Backdoor in XZ Utils allows RCE: everything you need to know #Backdoor #CVE-2024-3094 #RCE #SecurityResearch https://www.wiz.io/blog/cve-2024-3094-critical-rce-vulnerability-found-in-xz-utils#latest-wiz-research-findings-as-of-april-3-2024-33
wiz.io
CVE-2024-3094: Critical RCE Vulnerability Found in XZ Utils | Wiz Blog
CVE-2024-3094 is a malicious code vulnerability in versions 5.6.0 and 5.6.1 of XZ Utils, enabling an SSH authentication bypass in certain Linux distributions
Lord Of The Ring0 - Part 6 | Conclusion #KernelModeMemory #ObjectCallbacks #KeStackAttachProcess #KeWriteProcessMemory https://idov31.github.io/posts/lord-of-the-ring0-p6
🔥1
DinodasRAT Linux implant targeting entities worldwide #Linux #Malware #RAT #MalwareReports #ThreatsDescriptions https://securelist.com/dinodasrat-linux-implant/112284/
Securelist
Analysis of DinodasRAT Linux implant
In this article, we share our analysis of a recent version of the DinodasRAT implant for Linux, which may have been active since 2022.
EM Eye: Eavesdropping on Security Camera via Unintentional RF Emissions #EMEye #Eavesdropping #RF #UnintentionalEmissions https://www.rtl-sdr.com/em-eye-eavesdropping-on-security-camera-via-unintentional-rf-emissions/
rtl-sdr.com
EM Eye: Eavesdropping on Security Camera via Unintentional RF Emissions
Researchers from the University of Michigan and Zhejiang University have recently published their findings on how it's possible to eavesdrop and wirelessly recover images from security cameras via RF unintentionally leaking from the camera electronics. EM…
Attacking AD Certificate Services – Part 1 #CertificateAuthorities #OnlineResponder #SubjectAlternativeName #NTAuthCertificates #CertificateEnrollmentProcess https://vandanpathak.com/exploiting-ad/adcs-attacking-part-1/
RingBuffer's Blog
Attacking AD Certificate Services – Part 1 – RingBuffer's Blog
This blog covers Enumerating the AD services and attacking AD CS in windows environment.
👍1
Incinerator: The Ultimate Android Malware Reversing Tool #AndroidMalwareReversing #MaliciousCodeAnalysis #MobileSecurity https://boschko.ca/incinerator/
Boschko Security Blog
Incinerator: The Ultimate Android Malware Reversing Tool
Master Android malware reversal with ease using Incinerator, your trusted ally in the fight against threat actors for experts and novices alike.
😱1🤮1
Videos of the latest NDSS are now online, interesting material this year #Cybersecurity #Academic https://www.youtube.com/@NDSSSymposium/featured
YouTube
NDSS Symposium
The Network and Distributed System Security Symposium (NDSS) fosters information exchange among researchers and practitioners of network and distributed system security. The target audience includes those interested in practical aspects of network and distributed…
The New Version of JsOutProx is Attacking Financial Institutions in APAC and MENA via GitLab Abuse #GitLabAbuse #RAT https://www.resecurity.com/blog/article/the-new-version-of-jsoutprox-is-attacking-financial-institutions-in-apac-and-mena-via-gitlab-abuse
Don’t Trust the Cache: Exposing Web Cache Poisoning and Deception vulnerabilities #WebCachePoisoning #DenialOfServiceAttack #HTTPResponseSplitting #XSS https://anasbetis023.medium.com/dont-trust-the-cache-exposing-web-cache-poisoning-and-deception-vulnerabilities-3a829f221f52
Medium
Don’t Trust the Cache: Exposing Web Cache Poisoning and Deception vulnerabilities
Good Day!
Agent Tesla Targeting United States & Australia: Revealing the Attackers’ Identities #AgentTesla #Attribution https://research.checkpoint.com/2024/agent-tesla-targeting-united-states-and-australia/
Check Point Research
Agent Tesla Targeting United States & Australia: Revealing the Attackers' Identities - Check Point Research
Research by: Antonis Terefos, Raman Ladutska Part I from the series E-Crime & Punishment Introduction When considering a notoriously famous topic known for quite a long time, it may feel like there is nothing new to add to this area anymore – all paths…
Updated StrelaStealer Targeting European Countries #Cybersecurity #Obfuscation #ThreatIntelligence https://blog.sonicwall.com/en-us/2024/04/updated-strelastealer-targeting-european-countries/
Earth Freybug Uses UNAPIMON for Unhooking Critical APIs #DynamicLinkLibrary #ThreatIntelligence #EndpointSecurity https://www.trendmicro.com/en_us/research/24/d/earth-freybug.html
Trend Micro
Earth Freybug Uses UNAPIMON for Unhooking Critical APIs
This article provides an in-depth look into two techniques used by Earth Freybug actors: dynamic-link library (DLL) hijacking and application programming interface (API) unhooking to prevent child processes from being monitored via a new malware we’ve discovered…
Fighting cookie theft using device bound sessions #CookieTheft #DeviceBoundSessions #GoogleChrome #Cybersecurity https://blog.chromium.org/2024/04/fighting-cookie-theft-using-device.html
Chromium Blog
Fighting cookie theft using device bound sessions
Cookies – small files created by sites you visit – are fundamental to the modern web. They make your online experience easier by saving bro...
A Practical Approach To Attacking IoT Embedded Designs (I) #Cybersecurity #IoT #Embedded https://labs.ioactive.com/2021/02/a-practical-approach-to-attacking-iot.html
Ioactive
A Practical Approach To Attacking IoT Embedded Designs (I)
by Ruben Santamarta The booming IoT ecosystem has meant massive growth in the embedded systems market due to the high demand for connect...
unch: Hides message with invisible Unicode characters #Stego https://github.com/dwisiswant0/unch
GitHub
GitHub - dwisiswant0/unch: Hides message with invisible Unicode characters
Hides message with invisible Unicode characters. Contribute to dwisiswant0/unch development by creating an account on GitHub.
Great, Now Write an Article About That: The Crescendo Multi-Turn LLM Jailbreak Attack #JailbreakAttack #LLM #MultiCrescendo https://crescendo-the-multiturn-jailbreak.github.io/
Crescendo
The Multi-Turn LLM Jailbreak Attack
👍1🤮1
Jia Tan and SocialCyber #SocialCyber #LinuxKernel #Community https://cybersecpolitics.blogspot.com/2024/04/jia-tan-and-socialcyber.html
Blogspot
Jia Tan and SocialCyber
I want to start by saying that Sergey Bratus and DARPA were geniuses at foreseeing the problems that have led us to Jia Tan and XZ. One of ...
🔥2
A Practical Approach to Attacking IoT Embedded Designs (II) #Zigbee #BLE #IoT #Embedded https://labs.ioactive.com/2021/02/a-practical-approach-to-attacking-iot_23.html
Ioactive
A Practical Approach to Attacking IoT Embedded Designs (II)
by Ruben Santamarta In this second and final blog post on this topic, we cover some OTA vulnerabilities we identified in wireless commun...
👍1
Byakugan – The Malware Behind a Phishing Attack #MalwareAnalysis #Phishing #InfoStealer #Keylogger https://www.fortinet.com/blog/threat-research/byakugan-malware-behind-a-phishing-attack
Fortinet Blog
Byakugan – The Malware Behind a Phishing Attack
FortiGuard Labs has uncovered the Byakugan malware behind a recent malware campaign distributed by malicious PDF files. Learn more.…
Latrodectus: This Spider Bytes Like Ice #Cybersecurity #Malware #ThreatActor https://www.proofpoint.com/us/blog/threat-insight/latrodectus-spider-bytes-ice
Proofpoint
Latrodectus Malware Analysis: IcedID 2.0 | Proofpoint US
Proofpoint’s Latrodectus malware analysis explores how this IcedID successor operates. Learn how it evades detection and why it poses such a problem.