Malicious npm Packages Strike Again: Exfiltrating Kubernetes Configurations and SSH Keys https://www.cyber-oracle.com/p/malicious-npm-packages-strike-again
Cyber-Oracle
Malicious npm Packages Strike Again: Exfiltrating Kubernetes Configurations and SSH Keys
Plus, Signal Fortifies Its Encryption: PQXDH Protocol Upgrade Bolsters Quantum Resistance
Reports about Cyber Actors Hiding in Router Firmware https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-csa-cyber-report-sept-2023
Cisco
Cisco Security Advisory: Reports about Cyber Actors Hiding in Router Firmware
On September 27, 2023, the U.S. National Security Agency (NSA), the U.S. Federal Bureau of Investigation (FBI), the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the Japan National Police Agency (NPA), and the Japan National Center of Incident…
Input Validation: Necessary but Not Sufficient; It Doesn't Target the Fundamental Issue https://discuss.secdim.com/t/input-validation-necessary-but-not-sufficient-it-doesnt-target-the-fundamental-issue/1172
Discuss
Input Validation: Necessary but Not Sufficient; It Doesn't Target the Fundamental Issue
I have reviewed several solutions for our fix the flag contests, contributed by seasoned developers and prominent CTF players. What has been the most commonly adopted approach to address security vulnerabilities? The answer is Input Validation. This doesn’t…
Meterpreter vs Modern EDR(s) https://redops.at/en/blog/meterpreter-vs-modern-edrs-in-2023
RedOps - English
Meterpreter vs Modern EDR(s) - RedOps
Escaping the Google kCTF Container with a Data-Only Exploit https://h0mbre.github.io/kCTF_Data_Only_Exploit/#
The Human Machine Interface
Escaping the Google kCTF Container with a Data-Only Exploit
Introduction I’ve been doing some Linux kernel exploit development/study and vulnerability research off and on since last Fall and a few months ago I had some downtime on vacation to sit and challenge myself to write my first data-only exploit for a real…
Abusing undocumented features to spoof PE section headers https://secret.club/2023/06/05/spoof-pe-sections.html
secret club
Abusing undocumented features to spoof PE section headers
Introduction Some time ago, I accidentally came across some interesting behaviour in PE files while debugging an unrelated project. I noticed that setting the SectionAlignment value in the NT header to a value lower than the page size (4096) resulted in significant…
The Dragon Who Sold His Camaro: Analyzing Custom Router Implant https://research.checkpoint.com/2023/the-dragon-who-sold-his-camaro-analyzing-custom-router-implant/
Check Point Research
The Dragon Who Sold His Camaro: Analyzing Custom Router Implant - Check Point Research
Check Point Research (CPR) exposes a malicious firmware implant for TP-Link routers allowed attackers to gain full control of infected devices and access compromised networks while evading detection. CPR attributes the attacks to a Chinese state-sponsored…
Lazarus luring employees with trojanized coding challenges: The case of a Spanish aerospace company https://www.welivesecurity.com/en/eset-research/lazarus-luring-employees-trojanized-coding-challenges-case-spanish-aerospace-company/
Welivesecurity
Lazarus luring employees with trojanized coding challenges: The case of a Spanish aerospace company
ESET researchers uncover a Lazarus attack against an aerospace company in Spain, where the group deployed several tools, including a publicly undocumented backdoor we named LightlessCan.
A Race to Report a TOCTOU: Analysis of a Bug Collision in Intel SMM https://research.nccgroup.com/2023/03/15/a-race-to-report-a-toctou-analysis-of-a-bug-collision-in-intel-smm/
Nccgroup
Cyber Security Research
Cutting-edge cyber security research from NCC Group. Find public reports, technical advisories, analyses, & other novel insights from our global experts.
Decrypting the Shadows: Revealing the Secrets of Ransomware Operators – An Interview with @htmalgae https://socradar.io/decrypting-the-shadows-revealing-the-secrets-of-ransomware-operators-an-interview-with-htmalgae/
SOCRadar® Cyber Intelligence Inc.
Decrypting the Shadows: Revealing the Secrets of Ransomware Operators - An Interview with @htmalgae - SOCRadar® Cyber Intelligence…
Meet @htmalgae, an anonymous security researcher with a wealth of experience in web application development. In the digital realm, htmalgae operates under
root with a single command: sudo logrotate https://joshua.hu/gaining-root-with-logrotate-sudo-ubuntu
Joshua Rogers’ Scribbles
root with a single command: sudo logrotate
Starting from the constraint that only sudo logrotate * may be run, and ending at root: abusing the log file flag to overwrite root owned scripts and ride cron to privilege escalation.
Stepping Insyde System Management Mode https://research.nccgroup.com/2023/04/11/stepping-insyde-system-management-mode/
Nccgroup
Cyber Security Research
Cutting-edge cyber security research from NCC Group. Find public reports, technical advisories, analyses, & other novel insights from our global experts.
Reverse engineering integrity checks in Black Ops 3 https://web.archive.org/web/20230522230748/https://momo5502.com/posts/2022-11-17-reverse-engineering-integrity-checks-in-black-ops-3/
How a simple K-TypeConfusion took me 3 months long to create a exploit? [HEVD] - Windows 11 (build 22621) https://wafzsucks.medium.com/how-a-simple-k-typeconfusion-took-me-3-months-long-to-create-a-exploit-f643c94d445f
Medium
How a simple K-TypeConfusion took me 3 months long to create a exploit?
Have you ever tested something for a really long time, that it made part of your life? that’s what happen to me for the last months when a…
👍1
Backchannel Diplomacy: APT29’s Rapidly Evolving Diplomatic Phishing Operations https://www.mandiant.com/resources/blog/apt29-evolving-diplomatic-phishing
Google Cloud Blog
Backchannel Diplomacy: APT29's Rapidly Evolving Diplomatic Phishing Operations | Mandiant | Google Cloud Blog
Observed Exploitation of Critical WS_FTP Vulnerabilities https://www.reddit.com/r/msp/comments/16y3962/observed_exploitation_of_critical_ws_ftp/?utm_source=share&utm_medium=web3x&utm_name=web3xcss&utm_term=1&utm_content=share_button&rdt=51516
Reddit
From the msp community on Reddit
Explore this post and more from the msp community
❤2
Let’s Go into the rabbit hole (part 1) — the challenges of dynamically hooking Golang programs https://blog.quarkslab.com/lets-go-into-the-rabbit-hole-part-1-the-challenges-of-dynamically-hooking-golang-program.html
Quarkslab
Let’s Go into the rabbit hole (part 1) — the challenges of dynamically hooking Golang programs - Quarkslab's blog
Golang is the most used programming language for developing cloud technologies. Tools such as Kubernetes, Docker, Containerd and gVisor are written in Go. Despite the fact that the code of these programs is open source, there is no way to analyze and extend…
TorchServe Pre-Auth Remote Code Execution https://github.com/advisories/GHSA-4mqg-h5jf-j9m7
GitHub
GHSA-4mqg-h5jf-j9m7 - GitHub Advisory Database
TorchServe Pre-Auth Remote Code Execution
Missing Manuals - io_uring worker pool https://blog.cloudflare.com/missing-manuals-io_uring-worker-pool/
The Cloudflare Blog
Missing Manuals - io_uring worker pool
Chances are you might have heard of io_uring. It first appeared in Linux 5.1, back in 2019, and was advertised as the new API for asynchronous I/O. Its goal was to be an alternative to the deemed-to-be-broken-beyond-repair AIO, the “old” asynchronous I/O…