Sitecore Experience Platform Pre-Auth RCE - CVE-2021-42237 https://blog.assetnote.io/2021/11/02/sitecore-rce/
TP-Link TL-WR840N EU v5 Remote Code Execution https://k4m1ll0.com/cve-2021-41653.html
K4M1Ll0
TP-Link TL-WR840N V5(EU) - RCE - CVE-2021-41653
exploit
US Cyber Command head confirms direct actions against ransomware gangs https://www.zdnet.com/article/us-cyber-command-head-confirms-direct-actions-against-ransomware-gangs/
ZDNet
US Cyber Command head confirms direct actions against ransomware gangs
General Paul M. Nakasone provided a peek behind the curtain into how his agency is trying to combat the growing threat organized ransomware gangs pose to US cybersecurity and vital global infrastructure.
BotenaGo botnet targets millions of IoT devices with 33 exploits https://www.bleepingcomputer.com/news/security/botenago-botnet-targets-millions-of-iot-devices-with-33-exploits/
BleepingComputer
BotenaGo botnet targets millions of IoT devices with 33 exploits
A new BotenaGo malware botnet has been discovered using over thirty exploits to attack millions of routers and IoT devices.
Credit card skimmer evades Virtual Machines https://blog.malwarebytes.com/threat-intelligence/2021/11/credit-card-skimmer-evades-virtual-machines/
Malwarebytes
Credit card skimmer evades Virtual Machines
This blog post was authored by Jérôme Segura There are many techniques threat actors use to slow down analysis or, even...
Abcbot, an evolving botnet https://blog.netlab.360.com/abcbot_an_evolving_botnet_en/
360 Netlab Blog - Network Security Research Lab at 360
Abcbot, an evolving botnet
Background
Business on the cloud and security on the cloud is one of the industry trends in recent years. 360Netlab is also continuing to focus on security incidents and trends on the cloud from its own expertise in the technology field. The following is…
Business on the cloud and security on the cloud is one of the industry trends in recent years. 360Netlab is also continuing to focus on security incidents and trends on the cloud from its own expertise in the technology field. The following is…
Deep Dive into a Fresh Variant of Snake Keylogger Malware https://www.fortinet.com/blog/threat-research/deep-dive-into-a-fresh-variant-of-snake-keylogger-malware
Fortinet Blog
Deep Dive into a Fresh Variant of Snake Keylogger Malware
FortiGuard Labs recently discovered a fresh variant of the Snake Keylogger malware. Learn how it is downloaded and executed through a captured Excel sample, what techniques this variant uses to pro…
Exchange Exploit Leads to Domain Wide Ransomware https://thedfirreport.com/2021/11/15/exchange-exploit-leads-to-domain-wide-ransomware/
The DFIR Report
Exchange Exploit Leads to Domain Wide Ransomware
In late September 2021, we observed an intrusion in which initial access was gained by the threat actor exploiting multiple vulnerabilities in Microsoft Exchange. The threat actors in this case wer…
Flare-On 2021: known https://0xdf.gitlab.io/flare-on-2021/known
0xdf hacks stuff
Flare-On 2021: known
known presented a ransomware file decrypter, as well as a handful of encrypted files. If I can figure out the key to give the decrypter, it will decrypt the files, one of which contains the flag. I’ll use Ghidra to determine the algorithm, then recreate it…
Seamlessly Discovering Netgear Universal Plug-and-Pwn (UPnP) 0-days https://blog.grimm-co.com/2021/11/seamlessly-discovering-netgear.html
AFL++ on Android with QEMU support https://alephsecurity.com/2021/11/16/fuzzing-qemu-android/
Alephsecurity
AFL++ on Android with QEMU support
TensorFlow Python Code Injection: More eval() Woes https://jfrog.com/blog/tensorflow-python-code-injection-more-eval-woes/
JFrog
TensorFlow Python Code Injection: More eval() Woes
Background JFrog security research team (formerly Vdoo) has recently disclosed a code injection issue in one of the utilities shipped with TensorFlow, a popular Machine Learning platform that’s widely used in the industry. The issue has been assigned to CVE…
Hands-On Muhstik Botnet: crypto-mining attacks targeting Kubernetes https://sysdig.com/blog/muhstik-malware-botnet-analysis/
Sysdig
Hands-On Muhstik Botnet: crypto-mining attacks targeting Kubernetes | Sysdig
How to detect the Muhstik Botnet attacking a Kubernetes Pod to control the Pod and mine cryptocurrency and DDoS.
When renting a hitman online goes horribly wrong https://blog.malwarebytes.com/privacy-2/2021/11/when-renting-a-hitman-online-goes-horribly-wrong/
Malwarebytes Labs
When renting a hitman online goes horribly wrong
We look at the long history of a site which claims to offer hitman services to the masses - with an inevitable twist in the tail.
Introduction to Dharma - Part 1https://blog.haboob.sa/blog/introduction-to-dharma-part-1
Haboob
Introduction to Dharma - Part 1 — Haboob
While targeting Adobe Acrobat JavaScript APIs, we were not only focusing on performance and the number of cases generated per second, but also on effective generation of valid inputs that cover different functionalities and uncover new vulnerabilities. Obtaining…