Found 70 bookmarks
Newest
PoC exploit released for RCE zero-day in D-Link EXO AX4800 routers
PoC exploit released for RCE zero-day in D-Link EXO AX4800 routers
The D-Link EXO AX4800 (DIR-X4860) router is vulnerable to remote unauthenticated command execution that could lead to complete device takeovers by attackers with access to the HNAP port.
#bleepingcomputer#EN#2024#Authentication-Bypass#D-Link#Exploit#Proof-of-Concept#Remote-Command-Execution#Router#Vulnerability#Zero-Day#Security#InfoSec#Computer-Security
·bleepingcomputer.com·
PoC exploit released for RCE zero-day in D-Link EXO AX4800 routers
Microsoft: APT28 hackers exploit Windows flaw reported by NSA
Microsoft: APT28 hackers exploit Windows flaw reported by NSA
Microsoft warns that the Russian APT28 threat group exploits a Windows Print Spooler vulnerability to escalate privileges and steal credentials and data using a previously unknown hacking tool called GooseEgg. #APT28 #Computer #Credential #Escalation #Exploit #GooseEgg #InfoSec #NSA #Print #Privilege #Security #Spooler #Theft #Windows
#bleepingcomputer#EN#2024#NSA#Spooler#Print#Theft#Escalation#Credential#Windows#Privilege#GooseEgg#Exploit#APT28
·bleepingcomputer.com·
Microsoft: APT28 hackers exploit Windows flaw reported by NSA
Bringing process injection into view(s): exploiting all macOS apps using nib files · Sector 7
Bringing process injection into view(s): exploiting all macOS apps using nib files · Sector 7
In a previous blog post we described a process injection vulnerability affecting all AppKit-based macOS applications. This research was presented at Black Hat USA 2022, DEF CON 30 and Objective by the Sea v5. This vulnerability was actually the second universal process injection vulnerability we reported to Apple, but it was fixed earlier than the first. Because it shared some parts of the exploit chain with the first one, there were a few steps we had to skip in the earlier post and the presentations. Now that the first vulnerability has been fixed in macOS 13.0 (Ventura) and improved in macOS 14.0 (Sonoma), we can detail the first one and thereby fill in the blanks of the previous post. This vulnerability was independently found by Adam Chester and written up here under the name “DirtyNIB”. While the exploit chain demonstrated by Adam shares a lot of similarity to ours, our attacks trigger automatically and do not require a user to click a button, making them a lot more stealthy. Therefore we decided to publish our own version of this write-up as well.
#sector7#EN#2024#macos#nib#exploit#research#vulnerability#DirtyNIB
·sector7.computest.nl·
Bringing process injection into view(s): exploiting all macOS apps using nib files · Sector 7
Release: VM Escape Exploit for Parallels Desktop Hypervisor (Pwn2Own 2021)
Release: VM Escape Exploit for Parallels Desktop Hypervisor (Pwn2Own 2021)
In April 2021 I participated in Pwn2Own Vancouvver competition as a single player, and successfully demonstrated a 0-day virtual machine escape exploit with code execution on Parallels hypervisor. Today I am finally releasing the exploit source code together with a technical walkthrough video talk that I gave on Zero Day Engineering livestream in November 2021.
#zerodayengineering#EN#2024#exploit#2021#0-day#Parallels#Pwn2Own#VM#escape
·zerodayengineering.com·
Release: VM Escape Exploit for Parallels Desktop Hypervisor (Pwn2Own 2021)
Exploit released for Fortinet RCE bug used in attacks, patch now
Exploit released for Fortinet RCE bug used in attacks, patch now
Security researchers have released a proof-of-concept (PoC) exploit for a critical vulnerability in Fortinet's FortiClient Enterprise Management Server (EMS) software, which is now actively exploited in attacks.
#bleepingcomputer#EN#2024#Actively-Exploited#Exploit#Fortinet#PoC#Proof-of-Concept#RCE#Remote-Code-Execution#SQL-Injection#CVE-2023-48788
·bleepingcomputer.com·
Exploit released for Fortinet RCE bug used in attacks, patch now
smith (CVE-2023-32434)
smith (CVE-2023-32434)
This write-up presents an exploit for a vulnerability in the XNU kernel: Assigned CVE-2023-32434. Fixed in iOS 16.5.1 and macOS 13.4.1. Reachable from the WebContent sandbox and might have been actively exploited. *Note that this CVE fixed multiple integer overflows, so it is unclear whether or not the integer overflow used in my exploit was also used in-the-wild. Moreover, if it was, it might not have been exploited in the same way. The exploit has been successfully tested on: iOS 16.3, 16.3.1, 16.4 and 16.5 (iPhone 14 Pro Max) macOS 13.1 and 13.4 (MacBook Air M2 2022) All code snippets shown below are from xnu-8792.81.2.
#Poulin-Bélanger#EN#2023#exploit#analysis#vulnerability#github#macos#ios#CVE-2023-32434
·github.com·
smith (CVE-2023-32434)
Personal Information Exploit on OpenAI’s ChatGPT Raise Privacy Concerns
Personal Information Exploit on OpenAI’s ChatGPT Raise Privacy Concerns
Last month, I received an alarming email from someone I did not know: Rui Zhu, a Ph.D. candidate at Indiana University Bloomington. Mr. Zhu had my email address, he explained, because GPT-3.5 Turbo, one of the latest and most robust large language models (L.L.M.) from OpenAI, had delivered it to him.
#nytimes#en#2023#exploit#LLM#AI#privacy#chatgpt
·nytimes.com·
Personal Information Exploit on OpenAI’s ChatGPT Raise Privacy Concerns
Google Online Security Blog: Expanding our exploit reward program to Chrome and Cloud
Google Online Security Blog: Expanding our exploit reward program to Chrome and Cloud
In 2020, we launched a novel format for our vulnerability reward program (VRP) with the kCTF VRP and its continuation kernelCTF. For the first time, security researchers could get bounties for n-day exploits even if they didn’t find the vulnerability themselves. This format proved valuable in improving our understanding of the most widely exploited parts of the linux kernel. Its success motivated us to expand it to new areas and we're now excited to announce that we're extending it to two new targets: v8CTF and kvmCTF.
#googleblog#EN#2023#exploit#reward#program#bugbounty
·security.googleblog.com·
Google Online Security Blog: Expanding our exploit reward program to Chrome and Cloud
0-days exploited by commercial surveillance vendor in Egypt
0-days exploited by commercial surveillance vendor in Egypt
Last week Google’s Threat Analysis Group (TAG), in partnership with The Citizen Lab, discovered an in-the-wild 0-day exploit chain for iPhones. Developed by the commercial surveillance vendor, Intellexa, this exploit chain is used to install its Predator spyware surreptitiously onto a device. In response, yesterday, Apple patched the bugs in iOS 16.7 and iOS 17.0.1 as CVE-2023-41991, CVE-2023-41992, CVE-2023-41993. This quick patching from Apple helps to better protect users and we encourage all iOS users to install them as soon as possible.
#Google#EN#2023#TAG#Apple#Android#CitizenLab#Predator#spyware#Intellexa#CVE-2023-41993#CVE-2023-41991#CVE-2023-41992#Exploit#Chain#0-days
·blog.google·
0-days exploited by commercial surveillance vendor in Egypt
MAR-10430311-1.v1 Multiple Nation-State Threat Actors Exploit CVE-2022-47966 and CVE-2022-42475
MAR-10430311-1.v1 Multiple Nation-State Threat Actors Exploit CVE-2022-47966 and CVE-2022-42475
CISA received 4 files for analysis from an incident response engagement conducted at an Aeronautical Sector organization. 2 files (bitmap.exe, wkHPd.exe) are identified as variants of Metasploit (Meterpreter) and designed to connect and receive unencrypted payloads from their respective command and control (C2) servers. Note: Metasploit is an open source penetration testing software; Meterpreter is a Metasploit attack payload that runs an interactive shell. These executables are used as attack payloads to run interactive shells, allowing a malicious actor the ability to control and execute code on a system. 2 files (resource.aspx, ConfigLogin.aspx) are Active Server Pages (ASPX) web shells designed to execute remote JavaScript code on the victim server.
#cisa#EN#2023#Multiple#Nation-State#Threat#Actors#Exploit#CVE-2022-47966#CVE-2022-42475
·cisa.gov·
MAR-10430311-1.v1 Multiple Nation-State Threat Actors Exploit CVE-2022-47966 and CVE-2022-42475
#FuckStalkerware pt. 3 - ownspy got, well, owned
#FuckStalkerware pt. 3 - ownspy got, well, owned
we continue our series on stalkerware with a write-up and batch of data sent to me by a source last night. this time it is the brazilian ownspy (aka webdetective and saferspy, by mobileinnova) that has been completely hacked. among other things ownspy claims to be the #1 most privacy focused "parental control app" allegedly featuring E2E encryption, if this sounds too good to be true that's because it mostly is, but more on that later.
#FuckStalkerware#stalkerware#research#analysis#leak#sqli#exploit#nyancrimew#maia-arson-crimew#android#switzerland#hacktivism#lucerne#developer
·maia.crimew.gay·
#FuckStalkerware pt. 3 - ownspy got, well, owned
Resecurity | Cl0p Ups the Ante with Massive MOVEit Transfer Supply-Chain Exploit
Resecurity | Cl0p Ups the Ante with Massive MOVEit Transfer Supply-Chain Exploit
The supply-chain cyberattack that targeted Progress Software’s MOVEit Transfer application has compromised over 963 private and public-sector organizations worldwide. The ransomware group, Cl0p, launched this attack campaign over Memorial Day weekend. Some higher-profile victims of the hack include Maximus, Deloitte, TIAA, Ernst & Young, Shell, Deutsche Bank, PricewaterhouseCoopers, Sony, Siemens, BBC, British Airways, the U.S. Department of Energy, the U.S. Department of Agriculture, the Louisiana Office of Motor Vehicles, the Colorado Department of Health Care Policy and Financing, and other U.S. government agencies. Thus far, the personal data of over 58 million people is believed to have been exposed in this exploit campaign.
#resecurity#EN#2023#MOVEit#Supply-Chain#Exploit#cyberattack
·resecurity.com·
Resecurity | Cl0p Ups the Ante with Massive MOVEit Transfer Supply-Chain Exploit
New Apple iOS 16 Exploit Enables Stealthy Cellular Access Under Fake Airplane Mode
New Apple iOS 16 Exploit Enables Stealthy Cellular Access Under Fake Airplane Mode
Cybersecurity researchers have documented a novel post-exploit persistence technique on iOS 16 that could be abused to fly under the radar and maintain access to an Apple device even when the victim believes it is offline. The method "tricks the victim into thinking their device's Airplane Mode works when in reality the attacker (following successful device exploit) has planted an artificial Airplane Mode which edits the UI to display Airplane Mode icon and cuts internet connection to all apps except the attacker application," Jamf Threat Labs researchers Hu Ke and Nir Avraham said in a report shared with The Hacker News.
#thehackernews#EN#2023#iOS#apple#airplanemode#exploit
·thehackernews.com·
New Apple iOS 16 Exploit Enables Stealthy Cellular Access Under Fake Airplane Mode
Patch Tuesday - Exploit Wednesday: Pwning Windows Ancillary Function Driver for WinSock (afd.sys) in 24 Hours
Patch Tuesday - Exploit Wednesday: Pwning Windows Ancillary Function Driver for WinSock (afd.sys) in 24 Hours
Dive into the analysis and exploitation of a vulnerability in the Windows Ancillary Function Driver for Winsock for Local Privilege Escalation on Windows 11. More from X-Force Red experts.
#securityintelligence#EN#2023#PatchTuesday#LPE#Windows#afd.sys#CVE-2023-21768#exploit#analysis#reverseengineering
·securityintelligence.com·
Patch Tuesday - Exploit Wednesday: Pwning Windows Ancillary Function Driver for WinSock (afd.sys) in 24 Hours
Patch Tuesday - Exploit Wednesday: Pwning Windows Ancillary Function Driver for WinSock (afd.sys) in 24 Hours
Patch Tuesday - Exploit Wednesday: Pwning Windows Ancillary Function Driver for WinSock (afd.sys) in 24 Hours
Dive into the analysis and exploitation of a vulnerability in the Windows Ancillary Function Driver for Winsock for Local Privilege Escalation on Windows 11. More from X-Force Red experts.
#securityintelligence#EN#2023#PatchTuesday#LPE#Windows#afd.sys#CVE-2023-21768#exploit#analysis#reverseengineering
·securityintelligence.com·
Patch Tuesday - Exploit Wednesday: Pwning Windows Ancillary Function Driver for WinSock (afd.sys) in 24 Hours