from
WiredThe hacker group known as Secret Blizzard, Snake, or Turla, widely believed to work for Russia’s FSB intelligence agency, is known for using some of the most ingenious hacking techniques ever seen to spy on its victims. Before it was taken down two years ago in a law enforcement operation led by IRS criminal investigators in the US and Germany’s BKA police agency, Hydra was a uniquely sprawling dark web marketplace, one that not only served as the post-Soviet world’s biggest online bazaar for n....
from
GBHackers On SecurityThey successfully demonstrated proof-of-concept attacks using modified SD Express adapters to gain unauthorized memory access on multiple devices, including gaming laptops and handheld consoles. DaMAgeCard vulnerability is particularly concerning because unlike previous DMA attack vectors (such as FireWire or Thunderbolt), SD card slots are widely available and accessible. They warn that as SD Express adoption grows, this could become a significant attack vector unless manufacturers take steps ....
from
GBHackers On SecurityThis statement assures clients and stakeholders that the firm’s internal infrastructure remains secure. Deloitte UK has strongly refuted claims of a major cybersecurity breach made by the ransomware group Brain Cipher. Analyse Real-World Malware & Phishing Attacks With ANY.RUN - Get up to 3 Free Licenses....
from
InfoSec Write-upsThis software has been intentionally included for educational purposes and is NOT intended to be executed or used otherwise. In Electron, the WebPreferences object is used to configure and control how a BrowserWindow or WebView behaves. By default, nodeIntegration is set to false for security reasons, as enabling it allows full access to Node.js APIs like require, fs, and others, which can pose security risks if the web content is not properly sanitized.....
from
InfoSec Write-upsClickjacking is a malicious technique attackers use to trick users into clicking something different from what they perceive. When users interact with the page, they unknowingly perform actions on the embedded site, such as liking a post, submitting a form, or even executing transactions. Data Theft: Attackers can exploit clickjacking to steal sensitive information by tricking users into submitting forms or entering credentials.....
from
InfoSec Write-upsThis underground economy thrives on the anonymity provided by onion-routing technologies, facilitating transactions of illicit goods, including personal data, without traceability. Stolen financial information is used to craft elaborate schemes aimed at draining victims’ bank accounts or making fraudulent charges on their credit cards. 🌐🔓 If you’re aiming to enhance your cybersecurity defenses, give this article a clap 👏, share it, and follow for more.....
from
InfoSec Write-upsCybersecurity enthusiasts worldwide are gearing up for Advent of Cyber (AOC) 2024, an annual challenge series hosted on TryHackMe. Designed with beginners in mind, this event combines fun, learning, and the opportunity to win exciting prizes. The first step involves launching a sandboxed virtual machine (VM) where participants can safely analyze Mayor Malware’s creation.....
from
InfoSec Write-upsTyler Ramsby’s TryHackMe tutorial takes us on an engaging journey to uncover vulnerabilities in a fictional Christmas wish platform for Weville. The Christmas wish platform, while cheerful, has a serious task — ensuring its safety against XML External Entity (XXE) vulnerabilities. The learning objectives include understanding XML basics, identifying XXE risks, exploiting them in a controlled environment, and applying secure remediation techniques.....
from
InfoSec Write-ups....
from
InfoSec Write-upsPhoto by GuerrillaBuzz on Unsplash Two or Three years ago, I had no idea what bug bounty hunting was. I started Googling phrases like “how to start bug bounty hunting” and “bug bounty platforms for beginners.” Soon, I was creating an account on HackerOne, picking up books like Web Hacking 101, and devouring YouTube videos from ethical hackers. Reconnaissance, OWASP Top 10, Burp Suite, HTTP requests — so many terms flew over my head.....
from
InfoSec Write-upsIf you haven’t already incorporated hash-based search into your routine, now is the time to do so — cyber threats are evolving faster than ever. By leveraging VirusTotal’s extensive database, you can identify files based on their hash and quickly determine if they are flagged as malicious. Even the smallest change in a file will produce an entirely different hash, making this method highly reliable for identifying files.....
from
InfoSec Write-upsWhat if every photo you uploaded to Redacted.com could unknowingly share your exact location with the world? Images uploaded to Redacted.com don’t strip their EXIF metadata, which includes sensitive details like GPS coordinates, timestamps, and device info. 🚀 Reporting this issue not only helped secure user privacy but also earned me a 5000 Rubles bounty!....
from
Penetration Testing OnlineThey leveraged legitimate applications like GoogleToolbarNotifier.exe and iTunesHelper.exe to load malicious DLLs, effectively masking their activity. “ The attackers also leveraged several living-off-the-land tools,” the report notes, “[including] WMI (Windows Management Instrumentation), PsExec, [and] PowerShell.” This approach allowed them to blend in with normal network activity and evade detection. This file has been previously associated with the Crimson Palace group, known for targeting ....
from
Penetration Testing OnlineOver the years, it has evolved significantly, with Trend Micro identifying 55 active MOONSHINE servers by 2024. The report explains, “ DarkNimbus abuses Android’s Accessibility Service to monitor and pilfer conversations from instant messaging apps.” These links redirect victims to MOONSHINE servers, which assess the victim’s device and browser vulnerabilities before delivering exploit code.....
from
clearbluejarLeveraging these symbols within Ghidra can significantly aid in understanding the program’s behavior. The symbols file for combase.dll is massive and includes much more information than your typical pdb from Microsoft. Stay tuned for part 2 when we walk through how to leverage Ghidra’s symbol acquisition automation.....
from
Penetration Testing OnlineCyble Research and Intelligence Labs (CRIL) has uncovered a multi-stage cyberattack campaign targeting the manufacturing industry. Threat actors employed several legitimate system tools, also known as Living-off-the-Land Binaries (LOLBins), to bypass traditional security mechanisms. Persistence Mechanism: The malware created a Task Scheduler entry named “NodeJS Web Framework” to maintain control over infected systems.....
from
The Cyber ExpressCyble dark web researchers have documented a new Russia-linked threat group that has been breaching critical infrastructure environments and tampering with system controls. Water and wastewater systems are considered particularly vulnerable even among generally insecure critical infrastructure sectors. Within the last week, Z-Pentest’s claims have escalated to include claims of “disrupting critical systems at an oil well site, including systems responsible for water pumping, petroleum gas flari....
from
CSO OnlineGitHub Actions workflows are a series of processes or “actions” defined in .yml files inside repositories that get executed when certain trigger events occur, such as when new code gets committed to the repository. By default, anyone can fork a project and can submit pull requests, meaning project owners need to be very careful about how they use GitHub Actions, including what actions and what triggers they allow. “But it is not hard to imagine what the potential impact and the damage could be ....
from
The Register - SecurityThe flaw-finding biz – which develops and releases unofficial "micropatches" to close holes in software that vendors won't address – says this particular bug is an NTLM vulnerability. "The vulnerability allows an attacker to obtain user's NTLM credentials by simply having the user view a malicious file in Windows Explorer - eg, by opening a shared folder or USB disk with such file, or viewing the Downloads folder where such file was previously automatically downloaded from attacker's web page,"....
from
Paloalto Unit43We reported that attackers launched COVID-19-themed phishing campaigns targeting government and medical organizations or distributed Coronavirus-themed malware by tricking users into downloading malicious files. By analyzing the keywords, structure and even top-level domain (TLD) cues within these domains, we can uncover common features that indicate malicious intent. WHOIS records: While most registration information for these Olympic-themed gambling NRDs is redacted, we observed that all regi....