Overview

Cookie and credential stealing malware-as-a-service delivered by dropper-as-a-service now packs a “clipper” to steal crypto-transactions, and can drop other malware.

Posted in r/netsec by u/Floni • 4 points and 0 comments

What is SAML? Security Assertion Markup Language (SAML) is an open standard for exchanging authentication and authorization data between parties.
Source: Wikipedia
SAML is often used for single-sign on (“Sign in with Google”, “Sign in with Twitter” etc.).…

If you walk down the streets of Serbia's capital, Belgrade, your face will almost certainly be recorded by one of the city's 1,000 Huawei security

Intro This report will go through an intrusion that went from an Excel file to domain wide ransomware. The threat actors used BazarCall to install Trickbot in the environment which downloaded and e…

Several months ago I found an issue (now CVE-2020-27348) with Ubuntu’s new package management system, Snapcraft. This bug introduced a classic pattern of ins...

Posted in r/netsec by u/Photogurt • 2 points and 1 comment

CVE-2021-36798 is a vulnerability in Cobalt Strike server that could allow victims to register a fake Beacon and DoS attackers.

This is a follow-up to the HS256/RS256 Type Confusion attack against the JWT protocol. Now, firebase/php-jwt attempts to side-step this risk by forcing the user to hard-code the algorithms they wis...

Facebook Server Side Request Forgery (SSRF)The following could have given the ability to make arbitrary HTTP requests to servers within Facebook’s production network Facebook SSRF via /me/personas There exists a SSRF in the graph.facebook.com/me/personas…

In reading Yan Zhu’s excellent write-up of the JSON CSRF vulnerability she found in OkCupid one thing puzzled me: I was under the impression that browsers these days default to …

We can increase our capabilities to distribute our HTTP requests over a larger and larger pool of networks.

"Golden" certificates. Contribute to GhostPack/ForgeCert development by creating an account on GitHub.

Active Directory certificate abuse. Contribute to GhostPack/Certify development by creating an account on GitHub.

Group-IB TI analysts examined Prometheus TDS — an underground service designed to distribute malicious files and redirect users to phishing and malicious sites.

A new version of TitanHQ’s cloud-based anti-spam service and anti-spam software was released on March 5, 2018. SpamTitan version 7.00 includes patches for recently identified vulnerabilities in the ClamAV antivirus engine and a change to the primary AV engine…

Anonymous peer-to-peer distributed communication layer built with open source tools and designed to run any traditional Internet service such as email, IRC or web hosting.

In this research paper James Kettle introduces multiple new classes of HTTP/2-exclusive attacks, demonstrated on popular websites and servers.