Found 2837 bookmarks
Custom sorting
You're M̶u̶t̶e̶d̶ Rooted
You're M̶u̶t̶e̶d̶ Rooted
With a recent market cap of over $100 billion and the genericization of its name, the popularity of Zoom is undeniable. But what about its security? This imperative question is often quite personal, as who amongst us isn't jumping on weekly (daily?) Zoom calls? In this talk, we’ll explore Zoom’s macOS application to uncover several critical security flaws. Flaws, that provided a local unprivileged attacker a direct and reliable path to root. The first flaw, presents itself subtly in a core cryptographic validation routine, while the second is due to a nuanced trust issue between Zoom’s client and its privileged helper component. After detailing both root cause analysis and full exploitation of these flaws, we’ll end the talk by showing how such issues could be avoided …both by Zoom, but also in other macOS applications.
#patrickwardle#EN#2022#macOS#zoom#rooted#defcon#PoC
·speakerdeck.com·
You're M̶u̶t̶e̶d̶ Rooted
Comprehensive Threat Intelligence: Cisco Talos shares insights related to recent cyber attack on Cisco
Comprehensive Threat Intelligence: Cisco Talos shares insights related to recent cyber attack on Cisco
  • On May 24, 2022, Cisco became aware of a potential compromise. Since that point, Cisco Security Incident Response (CSIRT) and Cisco Talos have been working to remediate. * During the investigation, it was determined that a Cisco employee’s credentials were compromised after an attacker gained control of a personal Google account where credentials saved in the victim’s browser were being synchronized.
#talosintelligence#EN#2022#Cisco#attack#Google#sync#password#insights
·blog.talosintelligence.com·
Comprehensive Threat Intelligence: Cisco Talos shares insights related to recent cyber attack on Cisco
A new botnet Orchard Generates DGA Domains with Bitcoin Transaction Information
A new botnet Orchard Generates DGA Domains with Bitcoin Transaction Information
DGA is one of the classic techniques for botnets to hide their C2s, attacker only needs to selectively register a very small number of C2 domains, while for the defenders, it is difficult to determine in advance which domain names will be generated and registered.
#netlab360#EN#2022#Orchard#botnet#C2#bitcoin#domains
·blog.netlab.360.com·
A new botnet Orchard Generates DGA Domains with Bitcoin Transaction Information
So RapperBot, What Ya Bruting For?
So RapperBot, What Ya Bruting For?
In June 2022, FortiGuard Labs encountered IoT malware samples with SSH-related strings, something not often seen in other IoT threat campaigns. What piqued our interest more was the size of the code referencing these strings in relation to the code used for DDoS attacks, which usually comprises most of the code in other variants.
#fortinet#EN#2022#RapperBot#research#threat#IoT#Mirai#SSH-2.0-HELLOWORLD#botnet
·fortinet.com·
So RapperBot, What Ya Bruting For?
A Detailed Analysis of the RedLine Stealer
A Detailed Analysis of the RedLine Stealer
RedLine is a stealer distributed as cracked games, applications, and services. The malware steals information from web browsers, cryptocurrency wallets, and applications such as FileZilla, Discord, Steam, Telegram, and VPN clients. The binary also gathers data about the infected machine, such as the running processes, antivirus products, installed programs, the Windows product name, the processor architecture, etc. The stealer implements the following actions that extend its functionality: Download, RunPE, DownloadAndEx, OpenLink, and Cmd. The extracted information is converted to the XML format and exfiltrated to the C2 server via SOAP messages.
#securityscorecard#EN#2022#RedLine#Stealer#analysis
·securityscorecard.com·
A Detailed Analysis of the RedLine Stealer
Manjusaka: A Chinese sibling of Sliver and Cobalt Strike
Manjusaka: A Chinese sibling of Sliver and Cobalt Strike
  • Cisco Talos recently discovered a new attack framework called "Manjusaka" being used in the wild that has the potential to become prevalent across the threat landscape. This framework is advertised as an imitation of the Cobalt Strike framework. * The implants for the new malware family are written in the Rust language for Windows and Linux. * A fully functional version of the command and control (C2), written in GoLang with a User Interface in Simplified Chinese, is freely available and can generate new implants with custom configurations with ease, increasing the likelihood of wider adoption of this framework by malicious actors. * We recently discovered a campaign in the wild using lure documents themed around COVID-19 and the Haixi Mongol and Tibetan Autonomous Prefecture, Qinghai Province. These maldocs ultimately led to the delivery of Cobalt Strike beacons on infected endpoints. * We have observed the same threat actor using the Cobalt Strike beacon and implants from the Manjusaka framework.
#talosintelligence#EN#2022#manjusaka#CobaltStrike#framework#imitation#C2
·blog.talosintelligence.com·
Manjusaka: A Chinese sibling of Sliver and Cobalt Strike
Raccoon Stealer v2: The Latest Generation of the Raccoon Family
Raccoon Stealer v2: The Latest Generation of the Raccoon Family
Raccoon is a malware family that has been sold as malware-as-a-service on underground forums since early 2019. In early July 2022, a new variant of this malware was released. The new variant, popularly known as Raccoon Stealer v2, is written in C unlike previous versions which were mainly written in C++.
#zscaler#EN#2022#Raccoon#malware#malware-as-a-service#Stealer
·zscaler.com·
Raccoon Stealer v2: The Latest Generation of the Raccoon Family
Largest European DDoS Attack on Record
Largest European DDoS Attack on Record
The risk of distributed denial-of-service attacks (DDoS) has never been greater. Over the past several years, organizations have encountered a deluge of DDoS extortion, novel threats, state-sponsored hacktivism, and unprecedented innovation in the threat landscape.
#Akamai#DDoS#EN#2022#report#record#Europe
·akamai.com·
Largest European DDoS Attack on Record
IPFS: The New Hotbed of Phishing
IPFS: The New Hotbed of Phishing
We have observed more than 3,000 emails containing phishing URLs that have utilized IPFS for the past 90 days and it is evident that IPFS is increasingly becoming a popular platform for phishing websites.
#trustwave#2022#EN#Phishing#IPFS
·trustwave.com·
IPFS: The New Hotbed of Phishing
SEKOIA.IO Mid-2022 Ransomware Threat Landscape
SEKOIA.IO Mid-2022 Ransomware Threat Landscape
SEKOIA.IO presents its Ransomware threat landscape for the first semester of 2022, with the following key points: * Ransomware victimology – recent evolutions * A busy first half of the year – several newcomers in the ransomware neighborhood * Cross-platform ransomware features trend * New extortion techniques * State-nexus groups carrying out ransomware campaigns * Ransomware threat groups’ Dark Web activities * A shift towards extortion without encryption?
#sekoia#EN#2022#ransomware#threat#landscape#statistcs
·blog.sekoia.io·
SEKOIA.IO Mid-2022 Ransomware Threat Landscape
LockBit Ransomware Group Augments Its Latest Variant, LockBit 3.0, With BlackMatter Capabilities
LockBit Ransomware Group Augments Its Latest Variant, LockBit 3.0, With BlackMatter Capabilities
In June 2022, LockBit revealed version 3.0 of its ransomware. In this blog entry, we discuss the findings from our own technical analysis of this variant and its behaviors, many of which are similar to those of the BlackMatter ransomware
#trendmicro#EN#2022#analysis#lockbit#blackmatter#malware
·trendmicro.com·
LockBit Ransomware Group Augments Its Latest Variant, LockBit 3.0, With BlackMatter Capabilities
Untangling KNOTWEED: European private-sector offensive actor using 0-day exploits
Untangling KNOTWEED: European private-sector offensive actor using 0-day exploits
MSTIC and MSRC disclose technical details of a private-sector offensive actor (PSOA) tracked as KNOTWEED using multiple Windows and Adobe 0-day exploits, including one for the recently patched CVE-2022-22047, in limited and targeted attacks against European and Central American customers.
#microsoft#EN#2022#KNOTWEED#0day#0-day#CVE-2022-22047#spyware#PSOA
·microsoft.com·
Untangling KNOTWEED: European private-sector offensive actor using 0-day exploits
Justice Department seizes $500K from North Korean hackers who targeted US medical organizations
Justice Department seizes $500K from North Korean hackers who targeted US medical organizations
The US Justice Department seized approximately half a million dollars that North Korean government-backed hackers had either extorted from US health care organizations or used to launder ransom payments, deputy Attorney General Lisa Monaco said Tuesday as she touted an aggressive US strategy to claw back money for victims of ransomware attacks.
#CNN#EN#2022#APT#north-korea#US#seized#government-backed#medical#ransomware
·edition.cnn.com·
Justice Department seizes $500K from North Korean hackers who targeted US medical organizations