U.S. Pipeline Ransomware Attackers Go Dark After Servers and Bitcoin Are Seized
(Monday May 17, 2021)
Why Password Hygiene Needs a Reboot
(Monday May 17, 2021)
Experts Warn About Ongoing AutoHotkey-Based Malware Attacks
(Monday May 17, 2021)
Cyberinsurance giant AXA hit by ransomware attack after saying it would stop covering ransom payments
(Monday May 17, 2021)
AMSI Bypass Methods
(Monday May 17, 2021)
ListingLover - Add pseudo-code to Ghidra disassembly
(Monday May 17, 2021)
POST NAVIGATION
Previous: FOX – Fix Objective-C XREFs in Ghidra
LEGAL AND ADMINISTRATIVE
Viale Oceano Pacifico, 66
00144 Rome (Italy)
Copyright © 2021 HN Security S.r.l.
We use cookies on our website to give you the most relevant experience
by remembering your preferences and repeat visits. By clicking
“Accept”, you consent to the use of ALL the cookies.
Cookie settingsACCEPT
Manage consent
Close
PRIVACY OVERVIEW
This website uses cookies to improve your experience while...
Colonial Pipeline take-away for CISOs: Embrace the mandates
(Monday May 17, 2021)
5 things CISOs want to hear about SASE at the RSA Conference
(Monday May 17, 2021)
Irish healthcare system suffers two cyber-attacks
(Monday May 17, 2021)
Insurance giant hit by ransomware
(Monday May 17, 2021)
Building your own evil HID injector USB cable
(Sunday May 16, 2021)
New series: Things you don´t need - but will probably want!
Did you ever want to have your own, handmade, remote controlled, stealthy USB implant / HID injector, but didn´t want to sell your soul for it? Well then this one is for you :)
I already heared about something like this in the past, which reminded me of the expensive O.MG cable from HAK5 or the USB Ninja.
But If you like to tinker a little bit and are on a budget, you can pretty much get the same results for like 30 bucks.
I already own a DSTIKE WiFi Duck and several Digisparks, but plugging these into someones computer is far more suspicious than a black USB cable. I also own a CrazyRadio, with which one can inject keystrokes into wireless receivers for keyboards and mice, with the help of e.g. bettercap - but to be honest this is a real pain in the ass.
I recently stumbled upon some great articles on Twitter regarding an alternative in form of a UNIFY receiver implanted into an USB cable. When I red those lines, I also wanted an USB cable that would still be able to charge a phone, but also could be used to inject keystrokes into the victims systems or even give me a remote shell.
Stealing secrets with Rust Macros proof-of-concept via VSCode: This shows a trivial example of exfiltrating secrets just by the developer opening up the source
(Saturday May 15, 2021)
Contribute to lucky/bad_actor_poc development by creating an account on GitHub.
From theory to practice: analysis and PoC development for CVE-2020-28018 (User-After-Free in Exim)
(Saturday May 15, 2021)
Development of a PoC for one of the vulnerabilities published by Qualys in Exim
Pakistan-Linked Hackers Added New Windows Malware to Its Arsenal
(Saturday May 15, 2021)
Colonial Pipeline Paid Nearly $5 Million in Ransom to Cybercriminals
(Saturday May 15, 2021)
‘FragAttack’ flaws threaten Wi-Fi, but not too seriously
(Friday May 14, 2021)
A set of vulnerabilities in Wi-Fi’s basic design offers a
long-standing and widespread threat vector, but the probability of
compromise remains low.
Rapid7 Source Code Accessed in Supply Chain Attack
(Friday May 14, 2021)
An investigation of the Codecov attack revealed intruders accessed
Rapid7 source code repositories containing internal credentials and
alert-related data.
FIN7 Backdoor Masquerades as Ethical Hacking Tool
(Friday May 14, 2021)
How Faster COVID-19 Research Is Being Made Possible by Secure Silicon
(Friday May 14, 2021)
When Intel and Leidos set up a "trusted execution environment" to
enable a widespread group of researchers to securely share and
confidentially compute real-world data, it was no small achievement.
Cisco Confirms Plans to Acquire Kenna Security
(Friday May 14, 2021)
Cisco plans to integrate Kenna's vulnerability management technology
into its SecureX platform.
Apple AirTag hacked again – free internet with no mobile data plan!
(Friday May 14, 2021)
DarkSide Ransomware Suffers ‘Oh, Crap!’ Server Shutdowns
(Friday May 14, 2021)
Hackers Using Microsoft Build Engine to Deliver Malware Filelessly
(Friday May 14, 2021)
Are your remote or furloughed employees a security threat?
(Friday May 14, 2021)
The evolution of the workplace has accelerated over the past year for
reasons too painfully obvious to mention. In light of the office
exodus, employers have been set the enormous task of adapting and
accommodating a remote workforce and managing morale in the face of
furloughs. Among the many practical challenges is shoring up your
[…]
The post Are your remote or furloughed employees a security threat?
[https://www.itsecurityguru.org/2021/05/14/are-your-remote-or-furloughed-employees-a-security-threat/]
appeared first on IT Security Guru [https://www.itsecurityguru.org].
DarkSide Ransomware Gang Quits After Servers, Bitcoin Stash Seized
(Friday May 14, 2021)
Chart: Cybersecurity Now a Top Corporate Priority
(Friday May 14, 2021)
Majority of global IT decision makers say cybersecurity is extremely
or more important now than it was pre-pandemic, according to Cisco.
SOC Teams Burdened by Alert Fatigue Explore XDR
(Friday May 14, 2021)
ESG research finds a complex attack surface and threat landscape make
alerts too overwhelming to monitor accurately
Gamers warned of downloading fake Afterburner overclocking tool to boost graphics card performance
(Friday May 14, 2021)
A leading manufacturer of gaming hardware has warned internet users to
be wary of downloading fake versions of free software it distributes
to overclock GPUs. Read more in my article on the Hot for Security
blog.
Wi-Fi Design, Implementation Flaws Allow a Range of Frag Attacks
(Friday May 14, 2021)
Every Wi-Fi product is affected by at least one fragmentation and
aggregation vulnerability, which could lead to a machine-in-the-middle
attack, researcher says.
Reliable remote code execution in Counter-Strike: Global Offensive
(Friday May 14, 2021)
One of the factors contributing to Counter-Strike Global Offensive’s (herein “CS:GO”) massive popularity is the ability for anyone to host their own community server. These community servers are free to download and install and allow for a high grade of customization. Server administrators can create and utilize custom assets such as maps, allowing for innovative game modes.
‘Scheme Flooding’ Allows Websites to Track Users Across Browsers
(Friday May 14, 2021)
Security Trends to Follow at RSA Conference 2021
(Friday May 14, 2021)
Here are three key categories of sessions that provide an inside look
at some of today's most interesting cybersecurity trends.
Global Socket 1.4.30
(Friday May 14, 2021)
Chrome Array Transfer Bypass
(Friday May 14, 2021)
The fix for CVE-2021-21148 has added a check in
|ValueSerializer::WriteJSArrayBuffer| to make sure non-detachable
array buffers cannot be transferred. The check can be bypassed with
the help of asm.js and property getters.
Ubuntu Security Notice USN-4954-1
(Friday May 14, 2021)
Ubuntu Security Notice 4954-1 - Jason Royes and Samuel Dytrych
discovered that the memcpy implementation for 32 bit ARM processors in
the GNU C Library contained an integer underflow vulnerability. An
attacker could possibly use this to cause a denial of service or
execute arbitrary code. It was discovered that the POSIX regex
implementation in the GNU C Library did not properly parse
alternatives. An attacker could use this to cause a denial of service.
Various other issues were also addressed.
CPSIoTSec 2021 Call For Papers
(Friday May 14, 2021)
Student Management System 1.0 Cross Site Scripting
(Friday May 14, 2021)
Student Management System version 1.0 suffers from a persistent cross
site scripting vulnerability.
Ubuntu Security Notice USN-4953-1
(Friday May 14, 2021)
Ubuntu Security Notice 4953-1 - Sean Boran discovered that AWStats
incorrectly filtered certain parameters. A remote attacker could
possibly use this issue to execute arbitrary code. It was discovered
that AWStats incorrectly filtered certain parameters. A remote
attacker could possibly use this issue to access sensitive
information.
Podcast Generator 3.1 Cross Site Scripting
(Friday May 14, 2021)
Podcast Generator version 3.1 suffers from a persistent cross site
scripting vulnerability.
Red Hat Security Advisory 2021-1560-01
(Friday May 14, 2021)
Chamilo LMS 1.11.14 Remote Code Execution
(Friday May 14, 2021)
Verizon: Pandemic Ushers in ⅓ More Cyber-Misery
(Friday May 14, 2021)
The DBIR – Verizon’s 2021 data breach report – shows spikes in
sophisticated phishing, financially motivated cyberattacks and a
criminal focus on web-application servers.
Report to Your Management with the Definitive 'Incident Response for Management' Presentation Template
(Friday May 14, 2021)
Threat Actors Target Ledger Data Breach Victims in New Extortion Campaign
(Friday May 14, 2021)
Blackmailers are having a field day capitalizing on victims of the
Ledger data leak from July 2020. Nearly a year after cybercriminals
gained access to the e-commerce database of the France-based crypto
wallet company, a new extortion campaign threatens users’ financial
and emotional well-being. This novel attempt at extorting victims,
spotted by Bitdefender Antispam Lab […]Ransomware’s New Swindle: Triple Extortion
(Friday May 14, 2021)
The Journey to Radically Simplify Security Continues
(Friday May 14, 2021)
Cisco announces our intent to acquire Kenna Security, Inc., a
recognized leader in risk-based vulnerability prioritization. The
combination of Kenna Security and SecureX will allow customers to
address critical challenges with prioritized lists of vulnerabilities,
streamlined collaboration between security and IT teams, and automated
remediation.
How to Get into the Bug-Bounty Biz: The Good, Bad and Ugly
(Friday May 14, 2021)
Nearly All Wi-Fi Devices Are Vulnerable to New FragAttacks
(Friday May 14, 2021)
Magecart Hackers Now hide PHP-Based Backdoor In Website Favicons
(Friday May 14, 2021)
Want to be a cybersecurity manager? Colonial Pipeline is recruiting
(Friday May 14, 2021)
Sounds like a great opportunity. It’s not as if things can get
worse, right?
Report: Colonial Pipeline paid ransomware attackers $5 million, but still had to rely on its own backups
(Friday May 14, 2021)
Heightened work-related stress and increased workloads are taking their toll on technology leader’s mental wellbeing
(Friday May 14, 2021)
Scumbag ransomware attackers hit Irish Health Service
(Friday May 14, 2021)
Big Cybersecurity Tips For Remote Workers Who Use Their Own Tech
(Friday May 14, 2021)
The CSO guide to top security conferences, 2021
(Friday May 14, 2021)
There is nothing like attending a face-to-face event for career
networking and knowledge gathering, and we don’t have to tell you
how helpful it can be to get a hands-on demo of a new tool or to have
your questions answered by experts.
Fortunately, plenty of great conferences are coming up in the months
ahead.
If keeping abreast of security trends and evolving threats is critical
to your job — and we know it is — then attending some top-notch
security conferences is on your must-do list for 2021.
From major events to those that are more narrowly focused, this list
from the editors...
Dark Web Getting Loaded With Bogus Covid-19 Vaccines and Forged Cards
(Friday May 14, 2021)
Facebook Will Limit Your WhatsApp Features For Not Accepting Privacy Policy
(Friday May 14, 2021)
Discovering goroutine leaks with Semgrep
(Friday May 14, 2021)
This post describes the origins of goroutine leaks and code patterns to detect them. Semgrep rules used to reveal those patterns are released to the public. Alex Useche – Security Engineer
Exploit Development: CVE-2021-21551 - Dell ‘dbutil_2_3.sys’ Kernel Exploit Writeup
(Friday May 14, 2021)
Rapid7 Source Code Breached in Codecov Supply-Chain Attack
(Friday May 14, 2021)
Vulnerability allows cross-browser tracking in Chrome, Firefox, Safari, and Tor
(Friday May 14, 2021)
Gamers beware! Crooks take advantage of MSI download outage…
(Friday May 14, 2021)
Vendor's site offline? Can't wait for your download? Tempted to go
trawling through the underweb to find an "unofficial" version?
Software, Incident Response Among Big Focus Areas in Biden's Cybersecurity Executive Order
(Thursday May 13, 2021)
Overall objectives are good, but EO may be too prescriptive in parts,
industry experts say.
85% of Data Breaches Involve Human Interaction: Verizon DBIR
(Thursday May 13, 2021)
Colonial Pipeline Shells Out $5M in Extortion Payout, Report
(Thursday May 13, 2021)
Firms Struggle to Secure Multicloud Misconfigurations
(Thursday May 13, 2021)
Ransomware Going for $4K on the Cyber-Underground
(Thursday May 13, 2021)
Dragos & IronNet Partner on Critical Infrastructure Security
(Thursday May 13, 2021)
The IT and OT security providers will integrate solutions aimed at
improving critical infrastructure security
Security Considerations During Authentication
(Thursday May 13, 2021)
One of the most prolific vectors for security vulnerabilities in applications and websites is the authentication process. Here are a couple of pitfalls.
When AI Becomes the Hacker
(Thursday May 13, 2021)
Biden administration releases ambitious cybersecurity executive order
(Thursday May 13, 2021)
Capping a dramatic week that saw major oil pipeline provider Colonial
Pipeline chart a "new course to improve the nation's cybersecurity and
protect federal government networks."
Microsoft Adds GPS Location to Identity & Access Control in Azure AD
(Thursday May 13, 2021)
S3 Ep32: AirTag jailbreak, Dell vulns, and a never-ending scam [Podcast]
(Thursday May 13, 2021)
BrandPost: End-to-End Security Starts at the Endpoint
(Thursday May 13, 2021)
Given the widely dispersed workforce, and the likelihood of a hybrid
workspace going forward, it’s not surprising that endpoint security
is a top priority among CSOs, according to the IDG .
Wrapped into the remote work security challenge is the need to speed
detection and remediation of threats that target devices and endpoint
systems. The faster cyber issues can be discovered, the less
probability of larger problems. Obvious, yes?
However, endpoint security can be daunting task. Most organizations
are using a multitude of tools—for monitoring, detection, threat
hunting, and more....
BrandPost: How Criminals Abuse Common Security Tools – and Use Them Against You
(Thursday May 13, 2021)
Adapting to the Security Threat of Climate Change
(Thursday May 13, 2021)
Business continuity plans that address natural and manmade disasters
can help turn a cataclysmic business event into a minor slowdown.
SigNoz - Open source distributed tracing platform | v0.2.0 Released with external API and DB calls monitoring
(Thursday May 13, 2021)
SigNoz helps developers monitor their applications & troubleshoot problems, an open-source alternative to DataDog, NewRelic, etc. 🔥 🖥 - SigNoz/signoz
BrandPost: The Best Trust is No Trust at All
(Thursday May 13, 2021)
Trust has always been a critical consideration for security. Firewalls
were invented because people outside the network were inherently less
trustworthy than those inside the network, especially when it came to
things like accessing data and resources. And zones of trust have
always existed inside networks: the DMZ is usually considered less
secure than the production network. have traditionally been completely
isolated from IT. And not everyone inside the network has access to
things like IP and R&D data. For the most part, trust is an issue that
most organizations feel they have locked...
Beyond MFA: Rethinking the Authentication Key
(Thursday May 13, 2021)
Tony Lauro, director of security technology and strategy at Akamai,
discusses hardware security dongles and using phones to act as
surrogates for them.
NVIDIA GeForce Experience Command Execution - CVE‑2021‑1079
(Thursday May 13, 2021)
CVE-2021-1079: NVIDIA GeForce Experience (GFE) v.<= 3.21 is affected by an Arbitrary File Write vulnerability which lead to Command Execution.
Can Data Protection Systems Prevent Data At Rest Leakage?
(Thursday May 13, 2021)
Terraform Plan "RCE"
(Thursday May 13, 2021)
Running a Terraform plan on unstrusted code can lead to RCE and credential exfiltration.
Internet Explorer jscript9.dll Memory Corruption
(Thursday May 13, 2021)
Ubuntu Security Notice USN-4952-1
(Thursday May 13, 2021)
Ubuntu Security Notice USN-4932-2
(Thursday May 13, 2021)
Ubuntu Security Notice 4932-2 - USN-4932-1 fixed a vulnerability in
Django. This update provides the corresponding update for Ubuntu 14.04
ESM and Ubuntu 16.04 ESM. It was discovered that Django incorrectly
handled certain filenames. A remote attacker could possibly use this
issue to create or overwrite files in unexpected directories. Various
other issues were also addressed.
Firefox 72 IonMonkey JIT Type Confusion
(Thursday May 13, 2021)
ScadaBR 1.0 / 1.1CE Windows Shell Upload
(Thursday May 13, 2021)
Volatility : Hunting R2D2 Malware
(Thursday May 13, 2021)
Microsoft Internet Explorer 8/11 Use-After-Free
(Thursday May 13, 2021)
Fresh Loader Targets Aviation Victims with Spy RATs
(Thursday May 13, 2021)
The campaign is harvesting screenshots, keystrokes, credentials,
webcam feeds, browser and clipboard data and more, with RevengeRAT or
AsyncRAT payloads.
ScadaBR 1.0 / 1.1CE Linux Shell Upload
(Thursday May 13, 2021)
OpenPLC WebServer 3 Remote Code Execution
(Thursday May 13, 2021)
