Found 4945 bookmarks
Custom sorting
Zerobot – New Go-Based Botnet Campaign Targets Multiple Vulnerabilities
Zerobot – New Go-Based Botnet Campaign Targets Multiple Vulnerabilities
FortiGuardLabs examines a botnet known as Zerobot written in the Go language targeting IoT vulnerabilities. Read our blog to learn about how it evolves, including self-replication, attacks for different protocols, and self-propagation as well as its behavior once inside an infected device.
#fortinet#EN#2022#vulnerabilities#Botnet#iot-security#Zerobot#Go#Threat-Research#malware-research#malware-analysis
·fortinet.com·
Zerobot – New Go-Based Botnet Campaign Targets Multiple Vulnerabilities
Critical Ping Vulnerability Allows Remote Attackers to Take Over FreeBSD Systems
Critical Ping Vulnerability Allows Remote Attackers to Take Over FreeBSD Systems
he maintainers of the FreeBSD operating system have released updates to remediate a security vulnerability impacting the ping module that could be potentially exploited to crash the program or trigger remote code execution. The issue, assigned the identifier CVE-2022-23093, impacts all supported versions of FreeBSD and concerns a stack-based buffer overflow vulnerability in the ping service.
#thehackernews#EN#2022#Ping#Vulnerability#FreeBSD#CVE-2022-23093
·thehackernews.com·
Critical Ping Vulnerability Allows Remote Attackers to Take Over FreeBSD Systems
Blowing Cobalt Strike Out of the Water With Memory Analysis
Blowing Cobalt Strike Out of the Water With Memory Analysis
Unit 42 researchers examine several malware samples that incorporate Cobalt Strike components, and discuss some of the ways that we catch these samples by analyzing artifacts from the deltas in process memory at key points of execution. We will also discuss the evasion tactics used by these threats, and other issues that make their analysis problematic.
#unit42#EN#2022#CobaltStrike#analysis#paloaltonetworks
·unit42.paloaltonetworks.com·
Blowing Cobalt Strike Out of the Water With Memory Analysis
CVE-2022-21661: Exposing Database Info via WordPress SQL Injection
CVE-2022-21661: Exposing Database Info via WordPress SQL Injection
In October of this year, we received a report from ngocnb and khuyenn from GiaoHangTietKiem JSC covering a SQL injection vulnerability in WordPress. The bug could allow an attacker to expose data stored in a connected database. This vulnerability was recently addressed as CVE-2022-21661 ( ZDI-22-020
#zerodayinitiative#EN#2022#CVE-2022-21661#SQL-injection#vulnerability#WordPress
·zerodayinitiative.com·
CVE-2022-21661: Exposing Database Info via WordPress SQL Injection
Certpotato – using adcs to privesc from virtual and network service accounts to local system
Certpotato – using adcs to privesc from virtual and network service accounts to local system
The goal of this blog post is to present a privilege escalation I found while working on ADCS. We will see how it is possible to elevate our privileges to NT AUTHORITY\SYSTEM from virtual and network service accounts of a domain-joined machine (for example from a webshell on a Windows server) using ADCS. I want to call this attack chain “CertPotato” as homage to other *Potato tools and as a way to better remember it. A popular technique for getting SYSTEM from a virtual or network service account is Delegate 2 Thyself by Charlie Clark. This technique involves using RBCD to elevate your privileges. In this article, I propose an alternative approach to become local SYSTEM using ADCS.
#sensepost#2022#EN#certpotato#adcs#privesc#escalation
·sensepost.com·
Certpotato – using adcs to privesc from virtual and network service accounts to local system
Preparing for a Russian cyber offensive against Ukraine this winter
Preparing for a Russian cyber offensive against Ukraine this winter
As we report more fully below, in the wake of Russian battlefield losses to Ukraine this fall, Moscow has intensified its multi-pronged hybrid technology approach to pressure the sources of Kyiv’s military and political support, domestic and foreign. This approach has included destructive missile and cyber strikes on civilian infrastructure in Ukraine, cyberattacks on Ukrainian and now foreign-based supply chains, and cyber-enabled influence operations[1]—intended to undermine US, EU, and NATO political support for Ukraine, and to shake the confidence and determination of Ukrainian citizens.
#Microsoft#EN#2022#iridium#russia-ukraine-war#Russia#cyberoffensive#analysis#winter
·blogs.microsoft.com·
Preparing for a Russian cyber offensive against Ukraine this winter
Google Online Security Blog: Memory Safe Languages in Android 13
Google Online Security Blog: Memory Safe Languages in Android 13
As the amount of new memory-unsafe code entering Android has decreased, so too has the number of memory safety vulnerabilities. From 2019 to 2022 it has dropped from 76% down to 35% of Android’s total vulnerabilities. 2022 is the first year where memory safety vulnerabilities do not represent a majority of Android’s vulnerabilities.
#Google#EN#2022#memory-safe#Android#statistics#vulnerabilities#memory#safety
·security.googleblog.com·
Google Online Security Blog: Memory Safe Languages in Android 13
Detecting and Fingerprinting Infostealer Malware-as-a-Service platforms
Detecting and Fingerprinting Infostealer Malware-as-a-Service platforms
Cyber threat intelligence largely involves the tracking and studying of the adversaries outside of your network. Gaining counterintelligence about your adversaries' capabilities and weaponry is one of the final building blocks for managing a strong cyber defense. In the pursuit of performing this duty, I have been studying how to discover adversary infrastructure on the internet. One good way of doing this has been via leveraging the scan data available through the popular Shodan search engine. If you've not used it before, Shodan periodically scans the entire internet and makes it available for users to query through. It is often used to monitor networks, look for vulnerabilities, and ensure the security of an organization's perimeter.
#bushidotoken#en#2022#shodan#Infostealer#Malware-as-a-Service#Detecting#howto
·blog.bushidotoken.net·
Detecting and Fingerprinting Infostealer Malware-as-a-Service platforms
Nighthawk: An Up-and-Coming Pentest Tool Likely to Gain Threat Actor Notice | Proofpoint US
Nighthawk: An Up-and-Coming Pentest Tool Likely to Gain Threat Actor Notice | Proofpoint US
Key Takeaways * Nighthawk is an advanced C2 framework intended for red team operations through commercial licensing. * Proofpoint researchers observed initial use of the framework in September 2022 by a likely red team. * We have seen no indications at this time that leaked versions of Nighthawk are being used by attributed threat actors in the wild. * The tool has a robust list of configurable evasion techniques that are referenced as “opsec” functions throughout its code. P* roofpoint researchers expect Nighthawk will show up in threat actor campaigns as the tool becomes more widely recognized or as threat actors search for new, more capable tools to use against targets.
#proofpoint#EN#2022#redteam#tool#Nighthawk#C2#framework#threat
·proofpoint.com·
Nighthawk: An Up-and-Coming Pentest Tool Likely to Gain Threat Actor Notice | Proofpoint US
Why would you want to hack Electric Vehicle Charging Stations?
Why would you want to hack Electric Vehicle Charging Stations?
A Russian zero-day exploit purchase site is interested in tools for hacking of Electric Vehicle Charging Stations. This raises a number of questions. Why would anybody want to hack such targets? Also, why would Russian entities (in particular) be interested in such targets? The best answer to these is “good question!”, and let's put politics aside. Let’s explore the potential cybersecurity risks of electric vehicle charging station, assuming the ability of compromising them at a scale, having some kind of tools. It turns out that this is a fascinating security problem!
#lukaszolejnik#EN#2022#cyber-risk#cyberwarfare#security#0-day#Vehicle#Charging#Stations
·blog.lukaszolejnik.com·
Why would you want to hack Electric Vehicle Charging Stations?