5 Benefits of Detection-as-Code

5 Benefits of Detection-as-Code

TL;DR:  Adopt a modern, test-driven methodology for securing your organization with Detection-as-Code. Over the past decade, threat detection has become business-critical and even more complicated. As businesses move to the cloud, manual threat detection processes are no longer able to keep up. How can teams automate security analysis at scale...

New REvil Samples Indicate Ransomware Gang is Back After Months of Inactivity

New REvil Samples Indicate Ransomware Gang is Back After Months of Inactivity

The notorious ransomware operation known as REvil (aka Sodin or Sodinokibi) has resumed after six months of inactivity, an analysis of new ransomware samples has revealed. "Analysis of these samples indicates that the developer has access to REvil's source code, reinforcing the likelihood that the threat group has reemerged," researchers...

Experts Detail Saintstealer and Prynt Stealer Info-Stealing Malware Families

Experts Detail Saintstealer and Prynt Stealer Info-Stealing Malware Families

Cybersecurity researchers have dissected the inner workings of an information-stealing malware called Saintstealer that's designed to siphon credentials and system information. "After execution, the stealer extracts username, passwords, credit card details, etc.," Cyble researchers said in an analysis last week. "The stealer also steals data from various locations across the system and

Microsoft Mitigates RCE Vulnerability Affecting Azure Synapse and Data Factory

Microsoft Mitigates RCE Vulnerability Affecting Azure Synapse and Data Factory

Microsoft on Monday disclosed that it mitigated a security flaw affecting Azure Synapse and Azure Data Factory that, if successfully exploited, could result in remote code execution. The vulnerability, tracked as CVE-2022-29972, has been codenamed "SynLapse" by researchers from Orca Security, who reported the flaw to Microsoft in January 2022. <!--adsense-->...

U.S. Proposes $1 Million Fine on Colonial Pipeline for Safety Violations After Cyberattack

U.S. Proposes $1 Million Fine on Colonial Pipeline for Safety Violations After Cyberattack

The U.S. Department of Transportation's Pipeline and Hazardous Materials Safety Administration (PHMSA) has proposed a penalty of nearly $1 million to Colonial Pipeline for violating federal safety regulations, worsening the impact of the ransomware attack last year. The $986,400 penalty is the result of an inspection conducted by the regulator...

Critical Gems Takeover Bug Reported in RubyGems Package Manager

Critical Gems Takeover Bug Reported in RubyGems Package Manager

The maintainers of the RubyGems package manager have addressed a critical security flaw that could have been abused to remove gems and replace them with rogue versions under specific circumstances. "Due to a bug in the yank action, it was possible for any RubyGems.org user to remove and replace certain...

THM Writeup: Ra 2

THM Writeup: Ra 2

RA Wallpaper. In this article, I step through the process of exploiting a windows machine by enumerating services running on open ports, abusing insecure DNS dynamic updates, and elevating my privileges on the domain controller using PrintSpoofer exploit. This challenge is available on the TryHackMe platform and is titled “Ra...

SHIELDS UP in bite sized chunks

SHIELDS UP in bite sized chunks

Unless you are living completely off the grid, you know the horrifying war in Ukraine and the related geopolitical tensions have dramatically increased cyberattacks and the threat of even more to come. The Cybersecurity and Infrastructure Security Agency (CISA) provides guidance to US federal agencies in their fight against cybercrime,...

Experts Sound Alarm on DCRat Backdoor Being Sold on Russian Hacking Forums

Experts Sound Alarm on DCRat Backdoor Being Sold on Russian Hacking Forums

Cybersecurity researchers have shed light on an actively maintained remote access trojan called DCRat (aka DarkCrystal RAT) that's offered on sale for "dirt cheap" prices, making it accessible to professional cybercriminal groups and novice actors alike. "Unlike the well-funded, massive Russian threat groups crafting custom malware [...], this remote access...

Another Set of Joker Trojan-Laced Android Apps Resurfaces on Google Play Store

Another Set of Joker Trojan-Laced Android Apps Resurfaces on Google Play Store

A new set of trojanized apps spread via the Google Play Store has been observed distributing the notorious Joker malware on compromised Android devices. Joker, a repeat offender, refers to a class of harmful apps that are used for billing and SMS fraud, while also performing a number of actions of a...

Ukrainian CERT Warns Citizens of a New Wave of Attacks Distributing Jester Malware

Ukrainian CERT Warns Citizens of a New Wave of Attacks Distributing Jester Malware

The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of phishing attacks that deploy an information-stealing malware called Jester Stealer on compromised systems. The mass email campaign carries the subject line "chemical attack" and contains a link to a macro-enabled Microsoft Excel file, opening which leads to computers getting...

U.S. Offering $10 Million Reward for Information on Conti Ransomware Hackers

U.S. Offering $10 Million Reward for Information on Conti Ransomware Hackers

The U.S. State Department has announced rewards of up to $10 million for any information leading to the identification of key individuals who are part of the infamous Conti cybercrime gang. Additionally, it's offering another $5 million for intelligence information that could help arrest or convict individuals who are conspiring or attempting...

Researchers Develop RCE Exploit for the Latest F5 BIG-IP Vulnerability

Researchers Develop RCE Exploit for the Latest F5 BIG-IP Vulnerability

Days after F5 released patches for a critical remote code execution vulnerability affecting its BIG-IP family of products, security researchers are warning that they were able to create an exploit for the shortcoming. Tracked CVE-2022-1388 (CVSS score: 9.8), the flaw relates to an iControl REST authentication bypass that, if successfully exploited, could...

TryHackMe — Nessus

TryHackMe — Nessus

TryHackMe — Nessus Hello All, Today I am going to write about a beginner level room in TryHackMe- i.e., Nessus. Let’s start. I know that so many of you who are trying to come into the Security domain or who were working in this field are familiar with this tool. For those who...

Shellcode Analysis

Shellcode Analysis

Let’s see what shellcodes are and how we can Identify and Analyze them. Shellcode illustration Background Shellcode is a sequence of instructions (Opcodes) that represent hex-values and can appear in variant formats in the code (as strings). This sequence is used as a payload of the code to execute in memory...

C Language for Hackers & Beyond! 0x01

C Language for Hackers & Beyond! 0x01

Hello Tenderfoot hackers, welcome you to the world of hacking. You came here because you don’t want to be a script kiddie in this generation of hacking. you need to know how to write your own hacking tools and also you have to know how to write your own malware(ie:-virus,...

U.S. Sanctions Cryptocurrency Mixer Blender for Helping North Korea Launder Millions

U.S. Sanctions Cryptocurrency Mixer Blender for Helping North Korea Launder Millions

The U.S. Treasury Department on Friday moved to sanction virtual currency mixer Blender.io, marking the first time a mixing service has been subjected to economic blockades. The move signals continued efforts on the part of the government to prevent North Korea's Lazarus Group from laundering the funds stolen from the unprecedented...

This New Fileless Malware Hides Shellcode in Windows Event Logs

This New Fileless Malware Hides Shellcode in Windows Event Logs

A new malicious campaign has been spotted taking advantage of Windows event logs to stash chunks of shellcode for the first time in the wild. "It allows the 'fileless' last stage trojan to be hidden from plain sight in the file system," Kaspersky researcher Denis Legezo said in a technical write-up published...

QNAP Releases Firmware Patches for 9 New Flaws Affecting NAS Devices

QNAP Releases Firmware Patches for 9 New Flaws Affecting NAS Devices

QNAP, Taiwanese maker of network-attached storage (NAS) devices, on Friday released security updates to patch nine security weaknesses, including a critical issue that could be exploited to take over an affected system. "A vulnerability has been reported to affect QNAP VS Series NVR running QVR," QNAP said in an advisory. "If exploited,...

Researchers Warn of ‘Raspberry Robin’ Malware Spreading via External Drives

Researchers Warn of ‘Raspberry Robin’ Malware Spreading via External Drives

Cybersecurity researchers have discovered a new Windows malware with worm-like capabilities and is propagated by means of removable USB devices. Attributing the malware to a cluster named "Raspberry Robin," Red Canary researchers noted that the worm "leverages Windows Installer to reach out to QNAP-associated domains and download a malicious DLL." The earliest...

Hackers Using PrivateLoader PPI Service to Distribute New NetDooka Malware

Hackers Using PrivateLoader PPI Service to Distribute New NetDooka Malware

A pay-per-install (PPI) malware service known as PrivateLoader has been spotted distributing a "fairly sophisticated" framework called NetDooka, granting attackers complete control over the infected devices. "The framework is distributed via a pay-per-install (PPI) service and contains multiple parts, including a loader, a dropper, a protection driver, and a full-featured...

Backdoor from HackTheBox — Detailed Walkthrough

Backdoor from HackTheBox — Detailed Walkthrough

Backdoor from HackTheBox — Detailed Walkthrough Showing all the tools and techniques needed to complete the box. Machine Information Backdoor from HackTheBox Backdoor is an easy machine on HackTheBox. We start by finding a basic WordPress site with a vulnerable plugin. This allows directory traversal and local file inclusion, which we use to...

Experts Uncover New Espionage Attacks by Chinese ‘Mustang Panda’ Hackers

Experts Uncover New Espionage Attacks by Chinese ‘Mustang Panda’ Hackers

The China-based threat actor known as Mustang Panda has been observed refining and retooling its tactics and malware to strike entities located in Asia, the European Union, Russia, and the U.S. "Mustang Panda is a highly motivated APT group relying primarily on the use of topical lures and social engineering...

TryHackMe writeup: Atlas

TryHackMe writeup: Atlas

“MurilandOracle” (2021) published a TryHackMe tutorial room discussing a simple ThinVNC vulnerability, a bit of exploit development and testing, and the PrintNightmare vulnerability. In my never-ending quest to “break the rules,” this room took about a week longer for me to complete than MurilandOracle intended. Nonetheless, doing the room was...

I have 1% chance to hack this company

I have 1% chance to hack this company

I have only 1% chance to hack this company using SSRF vulnerability Today I will share with you the first vulnerability I found on SerpApi, LLC. I found this vulnerability right after I finished my onboarding process at SerpApi, LLC. Table of Contents — The Target. — Weaponizing the vulnerability. — Exploitation. — Impact and severity. — Report timeline. — Ending. The Target...

Clique Writeup — ångstromCTF 2022

Clique Writeup — ångstromCTF 2022

Cliche Writeup — ångstromCTF 2022 Mutation XSS in DOMPurify and marked Last weekend, I played the ångstromCTF 2022 with my team FAUST. During the CTF, I came across a relatively simple constructed but clever web challenge that I want to share with you. This is the writeup for cliche. If you are only...

Google Releases Android Update to Patch Actively Exploited Vulnerability

Google Releases Android Update to Patch Actively Exploited Vulnerability

Google has released monthly security patches for Android with fixes for 37 flaws across different components, one of which is a fix for an actively exploited Linux kernel vulnerability that came to light earlier this year. Tracked as CVE-2021-22600 (CVSS score: 7.8), the vulnerability is ranked "High" for severity and could be...

NIST Releases Updated Cybersecurity Guidance for Managing Supply Chain Risks

NIST Releases Updated Cybersecurity Guidance for Managing Supply Chain Risks

The National Institute of Standards and Technology (NIST) on Thursday released an updated cybersecurity guidance for managing risks in the supply chain, as it increasingly emerges as a lucrative attack vector. "It encourages organizations to consider the vulnerabilities not only of a finished product they are considering using, but also...

Google to Add Passwordless Authentication Support to Android and Chrome

Google to Add Passwordless Authentication Support to Android and Chrome

Google today announced plans to implement support for passwordless logins in Android and the Chrome web browser to allow users to sign in across different devices and websites irrespective of the platform. "This will simplify sign-ins across devices, websites, and applications no matter the platform - without the need for a single...

The Importance of Defining Secure Code

The Importance of Defining Secure Code

The developers who create the software, applications and programs that drive digital business have become the lifeblood of many organizations. Most modern businesses would not be able to (profitably) function, without competitive applications and programs, or without 24-hour access to their websites and other infrastructure. And yet, these very same...

Researchers Disclose 10-Year-Old Vulnerabilities in Avast and AVG Antivirus

Researchers Disclose 10-Year-Old Vulnerabilities in Avast and AVG Antivirus

Two high-severity security vulnerabilities, which went undetected for several years, have been discovered in a legitimate driver that's part of Avast and AVG antivirus solutions. "These vulnerabilities allow attackers to escalate privileges enabling them to disable security products, overwrite system components, corrupt the operating system, or perform malicious operations unimpeded,"

Heroku Forces User Password Resets Following GitHub OAuth Token Theft

Heroku Forces User Password Resets Following GitHub OAuth Token Theft

Salesforce-owned subsidiary Heroku on Thursday acknowledged that the theft of GitHub integration OAuth tokens further involved unauthorized access to an internal customer database. The company, in an updated notification, revealed that a compromised token was abused to breach the database and "exfiltrate the hashed and salted passwords for customers' user accounts."...

Thousands of Borrowers’ Data Exposed from ENCollect Debt Collection Service

Thousands of Borrowers’ Data Exposed from ENCollect Debt Collection Service

An ElasticSearch server instance that was left open on the Internet without a password contained sensitive financial information about loans from Indian and African financial services. The leak, which was discovered by researchers from information security company UpGuard, amounted to 5.8GB and consisted of a total of 1,686,363 records. "Those...

Cisco Issues Patches for 3 New Flaws Affecting Enterprise NFVIS Software

Cisco Issues Patches for 3 New Flaws Affecting Enterprise NFVIS Software

Cisco Systems on Wednesday shipped security patches to contain three flaws impacting its Enterprise NFV Infrastructure Software (NFVIS) that could permit an attacker to fully compromise and take control over the hosts. Tracked as CVE-2022-20777, CVE-2022-20779, and CVE-2022-20780, the vulnerabilities "could allow an attacker to escape from the guest virtual...

F5 Warns of a New Critical BIG-IP Remote Code Execution Vulnerability

F5 Warns of a New Critical BIG-IP Remote Code Execution Vulnerability

Cloud security and application delivery network (ADN) provider F5 on Wednesday released patches to contain 43 bugs spanning its products. Of the 43 issues addressed, one is rated Critical, 17 are rated High, 24 are rated Medium, and one is rated low in severity. Chief among the flaws is CVE-2022-1388, which carries...

NahamCon 2022 CTF Write-up: “No Space Between Us” Challenge

NahamCon 2022 CTF Write-up: “No Space Between Us” Challenge

My approach and learnings from solving the ‘No Space Between Us’ challenge as part of the NahamCon 2022 CTF. This specific challenge was only solved by 62 teams out of over 4,000 teams who participated in the CTF. I recently took part in the awesome 2022 NahamCon CTF as part of...

SEC Plans to Hire More Staff in Crypto Enforcement Unit to Fight Frauds

SEC Plans to Hire More Staff in Crypto Enforcement Unit to Fight Frauds

The U.S. Securities and Exchange Commission (SEC) on Tuesday announced that it will expand and rebrand its Cyber Unit to fight against cyber-related threats and protect investors in cryptocurrency markets. To that end, the SEC is renaming the Cyber Unit within the Division of Enforcement to Crypto Assets and Cyber Unit and...

Chinese Hackers Caught Stealing Intellectual Property from Multinational Companies

Chinese Hackers Caught Stealing Intellectual Property from Multinational Companies

An elusive and sophisticated cyberespionage campaign orchestrated by the China-backed Winnti group has managed to fly under the radar since at least 2019. Dubbed "Operation CuckooBees" by Israeli cybersecurity company Cybereason, the massive intellectual property theft operation enabled the threat actor to exfiltrate hundreds of gigabytes of information. Targets included...

Rate Limiting attack bypassing invisible captcha

Rate Limiting attack bypassing invisible captcha

The application implemented invisible captcha as a user friendly way to avoid spam for user-signups. But the problem was, this was the only way the application implemented defence against spamming. Firstly, you can see how invisible captcha looks like being used in a website. I used a python script to create...

Critical RCE Bug Reported in dotCMS Content Management Software

Critical RCE Bug Reported in dotCMS Content Management Software

A pre-authenticated remote code execution vulnerability has been disclosed in dotCMS, an open-source content management system written in Java and "used by over 10,000 clients in over 70 countries around the globe, from Fortune 500 brands and mid-sized businesses." The critical flaw, tracked as CVE-2022-26352, stems from a directory traversal...

Ukraine War Themed Files Become the Lure of Choice for a Wide Range of Hackers

Ukraine War Themed Files Become the Lure of Choice for a Wide Range of Hackers

A growing number of threat actors are using the ongoing Russo-Ukrainian war as a lure in various phishing and malware campaigns, even as critical infrastructure entities continue to be heavily targeted. "Government-backed actors from China, Iran, North Korea and Russia, as well as various unattributed groups, have used various Ukraine war-related themes...

Chinese Hackers Caught Exploiting Popular Antivirus Products to Target Telecom Sector

Chinese Hackers Caught Exploiting Popular Antivirus Products to Target Telecom Sector

A Chinese-aligned cyberespionage group has been observed striking the telecommunication sector in Central Asia with versions of malware such as ShadowPad and PlugX. Cybersecurity firm SentinelOne tied the intrusions to an actor it tracks under the name "Moshen Dragon," with tactical overlaps between the collective and another threat group referred...

Experts Analyze Conti and Hive Ransomware Gangs’ Chats With Their Victims

Experts Analyze Conti and Hive Ransomware Gangs’ Chats With Their Victims

An analysis of four months of chat logs spanning more than 40 conversations between the operators of Conti and Hive ransomware and their victims has offered an insight into the groups' inner workings and their negotiation techniques. In one exchange, the Conti Team is said to have significantly reduced the...

Unpatched DNS Related Vulnerability Affects a Wide Range of IoT Devices

Unpatched DNS Related Vulnerability Affects a Wide Range of IoT Devices

Cybersecurity researchers have disclosed an unpatched security vulnerability that could pose a serious risk to IoT products. The issue, which was originally reported in September 2021, affects the Domain Name System (DNS) implementation of two popular C libraries called uClibc and uClibc-ng that are used for developing embedded Linux systems. <!--adsense--> uClibc is known...

Critical TLStorm 2.0 Bugs Affect Widely-Used Aruba and Avaya Network Switches

Critical TLStorm 2.0 Bugs Affect Widely-Used Aruba and Avaya Network Switches

Cybersecurity researchers have detailed as many as five severe security flaws in the implementation of TLS protocol in several models of Aruba and Avaya network switches that could be abused to gain remote access to enterprise networks and steal valuable information. The findings follow the March disclosure of TLStorm, a set...