Highway Blobbery: Data Theft using Azure Storage Explorer
https://www.modepush.com/blog/highway-blobbery-data-theft-using-azure-storage-explorer
https://www.modepush.com/blog/highway-blobbery-data-theft-using-azure-storage-explorer
Modepush
modePUSH | Highway Blobbery: Data Theft using Azure Storage Explorer
Ransomware groups like BianLian and Rhysida are increasingly using Azure Storage Explorer and AzCopy to exfiltrate sensitive data.
Discovering Splinter: A First Look at a New Post-Exploitation Red Team Tool
https://unit42.paloaltonetworks.com/analysis-pentest-tool-splinter/
https://unit42.paloaltonetworks.com/analysis-pentest-tool-splinter/
Unit 42
Discovering Splinter: A First Look at a New Post-Exploitation Red Team Tool
Discover Splinter, a new post-exploitation tool with advanced features like command execution and file manipulation, detected by Unit 42 researchers. Discover Splinter, a new post-exploitation tool with advanced features like command execution and file manipulation…
Unauthenticated RCE vs all GNU/Linux systems (plus others) disclosed 3 weeks ago.
https://threadreaderapp.com/thread/1838169889330135132.html
https://threadreaderapp.com/thread/1838169889330135132.html
Threadreaderapp
Thread by @evilsocket on Thread Reader App
@evilsocket: * Unauthenticated RCE vs all GNU/Linux systems (plus others) disclosed 3 weeks ago. * Full disclosure happening in less than 2 weeks (as agreed with devs). * Still no CVE assigned (there should be at...…
Google Drive URLs leading to an internet shortcut (.URL) file, or a .URL file attached directly to the message. If executed, it uses SMB to access an executable from the remote share, which installs the malware
https://www.proofpoint.com/us/blog/threat-insight/security-brief-actor-uses-compromised-accounts-customized-social-engineering
https://www.proofpoint.com/us/blog/threat-insight/security-brief-actor-uses-compromised-accounts-customized-social-engineering
Proofpoint
Security Brief: Actor Uses Compromised Accounts, Customized Social Engineering to Target Transport and Logistics Firms with Malware…
What happened Proofpoint researchers are tracking a cluster of activity targeting transportation and logistics companies in North America to deliver a variety of different malware
Exploiting Social Media: TikTok Links Used to Hijack Microsoft Accounts
https://cofense.com/blog/exploiting-social-media-tiktok-links-used-to-hijack-microsoft-accounts
https://cofense.com/blog/exploiting-social-media-tiktok-links-used-to-hijack-microsoft-accounts
Cofense
Exploiting Social Media: TikTok Links Used to Hijack
In the fast-paced world of social media, new threats are emerging every day, and not all of them come from where you’d expect. The Cofense Phishing Defense Center (PDC) intelligence team recently
New Outlook app is far more tightly integrated with the cloud than a user might expect, opening up the scope of potential Microsoft data collection. This represents a significant privacy issue..:
https://www.xda-developers.com/privacy-implications-new-microsoft-outlook/
https://www.xda-developers.com/privacy-implications-new-microsoft-outlook/
XDA
Microsoft's new Outlook client quietly moves your email to the cloud
Microsoft’s new version of Outlook introduces some controversial data-sharing features
Critical Exploit in MediaTek Wi-Fi Chipsets: Zero-Click Vulnerability (CVE-2024-20017) Threatens Routers and Smartphones:
https://blog.sonicwall.com/en-us/2024/09/critical-exploit-in-mediatek-wi-fi-chipsets-zero-click-vulnerability-cve-2024-20017-threatens-routers-and-smartphones/
Detailed analysis for - 4 exploits, 1 bug: exploiting cve-2024-20017 4 different ways
Affected chipsets:
- MT6890, MT7915, MT7916, MT7981, MT7986, MT7622
Affected software:
- SDK version 7.4.0.1 and before (for MT7915) / SDK version 7.6.7.0 and before (for MT7916, MT7981 and MT7986) / OpenWrt 19.07, 21.02
http://0.0.0.0:4000/0day/2024/08/30/exploiting-CVE-2024-20017-four-different-ways.html
PoC:
https://github.com/mellow-hype/cve-2024-20017
https://blog.sonicwall.com/en-us/2024/09/critical-exploit-in-mediatek-wi-fi-chipsets-zero-click-vulnerability-cve-2024-20017-threatens-routers-and-smartphones/
Detailed analysis for - 4 exploits, 1 bug: exploiting cve-2024-20017 4 different ways
Affected chipsets:
- MT6890, MT7915, MT7916, MT7981, MT7986, MT7622
Affected software:
- SDK version 7.4.0.1 and before (for MT7915) / SDK version 7.6.7.0 and before (for MT7916, MT7981 and MT7986) / OpenWrt 19.07, 21.02
http://0.0.0.0:4000/0day/2024/08/30/exploiting-CVE-2024-20017-four-different-ways.html
PoC:
https://github.com/mellow-hype/cve-2024-20017
Novel Exploit Chain Enables Windows UAC Bypass
https://www.darkreading.com/vulnerabilities-threats/exploit-chain-windows-uac-bypass
https://www.darkreading.com/vulnerabilities-threats/exploit-chain-windows-uac-bypass
IT_Security_Management_Checklist_9_Key_Recommendations_to_Keep_Your.pdf
835.5 KB
IT Security Management
Checklist
9 Key Recommendations to Keep Network Safe
Checklist
9 Key Recommendations to Keep Network Safe
MMSF - Mobile framework that combines functionalities from frida, objection, drozer, and many more.
Massive Mobile Security Framework:
- https://github.com/St3v3nsS/MMSF
Massive Mobile Security Framework:
- https://github.com/St3v3nsS/MMSF
Locally saved Word files with capitalized file extensions or # in the noscript may be deleted after save
https://support.microsoft.com/en-us/office/locally-saved-word-files-with-capitalized-file-extensions-or-in-the-noscript-may-be-deleted-after-save-5e28f8c2-32d0-487b-b237-9c7c74d25f84
https://support.microsoft.com/en-us/office/locally-saved-word-files-with-capitalized-file-extensions-or-in-the-noscript-may-be-deleted-after-save-5e28f8c2-32d0-487b-b237-9c7c74d25f84
TOP 5 ANOMALY DETECTION LIBRARIES.pdf
6.8 MB
TOP 5 - Anomaly Detection Libraries
An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines.
Firefox
https://www.mozilla.org/en-US/security/advisories/mfsa2024-51/
Firefox
https://www.mozilla.org/en-US/security/advisories/mfsa2024-51/
Mozilla
Security Vulnerability fixed in Firefox 131.0.2, Firefox ESR 128.3.1, Firefox ESR 115.16.1
Взлом робота-пылесоса и слежка за хозяином в прямом эфире (Hacking a robot vacuum cleaner and spying on its owner live)
- https://habr.com/ru/companies/cloud4y/articles/849294/
- https://habr.com/ru/companies/cloud4y/articles/849294/
Хабр
Взлом робота-пылесоса и слежка за хозяином в прямом эфире
Крупный производитель домашней робототехники не смог устранить проблемы безопасности своих роботов‑пылесосов, хотя получил предупреждение о рисках ещё в прошлом году. Даже...
SeamlessPass - Leveraging Kerberos tickets to get Microsoft 365 access tokens using Seamless SSO
https://github.com/Malcrove/SeamlessPass/tree/main
https://github.com/Malcrove/SeamlessPass/tree/main
GitHub
GitHub - Malcrove/SeamlessPass: A tool leveraging Kerberos tickets to get Microsoft 365 access tokens using Seamless SSO
A tool leveraging Kerberos tickets to get Microsoft 365 access tokens using Seamless SSO - Malcrove/SeamlessPass