Routers Roasting on an Open Firewall: the KV-botnet Investigation https://blog.lumen.com/routers-roasting-on-an-open-firewall-the-kv-botnet-investigation/
Lumen Blog
Routers roasting on an open firewall: the KV-botnet investigation
Uncover the KV-Botnet, a covert network targeting SOHO routers. Learn about its complex infection and command-and-control techniques.
OPC UA Deep Dive Series (Part 8): Gaining Client-Side Remote Code Execution https://claroty.com/team82/research/opc-ua-deep-dive-series-part-8-gaining-client-side-remote-code-execution
Claroty
OPC UA Deep Dive Series (Part 8): Gaining Client-Side Remote Code Execution
Blind XSS fired on Admin panel worth $2000 https://medium.com/@feribytex/blind-xss-fired-on-admin-panel-worth-2000-abe2c83279b5
Medium
Blind XSS fired on Admin panel worth $2000
Blind XSS fired on Admin panel worth $2000 Introduction: Hello Hacker!!! $whoami I am Feri Susanto (fer1bytex0) from indonesia. it is my first Write Up, In this writeup, we will discuss a found Blind …
Ransomware Spotlight: Trigona https://www.trendmicro.com/vinfo/us/security/news/ransomware-spotlight/ransomware-spotlight-trigona
Trendmicro
Ransomware Spotlight: Trigona
After the shutdown of its leak site in October, we look at how ransomware group Trigona operated during its period of activity and discuss how enterprises can fortify their defenses against similar threats.
Abusing
Liftoff assembly and efficiently escaping from sbx https://retr0.zip/blog/abusing-Liftoff-assembly-and-efficiently-escaping-from-sbx.html
Liftoff assembly and efficiently escaping from sbx https://retr0.zip/blog/abusing-Liftoff-assembly-and-efficiently-escaping-from-sbx.html
🔥1
PKP-WAL <= 3.4.0-3 (NativeImportExportPlugin) Remote Code Execution Vulnerability https://karmainsecurity.com/KIS-2023-14
Karmainsecurity
PKP-WAL <= 3.4.0-3 (NativeImportExportPlugin) Remote Code Execution Vulnerability | Karma(In)Security
This is the personal website of Egidio Romano, a very curious guy from Sicily, Italy. He's a computer security enthusiast, particularly addicted to webapp security.
CISA: Russian hackers target TeamCity servers since September https://www.bleepingcomputer.com/news/security/cisa-russian-hackers-target-teamcity-servers-since-september/
BleepingComputer
CISA: Russian hackers target TeamCity servers since September
CISA and partner cybersecurity agencies and intelligence services warned that the APT29 hacking group linked to Russia's Foreign Intelligence Service (SVR) has been targeting unpatched TeamCity servers in widespread attacks since September 2023.
cve-2023-50164-poc: Proof of Concept for Path Traversal in Apache Struts ("CVE-2023-50164") https://github.com/dwisiswant0/cve-2023-50164-poc
GitHub
GitHub - dwisiswant0/cve-2023-50164-poc: Proof of Concept for Path Traversal in Apache Struts ("CVE-2023-50164")
Proof of Concept for Path Traversal in Apache Struts ("CVE-2023-50164") - dwisiswant0/cve-2023-50164-poc
Advisory for SAP Security Note 3022622 – [CVE-2021-21480][PoC] https://redrays.io/blog/cve-2021-21480-sap-critical-vulnerability/
RedRays - Your SAP Security Solution
Advisory for SAP Security Note 3022622 - [CVE-2021-21480][PoC]
SIM Hijacking https://sensepost.com/blog/2022/sim-hijacking/
UNDERSTANDING A PAYLOAD’S LIFE: Featuring Meterpreter & other guests https://attl4s.github.io/assets/pdf/Understanding_a_Payloads_Life.pdf
🔥1
Rhadamanthys v0.5.0 – a deep dive into the stealer’s components https://research.checkpoint.com/2023/rhadamanthys-v0-5-0-a-deep-dive-into-the-stealers-components/
Check Point Research
Rhadamanthys v0.5.0 - a deep dive into the stealer’s components - Check Point Research
Research by: hasherezade Highlights Introduction Rhadamanthys is an information stealer with a diverse set of modules and an interesting multilayered design. In our last article on Rhadamanthys [1], we focused on the custom executable formats used by this…
SMTP Smuggling - Spoofing E-Mails Worldwide https://sec-consult.com/blog/detail/smtp-smuggling-spoofing-e-mails-worldwide/
SEC Consult
SMTP Smuggling - Spoofing E-Mails Worldwide
Introducing a novel technique for e-mail spoofing
👍2
Lets Open(Dir) Some Presents: An Analysis of a Persistent Actor’s Activity https://thedfirreport.com/2023/12/18/lets-opendir-some-presents-an-analysis-of-a-persistent-actors-activity/
The DFIR Report
Lets Open(Dir) Some Presents: An Analysis of a Persistent Actor’s Activity
This report is a little different than our typical content. We were able to analyze data from a perspective we typically don’t get to see… a threat actor’s host! In early November…
All cops are broadcasting: TETRA under scrutiny https://assets-global.website-files.com/64a2900ed5e9bb672af9b2ed/64d42fcc2e3fdcf3d323f3d9_All_cops_are_broadcasting_TETRA_under_scrutiny.pdf?ref=0xor0ne.xyz
CVE-2023-6817: Linux Kernel NetFilter Flaw Opens Root Access https://securityonline.info/cve-2023-6817-linux-kernel-netfilter-flaw-opens-root-access/
Cybersecurity News
CVE-2023-6817: Linux Kernel NetFilter Flaw Opens Root Access
CVE-2023-6817, poses a severe threat with a CVSS score of 7.8, categorizing it as a high-severity issue, also PoC exploit published.
👍1
CVE-2023-6483: Improper/missing API authentication in ADiTaaS v5.1 https://eaton-works.com/2023/12/18/aditaas-cve-2023-6483/
Eaton-Works
CVE-2023-6483: Improper/missing API authentication in ADiTaaS v5.1
The story of CVE-2023-6483, my first CVE and biggest security disclosure yet.
OilRig’s persistent attacks using cloud service-powered downloaders https://www.welivesecurity.com/en/eset-research/oilrig-persistent-attacks-cloud-service-powered-downloaders/
Welivesecurity
OilRig’s persistent attacks using cloud service-powered downloaders
ESET researchers document a series of new OilRig downloaders, all relying on legitimate cloud service providers for C&C communications.