Multi-factor Authentication In-The-Wild bypass methods https://medium.com/proferosec-osm/multi-factor-authentication-in-the-wild-bypass-methods-689f53f0b62b
Medium
Multi-factor Authentication In-The-Wild bypass methods
Introduction
ecapture: capture SSL/TLS text content without CA cert using eBPF, supports Linux x86_64/Aarch64, Android(GKI) Aarch64 https://github.com/ehids/ecapturev
Patch Tuesday to End; Microsoft Announces Windows Autopatch https://www.bankinfosecurity.com/patch-tuesday-to-end-microsoft-announces-windows-autopatch-a-18885
Bankinfosecurity
Patch Tuesday to End; Microsoft Announces Windows Autopatch
Starting in July, the second Tuesday of every month will "just be another Tuesday," Microsoft says. After releasing patches for vulnerabilities in its
Popping Eagle: How We Leveraged Global Analytics to Discover a Sophisticated Threat Actor https://unit42.paloaltonetworks.com/popping-eagle-malware/
Unit 42
Popping Eagle: How We Leveraged Global Analytics to Discover a Sophisticated Threat Actor
We observed a specially crafted DLL hijacking attack used by a previously unknown piece of malware that we dubbed Popping Eagle.
CVE-2022-1040 Sophos XG Firewall Authentication bypass https://blog.viettelcybersecurity.com/cve-2022-1040-sophos-xg-firewall-authentication-bypass/
Managed Identity Attack Paths, Part 1: Automation Accounts https://posts.specterops.io/managed-identity-attack-paths-part-1-automation-accounts-82667d17187a
Medium
Managed Identity Attack Paths, Part 1: Automation Accounts
In this three part blog series we will explore attack paths that emerge out of Managed Identity assignments in three Azure services.
The many lives of BlackCat ransomware https://www.microsoft.com/security/blog/2022/06/13/the-many-lives-of-blackcat-ransomware/
Microsoft News
The many lives of BlackCat ransomware
The use of an unconventional programming language, multiple target devices and possible entry points, and affiliation with prolific threat activity groups have made the BlackCat ransomware a prevalent threat and a prime example of the growing ransomware-as…
Symbiote Deep-Dive: Analysis of a New, Nearly-Impossible-to-Detect Linux Threat https://www.intezer.com/blog/research/new-linux-threat-symbiote/
Intezer
Symbiote: A New, Nearly-Impossible-to-Detect Linux Threat
Symbiote is a new Linux® malware we discovered that acts in a parasitic nature, infecting other running processes to inflict damage on machines.
Quick Malware Analysis: Emotet Epoch 5 infection with spambot traffic pcap from 2022-04-04 https://blog.securityonion.net/2022/06/quick-malware-analysis-emotet-epoch-5.html
blog.securityonion.net
Quick Malware Analysis: Emotet Epoch 5 infection with spambot traffic pcap from 2022-04-04
Thanks to Brad Duncan for sharing this pcap! https://www.malware-traffic-analysis.net/2022/04/04/index.html We did a quick analysis of this ...
An Autopsy on a Zombie In-the-Wild 0-day https://googleprojectzero.blogspot.com/2022/06/an-autopsy-on-zombie-in-wild-0-day.html
Blogspot
An Autopsy on a Zombie In-the-Wild 0-day
Posted by Maddie Stone, Google Project Zero Whenever there’s a new in-the-wild 0-day disclosed, I’m very interested in understanding t...
Hertzbleed Attack: new family of side-channel attacks — frequency side channels https://www.hertzbleed.com/
Hertzbleed
Hertzbleed Attack
Turning Power Side-Channel Attacks Into Remote Timing Attacks on x86
Quick Malware Analysis: Malware infection from Brazil malspam pcap from 2022-04-19 https://blog.securityonion.net/2022/06/quick-malware-analysis-malware.html
blog.securityonion.net
Quick Malware Analysis: Malware infection from Brazil malspam pcap from 2022-04-19
Thanks to Brad Duncan for sharing this pcap! https://www.malware-traffic-analysis.net/2022/04/19/index2.html We did a quick analysis of this...
Hacking 6.5+ million websites => CVE-2022-29455 (Elementor) https://rotem-bar.com/hacking-65-million-websites-greater-cve-2022-29455-elementor
The Android kernel mitigations obstacle race https://github.blog/2022-06-16-the-android-kernel-mitigations-obstacle-race/
The GitHub Blog
The Android kernel mitigations obstacle race
In this post I’ll exploit CVE-2022-22057, a use-after-free in the Qualcomm gpu kernel driver, to gain root and disable SELinux from the untrusted app sandbox on a Samsung Z flip 3. I’ll look at various mitigations that are implemented on modern Android devices…
404 — File still found https://medium.com/@DCSO_CyTec/404-file-still-found-d52c3834084c
Medium
404 — File still found
In early February 2022, we came across a tweet from ShadowChasing1 identifying a SideWinder-related word document which referenced a template URL. In this article, we share our insights from…
CVE-2022-23088: Exploiting a Heap Overflow in the FreeBSD Wi-Fi Stack https://www.zerodayinitiative.com/blog/2022/6/15/cve-2022-23088-exploiting-a-heap-overflow-in-the-freebsd-wi-fi-stack
Zero Day Initiative
Zero Day Initiative — CVE-2022-23088: Exploiting a Heap Overflow in the FreeBSD Wi-Fi Stack
In April of this year, FreeBSD patched a 13-year-old heap overflow in the Wi-Fi stack that could allow network-adjacent attackers to execute arbitrary code on affected installations of FreeBSD Kernel. This bug was originally reported to the ZDI program by…
Ransomware Group Debuts Searchable Victim Data https://krebsonsecurity.com/2022/06/ransomware-group-debuts-searchable-victim-data/
Krebs on Security
Ransomware Group Debuts Searchable Victim Data
Cybercrime groups that specialize in stealing corporate data and demanding a ransom not to publish it have tried countless approaches to shaming their victims into paying. The latest innovation in ratcheting up the heat comes from the ALPHV/BlackCat ransomware…
That Pipe is Still Leaking: Revisiting the RDP Named Pipe Vulnerability https://www.cyberark.com/resources/threat-research-blog/that-pipe-is-still-leaking-revisiting-the-rdp-named-pipe-vulnerability
Cyberark
That Pipe is Still Leaking: Revisiting the RDP Named Pipe Vulnerability
On January 11, 2022, we published a blog post describing the details of CVE-2022-21893, a Remote Desktop vulnerability that we found and reported to Microsoft. After analyzing the patch that fixed...