Exploitable PoC Released for CVE-2024-38077: 0-Click RCE Threatens All Windows Servers
Security researchers have detailed and published a PoC exploit code for a critical vulnerability, designated as CVE-2024-38077 (CVSS 9.8)
cyberveille.decio.ch
Suspected head of prolific cybercrime groups arrested and extradited - National Crime Agency
The National Crime Agency leads the UK's fight to cut serious and organised crime.
Compromising Microsoft's AI Healthcare Chatbot Service
Tenable finds privilege-escalation issues in Azure Health Bot via an SSRF, which allowed access to cross-tenant resources.
Don’t get Mad, get wise
The “Mad Liberator” ransomware group leverages social-engineering moves to watch out for
Exploiting pfsense Remote Code Execution – CVE-2022-31814
Greetings everyone, In this write-up, we will be exploring the interesting exploitation that has been done against the pfsense CVE-2022-31814. What is pfsense? pfSense software is a FreeBSD-based operating system designed to install and configure a firewall that can be easily configured via the web interface and installed on any PC. With all of the
NIST's Post-Quantum Cryptography Standards Are Here - IEEE Spectrum
Today, the National Institute of Standards and Technology (NIST) announced the first standardization of three cryptography schemes that are immune against the threat of quantum computers, known as post-quantum cryptography (PQC) schemes. With these standards in hand, NIST is encouraging computer system administrators to begin transitioning as soon as possible.
60 Hurts per Second – How We Got Access to Enough Solar Power to Run the United States
- Bitdefender researchers have identified a series of vulnerabilities in PV plant management platforms operated by Solarman and Deye. This platform is responsible for coordinating production operations of millions of solar installations worldwide generating a whopping output of approximately 195 GW of solar power (20% of the global solar production) If exploited, these vulnerabilities could allow an attacker to control inverter settings that could take parts of the grid down, potentially causing blackouts. * These vulnerabilities have been communicated to the affected vendors and fixed.
Technical Exploits of HID's iClass SE Discovered, To Be Revealed at DEF CON 32
Researchers have "reverse-engineered" HID's iCLASS SE platform and will be "revealing some cryptographic keys to the kingdom."
Feds seize Radar/Dispossessor ransomware gang servers in US and Europe
The agency said at least 43 companies have been attacked by the group in the U.S., South America, India, Europe, the United Arab Emirates, and elsewhere.
CrowdStrike Exec Shows Up to Accept 'Most Epic Fail' Award in Person
CrowdStrike President Michael Sentonas appears at DEF CON's annual Pwnie Awards to accept the 'award' because 'we got this horribly wrong [and] it's super important to own it.'
Les cybercriminels ont copié dieci.ch à l'identique
Sous le domaine dleci.ch, une page de phishing a été mise en ligne, reproduisant à l'identique le contenu de dieci.ch.
Improving Apache httpd Protections Proactively with Orange Tsai of DEVCORE
- In collaboration with renowned security researcher Orange Tsai and DEVCORE, Akamai researchers have issued early-release remediations to Apache CVEs for our Akamai App & API Protector customers. Tsai presented his research at Black Hat USA 2024 and outlined the details for many Apache HTTP Server (httpd) vulnerabilities that were recently patched. Before his Black Hat presentation, the Akamai Security Intelligence Group (SIG) proactively contacted Tsai to facilitate the sharing of technique details for proactive defense for our customers. * App & API Protector customers who are in automatic mode have existing and updated protections.
Ongoing Social Engineering Campaign Refreshes Payloads
On June 20, 2024, Rapid7 identified multiple intrusion attempts by threat actors utilizing Techniques, Tactics, and Procedures (TTPs) that are consistent with an ongoing social engineering campaign being tracked by Rapid7.
Spyware Company Seeks Legal Takedown
We have received a takedown notice from the company mSpy, alleging that the domain ddosecrets.com, specifically the section https://data.ddosecrets.com/MSpy/, is hosting stolen personal and corporate data belonging to them.
Chained for attack: OpenVPN vulnerabilities discovered leading to RCE and LPE | Microsoft Security Blog
Microsoft researchers found multiple vulnerabilities in OpenVPN that could lead to an attack chain allowing remote code execution and local privilege escalation. This attack chain could enable attackers to gain full control over targeted endpoints, potentially resulting in data breaches, system compromise, and unauthorized access to sensitive information.
Security bugs in ransomware leak sites helped save six companies from paying hefty ransoms
The vulnerabilities allowed one security researcher to peek inside the leak sites without having to log in.
A Dive into Earth Baku’s Latest Campaign
Since late 2022, Earth Baku has broadened its scope from the Indo-Pacific region to Europe, the Middle East, and Africa. Their latest operations demonstrate sophisticated techniques, such as exploiting public-facing applications like IIS servers for initial access and deploying the Godzilla webshell for command and control.
Hackers leak 2.7 billion data records with Social Security numbers
Almost 2.7 billion records of personal information for people in the United States were leaked on a hacking forum, exposing names, social security numbers, all known physical addresses, and possible aliases.
Iran Targeting 2024 US Election
Discover how Iran is allegedly targeting the 2024 US election, the potential impacts, and the measures being taken to safeguard the democratic process.
Trump campaign confirms it was hacked after POLITICO received internal documents from "Robert"
The campaign suggested Iran was to blame. POLITICO has not independently verified the identity of the hacker or their motivation.
Threat Actors’ Toolkit: Leveraging Sliver, PoshC2 & Batch Scripts
- In early December of 2023, we discovered an open directory filled with batch scripts, primarily designed for defense evasion and executing command and control payloads. These scripts execute various actions, including disabling antivirus processes and stopping services related to SQL, Hyper-V, security tools, and Exchange servers. This report also highlights scripts responsible for erasing backups, wiping event logs, and managing the installation or removal of remote monitoring tools like Atera. Our investigation uncovered the use of additional tools, including Ngrok for proxy services, SystemBC, and two well-known command and control frameworks: Sliver and PoshC2. The observed servers show long term usage by the threat actors, appearing in The DFIR Report Threat Feeds as far back as September 2023. They have been active intermittently since then, with the most recent activity detected in August 2024. Ten new sigma rules were created from this report and added to our private sigma ruleset
How a cybersecurity researcher befriended, then doxed, the leader of LockBit
Jon DiMaggio used sockpuppet accounts, then his own identity, to infiltrate LockBit and gain the trust of its alleged admin, Dmitry Khoroshev.
AMD won't patch all chips affected by severe data theft vulnerability — Ryzen 3000, 2000, and 1000 will not get patched for 'Sinkclose' | Tom's Hardware
AMD released patches to address the Sinkclose vulnerability, but not all chips are covered. The company also said 'No performance impact expected', which means that its likely still conducting final validation and testing of the patch and how it impacts the overall performance of the system.
Hackers Steal Trump’s JD Vance ‘Dirty Laundry’ Dossier As 2016 Strikes Again
Hackers tried to interfere with the 2016 and 2024 presidential election campaigns, but now the Trump 2024 campaign has been hacked and confidential Vance dossier stolen.
New AMD SinkClose flaw helps install nearly undetectable malware
AMD is warning about a high-severity CPU vulnerability named SinkClose that impacts multiple generations of its EPYC, Ryzen, and Threadripper processors. The vulnerability allows attackers with Kernel-level (Ring 0) privileges to gain Ring -2 privileges and install malware that becomes nearly undetectable.
‘Sinkclose’ Flaw in Hundreds of Millions of AMD Chips Allows Deep, Virtually Unfixable Infections
Researchers warn that a bug in AMD’s chips would allow attackers to root into some of the most privileged portions of a computer—and that it has persisted in the company’s processors for decades.
From Limited file read to full access on Jenkins (CVE-2024-23897)
As a red teamer, you encountered a Jenkins instance that is vulnerable to CVE-2024-23897, which allowed for limited arbitrary file read. Without credentials and with the /script endpoint inaccessible, you sought to leverage this vulnerability by revealing Hudson to decypt the credentials.
How Hackers Extracted the ‘Keys to the Kingdom’ to Clone HID Keycards
A team of researchers have developed a method for extracting authentication keys out of HID encoders, which could allow hackers to clone the types of keycards used to secure offices and other areas worldwide.
ICANN approves use of .internal domain for your network
Vint Cerf revealed Google already uses the string, as do plenty of others
USPS Text Scammers Duped His Wife, So He Hacked Their Operation | WIRED
The Smishing Triad network sends up to 100,000 scam texts per day globally. One of those messages went to Grant Smith, who infiltrated their systems and exposed them to US authorities. #black #cybersecurity #defcon #hacking #hacks #hat #phishing #security