In the midst of an epic troll on a country-wide railway system, we discovered a new threat actor and their reusable wiper called Meteor.

Analysis and Exploitability of a buffer overflow vulnerability present in printer's drivers (CVE-2021-3438).

The Magnitude exploit kit, originally known as PopAds, has been around since at least 2012, which is an unusually long lifetime for an exploit kit. However, it’s not the same exploit kit today that it was nine years ago. Pretty much every part of Magnitude…

My list of “Probably Are Gonna Need It” security features for your web app – things that you should build up-front, not wait until you need them (when it’s already too late).

JFrog finds a new supply chain attack targeting python developers using the PyPI repository

Today, we are launching MLSEC.IO, a new machine learning security evasion competition as an educational effort for the AI and security communities to exercise their muscle to attack critical AI systems in a realistic setting.

Find active vulnerability disclosure programs from the Cybersecurity & Infrastructure Security Agency. Start hunting today!

Techniques based on named pipes for pool overflow exploitation targeting the most recent (and oldest) Windows versions demonstrated on CVE-2020-17087 and an off-by-one overflow - GitHub - vp777/Win...

The techniques for DACL-based attacks against User and Computer objects in Active Directory have been established for years. If we…

Light-weight UNIX backdoor. Contribute to phath0m/JadedWraith development by creating an account on GitHub.

A few weeks back, the messaging service WhatsApp sued the Indian government over new legislation that could undermine its end-to-end encryption (E2EE) software. The legislation requires, among othe…

Posted in r/netsec by u/hermajordoctor • 1 point and 1 comment

Posted in r/netsec by u/thatmemforensicsguy • 7 points and 0 comments

Preface (日本語版も公開されています。) While PyPI has a security page, they don’t have a clear policy for vulnerability assessments.1 This article describes the vulnerabilities that were reported as potential vulnerabilities, using publicly available information. This…

The Print Spooler is responsible to manage and process printer jobs. It runs as a service with SYSTEM level privileges on windows environments. Abuse of the Print Spooler service is not new and suc…

The second quarter of 2021 was expected to be much quieter than the Q1 in DDoS attacks; hence we're looking at the late spring and early summer months of April, May and June, with somewhat cooled business buzz globally. Although, some attacking activity was…

Our Director of Cyber Threat Research, Kev Breen, recently discovered a vulnerability in a piece of stalkerware. What followed was a dilemma that has lasted months. Together, the Immersive Labs team has decided to help educate people on the dangers of stalkerware…