Backdoor in XZ Utils That Almost Happened https://www.schneier.com/blog/archives/2024/04/backdoor-in-xz-utils-that-almost-happened.html
Schneier on Security
Backdoor in XZ Utils That Almost Happened - Schneier on Security
Last week, the Internet dodged a major nation-state attack that would have had catastrophic cybersecurity repercussions worldwide. It’s a catastrophe that didn’t happen, so it won’t get much attention—but it should. There’s an important moral to the story…
The Pizza Box #CharlesSchwab #ThreatHunt #WebDAV #NewOutlook #VulnerabilityDiscovery https://mpizzicaroli.github.io/missfile/
mpizzicaroli.github.io
Missfile://CVE-2024-20670
Before I start, I want to give a shout to the Charles Schwab Threat Intelligence team and our leadership for giving me the opportunity, time, and opinions to give this some legs. As the new Unstructured Hunt lead, this was a thrilling find.
DLL code for testing CVE-2024-21378 in MS Outlook #DLL #code #testing #CVE-2024-21378 #MSOutlook https://gist.github.com/Homer28/7f3559ff993e2598d0ceefbaece1f97f
Gist
DLL code for testing CVE-2024-21378 in MS Outlook
DLL code for testing CVE-2024-21378 in MS Outlook. GitHub Gist: instantly share code, notes, and snippets.
🤷3
Threat Brief: Operation MidnightEclipse, Post-Exploitation Activity Related to CVE-2024-3400 (Updated May 20) #ThreatBrief #CVE20243400 #OperationMidnightEclipse #Unit42 #Cybersecurity https://unit42.paloaltonetworks.com/cve-2024-3400/
Unit 42
Threat Brief: Operation MidnightEclipse, Post-Exploitation Activity Related to CVE-2024-3400 (Updated May 20)
We detail Operation MidnightEclipse, a campaign exploiting command injection vulnerability CVE-2024-3400, and include protections and mitigations.
DES algorithm illustration https://hereket.com/tiny/des-algorithm/
PuTTY vulnerability vuln-p521-bias #PuTTY #vulnerability #NIST #P521 #security https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-p521-bias.html
Palo Alto - Putting The Protecc In GlobalProtect (CVE-2024-3400) #PaloAlto #GlobalProtect #CVE-2024-3400 #SSLVPN #Vulnerability https://labs.watchtowr.com/palo-alto-putting-the-protecc-in-globalprotect-cve-2024-3400/
watchTowr Labs
Palo Alto - Putting The Protecc In GlobalProtect (CVE-2024-3400)
Welcome to April 2024, again. We’re back, again.
Over the weekend, we were all greeted by now-familiar news—a nation-state was exploiting a “sophisticated” vulnerability for full compromise in yet another enterprise-grade SSLVPN device.
We’ve seen all the…
Over the weekend, we were all greeted by now-familiar news—a nation-state was exploiting a “sophisticated” vulnerability for full compromise in yet another enterprise-grade SSLVPN device.
We’ve seen all the…
👾1
CVE-2024-2448: Authenticated Command Injection In Progress Kemp LoadMaster https://rhinosecuritylabs.com/research/cve-2024-2448-kemp-loadmaster/
Rhino Security Labs
CVE-2024-2448: Authenticated Command Injection In Progress Kemp LoadMaster
This blog covers 2 vulnerabilities discovered by Rhino Security Labs in Kemp LoadMaster load balancers: CVE-2024-2448 and CVE-2024-2449.
A quick post on Chen’s algorithm #ChensAlgorithm #CryptographicEngineering #LatticeProblems #QuantumComputing #PQC https://blog.cryptographyengineering.com/2024/04/16/a-quick-post-on-chens-algorithm/
A Few Thoughts on Cryptographic Engineering
A quick post on Chen’s algorithm
Update (April 19): Yilei Chen announced the discovery of a bug in the algorithm, which he does not know how to fix. This was independently discovered by Hongxun Wu and Thomas Vidick. At present, th…
🤯1🤷1
Reversing UK mobile rail tickets #UKRailTickets #MobileTickets #TicketDecoding #PublicKeys #RSAEncryption https://eta.st/2023/01/31/rail-tickets.html
eta.st
Reversing UK mobile rail tickets
The UK has used small credit-card sized tickets to pay for train travel for years and years, since long before I was born — originally theAPTIS ticket1,which...
🔥1
How Antithesis finds bugs (with help from the Super Mario Bros.) #Antithesis #BugFinding #SuperMarioBros #StateSpace #InnovativeApproach https://antithesis.com/blog/sdtalk/
Antithesis
How Antithesis finds bugs (with help from the Super Mario Bros.)
Can solving Super Mario Bros. help solve your distributed systems issues?
🍾1
CVE-2024-20697: Windows Libarchive Remote Code Execution Vulnerability #ZeroDayInitiative #CVE202420697 #Windows #Libarchive #RemoteCodeExecution https://www.zerodayinitiative.com/blog/2024/4/17/cve-2024-20697-windows-libarchive-remote-code-execution-vulnerability
Zero Day Initiative
Zero Day Initiative — CVE-2024-20697: Windows Libarchive Remote Code Execution Vulnerability
In this excerpt of a Trend Micro Vulnerability Research Service vulnerability report, Guy Lederfein and Jason McFadyen of the Trend Micro Research Team detail a recently patched remote code execution vulnerability in Microsoft Windows. This bug was originally…
EvilGophish’s Approach to Advanced Bot Detection with Cloudflare Turnstile #EvilGophish #AdvancedBotDetection #CloudflareTurnstile #PhishingInfrastructure #CybersecurityTools https://fin3ss3g0d.net/index.php/2024/04/08/evilgophishs-approach-to-advanced-bot-detection-with-cloudflare-turnstile/
fin3ss3g0d's Blog -
EvilGophish’s Approach to Advanced Bot Detection with Cloudflare Turnstile - fin3ss3g0d's Blog
Introduction Bots pose a significant threat to the integrity of phishing infrastructure, primarily by automating detection and countermeasures that can prematurely expose and neutralize simulated phishing campaigns. These automated agents can range from security…
Element Android CVE-2024-26131, CVE-2024-26132 - Never Take Intents From Strangers #Shielder #ElementAndroid #CVE2024-26131 #CVE2024-26132 #NeverTakeIntentsFromStrangers https://www.shielder.com/blog/2024/04/element-android-cve-2024-26131-cve-2024-26132-never-take-intents-from-strangers/
Shielder
Shielder - Element Android CVE-2024-26131, CVE-2024-26132 - Never Take Intents From Strangers
A writeup about two intent-based Android vulnerabilities CVE-2024-26131 and CVE-2024-26132 in Element (Matrix).
🔥1
Breaking Custom Encryption Using Frida (Mobile Application Pentesting) #CustomEncryption #Frida #MobileApp #PenTesting #ApplicationSecurity https://labs.cognisys.group/posts/Breaking-Custom-Ecryption-Using-Frida-Mobile-Application-pentesting/
Cognisys Group Labs
Breaking Custom Encryption Using Frida (Mobile Application Pentesting)
Overview
🔥1
The Windows Registry Adventure #1: Introduction and research results #ProjectZero #WindowsRegistryAdventure #ResearchResults #CVEs #LocalPrivilegeEscalation https://googleprojectzero.blogspot.com/2024/04/the-windows-registry-adventure-1.html
projectzero.google
The Windows Registry Adventure #1: Introduction and research results - Project Zero
Posted by Mateusz Jurczyk, Google Project Zero In the 20-month period between May 2022 and December 2023, I thoroughly audited the Windows Registry in sear...
How Hackers Use Wireshark for Password Sniffing: What does Wireshark do? #Hackers #Wireshark #PasswordSniffing #Cybersecurity #ProtectYourself https://hackproofhacks.com/password-sniffing/
HackProofHacks
How Hackers Use Wireshark for Password Sniffing: What does Wireshark do? - HackProofHacks
Hey there, let's dive deep into the world of password sniffing and understand how hackers operate to steal sensitive information like login credentials.
The Windows Registry Adventure #2: A brief history of the feature #ProjectZero #WindowsRegistry #History #Google #Windows11 https://googleprojectzero.blogspot.com/2024/04/the-windows-registry-adventure-2.html
projectzero.google
The Windows Registry Adventure #2: A brief history of the feature - Project Zero
Posted by Mateusz Jurczyk, Google Project Zero Before diving into the low-level security aspects of the registry, it is important to understand its role in...
Abusing WSUS with MITM to perform ADCS ESC8 attack #WSUS #MITM #ADCS #ESC8 #PrivilegeEscalation https://j4s0nmo0n.github.io/belettetimoree.github.io/2023-12-01-WSUS-to-ESC8.html
Belette Timorée’s blog post
Abusing WSUS with MITM to perform ADCS ESC8 attack
Google Chrome V8 CVE-2024-0517 Out-of-Bounds Write Code Execution #GoogleChrome #V8 #CodeExecution #VulnerabilityAnalysis #ExodusIntelligence https://blog.exodusintel.com/2024/01/19/google-chrome-v8-cve-2024-0517-out-of-bounds-write-code-execution/
Exodus Intelligence
Google Chrome V8 CVE-2024-0517 Out-of-Bounds Write Code Execution - Exodus Intelligence
By Javier Jimenez and Vignesh Rao Overview In this blog post we take a look at a vulnerability that we found in Google Chrome’s V8 JavaScript engine a few months ago. This vulnerability was patched in a Chrome update on 16 January 2024 and assigned CVE-2024…
🔥3