Reverse-engineering the Yamaha DX7 synthesizer's sound chip from die photos http://www.righto.com/2021/11/reverse-engineering-yamaha-dx7.html?m=1
Righto
Reverse-engineering the Yamaha DX7 synthesizer's sound chip from die photos
The Yamaha DX7 digital synthesizer was released in 1983 and became "one of the most important advances in the history of modern popular mu...
CVE-2021-22048: VMware vCenter Server Privilege Escalation Vulnerability https://securityonline.info/cve-2021-22048-vmware-vcenter-server-privilege-escalation-vulnerability/
Cybersecurity News
CVE-2021-22048: VMware vCenter Server Privilege Escalation Vulnerability
VMware officially released a risk notice for vCenter Server privilege escalation, the vulnerability number is CVE-2021-22048
CVE-2021-43557: Apache APISIX: Path traversal in request_uri variable https://xvnpw.github.io/posts/cve_2021_43557_apache_apisix_path_traversal_in_request_uri_variable/
xvnpw personal blog
CVE-2021-43557: Apache APISIX: Path traversal in request_uri variable
In this article I will present my research on insecure usage of $request_uri variable in Apache APISIX ingress controller. My work end up in submit of security vulnerability, which was positively confirmed and got CVE-2021-43557. At the end of article I will…
Android APT spyware, targeting Middle East victims, enhances evasiveness https://news.sophos.com/en-us/2021/11/23/android-apt-spyware-targeting-middle-east-victims-improves-its-capabilities/
Sophos News
Android APT spyware, targeting Middle East victims, enhances evasiveness
The phone spyware has new features that confer resistance to takedowns or manual removal
A Deep Dive Into SoWaT: APT31’s Multifunctional Router Implant https://imp0rtp3.wordpress.com/2021/11/25/sowat/
imp0rtp3
A Deep Dive Into SoWaT: APT31’s Multifunctional Router Implant
Executive Summary APT31 is long known to use Operational Relay Boxes (ORBs) and compromise routers.This report examines in detail their only publicly known router implant, dubbed “SoWaT”…
Nice reading » What can you do with an ISA specification? https://alastairreid.github.io/uses-for-isa-specs/
alastairreid.github.io
What can you do with an ISA specification?
ISA specifications describe the behaviour of a processor: the instructions,
memory protection, the privilege mechanisms, debug mechanisms, etc.
The traditional form of an ISA specification is as a paper document but,
as ISAs have grown, this has become unwieldy.…
memory protection, the privilege mechanisms, debug mechanisms, etc.
The traditional form of an ISA specification is as a paper document but,
as ISAs have grown, this has become unwieldy.…
Avaddon Ransomware Analysis https://atos.net/en/lp/securitydive/avaddon-ransomware-analysis
Looking for vulnerabilities in MediaTek audio DSP https://research.checkpoint.com/2021/looking-for-vulnerabilities-in-mediatek-audio-dsp/
Check Point Research
Looking for vulnerabilities in MediaTek audio DSP - Check Point Research
Research By: Slava Makkaveev Introduction Taiwan’s MediaTek has been the global smartphone chip leader since Q3 2020. MediaTek Systems on a chip (SoCs) are embedded in approximately 37% of all smartphones and IoT devices in the world, including high-end phones…
A deep dive into Task Hijacking in Android https://blog.dixitaditya.com/2021/04/21/android-task-hijacking.html
Bugs and Writeups
A deep dive into Task Hijacking in Android
Introduction
Insulet OmniPod Insulin Management System vulnerability https://omnipod.lyrebirds.dk/
Abusing Windows’ Implementation of Fork() for Stealthy Memory Operations https://billdemirkapi.me/abusing-windows-implementation-of-fork-for-stealthy-memory-operations/?s=09
Bill Demirkapi's Blog
Abusing Windows’ Implementation of Fork() for Stealthy Memory Operations
Note: Another researcher recently tweeted about the technique discussed in this blog post, this is addressed in the last section of the blog (warning, spoilers!). To access information about a running process, developers generally have to open a handle to…
Exploiting OAuth: Journey to Account Takeover https://blog.dixitaditya.com/2021/11/19/account-takeover-chain.html
All Things Security
Exploiting OAuth: Journey to Account Takeover
This is a chain of four different vulnerabilities that allowed me to exploit the OAuth flow to take over the victim's account.
Nice analysis on low-level details of x86 assembly associated to memset/memcpy https://twitter.com/nadavrot/status/1464364562409422852?t=xuCmg9OLp5gy7wdzdVKKIg&s=09
Twitter
Nadav Rotem
I spent some time optimizing memset and memcpy in x86 assembly. Here are a few interesting things about memset and memcpy. 1/
CONTInuing the Bazar Ransomware Story https://thedfirreport.com/2021/11/29/continuing-the-bazar-ransomware-story/
The DFIR Report
CONTInuing the Bazar Ransomware Story
In this report we will discuss a case from early August where we witnessed threat actors utilizing BazarLoader and Cobalt Strike to accomplish their mission of encrypting systems with Conti ransomw…
ScarCruft surveilling North Korean defectors and human rights activists https://securelist.com/scarcruft-surveilling-north-korean-defectors-and-human-rights-activists/105074/
Securelist
ScarCruft surveilling North Korean defectors and human rights activists
The ScarCruft group (also known as APT37 or Temp.Reaper) is a nation-state sponsored APT actor. Recently, we had an opportunity to perform a deeper investigation on a host compromised by this group.