shops on the prowl for banking credentials using Android malware https://www.welivesecurity.com/2022/04/06/fake-eshops-prowl-banking-credentials-android-malware/
WeLiveSecurity
Fake e‑shops on the prowl for banking credentials using Android malware
ESET researchers have analyzed three malicious Android apps that attempt to steal their login credentials.from the customers of eight Malaysian banks.
My first fuzzy finding: Busyloop in curl https://nyget.in/2022/03/28/my-first-fuzzy-finding-busyloop-in-curl/
Nygetin Paikka | The Place of the Nygetti
My first fuzzy finding: Busyloop in curl
I tend to find ways of occupying myself with new exciting things. It might be a new language I try to learn to speak (not much success there), a new instrument I try to learn to play (I have no mus…