/ Vulnerability Spotlight: How an attacker could chain several vulnerabilities in an industrial wireless router to gain root access
InHand Networks’ InRouter302 that could allow an attacker to escalate their privileges on the targeted device from a non-privileged user to a privileged one:
https://blog.talosintelligence.com/2022/05/blog-post-.html
InHand Networks’ InRouter302 that could allow an attacker to escalate their privileges on the targeted device from a non-privileged user to a privileged one:
https://blog.talosintelligence.com/2022/05/blog-post-.html
/ Zyxel Firewall Unauthenticated Remote Command Injection
https://www.rapid7.com/blog/post/2022/05/12/cve-2022-30525-fixed-zyxel-firewall-unauthenticated-remote-command-injection/
https://www.rapid7.com/blog/post/2022/05/12/cve-2022-30525-fixed-zyxel-firewall-unauthenticated-remote-command-injection/
Rapid7
CVE-2022-30525 (FIXED): Zyxel Firewall Unauthenticated Remote Command Injection | Rapid7 Blog
/ Center for Threat-Informed Defense, Microsoft, and industry partners streamline MITRE ATT&CK® matrix evaluation for defenders
https://www.microsoft.com/security/blog/2022/05/11/center-for-threat-informed-defense-microsoft-and-industry-partners-streamline-mitre-attck-matrix-evaluation-for-defenders/
https://www.microsoft.com/security/blog/2022/05/11/center-for-threat-informed-defense-microsoft-and-industry-partners-streamline-mitre-attck-matrix-evaluation-for-defenders/
Microsoft News
Center for Threat-Informed Defense, Microsoft, and industry partners streamline MITRE ATT&CK® matrix evaluation for defenders
The Center for Threat-Informed Defense, along with Microsoft and industry partners, collaborated on a repeatable methodology and a web-based calculator, aiming to streamline MITRE ATT&CK® use for defenders.
Forwarded from Sys-Admin Up (Yevgeniy Goncharov)
Combining even more techniques to defeat EDR via DLL unhooking and AMSI bypass
Research article:
https://kymb0.github.io/malwaredev-defeat-edr-unhook/
Research article:
https://kymb0.github.io/malwaredev-defeat-edr-unhook/
kymBlog
Combining even more techniques to defeat EDR via DLL unhooking and AMSI bypass
Taking on an enterprise grade EDR for fun, profit, and learning
/ Kali Linux 2022.2 Release
This release has various impressive updates:
https://www.kali.org/blog/kali-linux-2022-2-release/
This release has various impressive updates:
https://www.kali.org/blog/kali-linux-2022-2-release/
Kali Linux
Kali Linux 2022.2 Release (GNOME 42, KDE 5.24 & hollywood-activate) | Kali Linux Blog
It’s that time of year again, time for another Kali Linux release! Quarter #2 - Kali Linux 2022.2. This release has various impressive updates, all of which are ready for immediate download or updating.
The summary of the changelog since the 2022.1 release…
The summary of the changelog since the 2022.1 release…
/ Exploiting a Use-After-Free for code execution in every version of Python 3
PoC:
https://pwn.win/2022/05/11/python-buffered-reader.html
PoC:
https://pwn.win/2022/05/11/python-buffered-reader.html
pwn.win
Exploiting a Use-After-Free for code execution in every version of Python 3
A while ago I was browsing the Python bug tracker, and I stumbled upon this bug - “memoryview to freed memory can cause segfault”. It was created in 2012, originally present in Python 2.7, but remains open to this day, 10 years later. This piqued my interest…
/ Windows 11 KB5013943 is crashing PCs with BSOD, antivirus firm Sophos warns
https://www.windowslatest.com/2022/05/15/windows-11-kb5013943-is-crashing-devices-with-bsod-antivirus-firm-sophos-warns/
https://www.windowslatest.com/2022/05/15/windows-11-kb5013943-is-crashing-devices-with-bsod-antivirus-firm-sophos-warns/
Windows Latest
Windows 11 KB5013943 is crashing PCs with BSOD, antivirus firm Sophos warns
The problems introduced by Windows 11 KB5013943 (May 2022 Patch Tuesday) are pretty serious: it’s crashing computers with Blue Screen of Death if they rely on certain drivers required for apps like antivirus. For those unaware, KB5013943 (May 2022) was released…
/ Vulnerability Spotlight: Multiple memory corruption vulnerabilities in NVIDIA GPU driver
https://blog.talosintelligence.com/2022/05/vuln-spotlight-nvidia-driver-memory.html
https://blog.talosintelligence.com/2022/05/vuln-spotlight-nvidia-driver-memory.html
Cisco Talos Blog
Vulnerability Spotlight: Multiple memory corruption vulnerabilities in NVIDIA GPU driver
Piotr Bania of Cisco Talos discovered these vulnerabilities.
Cisco Talos recently discovered four vulnerabilities in the NVIDIA D3D10 driver for graphics cards that could allow an attacker to corrupt memory and write arbitrary memory on the card.
NVIDIA…
Cisco Talos recently discovered four vulnerabilities in the NVIDIA D3D10 driver for graphics cards that could allow an attacker to corrupt memory and write arbitrary memory on the card.
NVIDIA…
/ Interactive Phishing: Using Chatbot-like Web Applications to Harvest Information
https://www.trustwave.com/media/18693/capture3.png
https://www.trustwave.com/media/18693/capture3.png
/ Rise in XorDdos: A deeper look at the stealthy DDoS malware targeting Linux devices
https://www.microsoft.com/security/blog/2022/05/19/rise-in-xorddos-a-deeper-look-at-the-stealthy-ddos-malware-targeting-linux-devices/
https://www.microsoft.com/security/blog/2022/05/19/rise-in-xorddos-a-deeper-look-at-the-stealthy-ddos-malware-targeting-linux-devices/
Microsoft News
Rise in XorDdos: A deeper look at the stealthy DDoS malware targeting Linux devices
Observing a 254% increase in activity over the last six months from a versatile Linux trojan called XorDdos, the Microsoft 365 Defender research team provides in-depth analysis into this stealthy malware's capabilities and key infection signs.
/ CVE-2022-1729: race condition in Linux perf subsystem leads to local privilege escalation
https://www.openwall.com/lists/oss-security/2022/05/20/2
https://www.openwall.com/lists/oss-security/2022/05/20/2
/ Cisco IOS XR Software Health Check Open Port Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-redis-ABJyE5xK#fs
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-redis-ABJyE5xK#fs
Cisco
Cisco Security Advisory: Cisco IOS XR Software Health Check Open Port Vulnerability
A vulnerability in the health check RPM of Cisco IOS XR Software could allow an unauthenticated, remote attacker to access the Redis instance that is running within the NOSi container.
This vulnerability exists because the health check RPM opens TCP port…
This vulnerability exists because the health check RPM opens TCP port…
/ Azure DNS Private Resolver
Is a new service that enables customers to query Azure DNS private zones from an on-premises environment and vice versa without deploying VM-based DNS servers. This new service is fully-managed in Azure and in public preview:
https://www.infoq.com/news/2022/05/azure-dns-private-resolver/
Is a new service that enables customers to query Azure DNS private zones from an on-premises environment and vice versa without deploying VM-based DNS servers. This new service is fully-managed in Azure and in public preview:
https://www.infoq.com/news/2022/05/azure-dns-private-resolver/
InfoQ
Microsoft Releases Azure DNS Private Resolver in Public Preview
Azure DNS Private Resolver is a new service that enables customers to query Azure DNS private zones from an on-premises environment and vice versa without deploying VM-based DNS servers. This new service is fully-managed in Azure and in public preview.
/ Malware Campaign Targets InfoSec Community: Threat Actor Uses Fake Proof Of Concept To Deliver Cobalt-Strike Beacon
It is a something new :
https://blog.cyble.com/2022/05/20/malware-campaign-targets-infosec-community-threat-actor-uses-fake-proof-of-concept-to-deliver-cobalt-strike-beacon/
It is a something new :
https://blog.cyble.com/2022/05/20/malware-campaign-targets-infosec-community-threat-actor-uses-fake-proof-of-concept-to-deliver-cobalt-strike-beacon/
Cyble
Malware Targets InfoSec: Fake PoC Delivers Cobalt Strike
It becomes essential for the Infosec Community members to check the credibility of sources before downloading any proof of concept.
/ New Research Paper: Pre-hijacking Attacks on Web User Accounts
https://msrc-blog.microsoft.com/2022/05/23/pre-hijacking-attacks/
https://msrc-blog.microsoft.com/2022/05/23/pre-hijacking-attacks/
/ New Linux-Based Ransomware Cheerscrypt Targets ESXi Devices
Cheerscrypt, a new ransomware family, that has been targeting a customer’s ESXi server used to manage VMware files.
In the past, ESXi servers were also attacked by other known ransomware families such as LockBit, Hive, and RansomEXX as an efficient way to infect many computers with ransomware
- Link to PoC article
Cheerscrypt, a new ransomware family, that has been targeting a customer’s ESXi server used to manage VMware files.
In the past, ESXi servers were also attacked by other known ransomware families such as LockBit, Hive, and RansomEXX as an efficient way to infect many computers with ransomware
- Link to PoC article
Trend Micro
New Linux-Based Ransomware Cheerscrypt Targets ESXi Devices
New findings showed that Cheerscrypt, a new Linux-based ransomware variant that compromises ESXi servers, was derived from the leaked Babuk source code. We discuss our analysis in this report.
Forwarded from Sys-Admin Up (Yevgeniy Goncharov)
Ads by Microsoft on DuckDuckGo Private Search
https://help.duckduckgo.com/duckduckgo-help-pages/company/ads-by-microsoft-on-duckduckgo-private-search/
https://help.duckduckgo.com/duckduckgo-help-pages/company/ads-by-microsoft-on-duckduckgo-private-search/
Duckduckgo
Ads By Microsoft on DuckDuckGo Private Search - DuckDuckGo Help Pages
DuckDuckGo doesn’t track you. That’s the DuckDuckGo privacy policy in a nutshell.