Exploit detail about CVE-2024-26581
https://github.com/google/security-research/blob/master/pocs/linux/kernelctf/CVE-2024-26581_lts_cos_mitigation/docs/exploit.md
https://github.com/google/security-research/blob/master/pocs/linux/kernelctf/CVE-2024-26581_lts_cos_mitigation/docs/exploit.md
GitHub
security-research/pocs/linux/kernelctf/CVE-2024-26581_lts_cos_mitigation/docs/exploit.md at master · google/security-research
This project hosts security advisories and their accompanying proof-of-concepts related to research conducted at Google which impact non-Google owned code. - google/security-research
A public secret : Research on the CVE-2024-30051 privilege escalation vulnerability in the wild
https://ti.qianxin.com/blog/articles/public-secret-research-on-the-cve-2024-30051-privilege-escalation-vulnerability-in-the-wild-en/
https://ti.qianxin.com/blog/articles/public-secret-research-on-the-cve-2024-30051-privilege-escalation-vulnerability-in-the-wild-en/
Qianxin
奇安信威胁情报中心
Nuxt.js project
Hackers Exploit HTTP Response Header to Launch Sophisticated Phishing Attacks
https://unit42.paloaltonetworks.com/rare-phishing-page-delivery-header-refresh/
https://unit42.paloaltonetworks.com/rare-phishing-page-delivery-header-refresh/
Unit 42
Phishing Pages Delivered Through Refresh HTTP Response Header
We detail a rare phishing mechanism using a refresh entry in the HTTP response header for stealth redirects to malicious pages, affecting finance and government sectors. We detail a rare phishing mechanism using a refresh entry in the HTTP response header…
AutoIt Credential Flusher
Forcing users to enter credentials so they can be stolen
https://research.openanalysis.net/credflusher/kiosk/stealer/stealc/amadey/autoit/2024/09/11/cred-flusher.html
Forcing users to enter credentials so they can be stolen
https://research.openanalysis.net/credflusher/kiosk/stealer/stealc/amadey/autoit/2024/09/11/cred-flusher.html
OALABS Research
AutoIt Credential Flusher
Forcing users to enter credentials so they can be stolen
Gleaming Pisces Poisoned Python Packages Campaign Delivers PondRAT Linux and MacOS Backdoors
https://unit42.paloaltonetworks.com/gleaming-pisces-applejeus-poolrat-and-pondrat/
https://unit42.paloaltonetworks.com/gleaming-pisces-applejeus-poolrat-and-pondrat/
Unit 42
Gleaming Pisces Poisoned Python Packages Campaign Delivers PondRAT Linux and macOS Backdoors
We track a campaign by Gleaming Pisces (Citrine Sleet) delivering Linux or macOS backdoors via Python packages, aiming to infiltrate supply chain vendors. We track a campaign by Gleaming Pisces (Citrine Sleet) delivering Linux or macOS backdoors via Python…
Unmasking the Danger: Lumma Stealer Malware Exploits Fake CAPTCHA Pages
https://cloudsek.com/blog/unmasking-the-danger-lumma-stealer-malware-exploits-fake-captcha-pages
https://cloudsek.com/blog/unmasking-the-danger-lumma-stealer-malware-exploits-fake-captcha-pages
Cloudsek
Unmasking the Danger: Lumma Stealer Malware Exploits Fake CAPTCHA Pages | CloudSEK
The Lumma Stealer malware is being distributed through deceptive human verification pages that trick users into running malicious PowerShell commands. This phishing campaign primarily targets Windows users and can lead to the theft of sensitive information
UNC2970 Backdoor Deployment Using Trojanized PDF Reader
https://cloud.google.com/blog/topics/threat-intelligence/unc2970-backdoor-trojanized-pdf-reader
https://cloud.google.com/blog/topics/threat-intelligence/unc2970-backdoor-trojanized-pdf-reader
Google Cloud Blog
An Offer You Can Refuse: UNC2970 Backdoor Deployment Using Trojanized PDF Reader | Google Cloud Blog
UNC2970 is a cyber espionage group suspected to have a North Korea nexus.
Veeam Backup & Response - RCE With Auth, But Mostly Without Auth (CVE-2024-40711)
https://labs.watchtowr.com/veeam-backup-response-rce-with-auth-but-mostly-without-auth-cve-2024-40711-2/
https://labs.watchtowr.com/veeam-backup-response-rce-with-auth-but-mostly-without-auth-cve-2024-40711-2/
watchTowr Labs
Veeam Backup & Response - RCE With Auth, But Mostly Without Auth (CVE-2024-40711)
Every sysadmin is familiar with Veeam’s enterprise-oriented backup solution, ‘Veeam Backup & Replication’. Unfortunately, so is every ransomware operator, given it's somewhat 'privileged position' in the storage world of most enterprise's networks. There's…
Malcat has been designed for malware analysts, SOC operators, incident responders, CTF players or more generally anyone who needs to inspect unknown binary files...
https://malcat.fr/
https://malcat.fr/
MALCAT
Malcat - hexadecimal editor and disassembler for malware analysis
Malcat is a feature-rich hexadecimal editor / disassembler for Windows and Linux used by malware analysts, incident responders, CTF players and SOC operators.
Highway Blobbery: Data Theft using Azure Storage Explorer
https://www.modepush.com/blog/highway-blobbery-data-theft-using-azure-storage-explorer
https://www.modepush.com/blog/highway-blobbery-data-theft-using-azure-storage-explorer
Modepush
modePUSH | Highway Blobbery: Data Theft using Azure Storage Explorer
Ransomware groups like BianLian and Rhysida are increasingly using Azure Storage Explorer and AzCopy to exfiltrate sensitive data.
Discovering Splinter: A First Look at a New Post-Exploitation Red Team Tool
https://unit42.paloaltonetworks.com/analysis-pentest-tool-splinter/
https://unit42.paloaltonetworks.com/analysis-pentest-tool-splinter/
Unit 42
Discovering Splinter: A First Look at a New Post-Exploitation Red Team Tool
Discover Splinter, a new post-exploitation tool with advanced features like command execution and file manipulation, detected by Unit 42 researchers. Discover Splinter, a new post-exploitation tool with advanced features like command execution and file manipulation…
Unauthenticated RCE vs all GNU/Linux systems (plus others) disclosed 3 weeks ago.
https://threadreaderapp.com/thread/1838169889330135132.html
https://threadreaderapp.com/thread/1838169889330135132.html
Threadreaderapp
Thread by @evilsocket on Thread Reader App
@evilsocket: * Unauthenticated RCE vs all GNU/Linux systems (plus others) disclosed 3 weeks ago. * Full disclosure happening in less than 2 weeks (as agreed with devs). * Still no CVE assigned (there should be at...…
Google Drive URLs leading to an internet shortcut (.URL) file, or a .URL file attached directly to the message. If executed, it uses SMB to access an executable from the remote share, which installs the malware
https://www.proofpoint.com/us/blog/threat-insight/security-brief-actor-uses-compromised-accounts-customized-social-engineering
https://www.proofpoint.com/us/blog/threat-insight/security-brief-actor-uses-compromised-accounts-customized-social-engineering
Proofpoint
Security Brief: Actor Uses Compromised Accounts, Customized Social Engineering to Target Transport and Logistics Firms with Malware…
What happened Proofpoint researchers are tracking a cluster of activity targeting transportation and logistics companies in North America to deliver a variety of different malware
Exploiting Social Media: TikTok Links Used to Hijack Microsoft Accounts
https://cofense.com/blog/exploiting-social-media-tiktok-links-used-to-hijack-microsoft-accounts
https://cofense.com/blog/exploiting-social-media-tiktok-links-used-to-hijack-microsoft-accounts
Cofense
Exploiting Social Media: TikTok Links Used to Hijack
In the fast-paced world of social media, new threats are emerging every day, and not all of them come from where you’d expect. The Cofense Phishing Defense Center (PDC) intelligence team recently
New Outlook app is far more tightly integrated with the cloud than a user might expect, opening up the scope of potential Microsoft data collection. This represents a significant privacy issue..:
https://www.xda-developers.com/privacy-implications-new-microsoft-outlook/
https://www.xda-developers.com/privacy-implications-new-microsoft-outlook/
XDA
Microsoft's new Outlook client quietly moves your email to the cloud
Microsoft’s new version of Outlook introduces some controversial data-sharing features
Critical Exploit in MediaTek Wi-Fi Chipsets: Zero-Click Vulnerability (CVE-2024-20017) Threatens Routers and Smartphones:
https://blog.sonicwall.com/en-us/2024/09/critical-exploit-in-mediatek-wi-fi-chipsets-zero-click-vulnerability-cve-2024-20017-threatens-routers-and-smartphones/
Detailed analysis for - 4 exploits, 1 bug: exploiting cve-2024-20017 4 different ways
Affected chipsets:
- MT6890, MT7915, MT7916, MT7981, MT7986, MT7622
Affected software:
- SDK version 7.4.0.1 and before (for MT7915) / SDK version 7.6.7.0 and before (for MT7916, MT7981 and MT7986) / OpenWrt 19.07, 21.02
http://0.0.0.0:4000/0day/2024/08/30/exploiting-CVE-2024-20017-four-different-ways.html
PoC:
https://github.com/mellow-hype/cve-2024-20017
https://blog.sonicwall.com/en-us/2024/09/critical-exploit-in-mediatek-wi-fi-chipsets-zero-click-vulnerability-cve-2024-20017-threatens-routers-and-smartphones/
Detailed analysis for - 4 exploits, 1 bug: exploiting cve-2024-20017 4 different ways
Affected chipsets:
- MT6890, MT7915, MT7916, MT7981, MT7986, MT7622
Affected software:
- SDK version 7.4.0.1 and before (for MT7915) / SDK version 7.6.7.0 and before (for MT7916, MT7981 and MT7986) / OpenWrt 19.07, 21.02
http://0.0.0.0:4000/0day/2024/08/30/exploiting-CVE-2024-20017-four-different-ways.html
PoC:
https://github.com/mellow-hype/cve-2024-20017