Earth Freybug Uses UNAPIMON for Unhooking Critical APIs #DynamicLinkLibrary #ThreatIntelligence #EndpointSecurity https://www.trendmicro.com/en_us/research/24/d/earth-freybug.html
Trend Micro
Earth Freybug Uses UNAPIMON for Unhooking Critical APIs
This article provides an in-depth look into two techniques used by Earth Freybug actors: dynamic-link library (DLL) hijacking and application programming interface (API) unhooking to prevent child processes from being monitored via a new malware we’ve discovered…
Fighting cookie theft using device bound sessions #CookieTheft #DeviceBoundSessions #GoogleChrome #Cybersecurity https://blog.chromium.org/2024/04/fighting-cookie-theft-using-device.html
Chromium Blog
Fighting cookie theft using device bound sessions
Cookies – small files created by sites you visit – are fundamental to the modern web. They make your online experience easier by saving bro...
A Practical Approach To Attacking IoT Embedded Designs (I) #Cybersecurity #IoT #Embedded https://labs.ioactive.com/2021/02/a-practical-approach-to-attacking-iot.html
Ioactive
A Practical Approach To Attacking IoT Embedded Designs (I)
by Ruben Santamarta The booming IoT ecosystem has meant massive growth in the embedded systems market due to the high demand for connect...
unch: Hides message with invisible Unicode characters #Stego https://github.com/dwisiswant0/unch
GitHub
GitHub - dwisiswant0/unch: Hides message with invisible Unicode characters
Hides message with invisible Unicode characters. Contribute to dwisiswant0/unch development by creating an account on GitHub.
Great, Now Write an Article About That: The Crescendo Multi-Turn LLM Jailbreak Attack #JailbreakAttack #LLM #MultiCrescendo https://crescendo-the-multiturn-jailbreak.github.io/
Crescendo
The Multi-Turn LLM Jailbreak Attack
👍1🤮1
Jia Tan and SocialCyber #SocialCyber #LinuxKernel #Community https://cybersecpolitics.blogspot.com/2024/04/jia-tan-and-socialcyber.html
Blogspot
Jia Tan and SocialCyber
I want to start by saying that Sergey Bratus and DARPA were geniuses at foreseeing the problems that have led us to Jia Tan and XZ. One of ...
🔥2
A Practical Approach to Attacking IoT Embedded Designs (II) #Zigbee #BLE #IoT #Embedded https://labs.ioactive.com/2021/02/a-practical-approach-to-attacking-iot_23.html
Ioactive
A Practical Approach to Attacking IoT Embedded Designs (II)
by Ruben Santamarta In this second and final blog post on this topic, we cover some OTA vulnerabilities we identified in wireless commun...
👍1
Byakugan – The Malware Behind a Phishing Attack #MalwareAnalysis #Phishing #InfoStealer #Keylogger https://www.fortinet.com/blog/threat-research/byakugan-malware-behind-a-phishing-attack
Fortinet Blog
Byakugan – The Malware Behind a Phishing Attack
FortiGuard Labs has uncovered the Byakugan malware behind a recent malware campaign distributed by malicious PDF files. Learn more.…
Latrodectus: This Spider Bytes Like Ice #Cybersecurity #Malware #ThreatActor https://www.proofpoint.com/us/blog/threat-insight/latrodectus-spider-bytes-ice
Proofpoint
Latrodectus Malware Analysis: IcedID 2.0 | Proofpoint US
Proofpoint’s Latrodectus malware analysis explores how this IcedID successor operates. Learn how it evades detection and why it poses such a problem.
WIFI Credential Dumping #WifiCredentialDumping #OfflineWordlistAttack #DPAPIEncryption https://www.r-tec.net/r-tec-blog-wifi-credential-dumping.html
www.r-tec.net
Blog WIFI Credential Dumping
This blog won't dive into any of the mentioned WIFI attacks, but will highlight techniques to retrieve the PSK from a workstation post-compromise instead.
HTTP/2 CONTINUATION Flood: Technical Details #Http2ContinuationFlood #CPUExhaustion #OutOfMemory #ReachableAssertionCrash https://nowotarski.info/http2-continuation-flood-technical-details/
nowotarski.info
HTTP/2 `CONTINUATION` Flood: Technical Details
Preface In October 2023 I learned about HTTP/2 Rapid Reset attack, dubbed “the largest DDoS attack to date”. I didn’t have deep knowledge of HTTP/2 back then. I knew its basics like frames or HPACK but I was focusing more on HTTP/1.1 protocol and programming…
How I hacked medium : The Rise Of Race Conditions #RaceConditions #Cybersecurity #Exploit https://medium.com/@super_burgundy_weasel_439/how-i-hacked-medium-and-they-didnt-pay-me-f6c89cca3af7
Medium
How I hacked medium and they didn’t pay me
TL;DR : I found a bug which allows negativizing or increasing or bricking the claps count of any article/comment, which has indirect…
CVE-2024-1086: Universal local privilege escalation Proof-of-Concept exploit for CVE-2024-1086, working on most Linux kernels between v5.14 and v6.6, including Debian, Ubuntu, and KernelCTF. The success rate is 99.4% in KernelCTF images. #Exploit #PoC #LPE #CVE-2024-1086 https://github.com/Notselwyn/CVE-2024-1086
GitHub
GitHub - Notselwyn/CVE-2024-1086: Universal local privilege escalation Proof-of-Concept exploit for CVE-2024-1086, working on most…
Universal local privilege escalation Proof-of-Concept exploit for CVE-2024-1086, working on most Linux kernels between v5.14 and v6.6, including Debian, Ubuntu, and KernelCTF. The success rate is 9...
NASA knows what knocked Voyager 1 offline, but it will take a while to fix #NASA #JetPropulsionLaboratory #Voyager1 https://arstechnica.com/space/2024/04/the-diagnosis-is-in-bad-memory-knocked-nasas-aging-voyager-1-offline/
Ars Technica
NASA knows what knocked Voyager 1 offline, but it will take a while to fix
"Engineers are optimistic they can find a way for the FDS to operate normally."
Modder made an IRC client that runs entirely inside the motherboard's BIOS chip #Cybersecurity #UEFI #BIOS #IRCClient https://www.tomshardware.com/software/someone-made-a-functioning-irc-client-that-runs-entirely-inside-the-motherboards-uefi
Tom's Hardware
Modder made an IRC client that runs entirely inside the motherboard's BIOS chip
"I told a friend I was making a joke project, then explained. She said she wasn't sure when to laugh. I'm not sure either."
Rust developers at Google are twice as productive as C++ teams #MemorySafeLanguages #CPlusPlus #Rust #SoftwareSecurity #MemorySafety https://www.theregister.com/2024/03/31/rust_google_c
The Register
Rust developers at Google are twice as productive as C++ teams
Code shines up nicely in production, says Chocolate Factory's Bergstrom
CoralRaider targets victims’ data and social media accounts #ComputerSecurity #DataBreach #AttackSurface #ThreatActor #IncidentResponse https://blog.talosintelligence.com/coralraider-targets-socialmedia-accounts/
Cisco Talos Blog
CoralRaider targets victims’ data and social media accounts
Cisco Talos discovered a new threat actor we’re calling “CoralRaider” that we believe is of Vietnamese origin and financially motivated. CoralRaider has been operating since at least 2023, targeting victims in several Asian and Southeast Asian countries.
ScrubCrypt Deploys VenomRAT with an Arsenal of Plugins #ScrubCrypt #VenomRAT #BatchFile #AES-CBC #MalwareFamilies https://www.fortinet.com/blog/threat-research/scrubcrypt-deploys-venomrat-with-arsenal-of-plugins
Fortinet Blog
ScrubCrypt Deploys VenomRAT with an Arsenal of Plugins
FortiGuard Labs uncovered a threat actor using ScrubCrypt to spread VenomRAT along with multiple RATs. Learn more. …
Persistent Magento backdoor hidden in XML #Backdoor #Magento https://sansec.io/research/magento-xml-backdoor
Sansec
Persistent Magento backdoor hidden in XML
Does your Interceptor.php keep getting infected? Attackers are using a new method for malware persistence on Magento servers. Sansec discovered a cleverly cr...
Puckungfu 2: Another NETGEAR WAN Command Injection #ResearchBlog #NETGEAR #CryptographicVisualization #CommandInjection #ThreatDetection https://research.nccgroup.com/2024/02/09/puckungfu-2-another-netgear-wan-command-injection/