/ New CatB Ransomware Employs 2-Year Old DLL Hijacking Technique To Evade Detection
https://minerva-labs.com/blog/new-catb-ransomware-employs-2-year-old-dll-hijacking-technique-to-evade-detection/
https://minerva-labs.com/blog/new-catb-ransomware-employs-2-year-old-dll-hijacking-technique-to-evade-detection/
/ Get root on macOS 13.0.1 with CVE-2022-46689, the macOS Dirty Cow bug
https://worthdoingbadly.com/macdirtycow/
P.S. thx for the link @clevergod ✌️
https://worthdoingbadly.com/macdirtycow/
P.S. thx for the link @clevergod ✌️
Worth Doing Badly
Get root on macOS 13.0.1 with CVE-2022-46689, the macOS Dirty Cow bug
Get root on macOS 13.0.1 with CVE-2022-46689 (macOS equivalent of the Dirty Cow bug), using the testcase extracted from Apple’s XNU source.
/ SQL Injection vulnerability (CVE-2022-47523) was discovered in Password Manager Pro, PAM360 and Access Manager Plus
https://www.manageengine.com/privileged-session-management/advisory/cve-2022-47523.html
https://www.manageengine.com/privileged-session-management/advisory/cve-2022-47523.html
Manageengine
SQL Injection Vulnerability - CVE-2022-47523 - ManageEngine Access Manager Plus
SQL Injection Vulnerability in ManageEngine Access Manager Plus
/ CircleCI security alert: Rotate any secrets stored in CircleCI
https://circleci.com/blog/january-4-2023-security-alert/
https://circleci.com/blog/january-4-2023-security-alert/
CircleCI
CircleCI security alert: Rotate any secrets stored in CircleCI (Updated Jan 13)
Read CircleCI’s security alerts from January 2023. Last updated 1/13/2023.
/ PurpleUrchin Bypasses CAPTCHA and Steals Cloud Platform Resources
…automated account creation cases bypassed CAPTCHA images using simple image analysis techniques... creation of more than 130,000 user accounts created on various cloud platform services like Heroku, Togglebox and GitHub..:
https://unit42.paloaltonetworks.com/purpleurchin-steals-cloud-resources/
…automated account creation cases bypassed CAPTCHA images using simple image analysis techniques... creation of more than 130,000 user accounts created on various cloud platform services like Heroku, Togglebox and GitHub..:
https://unit42.paloaltonetworks.com/purpleurchin-steals-cloud-resources/
Unit 42
PurpleUrchin Bypasses CAPTCHA and Steals Cloud Platform Resources
We take a deep dive into Automated Libra, the cloud threat actor group behind the freejacking campaign PurpleUrchin.
Forwarded from Sys-Admin Up (Yevgeniy Goncharov)
Invictus-AWS
Is a python noscript that will help automatically enumerate and acquire relevant data from an AWS environment. The tool doesn't require any installation it can be run as a standalone noscript with minimal configuration required. The goal for Invictus-AWS is to allow incident responders or other security personnel to quickly get an insight into an AWS environment:
— https://github.com/invictus-ir/Invictus-AWS
Is a python noscript that will help automatically enumerate and acquire relevant data from an AWS environment. The tool doesn't require any installation it can be run as a standalone noscript with minimal configuration required. The goal for Invictus-AWS is to allow incident responders or other security personnel to quickly get an insight into an AWS environment:
— https://github.com/invictus-ir/Invictus-AWS
GitHub
GitHub - invictus-ir/Invictus-AWS: A tool for AWS incident response, that allows for enumeration, acquisition and analysis of data…
A tool for AWS incident response, that allows for enumeration, acquisition and analysis of data from AWS environments for the purpose of incident response. - GitHub - invictus-ir/Invictus-AWS: A t...
/ A Deep Dive Into poweRAT: a Newly Discovered Stealer/RAT Combo Polluting PyPI
https://blog.phylum.io/a-deep-dive-into-powerat-a-newly-discovered-stealer/rat-combo-polluting-pypi
https://blog.phylum.io/a-deep-dive-into-powerat-a-newly-discovered-stealer/rat-combo-polluting-pypi
Phylum Research | Software Supply Chain Security
A Deep Dive Into poweRAT: a Newly Discovered Stealer/RAT Combo Polluting PyPI
Phylum uncovers new PyPI malware distributing remote access tools.
Forwarded from Sys-Admin Up (Yevgeniy Goncharov)
/ After scanned every package on PyPi and found 57 live AWS keys
from organisations like:
- Amazon themselves
- Intel
- Stanford, Portland and Louisiana University
- The Australian Government
- ...
https://tomforb.es/i-scanned-every-package-on-pypi-and-found-57-live-aws-keys/
from organisations like:
- Amazon themselves
- Intel
- Stanford, Portland and Louisiana University
- The Australian Government
- ...
https://tomforb.es/i-scanned-every-package-on-pypi-and-found-57-live-aws-keys/
/ Default setup: A new way to enable GitHub code scanning
https://github.blog/2023-01-09-default-setup-a-new-way-to-enable-github-code-scanning/
https://github.blog/2023-01-09-default-setup-a-new-way-to-enable-github-code-scanning/
The GitHub Blog
Default setup: A new way to enable GitHub code scanning
Default setup is a new way to automatically set up code scanning on your repository, without the use of a .yaml file.
/ Zoom Multiple Vulnerabilities
Path traversal, privilege escalation…
Patches:
— https://explore.zoom.us/en/trust/security/security-bulletin/
Path traversal, privilege escalation…
Patches:
— https://explore.zoom.us/en/trust/security/security-bulletin/
Zoom
Zoom Security Bulletins
View the latest Zoom Security Bulletins and make sure to update your Zoom app to the latest version in order to get the latest fixes and security improvements.
/ StrongPity espionage campaign targeting Android users
https://www.welivesecurity.com/2023/01/10/strongpity-espionage-campaign-targeting-android-users/
https://www.welivesecurity.com/2023/01/10/strongpity-espionage-campaign-targeting-android-users/
WeLiveSecurity
StrongPity espionage campaign targeting Android users
ESET researchers uncover an active StrongPity campaign that spreads a trojanized version of the Android Telegram app posing as the Shagle video chat app.
/ Norton, Avira, Avast and AVG Antivirus for Windows may be susceptible to a Privilege Escalation vulnerability
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4294
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4294
cve.mitre.org
CVE -
CVE-2022-4294
CVE-2022-4294
The mission of the CVE® Program is to identify, define, and catalog publicly disclosed cybersecurity vulnerabilities.
/ Cisco Small Business RV016, RV042, RV042G, and RV082 Routers Vulnerabilities
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sbr042-multi-vuln-ej76Pke5
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sbr042-multi-vuln-ej76Pke5
Cisco
Cisco Security Advisory: Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers Vulnerabilities
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow a remote attacker to bypass authentication or execute arbitrary commands on the underlying operating system…
/ Microsoft Exchange Server Elevation of Privilege Vulnerability
Released: 8 Nov 2022 Last updated: 15 Dec 2022:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41080
Released: 8 Nov 2022 Last updated: 15 Dec 2022:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41080
/ Vulnerability Spotlight: Asus router access, information disclosure, denial of service vulnerabilities discovered
https://blog.talosintelligence.com/vulnerability-spotlight-asus-router-access-information-disclosure-denial-of-service-vulnerabilities-discovered/
https://blog.talosintelligence.com/vulnerability-spotlight-asus-router-access-information-disclosure-denial-of-service-vulnerabilities-discovered/
Cisco Talos Blog
Vulnerability Spotlight: Asus router access, information disclosure, denial of service vulnerabilities discovered
Cisco Talos recently discovered three vulnerabilities in Asus router software.
The Asus RT-AX82U router is one of the newer Wi-Fi 6 (802.11ax)-enabled routers that also supports mesh networking with other Asus routers. Like other routers, it is configurable…
The Asus RT-AX82U router is one of the newer Wi-Fi 6 (802.11ax)-enabled routers that also supports mesh networking with other Asus routers. Like other routers, it is configurable…
/ Linux kernel stack buffer overflow in nftables
https://www.openwall.com/lists/oss-security/2023/01/13/2
https://www.openwall.com/lists/oss-security/2023/01/13/2