Exploiting Grandstream HT801 ATA (CVE-2021-37748, CVE-2021-37915) https://www.secforce.com/blog/exploiting-grandstream-ht801-ata-cve-2021-37748-cve-2021-37915/
www.secforce.com
Exploiting Grandstream HT801 ATA (CVE-2021-37748, CVE-2021-37915)
This article describes two authenticated remote code execution vulnerabilities that we found during a time-bounded security assessment of Grandstream’s HT801 Analog Telephone Adapter. Both vulnerabilities are exploitable via the limited configuration shell…
Backup “Removal” Solutions - From Conti Ransomware With Love https://www.advintel.io/post/backup-removal-solutions-from-conti-ransomware-with-love
Redsense
RedSense Home
RedSense Cyber Threat Intelligence provides products and services to many of the world’s most sophisticated corporate threat intelligence departments and security organizations. As companies rethink their intelligence frameworks for greater efficacy and cost…
Fuzzing Microsoft's RDP Client using Virtual Channels: Overview & Methodology https://thalium.github.io/blog/posts/fuzzing-microsoft-rdp-client-using-virtual-channels/
OSX.CDDS: a sophisticated watering hole campaign drops a new macOS implant! https://objective-see.com/blog/blog_0x69.html
objective-see.org
OSX.CDDS (OSX.MacMa)
a sophisticated watering hole campaign drops a new macOS implant!
fee: Execute ELF files without dropping them on disk https://github.com/nnsee/fileless-elf-exec
GitHub
GitHub - nnsee/fileless-elf-exec: Execute ELF files without dropping them on disk
Execute ELF files without dropping them on disk. Contribute to nnsee/fileless-elf-exec development by creating an account on GitHub.
The hunt for NOBELIUM, the most sophisticated nation-state attack in history https://www.microsoft.com/security/blog/2021/11/10/the-hunt-for-nobelium-the-most-sophisticated-nation-state-attack-in-history/
Microsoft Security Blog
The hunt for NOBELIUM, the most sophisticated nation-state attack in history | Microsoft Security Blog
In the second of a four-part series on the NOBELIUM nation-state attack, we share the behind-the-scenes details of the detection and investigation into the threat.
SharkBot: a new generation of Android Trojans is targeting banks in Europe https://www.cleafy.com/cleafy-labs/sharkbot-a-new-generation-of-android-trojan-is-targeting-banks-in-europe
Cleafy
SharkBot: a new generation of Android Trojans is targeting banks in Europe | Cleafy Labs
SharkBot: a new generation of Android Trojans is targeting European banks. It has been discovered by the threat intelligence team of Cleafy: here's the technical analysis.
Cyber-mercenary group Void Balaur has been hacking companies for years https://therecord.media/cyber-mercenary-group-void-balaur-has-been-hacking-companies-for-years/
therecord.media
Cyber-mercenary group Void Balaur has been hacking companies for years
Cyber-security firm Trend Micro has published today a 46-page report detailing the history and activity of a hacker-for-hire group that has been advertising its services in the cybercrime underworld and conducting on-demand intrusions since the mid-2010s.
HTML smuggling surges: Highly evasive loader technique increasingly used in banking malware, targeted attacks https://www.microsoft.com/security/blog/2021/11/11/html-smuggling-surges-highly-evasive-loader-technique-increasingly-used-in-banking-malware-targeted-attacks/
Microsoft News
HTML smuggling surges: Highly evasive loader technique increasingly used in banking malware, targeted attacks
HTML smuggling, a highly evasive malware delivery technique that leverages legitimate HTML5 and JavaScript features, is increasingly used in email campaigns that deploy banking malware, remote access Trojans (RATs), and other payloads related to targeted…
Revealing Lamberts/Longhorn malware capabilities using a step-by-step approach (cyberespionage group linked to Vault 7) https://cybergeeks.tech/revealing-the-lamberts-malware-using-a-step-by-step-approach-cyberespionage-group-linked-to-vault-7/
Sitecore Experience Platform Pre-Auth RCE - CVE-2021-42237 https://blog.assetnote.io/2021/11/02/sitecore-rce/
TP-Link TL-WR840N EU v5 Remote Code Execution https://k4m1ll0.com/cve-2021-41653.html
K4M1Ll0
TP-Link TL-WR840N V5(EU) - RCE - CVE-2021-41653
exploit
US Cyber Command head confirms direct actions against ransomware gangs https://www.zdnet.com/article/us-cyber-command-head-confirms-direct-actions-against-ransomware-gangs/
ZDNet
US Cyber Command head confirms direct actions against ransomware gangs
General Paul M. Nakasone provided a peek behind the curtain into how his agency is trying to combat the growing threat organized ransomware gangs pose to US cybersecurity and vital global infrastructure.
BotenaGo botnet targets millions of IoT devices with 33 exploits https://www.bleepingcomputer.com/news/security/botenago-botnet-targets-millions-of-iot-devices-with-33-exploits/
BleepingComputer
BotenaGo botnet targets millions of IoT devices with 33 exploits
A new BotenaGo malware botnet has been discovered using over thirty exploits to attack millions of routers and IoT devices.
Credit card skimmer evades Virtual Machines https://blog.malwarebytes.com/threat-intelligence/2021/11/credit-card-skimmer-evades-virtual-machines/
Malwarebytes
Credit card skimmer evades Virtual Machines
This blog post was authored by Jérôme Segura There are many techniques threat actors use to slow down analysis or, even...