Hacking Terraform State for Privilege Escalation https://blog.plerion.com/hacking-terraform-state-privilege-escalation/
Plerion
Hacking Terraform State for Privilege Escalation
What can an attacker do if they can edit Terraform state? The answer should be 'nothing' but is actually 'take over your CI/CD pipeline'.
Keylogging in the Windows Kernel with undocumented data structures https://eversinc33.com/posts/kernel-mode-keylogging.html
Hidden GitHub Commits and How to Reveal Them https://neodyme.io/en/blog/github_secrets/
neodyme.io
Hidden GitHub Commits and How to Reveal Them
We have created a tool for GitHub that can reveal commits that potentially contain sensitive information and are not accessible via the public Git history, but that may be of interest or were intentionally deleted.
Threat Brief: WordPress Plugin Exploit Leads to Godzilla Web Shell, Discovery & New CVE https://thedfirreport.com/2024/03/04/threat-brief-wordpress-exploit-leads-to-godzilla-web-shell-discovery-new-cve/
The DFIR Report
Threat Brief: WordPress Plugin Exploit Leads to Godzilla Web Shell, Discovery & New CVE
Below is a recent Threat Brief that we shared with our customers. Each year, we produce over 20 detailed Threat Briefs, which follow a format similar to the below. Typically, these reports include …
On Loaded vs. Executed Libraries During Runtime – What This Means for Reachability https://www.oligo.security/blog/loaded-vs-executed-libraries
www.oligo.security
On Loaded vs. Executed Libraries During Runtime | Oligo Security
The Application Security domain has evolved significantly over the last decade. It’s no surprise then, that with this evolution, comes a jungle of tools that not only causes a lot of confusion, but also a lot of noise, and overlapping messages.
Code injection on Android without ptrace https://erfur.github.io/blog/dev/code-injection-without-ptrace
erfur's bits and pieces
Code injection on Android without ptrace
Evasive Panda leverages Monlam Festival to target Tibetans https://www.welivesecurity.com/en/eset-research/evasive-panda-leverages-monlam-festival-target-tibetans/
Welivesecurity
Evasive Panda leverages Monlam Festival to target Tibetans
ESET research uncovers a cyberespionage campaign that has been victimizing Tibetans through targeted watering hole (also known as a strategic web compromise) and supply-chain compromise attacks
Lord Nemesis Strikes: Supply Chain Attack on the Israeli Academic Sector https://op-c.net/blog/lord-nemesis-strikes-supply-chain-attack-on-the-israeli-academic-sector/
OP Innovate - Premium Application Penetration testing and Incident Response
Lord Nemesis Strikes: Supply Chain Attack on the Israeli Academic Sector - OP INNOVATE
Lord Nemesis, an Iranian hacktivist group, breaches Rashim Software and its Israeli academic clients in a supply chain attack. Learn about the attack, the risks posed by third-party vendors, and how organizations can strengthen their defenses against politically…
Git-Rotate: Leveraging GitHub Actions to Bypass Microsoft Entra Smart lockout https://research.aurainfosec.io/pentest/git-rotate/
Aura Research Division
Git-Rotate: Leveraging GitHub Actions to Bypass Microsoft Entra Smart lockout
Explore how GitHub Actions can be leveraged to rotate IP addresses during password spraying attacks to bypass IP-Based blocking such as Entra Smart lockout.
Donex ransomware https://www.shadowstackre.com/analysis/donex
Behind the doors of a Chinese hacking company, a sordid culture fuelled by influence, alcohol and sex https://www.ctvnews.ca/world/behind-the-doors-of-a-chinese-hacking-company-a-sordid-culture-fuelled-by-influence-alcohol-and-sex-1.6799679
CTVNews
Behind the doors of a Chinese hacking company, a sordid culture fuelled by influence, alcohol and sex
A highly unusual leak last month of internal documents from a private contractor linked to China's government and police revealed the sordid wheeling and dealing that takes place behind the scenes in China's hacking industry.
👍1
Analyze installed Android applications for security risks in Termux https://www.mobile-hacker.com/2024/03/11/analyze-installed-android-applications-for-security-risks-in-termux/
Mobile Hacker
Analyze installed Android applications for security risks in Termux
I will show you how to install and run it on non-rooted Android device using Termux app. This brings convenience of analyzing Android apps directly on device
CVE-2024–23897 – Arbitrary file read in Jenkins https://blog.securelayer7.net/arbitrary-file-read-in-jenkins/
SecureLayer7 - Offensive Security, API Scanner & Attack Surface Management
CVE-2024–23897 – Arbitrary file read in Jenkins
Overview CVE-2024–23897 is a critical vulnerability discovered in Jenkins, with a high CVSS score of 9.8. This vulnerability allows the attacker to read files in the system through Command-Line...
NextChat: An AI Chatbot That Lets You Talk to Anyone You Want To https://www.horizon3.ai/attack-research/attack-blogs/nextchat-an-ai-chatbot-that-lets-you-talk-to-anyone-you-want-to/
Horizon3.ai
NextChat: An AI Chatbot That Lets You Talk to Anyone You Want To
NextChat a.k.a ChatGPT-Next-Web, a popular Gen AI ChatBot, is vulnerable to a critical server-side request forgery (SSRF) vulnerability.
Introduction to LLM Security https://blog.cloudsecuritypartners.com/introduction-to-llm-security/
Cloud Security Partners Blog
Introduction to LLM Security
In the dynamic world of AI today, Large Language Models (LLMs) stand out as one of the most interesting and capable technologies. The ability to answer arbitrary prompts has numerous business use cases. As such, they are rapidly being integrated into a variety…
Practical and Theoretical Attacks in the Industrial Landscape (Part 2) https://claroty.com/team82/research/practical-and-theoretical-attacks-in-the-industrial-landscape-part-2
Claroty
Practical and Theoretical Attacks in the Industrial Landscape (Part 2)
In part two of this Team82 series, we examine practical and theoretical attacks against operational technology (OT) through the use of a virtual factory environment. The attacks range in sophistication and present defenders with an opportunity to threat model…
GhostRace: Exploiting and Mitigating Speculative Race Conditions
(CVE-2024-2193) https://www.vusec.net/projects/ghostrace/
(CVE-2024-2193) https://www.vusec.net/projects/ghostrace/
vusec
GhostRace - vusec
Exploiting and Mitigating Speculative Race Conditions GhostRace: CVE-2024-2193 Race conditions arise when multiple threads attempt to access a shared resource without proper synchronization, often leading to vulnerabilities such as concurrent use-after-free.…
The Anatomy of an ALPHA SPIDER Ransomware Attack https://www.crowdstrike.com/blog/anatomy-of-alpha-spider-ransomware/
CrowdStrike.com
The Anatomy of an ALPHA SPIDER Ransomware Attack
Read this blog on the anatomy of an ALPHA SPIDER ransomware attack to better understand how they operate and how to better protect your business.