Symbiote Deep-Dive: Analysis of a New, Nearly-Impossible-to-Detect Linux Threat https://www.intezer.com/blog/research/new-linux-threat-symbiote/
Intezer
Symbiote: A New, Nearly-Impossible-to-Detect Linux Threat
Symbiote is a new Linux® malware we discovered that acts in a parasitic nature, infecting other running processes to inflict damage on machines.
Quick Malware Analysis: Emotet Epoch 5 infection with spambot traffic pcap from 2022-04-04 https://blog.securityonion.net/2022/06/quick-malware-analysis-emotet-epoch-5.html
blog.securityonion.net
Quick Malware Analysis: Emotet Epoch 5 infection with spambot traffic pcap from 2022-04-04
Thanks to Brad Duncan for sharing this pcap! https://www.malware-traffic-analysis.net/2022/04/04/index.html We did a quick analysis of this ...
An Autopsy on a Zombie In-the-Wild 0-day https://googleprojectzero.blogspot.com/2022/06/an-autopsy-on-zombie-in-wild-0-day.html
Blogspot
An Autopsy on a Zombie In-the-Wild 0-day
Posted by Maddie Stone, Google Project Zero Whenever there’s a new in-the-wild 0-day disclosed, I’m very interested in understanding t...
Hertzbleed Attack: new family of side-channel attacks — frequency side channels https://www.hertzbleed.com/
Hertzbleed
Hertzbleed Attack
Turning Power Side-Channel Attacks Into Remote Timing Attacks on x86
Quick Malware Analysis: Malware infection from Brazil malspam pcap from 2022-04-19 https://blog.securityonion.net/2022/06/quick-malware-analysis-malware.html
blog.securityonion.net
Quick Malware Analysis: Malware infection from Brazil malspam pcap from 2022-04-19
Thanks to Brad Duncan for sharing this pcap! https://www.malware-traffic-analysis.net/2022/04/19/index2.html We did a quick analysis of this...
Hacking 6.5+ million websites => CVE-2022-29455 (Elementor) https://rotem-bar.com/hacking-65-million-websites-greater-cve-2022-29455-elementor
The Android kernel mitigations obstacle race https://github.blog/2022-06-16-the-android-kernel-mitigations-obstacle-race/
The GitHub Blog
The Android kernel mitigations obstacle race
In this post I’ll exploit CVE-2022-22057, a use-after-free in the Qualcomm gpu kernel driver, to gain root and disable SELinux from the untrusted app sandbox on a Samsung Z flip 3. I’ll look at various mitigations that are implemented on modern Android devices…
404 — File still found https://medium.com/@DCSO_CyTec/404-file-still-found-d52c3834084c
Medium
404 — File still found
In early February 2022, we came across a tweet from ShadowChasing1 identifying a SideWinder-related word document which referenced a template URL. In this article, we share our insights from…
CVE-2022-23088: Exploiting a Heap Overflow in the FreeBSD Wi-Fi Stack https://www.zerodayinitiative.com/blog/2022/6/15/cve-2022-23088-exploiting-a-heap-overflow-in-the-freebsd-wi-fi-stack
Zero Day Initiative
Zero Day Initiative — CVE-2022-23088: Exploiting a Heap Overflow in the FreeBSD Wi-Fi Stack
In April of this year, FreeBSD patched a 13-year-old heap overflow in the Wi-Fi stack that could allow network-adjacent attackers to execute arbitrary code on affected installations of FreeBSD Kernel. This bug was originally reported to the ZDI program by…
Ransomware Group Debuts Searchable Victim Data https://krebsonsecurity.com/2022/06/ransomware-group-debuts-searchable-victim-data/
Krebs on Security
Ransomware Group Debuts Searchable Victim Data
Cybercrime groups that specialize in stealing corporate data and demanding a ransom not to publish it have tried countless approaches to shaming their victims into paying. The latest innovation in ratcheting up the heat comes from the ALPHV/BlackCat ransomware…
That Pipe is Still Leaking: Revisiting the RDP Named Pipe Vulnerability https://www.cyberark.com/resources/threat-research-blog/that-pipe-is-still-leaking-revisiting-the-rdp-named-pipe-vulnerability
Cyberark
That Pipe is Still Leaking: Revisiting the RDP Named Pipe Vulnerability
On January 11, 2022, we published a blog post describing the details of CVE-2022-21893, a Remote Desktop vulnerability that we found and reported to Microsoft. After analyzing the patch that fixed...
A deal with the devil: Analysis of a recent Matanbuchus sample https://medium.com/@DCSO_CyTec/a-deal-with-the-devil-analysis-of-a-recent-matanbuchus-sample-3ce991951d6a
Medium
A deal with the devil: Analysis of a recent Matanbuchus sample
Technical analysis of the Matanbuchus malware with focus on network traffic and commands
CSRF leads to account takeover in Yahoo! https://webs3c.com/t/csrf-leads-to-account-takeover-in-yahoo/93
webs3c
CSRF leads to account takeover in Yahoo!
Hi everyone! During my bug bounty journey I used to read numerous writings to learn different techniques and points of view when hunting. Most of the writings I read were from researchers who had managed to hack Yahoo!. It was because of this that I set…
iOS 16 - restricted Userclients https://saaramar.github.io/ios16_restricted_iouserclients/
Linux Threat Hunting: ‘Syslogk’ a kernel rootkit found under development in the wild https://decoded.avast.io/davidalvarez/linux-threat-hunting-syslogk-a-kernel-rootkit-found-under-development-in-the-wild/
Gendigital
Linux Threat Hunting: ‘Syslogk’ a kernel rootkit found under development in the wild
Syslogk Rootkit Revealed: Analysis
Phishing awareness training: Help your employees avoid the hook https://www.welivesecurity.com/2022/06/21/phishing-awareness-training-help-employees-avoid-hook/
WeLiveSecurity
Phishing awareness training: Help your employees avoid the hook
Educating employees about how to spot phishing attacks can strike a much-needed blow for network defenders.
Does Acrobat Reader Unload Injection of Security Products? https://blog.minerva-labs.com/does-acrobat-reader-unload-injection-of-security-products
Minerva Labs
Does Acrobat Reader Unload Injection of Security Products?
Since March of 2022 we’ve seen a gradual uptick in Adobe Reader processes attempting to query which security product DLLs are loaded into it by acquiring a handle of the DLL. The significant rise over the recent months has caught our attention as it is very…
Quick Malware Analysis: Matanbuchus with Cobalt Strike pcap from 2022-06-16 https://blog.securityonion.net/2022/06/quick-malware-analysis-matanbuchus-with.html
blog.securityonion.net
Quick Malware Analysis: Matanbuchus with Cobalt Strike pcap from 2022-06-16
Thanks to Brad Duncan for sharing this pcap! https://www.malware-traffic-analysis.net/2022/06/16/index.html We did a quick analysis of this ...