The Water Bear that Wasn’t: Tardigrade https://medium.com/@semisi.ganon/the-water-bear-that-wasnt-tardigrade-6d3ed4d8e86b
Medium
The Water Bear that Wasn’t: Tardigrade
In mid November 2021 the world’s tech commentators including Wired, The Washington Post, Bleeping Computer and Tripwire lit up with news of…
POC of Linux Kernel TIPC remote code execution (CVE-2021-43267) flaw has been disclosed https://securityonline.info/cve-2021-43267-poc/
Cybersecurity News
POC of Linux Kernel TIPC remote code execution (CVE-2021-43267) flaw has been disclosed
The POC of Linux Kernel TIPC remote code execution (CVE-2021-43267) vulnerability has been disclosed, the vulnerability level is serious
Discovering Full Read SSRF in Jamf (CVE-2021-39303 & CVE-2021-40809) https://blog.assetnote.io/2021/11/30/jamf-ssrf/
An Illustrated Guide to Elliptic Curve Cryptography Validation https://research.nccgroup.com/2021/11/18/an-illustrated-guide-to-elliptic-curve-cryptography-validation/
Nice write-up (in Korean) » Virtualbox 6.1.18 0-day(였던) http://blog.howdays.kr/index.php/2021/11/26/virtualbox-6-1-18-0-day/
What does APT Activity Look Like on macOS? https://themittenmac.com/what-does-apt-activity-look-like-on-macos/
The Mitten Mac
What does APT Activity Look Like on MacOS?
What does APT Activity Look Like on macOS?I often get asked what Advanced Persistent Activity (APT) or nation state hacking looks like on a macOS system. This is a great question and the answer is no
Tracking a P2P network related to TA505
https://research.nccgroup.com/2021/12/01/tracking-a-p2p-network-related-with-ta505/
https://research.nccgroup.com/2021/12/01/tracking-a-p2p-network-related-with-ta505/
Nccgroup
Cyber Security Research
Cutting-edge cyber security research from NCC Group. Find public reports, technical advisories, analyses, & other novel insights from our global experts.
This shouldn't have happened: A vulnerability postmortem https://googleprojectzero.blogspot.com/2021/12/this-shouldnt-have-happened.html
Blogspot
This shouldn't have happened: A vulnerability postmortem
Posted by Tavis Ormandy, Project Zero Introduction This is an unusual blog post. I normally write posts to highlight some hidden att...
Popping iOS <=14.7 with IOMFB https://jsherman212.github.io/2021/11/28/popping_ios14_with_iomfb.html
Justin’s Blog
Popping iOS <=14.7 with IOMFB
During the last two weeks of my summer (as of writing, summer 2021), I decided to try and take a crack at iOS 14 kernel exploitation with the IOMobileFramebuffer OOB pointer read (CVE-2021-30807). Unfortunately, a couple days after I moved back into school…
All our team wishes you and yours a Happy New Year! ❤️
The Re-Emergence of Emotet https://www.deepinstinct.com/blog/the-re-emergence-of-emotet
Deep Instinct
The Re-Emergence of Emotet | Deep Instinct
Emotet, the malware botnet, has resurfaced after almost 10 months. The operation was originally taken down by multiple international law enforcement agencies this past January. These agencies took control of the infrastructure and scheduled an un-installation…
Unpacking and decryption tools for the Emotet malware https://github.com/deepinstinct/DeMotet
GitHub
GitHub - deepinstinct/DeMotet: Unpacking and decryption tools for the Emotet malware
Unpacking and decryption tools for the Emotet malware - deepinstinct/DeMotet
Protecting Windows Credentials against Network Attacks https://securitycafe.ro/2021/12/02/protecting-windows-credentials-against-network-attacks/
Security Café
Protecting Windows Credentials against Network Attacks
Over the years I’ve seen a lot of misconfigurations or a lack of configurations when it comes to protecting Windows credentials, hashes or Kerberos tickets. The main difficulty here comes fro…
Impact of an Insecure Deep Link https://securityflow.io/impact-of-an-insecure-deep-link/
Just another analysis of the njRAT malware – A step-by-step approach https://cybergeeks.tech/just-another-analysis-of-the-njrat-malware-a-step-by-step-approach/
Kitten.gif: Meet the Sabbath Ransomware Affiliate Program, Again
https://www.mandiant.com/resources/sabbath-ransomware-affiliate
https://www.mandiant.com/resources/sabbath-ransomware-affiliate
Google Cloud Blog
Kitten.gif: Meet the Sabbath Ransomware Affiliate Program, Again | Google Cloud Blog
[CVE-2021-42008] Exploiting A 16-Year-Old Vulnerability In The Linux 6pack Driver https://syst3mfailure.io/sixpack-slab-out-of-bounds
[CVE-2021-42008] Exploiting A 16-Year-Old Vulnerability In The Linux 6pack Driver
CVE-2021-42008 is a Slab-Out-Of-Bounds Write vulnerability in the Linux 6pack driver caused by a missing size validation check in the decode_data function. A malicious input from a process with CAP_NET_ADMIN capability can lead to an overflow in the cooked_buf…
Hakluke: Creating the Perfect Bug Bounty Automation https://labs.detectify.com/2021/11/30/hakluke-creating-the-perfect-bug-bounty-automation/
Labs Detectify
Hakluke: Creating the perfect bug bounty automation - Labs Detectify
Bug Bounty Automation is the key to success for many expert bug bounty hunters including Hakluke. He walks through how he does it.
Windows 10 RCE: The exploit is in the link https://positive.security/blog/ms-officecmd-rce
positive.security
Windows 10 RCE: The exploit is in the link | Positive Security
Chaining a misconfiguration in IE11/Edge Legacy with an argument injection in a Windows 10/11 default URI handler and a bypass for a previous Electron patch, we developed a drive-by RCE exploit for Windows 10. The main vulnerability in the ms-officecmd URI…
Campaign Abusing Legitimate Remote Administrator Tools Uses Fake Cryptocurrency Websites https://www.trendmicro.com/en_us/research/21/k/campaign-abusing-rats-uses-fake-websites.html
Trend Micro
Campaign Abusing Legitimate Remote Administrator Tools Uses Fake Cryptocurrency Websites
We have been tracking a campaign involving the SpyAgent malware that abuses well-known remote access tools (RATs) — namely TeamViewer — for some time now. While previous versions of the malware have been covered by other researchers, our blog entry focuses…