Microsoft has discovered several vulnerabilities, collectively referred to as Nimbuspwn, that could be chained together, allowing an attacker to elevate privileges to root on many Linux desktop endpoints. Leveraging Nimbuspwn as a vector for root access could…

In one of the fastest ransomware cases we have observed, in under four hours the threat actors went from initial access, to domain wide ransomware. The initial access vector for this case was an Ic…

This article introduces VirtualBox research and explains how to build a coverage-based fuzzer, focusing on the emulated network device drivers. In the examples below, we explain how to create a harness for the non-default network device driver PCNet. The…

It was discovered, that redis, a persistent key-value database, due to a packaging issue, is prone to a (Debian-specific) Lua sandbox escape, which could resul…

Emotet is back with a new spam campaign. And it's now spreading itself as a shortcut link file pretending to be Word document.

RW-Fuzzer: A Fuzzing Method for Vulnerability Mining on Router Web Interface

NahamSec, John Hammond & few other folks hosted a CTF this weekend. I solved Android challenges, the challenges were really fun. I decided…

This article describes how masscan works and why it is very fast.

Executive summary 2022 has experienced an increase in the number of wiper variants targeting Ukrainian entities. This blog post looks to explain how wipers work, what makes them so effective and provides a short overview of the most recent samples that appeared…

A read-only file system will not provide adequate protection to mitigate all vulnerabilities exploited via fileless malware techniques.

What is Ngrok? Ngrok is a program that allows you to access your private systems that are behind NAT or a firewall from the outside (internet). It's an encrypted TCP tunnel that provides an address that anyone can access from the internet, and then connects…

Unique source for malware vulnerability research, exploits, and threat intelligence. Track security flaws in malware and C2 infrastructure.

On April 15, 2022, @kagancapar posted a hoax vulnerability as CVE-2022-29072 in 7-zip. While not even a plausible description or demonstration of a vulnerability, multiple people were tricked by it. Let’s see who was tricked, and if they have made any updates…

In this article, we will start analyzing the lazy binding process, we will proceed dissecting dl-runtime, understanding when it is possible to use this technique without a leak, and finally we will build our exploit.

As part of our regular Dark Web and cybercriminal research, Trustwave SpiderLabs has uncovered and analyzed postings from a politically motivated, pro-Russian ransomware group named Stormous.