DIR-846W : All H/W Revs. & All F/W Vers. : End-of-Life (EOL) / End-of-Service (EOS) : CVE-2024-41622/44340/44341/44342 Vulnerability Reports
RCE
https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10411
RCE
https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10411
Revival Hijack – PyPI hijack technique exploited in the wild, puts 22K packages at risk
https://jfrog.com/blog/revival-hijack-pypi-hijack-technique-exploited-22k-packages-at-risk/
https://jfrog.com/blog/revival-hijack-pypi-hijack-technique-exploited-22k-packages-at-risk/
JFrog
Revival Hijack - PyPI hijack technique exploited in the wild, puts 22K packages at risk
JFrog’s security research team continuously monitors open-source software registries, proactively identifying and addressing potential malware and vulnerability threats to foster a secure and reliable ecosystem for open-source software development and deployment.…
Novel RAMBO Side-Channel Attack Leaks Data Through RAM Radio Waves
https://cyberinsider.com/new-rambo-side-channel-attack-leaks-data-through-ram-radio-waves/
https://cyberinsider.com/new-rambo-side-channel-attack-leaks-data-through-ram-radio-waves/
CyberInsider
Novel RAMBO Side-Channel Attack Leaks Data Through RAM Radio Waves
Researchers have uncovered a method to leak sensitive data from air-gapped systems, introducing a novel attack technique known as RAMBO
EUCLEAK (Side-Channel Attack on the YubiKey 5 Series)
https://ninjalab.io/wp-content/uploads/2024/09/20240903_eucleak.pdf
https://ninjalab.io/wp-content/uploads/2024/09/20240903_eucleak.pdf
How Mallox ransomware has changed: a detailed analysis
- [ru] https://securelist.ru/mallox-ransomware/110314/
- [ru] https://securelist.ru/mallox-ransomware/110314/
securelist.ru
Эволюция Mallox: от частного шифровальщика до RaaS
В этом отчете приведен подробный анализ шифровальщика Mallox, описывающий его развитие, стратегию выкупа, схему шифрования и прочее.
CompTIA Security+ Notes.pdf
1.5 MB
CompTIA Security+ SY0-601
- Attacks, Threats, and Vulnerabilities
- Architecture and Design
- Implementation
- Operations and Incident Response
- Governance, Risk, and Compliance
- Attacks, Threats, and Vulnerabilities
- Architecture and Design
- Implementation
- Operations and Incident Response
- Governance, Risk, and Compliance
Exploit detail about CVE-2024-26581
https://github.com/google/security-research/blob/master/pocs/linux/kernelctf/CVE-2024-26581_lts_cos_mitigation/docs/exploit.md
https://github.com/google/security-research/blob/master/pocs/linux/kernelctf/CVE-2024-26581_lts_cos_mitigation/docs/exploit.md
GitHub
security-research/pocs/linux/kernelctf/CVE-2024-26581_lts_cos_mitigation/docs/exploit.md at master · google/security-research
This project hosts security advisories and their accompanying proof-of-concepts related to research conducted at Google which impact non-Google owned code. - google/security-research
A public secret : Research on the CVE-2024-30051 privilege escalation vulnerability in the wild
https://ti.qianxin.com/blog/articles/public-secret-research-on-the-cve-2024-30051-privilege-escalation-vulnerability-in-the-wild-en/
https://ti.qianxin.com/blog/articles/public-secret-research-on-the-cve-2024-30051-privilege-escalation-vulnerability-in-the-wild-en/
Qianxin
奇安信威胁情报中心
Nuxt.js project
Hackers Exploit HTTP Response Header to Launch Sophisticated Phishing Attacks
https://unit42.paloaltonetworks.com/rare-phishing-page-delivery-header-refresh/
https://unit42.paloaltonetworks.com/rare-phishing-page-delivery-header-refresh/
Unit 42
Phishing Pages Delivered Through Refresh HTTP Response Header
We detail a rare phishing mechanism using a refresh entry in the HTTP response header for stealth redirects to malicious pages, affecting finance and government sectors. We detail a rare phishing mechanism using a refresh entry in the HTTP response header…
AutoIt Credential Flusher
Forcing users to enter credentials so they can be stolen
https://research.openanalysis.net/credflusher/kiosk/stealer/stealc/amadey/autoit/2024/09/11/cred-flusher.html
Forcing users to enter credentials so they can be stolen
https://research.openanalysis.net/credflusher/kiosk/stealer/stealc/amadey/autoit/2024/09/11/cred-flusher.html
OALABS Research
AutoIt Credential Flusher
Forcing users to enter credentials so they can be stolen
Gleaming Pisces Poisoned Python Packages Campaign Delivers PondRAT Linux and MacOS Backdoors
https://unit42.paloaltonetworks.com/gleaming-pisces-applejeus-poolrat-and-pondrat/
https://unit42.paloaltonetworks.com/gleaming-pisces-applejeus-poolrat-and-pondrat/
Unit 42
Gleaming Pisces Poisoned Python Packages Campaign Delivers PondRAT Linux and macOS Backdoors
We track a campaign by Gleaming Pisces (Citrine Sleet) delivering Linux or macOS backdoors via Python packages, aiming to infiltrate supply chain vendors. We track a campaign by Gleaming Pisces (Citrine Sleet) delivering Linux or macOS backdoors via Python…
Unmasking the Danger: Lumma Stealer Malware Exploits Fake CAPTCHA Pages
https://cloudsek.com/blog/unmasking-the-danger-lumma-stealer-malware-exploits-fake-captcha-pages
https://cloudsek.com/blog/unmasking-the-danger-lumma-stealer-malware-exploits-fake-captcha-pages
Cloudsek
Unmasking the Danger: Lumma Stealer Malware Exploits Fake CAPTCHA Pages | CloudSEK
The Lumma Stealer malware is being distributed through deceptive human verification pages that trick users into running malicious PowerShell commands. This phishing campaign primarily targets Windows users and can lead to the theft of sensitive information
UNC2970 Backdoor Deployment Using Trojanized PDF Reader
https://cloud.google.com/blog/topics/threat-intelligence/unc2970-backdoor-trojanized-pdf-reader
https://cloud.google.com/blog/topics/threat-intelligence/unc2970-backdoor-trojanized-pdf-reader
Google Cloud Blog
An Offer You Can Refuse: UNC2970 Backdoor Deployment Using Trojanized PDF Reader | Google Cloud Blog
UNC2970 is a cyber espionage group suspected to have a North Korea nexus.
Veeam Backup & Response - RCE With Auth, But Mostly Without Auth (CVE-2024-40711)
https://labs.watchtowr.com/veeam-backup-response-rce-with-auth-but-mostly-without-auth-cve-2024-40711-2/
https://labs.watchtowr.com/veeam-backup-response-rce-with-auth-but-mostly-without-auth-cve-2024-40711-2/
watchTowr Labs
Veeam Backup & Response - RCE With Auth, But Mostly Without Auth (CVE-2024-40711)
Every sysadmin is familiar with Veeam’s enterprise-oriented backup solution, ‘Veeam Backup & Replication’. Unfortunately, so is every ransomware operator, given it's somewhat 'privileged position' in the storage world of most enterprise's networks. There's…