Talos Takes Ep. #55: How Transparent Tribe could evolve in the future https://blog.talosintelligence.com/2021/05/talos-takes-ep-55-how-transparent-tribe.html
Cisco Talos Blog
Talos Takes Ep. #55: How Transparent Tribe could evolve in the future
The latest episode of Talos Takes is available now. Download this episode and subscribe to Talos Takes using the buttons below, or visit the Talos Takes page.
We recently covered how the Transparent Tribe APT added another RAT to its arsenal. Where might…
We recently covered how the Transparent Tribe APT added another RAT to its arsenal. Where might…
PandoraFMS 755 - Chained XSS + .htaccess RCE https://k4m1ll0.com/chained_exploit_htaccess.html
K4M1Ll0
CVE Chained Exploit htaccess PandoraFMS
cve-chained-exploit-htaccess
Mama Always Told Me Not to Trust Strangers without Certificates https://blog.grimm-co.com/2021/09/mama-always-told-me-not-to-trust.html
Financially motivated actor breaks certificate parsing to avoid detection https://blog.google/threat-analysis-group/financially-motivated-actor-breaks-certificate-parsing-avoid-detection/
Google
Financially motivated actor breaks certificate parsing to avoid detection
Financially motivatedt threat actor breaks certificate parsing to avoid detection
Disclosure of three 0-day iOS vulnerabilities and critique of Apple Security Bounty program https://habr.com/en/post/579714/
CVE-2021-39246 – Tor Browser through 10.5.6 and 11.x through 11.0a4 allows a correlation attack excessive verbose logging – Windows, macOS, Linux https://sick.codes/sick-2021-111/
Sick.Codes
CVE-2021-39246 – Tor Browser through 10.5.6 and 11.x through 11.0a4 allows a correlation attack excessive verbose logging – Windows…
Title CVE-2021-39246 – Tor Browser through 10.5.6 and 11.x through 11.0a4 allows a correlation attack excessive verbose logging – Windows, macOS, Linux CVE ID CVE-2021-39246 CVSS Score 6.1 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N Internal ID SICK-2021…
Massive DDoS attacks on VoIP Providers and simulated DDoS testing https://www.rtcsec.com/post/2021/09/massive-ddos-attacks-on-voip-providers-and-simulated-ddos-testing/
Enablesecurity
Massive DDoS attacks on VoIP Providers and simulated DDoS testing
DDoS on SIP servers are crippling VoIP providers. We explain how to do DDoS simulation during pentesting with SIPVicious PRO and how to mitigate these attacks.
Detecting and Hunting for the PetitPotam NTLM Relay Attack https://research.nccgroup.com/2021/09/23/detecting-and-hunting-for-the-petitpotam-ntlm-relay-attack/
VMware CVE-2021-22005 Technical & Impact analysis
https://censys.io/blog/vmware-cve-2021-22005-technical-impact-analysis/
https://censys.io/blog/vmware-cve-2021-22005-technical-impact-analysis/
Censys
VMware CVE-2021-22005 Technical & Impact analysis
Quick note of vCenter RCE (CVE-2021–22005) https://testbnull.medium.com/quick-note-of-vcenter-rce-cve-2021-22005-4337d5a817ee
Medium
Quick note of vCenter RCE (CVE-2021–22005)
Mấy nay đầu óc đang rối ren, bộn bề trong biển việc, ngồi nghĩ mãi mà ko ra cái tên nào hợp lý cho cái blog này cả, không có tên thì lại…
RCE in Citrix ShareFile Storage Zones Controller (CVE-2021-22941) – A Walk-Through https://codewhitesec.blogspot.com/2021/09/citrix-sharefile-rce-cve-2021-22941.html
Blogspot
CODE WHITE | Blog: RCE in Citrix ShareFile Storage Zones Controller (CVE-2021-22941) – A Walk-Through
Citrix ShareFile Storage Zones Controller uses a fork of the third party library NeatUpload. Versions before 5.11.20 are affected by a rela...
Quick Malware Analysis: Cobalt Strike and Hancitor pcap from 2021-09-14 https://blog.securityonion.net/2021/09/quick-malware-analysis-cobalt-strike_15.html
blog.securityonion.net
Quick Malware Analysis: Cobalt Strike and Hancitor pcap from 2021-09-14
Thanks to Brad Duncan for sharing this pcap! https://www.malware-traffic-analysis.net/2021/09/14/index.html We did a quick analysis of this ...
Fun little loader shellcode that executes an ELF in-memory using an anonymous file descriptor https://gist.github.com/zznop/0117c24164ee715e750150633c7c1782
Gist
Fun little loader shellcode that executes an ELF in-memory using an anonymous file descriptor (inspired by https://x-c3ll.gith…
Fun little loader shellcode that executes an ELF in-memory using an anonymous file descriptor (inspired by https://x-c3ll.github.io/posts/fileless-memfd_create/) - mem-loader.asm
Remote Command Execution in Visual Studio Code Remote Development Extension https://www.shielder.it/advisories/remote-command-execution-in-visual-studio-code-remote-development-extension/
Shielder
Shielder - Remote Command Execution in Visual Studio Code Remote Development Extension 1.50
Visual Studio Code Remote Development Extension 1.50 failed to sanitize the host field before using it as an argument of the ssh command, allowing to inject a ProxyCommand option which could be used to run arbitray commands.
CVE-2021-40444 - Fully Weaponized Microsoft Office Word RCE Exploit https://github.com/klezVirus/CVE-2021-40444
GitHub
GitHub - klezVirus/CVE-2021-40444: CVE-2021-40444 - Fully Weaponized Microsoft Office Word RCE Exploit
CVE-2021-40444 - Fully Weaponized Microsoft Office Word RCE Exploit - klezVirus/CVE-2021-40444
fail2ban – Remote Code Execution https://research.securitum.com/fail2ban-remote-code-execution/
research.securitum.com
fail2ban - Remote Code Execution - research.securitum.com
This article is about the recently published security advisory for a pretty popular software, fail2ban (CVE-2021-32749). It is about a bug that may lead to Remote Code Execution.
Stealing weapons from the Armoury (CVE-2021-40981 analysis) https://aptw.tf/2021/09/24/armoury-crate-privesc.html
Catching the big fish: Analyzing a large-scale phishing-as-a-service operation https://www.microsoft.com/security/blog/2021/09/21/catching-the-big-fish-analyzing-a-large-scale-phishing-as-a-service-operation/
Microsoft News
Catching the big fish: Analyzing a large-scale phishing-as-a-service operation
With over 100 available phishing templates that mimic known brands and services, the BulletProofLink operation is responsible for many of the phishing campaigns that impact enterprises today. We are sharing these findings so the broader community can build…
Cryptominer z0Miner Uses Newly Discovered Vulnerability CVE-2021-26084 to Its Advantage https://www.trendmicro.com/en_us/research/21/i/cryptominer-z0miner-uses-newly-discovered-vulnerability-cve-2021.html
Trend Micro
Cryptominer z0Miner Uses Newly Discovered Vulnerability CVE-2021-26084 to Its Advantage
Recently, we discovered that the cryptomining trojan z0Miner has been taking advantage of the Atlassian’s Confluence remote code execution (RCE) vulnerability assigned as CVE-2021-26084, which was disclosed by Atlassian in August.
A new APT is targeting hotels across the world https://therecord.media/a-new-apt-is-targeting-hotels-across-the-world/