Zero-Day: Hijacking iCloud Credentials with Apple Airtags (Stored XSS)
https://medium.com/@bobbyrsec/zero-day-hijacking-icloud-credentials-with-apple-airtags-stored-xss-6997da43a216
https://medium.com/@bobbyrsec/zero-day-hijacking-icloud-credentials-with-apple-airtags-stored-xss-6997da43a216
Medium
Zero-Day: Hijacking iCloud Credentials with Apple Airtags (Stored XSS)
Apple’s “Lost Mode” allows a user to mark their Airtag as missing if they have misplaced it. This generates a unique…
Cisco Talos Intelligence Group - Comprehensive Threat Intelligence: A wolf in sheep's clothing: Actors spread malware by leveraging trust in Amnesty International and fear of Pegasus
https://blog.talosintelligence.com/2021/09/fakeantipegasusamnesty.html
https://blog.talosintelligence.com/2021/09/fakeantipegasusamnesty.html
Cisco Talos Blog
A wolf in sheep's clothing: Actors spread malware by leveraging trust in Amnesty International and fear of Pegasus
By Vitor Ventura and Arnaud Zobec.
Threat actors are impersonating the group Amnesty International and promising to protect against the Pegasus spyware as part of a scheme to deliver malware.
Amnesty International recently made international headlines when…
Threat actors are impersonating the group Amnesty International and promising to protect against the Pegasus spyware as part of a scheme to deliver malware.
Amnesty International recently made international headlines when…
Misconfigured Apache Airflows Leak Thousands of Credentials from Popular Services
https://www.intezer.com/blog/cloud-security/misconfigured-airflows-leak-credentials/
https://www.intezer.com/blog/cloud-security/misconfigured-airflows-leak-credentials/
Intezer
Misconfigured Airflows Leak Thousands of Credentials from Popular Services
This research refers to misconfigured Apache Airflow managed by individuals or organizations (“users”). As a result of the misconfiguration, the credentials of users are exposed, including their own credentials to the different platforms, applications and…
Update about the October 4th outage - Facebook Engineering
https://engineering.fb.com/2021/10/04/networking-traffic/outage/
Understanding How Facebook Disappeared from the Internet
https://blog.cloudflare.com/october-2021-facebook-outage/
https://engineering.fb.com/2021/10/04/networking-traffic/outage/
Understanding How Facebook Disappeared from the Internet
https://blog.cloudflare.com/october-2021-facebook-outage/
Engineering at Meta
Update about the October 4th outage
To all the people and businesses around the world who depend on us, we are sorry for the inconvenience caused by today’s outage across our platforms. We’ve been working as hard as we can to restore…
Atom Silo ransomware actors use Confluence exploit, DLL side-load for stealthy attack
https://news.sophos.com/en-us/2021/10/04/atom-silo-ransomware-actors-use-confluence-exploit-dll-side-load-for-stealthy-attack/
https://news.sophos.com/en-us/2021/10/04/atom-silo-ransomware-actors-use-confluence-exploit-dll-side-load-for-stealthy-attack/
Sophos News
Atom Silo ransomware actors use Confluence exploit, DLL side-load for stealthy attack
A new ransomware operator uses stealthy techniques, but borrows heavily from other players.
Text message scam infecting Android phones with FluBot | CERT NZ
https://www.cert.govt.nz/individuals/news-and-events/parcel-delivery-text-message-infecting-android-phones/
https://www.cert.govt.nz/individuals/news-and-events/parcel-delivery-text-message-infecting-android-phones/
Data of Over 1.5 Billion Facebook Users Sold on Hacker Forum
https://www.privacyaffairs.com/facebook-data-sold-on-hacker-forum/
https://www.privacyaffairs.com/facebook-data-sold-on-hacker-forum/
Privacy Affairs
Data of Over 1.5 Billion Facebook Users Sold on Hacker Forum
Data on over 1.5 billion Facebook users is being sold on a hacking-related forum, enabling cybercriminals advertisers to target users.
В этом году состоится KolesaConf, где я скорее всего приму участие, по крайней мере тема доклада уже имеется:
• Делаем свой Blender c блекджеком и шлюзами
На самом деле тем будет много и темы по нашей части довольно интересные, мало того спикеры вполне приличные люди и грамотные спецы:
• Логи в особо крупном размере
• Как мы познали дзен в управлении ресурсами Авито
• Как мы жевали 💩
• Ломаем самый свежий Wordpress
• Continuous Delivery без говна и палок
Собственно все будет 13 ноября в онлайне, детали на оф сайте:
kolesa-conf_kz
CVE-2021-41773: Path traversal and file disclosure vulnerability
in Apache HTTP Server
https://www.openwall.com/lists/oss-security/2021/10/05/2
in Apache HTTP Server
https://www.openwall.com/lists/oss-security/2021/10/05/2
UEFI threats moving to the ESP: Introducing ESPecter bootkit | WeLiveSecurity
https://www.welivesecurity.com/2021/10/05/uefi-threats-moving-esp-introducing-especter-bootkit/
https://www.welivesecurity.com/2021/10/05/uefi-threats-moving-esp-introducing-especter-bootkit/
WeLiveSecurity
UEFI threats moving to the ESP: Introducing ESPecter bootkit
ESET researchers discover and analyze ESPecter, a previously undocumented UEFI bootkit with roots that go back all the way to at least 2012.
SMS as infectious mechanism
https://www.proofpoint.com/us/blog/threat-insight/mobile-malware-tanglebot-untangled
https://www.proofpoint.com/us/blog/threat-insight/mobile-malware-tanglebot-untangled
Proofpoint
Mobile Malware: TangleBot Untangled | Proofpoint US
A deep dive into insidious new mobile malware. Powerful features and a knack for disguise make Tanglebot a particularly dangerous threat.
Python ransomware noscript targets ESXi server for encryption
https://news.sophos.com/en-us/2021/10/05/python-ransomware-noscript-targets-esxi-server-for-encryption/
https://news.sophos.com/en-us/2021/10/05/python-ransomware-noscript-targets-esxi-server-for-encryption/
Sophos News
Python ransomware noscript targets ESXi server for encryption
Configuration errors rapidly escalated to a ransomware attack inside a virtual machine hypervisor
Practical EMV Relay Protection
Экран блокировки Apple Pay можно обойти для любого iPhone с картой Visa
Исследование + PoC:
https://practical_emv.gitlab.io/
Экран блокировки Apple Pay можно обойти для любого iPhone с картой Visa
Исследование + PoC:
https://practical_emv.gitlab.io/
PHP 7.0-8.0 disable_functions bypass [user_filter]
https://github.com/mm0r1/exploits/tree/master/php-filter-bypass
З.Ы. реальная подстава(
https://github.com/mm0r1/exploits/tree/master/php-filter-bypass
З.Ы. реальная подстава(
GitHub
exploits/php-filter-bypass at master · mm0r1/exploits
Pwn stuff. Contribute to mm0r1/exploits development by creating an account on GitHub.
Advisory: Cisco ATA19X Privilege Escalation and RCE - IoT Inspector
https://www.iot-inspector.com/blog/advisory-cisco-ata19x-privilege-escalation-rce/
https://www.iot-inspector.com/blog/advisory-cisco-ata19x-privilege-escalation-rce/
Onekey
Advisory: Cisco ATA19X Privilege Escalation and RCE | ONEKEY Research | Research | ONEKEY
We found lacking user privilege separation enforcement and post-authentication command injection remote code execution within Cisco ATA19X firmware.
FIN12: The Prolific Ransomware Intrusion Threat Actor That Has Aggressively Pursued Healthcare Targets | Mandiant
https://www.mandiant.com/resources/fin12-ransomware-intrusion-actor-pursuing-healthcare-targets
https://www.mandiant.com/resources/fin12-ransomware-intrusion-actor-pursuing-healthcare-targets
Google Cloud Blog
FIN12: The Prolific Ransomware Intrusion Threat Actor That Has Aggressively Pursued Healthcare Targets | Mandiant | Google Cloud…
From match fixing to data exfiltration – a story of Messaging as a Service (MaaS) – VB2021 localhost
https://vblocalhost.com/presentations/from-match-fixing-to-data-exfiltration-a-story-of-messaging-as-a-service-maas/
https://vblocalhost.com/presentations/from-match-fixing-to-data-exfiltration-a-story-of-messaging-as-a-service-maas/
eset_fontonlake.pdf
652.5 KB
FontOnLake is a malware family utilizing well-designed custom modules that are constantly under
development. It targets systems running Linux and provides remote access to those systems for its
operators, collects credentials, and serves as a proxy server. Its presence is always accompanied by a
rootkit, which conceals its existence.
development. It targets systems running Linux and provides remote access to those systems for its
operators, collects credentials, and serves as a proxy server. Its presence is always accompanied by a
rootkit, which conceals its existence.