Found 2 bookmarks
Custom sorting
TheWizards APT group uses SLAAC spoofing to perform adversary-in-the-middle attacks
TheWizards APT group uses SLAAC spoofing to perform adversary-in-the-middle attacks
ESET researchers publish an analysis of Spellbinder, a lateral movement tool used to perform adversary-in-the-middle attacks. We discovered a malicious downloader being deployed, by legitimate Chinese software update mechanisms, onto victims’ machines. The downloader seeks to deploy a modular backdoor that we have named WizardNet. We analyzed Spellbinder: the tool the attackers use to conduct local adversary-in-the-middle attacks and to redirect traffic to an attacker-controlled server to deliver the group’s signature backdoor WizardNet. We provide details abouts links between TheWizards and the Chinese company Dianke Network Security Technology, also known as UPSEC.
#welivesecurity#EN#2025#TheWizards#APT#SLAAC#UPSEC#spoofing#adversary-in-the-middle#lateral-movement
·welivesecurity.com·
TheWizards APT group uses SLAAC spoofing to perform adversary-in-the-middle attacks
Under the cloak of UEFI Secure Boot: Introducing CVE-2024-7344
Under the cloak of UEFI Secure Boot: Introducing CVE-2024-7344
ESET researchers have discovered a vulnerability that allows bypassing UEFI Secure Boot, affecting the majority of UEFI-based systems. This vulnerability, assigned CVE-2024-7344, was found in a UEFI application signed by Microsoft’s Microsoft Corporation UEFI CA 2011 third-party UEFI certificate. Exploitation of this vulnerability leads to the execution of untrusted code during system boot, enabling potential attackers to easily deploy malicious UEFI bootkits (such as Bootkitty or BlackLotus) even on systems with UEFI Secure Boot enabled, regardless of the installed operating system.
#welivesecurity#EN#2025#CVE-2024-7344#UEFI#Secure#Boot#vulnerability#certificate
·welivesecurity.com·
Under the cloak of UEFI Secure Boot: Introducing CVE-2024-7344