CFG in Windows 11 24H2 #CFG #Windows11 #Hotpatching #SCPCFG #Reversing https://ynwarcs.github.io/Win11-24H2-CFG
###
CFG in Windows 11 24H2
Hotpatching has been looming over Windows 11 for a while now, having already been shipped on the server & cloud deployments. It first came out in March that the first major version to include it will be 24H2, which can now be confirmed in a few minutes of…
🔥1
HiddenArt – A Russian-linked SS7 Threat Actor #HiddenArt #RussianSS7Threat #EneaSolutions #NetworkSecurity #CyberSecurity https://www.enea.com/insights/the-hunt-for-hiddenart/
Enea
HiddenArt - A Russian-linked SS7 Threat Actor
From research on how SS7 network attacks could be used in hybrid warfare we reveal the Russian-connected HiddenArt mobile threat actor
Hunting for Unauthenticated n-days in Asus Routers #Shielder #AsusRouters #Exploit #Vulnerability #IoTSecurity https://www.shielder.com/blog/2024/01/hunting-for-~~un~~authenticated-n-days-in-asus-routers/
Shielder
Shielder - Hunting for ~~Un~~authenticated n-days in Asus Routers
Notes on patch diffing, reverse engineering and exploiting CVE-2023-39238, CVE-2023-39239, and CVE-2023-39240.
CVE-2023-34992: Fortinet FortiSIEM Command Injection Deep-Dive #Fortinet #CVE-2023-34992 #CommandInjection #Horizon3ai #NodeZero https://www.horizon3.ai/attack-research/disclosures/cve-2023-34992-fortinet-fortisiem-command-injection-deep-dive/
Horizon3.ai
CVE-2023-34992: Fortinet FortiSIEM Command Injection Deep-Dive
CVE-2023-34992 Fortinet FortiSIEM Command Injection Deep-Dive and Indicators of Compromise. This blog details a command injection vulnerability which allows an unauthenticated attacker to access the FortiSIEM server as root to execute arbitrary commands.
Linguistic Lumberjack: Attacking Cloud Services via Logging Endpoints (Fluent Bit - CVE-2024-4323) #LinguisticLumberjack #CloudServices #FluentBit #CVE20244323 #TenableBlog https://www.tenable.com/blog/linguistic-lumberjack-attacking-cloud-services-via-logging-endpoints-fluent-bit-cve-2024-4323
Tenable®
Linguistic Lumberjack: Attacking Cloud Services via Logging Endpoints (Fluent Bit - CVE-2024-4323)
Tenable Research has discovered a critical memory corruption vulnerability dubbed Linguistic Lumberjack in Fluent Bit, a core component in the monitoring infrastructure of many cloud services.
New SamsStealer Malware Targets Passwords in Windows Systems #SamsStealer #Malware #WindowsSystems #CYFIRMA #DataBreaches https://cyberinsider.com/new-samsstealer-malware-targets-passwords-in-windows-systems/
CyberInsider
New SamsStealer Malware Targets Passwords in Windows Systems
CYFIRMA researchers have identified a new information-stealing malware named "SamsStealer" that targets Windows systems.
Response Filter Denial of Service (RFDoS): shut down a website by triggering WAF rule #RFDoS #WebsiteShutdown #WAFRule #ResponseFilter #DenialofService https://blog.sicuranext.com/response-filter-denial-of-service-a-new-way-to-shutdown-a-website/
Sicuranext Blog
Response Filter Denial of Service (RFDoS): shut down a website by triggering WAF rule
TL;DR: Basically, if a target website is protected by a WAF using the OWASP Core Rule Set or Comodo Rule Set or Atomicorp Rule Set, you can send the string ORA-1234 or OracleDrive or ASL-CONFIG-FILE in a comment, product review, registration form, e-commerce…
CVE-2024-4367 – Arbitrary JavaScript execution in PDF.js #JavaScript #CVE-2024-4367 #ArbitraryExecution https://codeanlabs.com/blog/research/cve-2024-4367-arbitrary-js-execution-in-pdf-js/
codeanlabs
CVE-2024-4367 - Arbitrary JavaScript execution in PDF.js - Codean Labs
A vulnerability in PDF.js found by Codean Labs. PDF.js is a JavaScript-based PDF viewer maintained by Mozilla. This bug allows an attacker to execute arbitrary JavaScript code as soon as a malicious PDF file is opened. This affects all Firefox users (
Abusing url handling in iTerm2 and Hyper for code execution #TerminalEscapeSequences #iTerm2 #Hyper #Vulnerabilities #CodeExecution https://vin01.github.io/piptagole/escape-sequences/iterm2/hyper/url-handlers/code-execution/2024/05/21/arbitrary-url-schemes-terminal-emulators.html
Vin01’s Blog
Abusing url handling in iTerm2 and Hyper for code execution
What are escape sequences
Heap overflow in WebRtcAudioSink #Chromium https://issues.chromium.org/issues/41485743
Remote Desktop Protocol: The Series #RDP #IncidentResponse #RemoteDesktopProtocol #Cybersecurity #SophosNews https://news.sophos.com/en-us/2024/03/20/remote-desktop-protocol-the-series/
Sophos News
Remote Desktop Protocol: The Series
What is RDP, why is it a very nearly ubiquitous finding in incident response, and how can investigators run it to ground it when it goes wrong? An Active Adversary Special Report
Foxit PDF “Flawed Design” Exploitation #FoxitPDFexploitation #CheckPointResearch #PDFsecurity #maliciousPDF #threatintelligence https://research.checkpoint.com/2024/foxit-pdf-flawed-design-exploitation/
Check Point Research
Foxit PDF “Flawed Design” Exploitation - Check Point Research
Check Point Research has identified an unusual pattern of behavior involving PDF exploitation, mainly targeting users of Foxit Reader. This exploit triggers security warnings that could deceive unsuspecting users into executing harmful commands. Check Point…
Random thoughts on physical security measures #PhysicalSecurity #AlarmBypass #Reconnaissance #CableVulnerabilities #SeeThroughWalls https://diablohorn.com/2024/05/21/random-thoughts-on-physical-security-measures/
DiabloHorn
Random thoughts on physical security measures
Lately, I’ve been drawn to do some desk research and limited hands-on testing of physical security measures. I’ve written about this subject before, you can find the article here. Howev…
Persistence Techniques That Persist #CyberArk #IdentitySecurity #RegistryPersistence #ThreatResearch #PersistenceTechniques https://www.cyberark.com/resources/threat-research-blog/persistence-techniques-that-persist
Cyberark
Persistence Techniques That Persist
Abstract Once threat actors gain a foothold on a system, they must implement techniques to maintain that access, even in the event of restarts, updates in credentials or any other type of change...
Malware Transmutation! - Unveiling the Hidden Traces of BloodAlchemy #Malware https://blog-en.itochuci.co.jp/entry/2024/05/23/090000
Researcher Blog - ITOCHU Cyber & Intelligence Inc.
Malware Transmutation! - Unveiling the Hidden Traces of BloodAlchemy - Researcher Blog - ITOCHU Cyber & Intelligence Inc.
Introduction Malware group History Analysis of BloodAlchemy Initial infection vector and infection flow Analysis of malicious DLL Analysis of shellcode Analysis…
Analysis of CVE-2023-39143 – PaperCut RCE #PaperCutRCE #PenetrationTesting #WebDav #PathTraversal #SecurityVulnerabilities https://blog.securelayer7.net/analysis-of-papercut-rce/
SecureLayer7 - Offensive Security, API Scanner & Attack Surface Management
Analysis of CVE-2023-39143 – PaperCut RCE
Overview CVE-2023-39143 is a path traversal vulnerability found in Papercut MF/NG, a print management solution. This particular CVE only affects Windows installations prior to version 22.1.3. With...
Invisible miners: unveiling GHOSTENGINE’s crypto mining operations #ElasticSecurityLabs #GHOSTENGINE #cryptoMining #Malware #MITREATTACK https://www.elastic.co/security-labs/invisible-miners-unveiling-ghostengine
www.elastic.co
Invisible miners: unveiling GHOSTENGINE’s crypto mining operations — Elastic Security Labs
Elastic Security Labs has identified REF4578, an intrusion set incorporating several malicious modules and leveraging vulnerable drivers to disable known security solutions (EDRs) for crypto mining.
Tracking APT SideWinder Domains By Combining Regex Patterns, Whois Records and Domain Registrars #ThreatIntelligence #APTTracking #MalwareAnalysis #CyberSecurity #DomainDetection https://www.embeeresearch.io/advanced-guide-to-infrastructure-analysis-tracking-apt-sidewinder-domains/
Embee Research
Tracking APT SideWinder Domains By Combining Regex Patterns, Whois Records and Domain Registrars
Tracking APT SideWinder Domains With Regular Expressions, Whois Records and Domain Registrars
Nexus Repository Manager 3 Unauthenticated Path Traversal (CVE-2024-4956) #NexusRepositoryManager #CVE20244956 #Vulnerability #GitHub #Security https://github.com/vulhub/vulhub/tree/master/nexus/CVE-2024-4956
GitHub
vulhub/nexus/CVE-2024-4956 at master · vulhub/vulhub
Pre-Built Vulnerable Environments Based on Docker-Compose - vulhub/vulhub
hardentools: Hardentools simply reduces the attack surface on Microsoft Windows computers by disabling low-hanging fruit risky features. #Hardentools #GitHub #WindowsSecurity #RiskReduction #LowHangingFruit https://github.com/hardentools/hardentools
GitHub
GitHub - hardentools/hardentools: Hardentools simply reduces the attack surface on Microsoft Windows computers by disabling low…
Hardentools simply reduces the attack surface on Microsoft Windows computers by disabling low-hanging fruit risky features. - hardentools/hardentools
👍1
Authentication Bypass due to Sensitive Data Exposure in Local Storage #AuthenticationBypass #SensitiveDataExposure #BugBounty #WebApplicationSecurity #HappyHacking https://medium.com/@kritikasingh06/authentication-bypass-due-to-sensitive-data-exposure-in-local-storage-8a706c798800
Medium
Authentication Bypass due to Sensitive Data Exposure in Local Storage
Hey Infosec buddies!