] The Mad Hacker [

online
mad hacker

Collecting all the news about Cybersecurity, computer security, cracking, hacking, infosec, netsec, & security vunerabilities in one convenient place

Whitehat, greyhat, blackhat, tinker, tailor, solider, spy
We trawl the web so you don't have to
Since 2000

the mad hacker overlay

U.S. Pipeline Ransomware Attackers Go Dark After Servers and Bitcoin Are Seized

(Monday May 17, 2021)
Just as Colonial Pipeline restored all of its systems to operational status in the wake of a crippling ransomware incident a week ago, DarkSide, the cybercrime syndicate behind the attack, claimed it lost control of its infrastructure, citing a law enforcement seizure. All the dark web sites operated by the gang, including its DarkSide Leaks blog, ransom collection site, and breach data content

Why Password Hygiene Needs a Reboot

(Monday May 17, 2021)
In today's digital world, password security is more important than ever. While biometrics, one-time passwords (OTP), and other emerging forms of authentication are often touted as replacements to the traditional password, today, this concept is more marketing hype than anything else. But just because passwords aren't going anywhere anytime soon doesn't mean that organizations don’t need to

Experts Warn About Ongoing AutoHotkey-Based Malware Attacks

(Monday May 17, 2021)
Cybersecurity researchers have uncovered an ongoing malware campaign that heavily relies on AutoHotkey (AHK) scripting language to deliver multiple remote access trojans (RAT) such as Revenge RAT, LimeRAT, AsyncRAT, Houdini, and Vjw0rm on target Windows systems. At least four different versions of the campaign have been spotted starting February 2021, according to researchers from Morphisec Labs

Cyberinsurance giant AXA hit by ransomware attack after saying it would stop covering ransom payments

(Monday May 17, 2021)
One week after the French branch of cyberinsurance giant AXA said that it would no longer be writing policies to cover ransomware payments, the company's operations in Thailand, Malaysia, Hong Kong, and the Phillippines have reportedly been hit... by a ransomware attack.

AMSI Bypass Methods

(Monday May 17, 2021)
Microsoft has developed AMSI (Antimalware Scan Interface) as a method to defend against common malware execution and protect the end user. By default windows defender interacts with the AMSI API to scan PowerShell scripts, VBA macros, JavaScript and scripts using the Windows Script Host technology during execution to prevent arbitrary execution of code. However, other…

ListingLover - Add pseudo-code to Ghidra disassembly

(Monday May 17, 2021)
POST NAVIGATION Previous: FOX – Fix Objective-C XREFs in Ghidra LEGAL AND ADMINISTRATIVE Viale Oceano Pacifico, 66 00144 Rome (Italy) Copyright © 2021 HN Security S.r.l. We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of ALL the cookies. Cookie settingsACCEPT Manage consent Close PRIVACY OVERVIEW This website uses cookies to improve your experience while...

Colonial Pipeline take-away for CISOs: Embrace the mandates

(Monday May 17, 2021)
Many in mainstream media have characterized the . ] A senior administration official, attacks share commonalities. The first being, “a laissez-faire attitude toward cybersecurity.” The second being “poor software security and current market development of ‘build, sell, and maybe patch later.’”

5 things CISOs want to hear about SASE at the RSA Conference

(Monday May 17, 2021)
I’ve been blogging about what should be the “big 3” topics at this week's (virtual) RSA conference.  I started with a blog about .  My final blog of this series looks at what CISOs want to hear about SASE at RSA. (Insider Story)

Irish healthcare system suffers two cyber-attacks

(Monday May 17, 2021)
It has been confirmed that Ireland’s healthcare system fell victim to two cyber-attacks on Thursday and Friday last week. The Department of Health reported that its IT systems were shut down after the first ransomware attack on Thursday. On Friday a similar attack was launched against the Health Service Executive (HSE) causing “substantial” cancellations to […] The post Irish healthcare system suffers two cyber-attacks [https://www.itsecurityguru.org/2021/05/17/irish-healthcare-system-suffers-two-cyber-attacks/] appeared first on IT Security Guru [https://www.itsecurityguru.org].

Insurance giant hit by ransomware

(Monday May 17, 2021)
Over the weekend AXA, an insurance giant based in Thailand, Malaysia, Hong Kong and the Philippines, reported falling victim to a ransomware attack. The attack is claimed to have been perpetrated by the Avaddon ransomware group, which has said it stole 3 TB of sensitive data from AXA’s Asian operations. The attack was not limited […] The post Insurance giant hit by ransomware [https://www.itsecurityguru.org/2021/05/17/insurance-giant-hit-by-ransomware/] appeared first on IT Security Guru [https://www.itsecurityguru.org].

Building your own evil HID injector USB cable

(Sunday May 16, 2021)
New series: Things you don´t need - but will probably want! Did you ever want to have your own, handmade, remote controlled, stealthy USB implant / HID injector, but didn´t want to sell your soul for it? Well then this one is for you :) I already heared about something like this in the past, which reminded me of the expensive O.MG cable from HAK5 or the USB Ninja. But If you like to tinker a little bit and are on a budget, you can pretty much get the same results for like 30 bucks. I already own a DSTIKE WiFi Duck and several Digisparks, but plugging these into someones computer is far more suspicious than a black USB cable. I also own a CrazyRadio, with which one can inject keystrokes into wireless receivers for keyboards and mice, with the help of e.g. bettercap - but to be honest this is a real pain in the ass. I recently stumbled upon some great articles on Twitter regarding an alternative in form of a UNIFY receiver implanted into an USB cable. When I red those lines, I also wanted an USB cable that would still be able to charge a phone, but also could be used to inject keystrokes into the victims systems or even give me a remote shell.

Stealing secrets with Rust Macros proof-of-concept via VSCode: This shows a trivial example of exfiltrating secrets just by the developer opening up the source

(Saturday May 15, 2021)
Contribute to lucky/bad_actor_poc development by creating an account on GitHub.

From theory to practice: analysis and PoC development for CVE-2020-28018 (User-After-Free in Exim)

(Saturday May 15, 2021)
Development of a PoC for one of the vulnerabilities published by Qualys in Exim

Pakistan-Linked Hackers Added New Windows Malware to Its Arsenal

(Saturday May 15, 2021)
Cybercriminals with suspected ties to Pakistan continue to rely on social engineering as a crucial component of its operations as part of an evolving espionage campaign against Indian targets, according to new research. The attacks have been linked to a group called Transparent Tribe, also known as Operation C-Major, APT36, and Mythic Leopard, which has created fraudulent domains mimicking

Colonial Pipeline Paid Nearly $5 Million in Ransom to Cybercriminals

(Saturday May 15, 2021)
Colonial Pipeline on Thursday restored operations to its entire pipeline system nearly a week following a ransomware infection targeting its IT systems, forcing it to reportedly shell out nearly $5 million to regain control of its computer networks. "Following this restart, it will take several days for the product delivery supply chain to return to normal," the company said in a statement on

‘FragAttack’ flaws threaten Wi-Fi, but not too seriously

(Friday May 14, 2021)
A set of vulnerabilities in Wi-Fi’s basic design offers a long-standing and widespread threat vector, but the probability of compromise remains low.

Rapid7 Source Code Accessed in Supply Chain Attack

(Friday May 14, 2021)
An investigation of the Codecov attack revealed intruders accessed Rapid7 source code repositories containing internal credentials and alert-related data.

FIN7 Backdoor Masquerades as Ethical Hacking Tool

(Friday May 14, 2021)
The financially motivated cybercrime gang behind the Carbanak RAT is back with the Lizar malware, which can harvest all kinds of info from Windows machines.

How Faster COVID-19 Research Is Being Made Possible by Secure Silicon

(Friday May 14, 2021)
When Intel and Leidos set up a "trusted execution environment" to enable a widespread group of researchers to securely share and confidentially compute real-world data, it was no small achievement.

Cisco Confirms Plans to Acquire Kenna Security

(Friday May 14, 2021)
Cisco plans to integrate Kenna's vulnerability management technology into its SecureX platform.

Apple AirTag hacked again – free internet with no mobile data plan!

(Friday May 14, 2021)
More phun with Apple AirTags! Free internet, no data plan required... but it's s-l-o-o-o-w.

DarkSide Ransomware Suffers ‘Oh, Crap!’ Server Shutdowns

(Friday May 14, 2021)
The RaaS that crippled Colonial Pipeline lost the servers it uses to pull off ransomware attacks, while REvil’s gonads shrank in response.

Hackers Using Microsoft Build Engine to Deliver Malware Filelessly

(Friday May 14, 2021)
Threat actors are abusing Microsoft Build Engine (MSBuild) to filelessly deliver remote access trojans and password-stealing malware on targeted Windows systems. The actively ongoing campaign is said to have emerged last month, researchers from cybersecurity firm Anomali said on Thursday, adding the malicious build files came embedded with encoded executables and shellcode that deploy backdoors,

Are your remote or furloughed employees a security threat?

(Friday May 14, 2021)
The evolution of the workplace has accelerated over the past year for reasons too painfully obvious to mention. In light of the office exodus, employers have been set the enormous task of adapting and accommodating a remote workforce and managing morale in the face of furloughs. Among the many practical challenges is shoring up your […] The post Are your remote or furloughed employees a security threat? [https://www.itsecurityguru.org/2021/05/14/are-your-remote-or-furloughed-employees-a-security-threat/] appeared first on IT Security Guru [https://www.itsecurityguru.org].

DarkSide Ransomware Gang Quits After Servers, Bitcoin Stash Seized

(Friday May 14, 2021)
The DarkSide ransomware affiliate program responsible for the six-day outage at Colonial Pipeline this week that led to fuel shortages and price spikes across the country is running for the hills. The crime gang announced it was closing up shop after its servers were seized and someone drained funds from an account the group uses to pay affiliates.

Chart: Cybersecurity Now a Top Corporate Priority

(Friday May 14, 2021)
Majority of global IT decision makers say cybersecurity is extremely or more important now than it was pre-pandemic, according to Cisco.

SOC Teams Burdened by Alert Fatigue Explore XDR

(Friday May 14, 2021)
ESG research finds a complex attack surface and threat landscape make alerts too overwhelming to monitor accurately

Gamers warned of downloading fake Afterburner overclocking tool to boost graphics card performance

(Friday May 14, 2021)
A leading manufacturer of gaming hardware has warned internet users to be wary of downloading fake versions of free software it distributes to overclock GPUs. Read more in my article on the Hot for Security blog.

Wi-Fi Design, Implementation Flaws Allow a Range of Frag Attacks

(Friday May 14, 2021)
Every Wi-Fi product is affected by at least one fragmentation and aggregation vulnerability, which could lead to a machine-in-the-middle attack, researcher says.

Reliable remote code execution in Counter-Strike: Global Offensive

(Friday May 14, 2021)
One of the factors contributing to Counter-Strike Global Offensive’s (herein “CS:GO”) massive popularity is the ability for anyone to host their own community server. These community servers are free to download and install and allow for a high grade of customization. Server administrators can create and utilize custom assets such as maps, allowing for innovative game modes.

‘Scheme Flooding’ Allows Websites to Track Users Across Browsers

(Friday May 14, 2021)
A flaw that allows browsers to enumerate applications on a machine threatens cross-browser anonymity in Chrome, Firefox, Microsoft Edge, Safari and even Tor.

Security Trends to Follow at RSA Conference 2021

(Friday May 14, 2021)
Here are three key categories of sessions that provide an inside look at some of today's most interesting cybersecurity trends.

Global Socket 1.4.30

(Friday May 14, 2021)
Global Socket is a tool for moving data from here to there, securely, fast, and through NAT and firewalls. It uses the Global Socket Relay Network to connect TCP pipes, has end-to-end encryption (using OpenSSL's SRP / RFC-5054), AES-256 and key exchange using 4096-bit Prime, requires no PKI, has Perfect Forward Secrecy, and TOR support.

Chrome Array Transfer Bypass

(Friday May 14, 2021)
The fix for CVE-2021-21148 has added a check in |ValueSerializer::WriteJSArrayBuffer| to make sure non-detachable array buffers cannot be transferred. The check can be bypassed with the help of asm.js and property getters.

Ubuntu Security Notice USN-4954-1

(Friday May 14, 2021)
Ubuntu Security Notice 4954-1 - Jason Royes and Samuel Dytrych discovered that the memcpy implementation for 32 bit ARM processors in the GNU C Library contained an integer underflow vulnerability. An attacker could possibly use this to cause a denial of service or execute arbitrary code. It was discovered that the POSIX regex implementation in the GNU C Library did not properly parse alternatives. An attacker could use this to cause a denial of service. Various other issues were also addressed.

CPSIoTSec 2021 Call For Papers

(Friday May 14, 2021)
The Call For Papers has been announced for the 2nd Joint Workshop on CPS and IoT Security and Privacy (CPSIoTSec 2021). It will be held in Seoul, South Korea on November 15, 2021.

Student Management System 1.0 Cross Site Scripting

(Friday May 14, 2021)
Student Management System version 1.0 suffers from a persistent cross site scripting vulnerability.

Ubuntu Security Notice USN-4953-1

(Friday May 14, 2021)
Ubuntu Security Notice 4953-1 - Sean Boran discovered that AWStats incorrectly filtered certain parameters. A remote attacker could possibly use this issue to execute arbitrary code. It was discovered that AWStats incorrectly filtered certain parameters. A remote attacker could possibly use this issue to access sensitive information.

Podcast Generator 3.1 Cross Site Scripting

(Friday May 14, 2021)
Podcast Generator version 3.1 suffers from a persistent cross site scripting vulnerability.

Red Hat Security Advisory 2021-1560-01

(Friday May 14, 2021)
Red Hat Security Advisory 2021-1560-01 - Red Hat AMQ Streams, based on the Apache Kafka project, offers a distributed backbone that allows microservices and other applications to share data with extremely high throughput and extremely low latency. This release of Red Hat AMQ Streams 1.6.4 serves as a replacement for Red Hat AMQ Streams 1.6.2, and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section. Issues addressed include a resource exhaustion vulnerability.

Chamilo LMS 1.11.14 Remote Code Execution

(Friday May 14, 2021)
Chamilo LMS version 1.11.14 authenticated remote code execution exploit.

Verizon: Pandemic Ushers in ⅓ More Cyber-Misery

(Friday May 14, 2021)
The DBIR – Verizon’s 2021 data breach report – shows spikes in sophisticated phishing, financially motivated cyberattacks and a criminal focus on web-application servers.

Toshiba Unit Hacked By DarkSide

(Friday May 14, 2021)

Report to Your Management with the Definitive 'Incident Response for Management' Presentation Template

(Friday May 14, 2021)
Security incidents occur. It's not a matter of 'if' but of 'when.' There are security products and procedures that were implemented to optimize the IR process, so from the 'security-professional' angle, things are taken care of. However, many security pros who are doing an excellent job in handling incidents find effectively communicating the ongoing process with their management a much more

Threat Actors Target Ledger Data Breach Victims in New Extortion Campaign

(Friday May 14, 2021)
Blackmailers are having a field day capitalizing on victims of the Ledger data leak from July 2020. Nearly a year after cybercriminals gained access to the e-commerce database of the France-based crypto wallet company, a new extortion campaign threatens users’ financial and emotional well-being. This novel attempt at extorting victims, spotted by Bitdefender Antispam Lab […]

Ransomware’s New Swindle: Triple Extortion

(Friday May 14, 2021)
Ransomware attackers are now demanding cash from the customers of victims too.  

The Journey to Radically Simplify Security Continues

(Friday May 14, 2021)
Cisco announces our intent to acquire Kenna Security, Inc., a recognized leader in risk-based vulnerability prioritization. The combination of Kenna Security and SecureX will allow customers to address critical challenges with prioritized lists of vulnerabilities, streamlined collaboration between security and IT teams, and automated remediation.

How to Get into the Bug-Bounty Biz: The Good, Bad and Ugly

(Friday May 14, 2021)
Experts from Intel, GitHub and KnowBe4 weigh in on what you need to succeed at security bug-hunting.

Nearly All Wi-Fi Devices Are Vulnerable to New FragAttacks

(Friday May 14, 2021)
Three design and multiple implementation flaws have been disclosed in IEEE 802.11 technical standard that undergirds Wi-Fi, potentially enabling an adversary to take control over a system and plunder confidential data. Called FragAttacks (short for FRgmentation and AGgregation Attacks), the weaknesses impact all Wi-Fi security protocols, from Wired Equivalent Privacy (WEP) all the way to Wi-Fi

Magecart Hackers Now hide PHP-Based Backdoor In Website Favicons

(Friday May 14, 2021)
Cybercrime groups are distributing malicious PHP web shells disguised as a favicon to maintain remote access to the compromised servers and inject JavaScript skimmers into online shopping platforms with an aim to steal financial information from their users. "These web shells known as Smilodon or Megalodon are used to dynamically load JavaScript skimming code via server-side requests into online

Want to be a cybersecurity manager? Colonial Pipeline is recruiting

(Friday May 14, 2021)
Sounds like a great opportunity. It’s not as if things can get worse, right?

Report: Colonial Pipeline paid ransomware attackers $5 million, but still had to rely on its own backups

(Friday May 14, 2021)
Bloomberg reports that the extortionists of Colonial Pipeline received almost $5 million worth of cryptocurrency, but that the tool they provided to decrypt IT systems wasn't up to the job.

Heightened work-related stress and increased workloads are taking their toll on technology leader’s mental wellbeing

(Friday May 14, 2021)
A CISOs workday is riddled with high-stress situations as they constantly battle the deluge of threats emerging from the ever-expanding threat landscape. Therefore it is no wonder that the majority of technology leaders are feeling stressed.    In recent years the challenges that CISOs face have only intensified. Since the pandemic, security professionals have had […] The post Heightened work-related stress and increased workloads are taking their toll on technology leader’s mental wellbeing [https://www.itsecurityguru.org/2021/05/14/heightened-work-related-stress-and-increased-workload

Scumbag ransomware attackers hit Irish Health Service

(Friday May 14, 2021)
Earlier today, Ireland’s health service (the HSE) shut down all of its IT systems following what they describes as a “significant ransomware attack.”

Big Cybersecurity Tips For Remote Workers Who Use Their Own Tech

(Friday May 14, 2021)
As the total number of people working from home has grown dramatically in the last year or two, so has the number of individuals who use all of their own technology for their jobs. If you're a remote worker who relies on your own PC to get your work done, then you may be at a heightened risk for some of the major threats that are impacting the computer industry as a whole. Relatively few people

The CSO guide to top security conferences, 2021

(Friday May 14, 2021)
There is nothing like attending a face-to-face event for career networking and knowledge gathering, and we don’t have to tell you how helpful it can be to get a hands-on demo of a new tool or to have your questions answered by experts. Fortunately, plenty of great conferences are coming up in the months ahead. If keeping abreast of security trends and evolving threats is critical to your job — and we know it is — then attending some top-notch security conferences is on your must-do list for 2021. From major events to those that are more narrowly focused, this list from the editors...

Weekly Update 243

(Friday May 14, 2021)
Listen on Apple Podcasts

Dark Web Getting Loaded With Bogus Covid-19 Vaccines and Forged Cards

(Friday May 14, 2021)
Bogus COVID-19 test results, fraudulent vaccination cards, and questionable vaccines are emerging a hot commodity on the dark web in what's the latest in a long list of cybercrimes capitalizing on the coronavirus pandemic. "A new and troubling phenomenon is that consumers are buying COVID-19 vaccines on the black market due to the increased demand around the world," said Anne An, a senior

Facebook Will Limit Your WhatsApp Features For Not Accepting Privacy Policy

(Friday May 14, 2021)
WhatsApp on Friday disclosed that it won't deactivate accounts of users who don't accept its new privacy policy rolling out on May 15, adding it will continue to keep reminding them to accept the new terms. "No one will have their accounts deleted or lose functionality of WhatsApp on May 15 because of this update," the Facebook-owned messaging service said in a statement. The move marks a

Discovering goroutine leaks with Semgrep

(Friday May 14, 2021)
This post describes the origins of goroutine leaks and code patterns to detect them. Semgrep rules used to reveal those patterns are released to the public. Alex Useche – Security Engineer

Exploit Development: CVE-2021-21551 - Dell ‘dbutil_2_3.sys’ Kernel Exploit Writeup

(Friday May 14, 2021)
Analysis and writeup on weaponizing CVE-2021-21551 without a data-only attack and the importance of Virtualization-Based Security, Hypervisor-Protected Code Integrity, Kernel Control-Flow Guard, and other modern mitigations.

Rapid7 Source Code Breached in Codecov Supply-Chain Attack

(Friday May 14, 2021)
Cybersecurity company Rapid7 on Thursday revealed that unidentified actors improperly managed to get hold of a small portion of its source code repositories in the aftermath of the software supply chain compromise targeting Codecov earlier this year. "A small subset of our source code repositories for internal tooling for our [Managed Detection and Response] service was accessed by an

Vulnerability allows cross-browser tracking in Chrome, Firefox, Safari, and Tor

(Friday May 14, 2021)
The FingerprintJS team has uncovered a scheme flooding vulnerability. We explain how the exploit works across four major desktop browsers and show why it's a threat to anonymous browsing.

Gamers beware! Crooks take advantage of MSI download outage…

(Friday May 14, 2021)
Vendor's site offline? Can't wait for your download? Tempted to go trawling through the underweb to find an "unofficial" version?

Software, Incident Response Among Big Focus Areas in Biden's Cybersecurity Executive Order

(Thursday May 13, 2021)
Overall objectives are good, but EO may be too prescriptive in parts, industry experts say.

85% of Data Breaches Involve Human Interaction: Verizon DBIR

(Thursday May 13, 2021)
Ransomware, phishing, and Web application attacks all increased during a year in which the majority of attacks involved a human element.

Colonial Pipeline Shells Out $5M in Extortion Payout, Report

(Thursday May 13, 2021)
According to news reports, Colonial Pipeline paid the cybergang known as DarkSide the ransom it demanded in return for a decryption key.

Firms Struggle to Secure Multicloud Misconfigurations

(Thursday May 13, 2021)
Half of companies had at least one case of having all ports open to the public, while more than a third had an exposed database.

Ransomware Going for $4K on the Cyber-Underground

(Thursday May 13, 2021)
An analysis of three popular forums used by ransomware operators reveals a complex ecosystem with many partnerships.

Dragos & IronNet Partner on Critical Infrastructure Security

(Thursday May 13, 2021)
The IT and OT security providers will integrate solutions aimed at improving critical infrastructure security

Security Considerations During Authentication

(Thursday May 13, 2021)
One of the most prolific vectors for security vulnerabilities in applications and websites is the authentication process. Here are a couple of pitfalls.

When AI Becomes the Hacker

(Thursday May 13, 2021)
Bruce Schneier explores the potential dangers of artificial intelligence (AI) systems gone rogue in society.

Biden administration releases ambitious cybersecurity executive order

(Thursday May 13, 2021)
Capping a dramatic week that saw major oil pipeline provider Colonial Pipeline chart a "new course to improve the nation's cybersecurity and protect federal government networks."

Microsoft Adds GPS Location to Identity & Access Control in Azure AD

(Thursday May 13, 2021)
New capabilities let admins restrict access to resources from privileged access workstations or regions based on GPS location.

S3 Ep32: AirTag jailbreak, Dell vulns, and a never-ending scam [Podcast]

(Thursday May 13, 2021)
Latest episode - listen now!

BrandPost: End-to-End Security Starts at the Endpoint

(Thursday May 13, 2021)
Given the widely dispersed workforce, and the likelihood of a hybrid workspace going forward, it’s not surprising that endpoint security is a top priority among CSOs, according to the IDG . Wrapped into the remote work security challenge is the need to speed detection and remediation of threats that target devices and endpoint systems. The faster cyber issues can be discovered, the less probability of larger problems. Obvious, yes? However, endpoint security can be daunting task. Most organizations are using a multitude of tools—for monitoring, detection, threat hunting, and more....

BrandPost: How Criminals Abuse Common Security Tools – and Use Them Against You

(Thursday May 13, 2021)
Criminals are exploiting the very tools used by security teams. Sophos researchers have recently observed an increase in attacks in which criminals target tools used by incident responders and penetration testers. These attacks involve very little or no malware, but instead harness the existing components of the operating system or popular software packages. “We've been seeing this for years, and it's increasing now,” says Chester Wisniewski, principal research scientist at Sophos. “It makes sense because we've built a robust set of tools for good guys to hack into our...

Adapting to the Security Threat of Climate Change

(Thursday May 13, 2021)
Business continuity plans that address natural and manmade disasters can help turn a cataclysmic business event into a minor slowdown.

SigNoz - Open source distributed tracing platform | v0.2.0 Released with external API and DB calls monitoring

(Thursday May 13, 2021)
SigNoz helps developers monitor their applications & troubleshoot problems, an open-source alternative to DataDog, NewRelic, etc. 🔥 🖥 - SigNoz/signoz

BrandPost: The Best Trust is No Trust at All

(Thursday May 13, 2021)
Trust has always been a critical consideration for security. Firewalls were invented because people outside the network were inherently less trustworthy than those inside the network, especially when it came to things like accessing data and resources. And zones of trust have always existed inside networks: the DMZ is usually considered less secure than the production network. have traditionally been completely isolated from IT. And not everyone inside the network has access to things like IP and R&D data. For the most part, trust is an issue that most organizations feel they have locked...

Beyond MFA: Rethinking the Authentication Key

(Thursday May 13, 2021)
Tony Lauro, director of security technology and strategy at Akamai, discusses hardware security dongles and using phones to act as surrogates for them.

NVIDIA GeForce Experience Command Execution - CVE‑2021‑1079

(Thursday May 13, 2021)
CVE-2021-1079: NVIDIA GeForce Experience (GFE) v.<= 3.21 is affected by an Arbitrary File Write vulnerability which lead to Command Execution.

Can Data Protection Systems Prevent Data At Rest Leakage?

(Thursday May 13, 2021)
Protection against insider risks works when the process involves controlling the data transfer channels or examining data sources. One approach involves preventing USB flash drives from being copied or sending them over email. The second one concerns preventing leakage or fraud in which an insider accesses files or databases with harmful intentions. What's the best way to protect your data? It

Terraform Plan "RCE"

(Thursday May 13, 2021)
Running a Terraform plan on unstrusted code can lead to RCE and credential exfiltration.

Internet Explorer jscript9.dll Memory Corruption

(Thursday May 13, 2021)
There is a vulnerability in jscript9 that could be potentially used by an attacker to execute arbitrary code when viewing an attacker-controlled website in Internet Explorer. The vulnerability has been confirmed on Windows 10 64-bit with the latest security patches applied.

Ubuntu Security Notice USN-4952-1

(Thursday May 13, 2021)
Ubuntu Security Notice 4952-1 - Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 8.0.25 in Ubuntu 20.04 LTS, Ubuntu 20.10, and Ubuntu 21.04. Ubuntu 18.04 LTS has been updated to MySQL 5.7.34. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes.

Ubuntu Security Notice USN-4932-2

(Thursday May 13, 2021)
Ubuntu Security Notice 4932-2 - USN-4932-1 fixed a vulnerability in Django. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. It was discovered that Django incorrectly handled certain filenames. A remote attacker could possibly use this issue to create or overwrite files in unexpected directories. Various other issues were also addressed.

Firefox 72 IonMonkey JIT Type Confusion

(Thursday May 13, 2021)
Firefox 72 IonMonkey JIT type confusion exploit.

ScadaBR 1.0 / 1.1CE Windows Shell Upload

(Thursday May 13, 2021)
ScadaBR versions 1.0 and 1.1CE authenticated shell upload exploit written for Windows targets.

Volatility : Hunting R2D2 Malware

(Thursday May 13, 2021)
Hunting R2D2 Malware To start on this malware expedition, please download image from here . Once image file is downloaded, lets find out more about it by using volatility imageinfo plugin C:\volatility>volatility.exe -f 0zapftis.vmem imageinfoVolatility Foundation Volatility Framework 2.6INFO : volatility.debug : Determining profile based on KDBG search… Suggested Profile(s) : WinXPSP2x86, WinXPSP3x86 (Instantiated with WinXPSP2x86) AS … Volatility Forensic Analysis: R2D2 Malware Read More »

Microsoft Internet Explorer 8/11 Use-After-Free

(Thursday May 13, 2021)
Microsoft Internet Explorer 8/11 and WPAD service Jscript.dll use-after-free exploit.

Fresh Loader Targets Aviation Victims with Spy RATs

(Thursday May 13, 2021)
The campaign is harvesting screenshots, keystrokes, credentials, webcam feeds, browser and clipboard data and more, with RevengeRAT or AsyncRAT payloads.

ScadaBR 1.0 / 1.1CE Linux Shell Upload

(Thursday May 13, 2021)
ScadaBR versions 1.0 and 1.1CE authenticated shell upload exploit written for Linux targets.

OpenPLC WebServer 3 Remote Code Execution

(Thursday May 13, 2021)
OpenPLC WebServer version 3 authentication remote code execution exploit.