CVE-2023-36713 2023-Oct Windows Common Log File System Driver Information Disclosure 5.5 https://gist.github.com/clearbluejar/0f9dc5da3e7d668c06c5022d29e7b55d
Gist
CVE-2023-36713 2023-Oct Windows Common Log File System Driver Information Disclosure 5.5
CVE-2023-36713 2023-Oct Windows Common Log File System Driver Information Disclosure 5.5 - clfs.sys.x64.10.0.10240.20161-clfs.sys.x64.10.0.10240.20232.ghidriff.md
linux_kernel_cves: Tracking CVEs for the linux Kernel https://github.com/nluedtke/linux_kernel_cves
GitHub
GitHub - nluedtke/linux_kernel_cves: Tracking CVEs for the linux Kernel
Tracking CVEs for the linux Kernel. Contribute to nluedtke/linux_kernel_cves development by creating an account on GitHub.
Hacking the Canon imageCLASS MF742Cdw/MF743Cdw (again) https://haxx.in/posts/hacking-canon-imageclass/
haxx.in
Hacking the Canon imageCLASS MF742Cdw/MF743Cdw (again)
Last year I (successfully) targeted the CANON Printer for Pwn2Own toronto, this year I decided to do the same. But I made a terrible mistake. The night before my flight to toronto I realized I had.. hacked the wrong printer (firmware). I scrambled to blindly…
⚡1
Chinese APT Targeting Cambodian Government https://unit42.paloaltonetworks.com/chinese-apt-linked-to-cambodia-government-attacks/
Unit 42
Chinese APT Targeting Cambodian Government
Cambodian government entities were targeted by a Chinese APT masquerading as cloud backup services. Our findings include C2 infrastructure and more.
Malvertiser copies PC news site to deliver infostealer https://www.malwarebytes.com/blog/threat-intelligence/2023/11/malvertiser-copies-pc-news-site-to-deliver-infostealer
ThreatDown by Malwarebytes
Malvertiser copies PC news site to deliver infostealer - ThreatDown by Malwarebytes
Users looking to download a popular PC utility may be tricked in this campaign where a threat actor has registered a website that copies content from a PC and Windows news portal.
Article 45 Will Roll Back Web Security by 12 Years https://www.eff.org/deeplinks/2023/11/article-45-will-roll-back-web-security-12-years
Electronic Frontier Foundation
Article 45 Will Roll Back Web Security by 12 Years
The EU is poised to pass a sweeping new regulation, eIDAS 2.0. Buried deep in the text is Article 45, which returns us to the dark ages of 2011, when certificate authorities (CAs) could collaborate
AWS IoT Core: A Compromised Device Perspective https://seanpesce.blogspot.com/2023/11/aws-iot-core-compromised-device.html
Blogspot
AWS IoT Core: A Compromised Device Perspective
TL;DR I recently spent some time exploring the potential capabilities that an evil IoT device might have within an AWS...
Unveiling Vulnerabilities in HTTP Parsers: Exploiting Inconsistencies for Security Breaches https://rafa.hashnode.dev/exploiting-http-parsers-inconsistencies
Jupyter Rising: An Update on Jupyter Infostealer https://blogs.vmware.com/security/2023/11/jupyter-rising-an-update-on-jupyter-infostealer.html
VMware Security Blog
Jupyter Rising: An Update on Jupyter Infostealer
Contributor: Nikki Benoit Executive Summary New Jupyter Infostealer variants continue to evolve with simple yet impactful changes to the techniques used by the malware author. This improvement aims to avoid detection and establishes persistence, enabling…
BlueNoroff strikes again with new macOS malware https://www.jamf.com/blog/bluenoroff-strikes-again-with-new-macos-malware/
Jamf
Jamf Threat Labs Discovers Malware from BlueNoroff
Newly discovered later-stage malware from BlueNoroff APT group targets macOS with characteristics similar to their RustBucket campaign.
nftables Adventures: Bug Hunting and N-day Exploitation (CVE-2023-31248) https://starlabs.sg/blog/2023/09-nftables-adventures-bug-hunting-and-n-day-exploitation/
STAR Labs
nftables Adventures: Bug Hunting and N-day Exploitation (CVE-2023-31248)
During my internship, I have been researching and trying to find bugs within the nftables subsystem. In this blog post, I will talk about a bug I have found, as well as the exploitation of an n-day discovered by Mingi Cho – CVE-2023-31248.
Introduction to…
Introduction to…
🔥1
Bypassing GLIBC 2.32’s Safe-Linking Without Leaks into Code Execution: The House of Rust https://c4ebt.github.io/2021/01/22/House-of-Rust.html
c4e's Blog
Bypassing GLIBC 2.32’s Safe-Linking Without Leaks into Code Execution: The House of Rust
The House of Rust is a heap exploitation technique that drops a shell against full PIE binaries that don’t leak any addresses.
The Swiss Knife - SystemBC | Coroxy https://rexorvc0.com/2023/11/12/Swiss-Knife-SystemBC-Coroxy/
RexorVc0
The Swiss Knife - SystemBC | Coroxy
Threat Researcher
Breaking out of Docker via runC – Explaining CVE-2019-5736 https://unit42.paloaltonetworks.com/breaking-docker-via-runc-explaining-cve-2019-5736/
Unit 42
Breaking out of Docker via runC – Explaining CVE-2019-5736
Last week (2019-02-11) a new vulnerability in runC was reported by its maintainers, originally found by Adam Iwaniuk and Borys Poplawski. Dubbed
Analyzing a Modern In-the-wild Android Exploit https://googleprojectzero.blogspot.com/2023/09/analyzing-modern-in-wild-android-exploit.html
projectzero.google
Analyzing a Modern In-the-wild Android Exploit - Project Zero
By Seth Jenkins, Project ZeroIntroductionIn December 2022, Google’s Threat Analysis Group (TAG) discovered an in-the-wild exploit chain targeting Samsu...
👍1
LNK Files Distributed Through Breached Legitimate Websites (Detected by EDR) https://asec.ahnlab.com/en/58919/
ASEC BLOG
LNK Files Distributed Through Breached Legitimate Websites (Detected by EDR) - ASEC BLOG
AhnLab Security Emergency response Center (ASEC) detected circumstances of a malware strain being distributed through breached legitimate websites using various file names, prompting users to run them. This post will introduce how AhnLab EDR analyzes and…
Don’t throw a hissy fit; defend against Medusa https://research.nccgroup.com/2023/11/13/dont-throw-a-hissy-fit-defend-against-medusa/
Reverse Engineering a Cobalt Strike Dropper With Binary Ninja https://binary.ninja/2022/07/22/reverse-engineering-cobalt-strike.html
Binary Ninja
Binary Ninja - Reverse Engineering a Cobalt Strike Dropper With Binary Ninja
Binary Ninja is a modern reverse engineering platform with a scriptable and extensible decompiler.
Tool Release: Cartographer https://research.nccgroup.com/2023/07/20/tool-release-cartographer/