Experts linked multiple ransomware strains North Korea-backed APT38 group
Researchers from Trellix linked multiple ransomware strains to the North Korea-backed APT38 group. The ransomware was employed in attacks on...
hacking
LDAPFragger – Command And Control Tool That Enables Attackers To Route Cobalt Strike Beacon Data Over LDAP
LDAPFragger is a Command and Control tool that enables attackers to route From network segment A, run LDAPFragger --cshost <Cobalt...
An expert shows how to stop popular ransomware samples via DLL hijacking
A security researcher discovered that samples of Conti, REvil, LockBit ransomware were vulnerable to DLL hijacking. The security researcher John...
China-linked APT Curious Gorge targeted Russian govt agencies
China-linked Curious Gorge APT is targeting Russian government agencies, Google Threat Analysis Group (TAG) warns. Google Threat Analysis Group (TAG)...
LeakedHandlesFinder – Leaked Windows Processes Handles Identification Tool
Leaked Presented at rootedcon 2022 https://www.rootedcon.com/ponentes-rooted2022/. Presentation -> Presentation/Exploiting Leaked Handles for LPE.pdf Download LeakedHandlesFinder If you like the site,...
A DNS flaw impacts a library used by millions of IoT devices
A vulnerability in the domain name system (DNS) component of the uClibc library impacts millions of IoT products. Nozomi Networks warns of...
FirmWire -b Full-System Baseband Firmware Emulation Platform For Fuzzing, Debugging, And Root-Cause Analysis Of Smartphone Baseband Firmwares
FirmWire is a full-system baseband firmware analysis platform that supports Samsung and MediaTek. It enables fuzzing, root-cause analysis, and FirmWire...
China-linked Moshen Dragon abuses security software to sideload malware
A China-linked APT group, tracked as Moshen Dragon, is exploiting antivirus products to target the telecom sector in Asia. A...
UNC3524 APT uses IP cameras to deploy backdoors and target Exchange
A new APT group, tracked as UNC3524, uses IP cameras to deploy backdoors and steal Microsoft Exchange emails. Mandiant researchers...
Package Analysis dynamic analyzes packages in open-source repositories
The Open Source Security Foundation (OpenSSF) is working on a tool to conduct a dynamic analysis of packages uploaded to...
Pybatfish – Python Client For Batfish (Network Configuration Analysis Tool)
Pybatfish is a Python client for The Batfish YouTube channel (which you can subscribe to for new content) illustrates many...
Car rental company Sixt hit by a cyberattack that caused temporary disruptions
The car rental company Sixt announced it was hit by a cyberattack that is causing temporary business disruptions at customer...
The mystery behind the samples of the new REvil ransomware operation
The REvil ransomware gang has resumed its operations, experts found a new encryptor and a new attack infrastructure. The REvil ransomware...
Moonwalk – Cover Your Tracks During Linux Exploitation By Leaving Zero Traces On System Logs And Filesystem Timestamps
Cover your tracks during Linux Once you get a shell into the target Unix machine, start a moonwalk session by...
Group-IB CEO remains in prison – the Russian-led company has been ‘blacklisted’ in Italy
The latest executive order from the Italian ACN agency banned Group-IB, a Russian-led cybersecurity firm from working in the government...
IoT and Cybersecurity: What’s the Future?
IoT gizmos make our lives easier, but we forget that these doohickeys are IP endpoints that act as mini-radios. They...
Russia-linked APT29 targets diplomatic and government organizations
Russia-linked APT29 (Cozy Bear or Nobelium) launched a spear-phishing campaign targeting diplomats and government entities. In mid-January 2022, security researchers...
Nanodump – A Crappy LSASS Dumper With No ASCII Art
A flexible tool that creates a minidump of the LSASS process. 1. Features It uses syscalls (with SysWhispers2) for most...
Synology and QNAP warn of critical Netatalk flaws in some of their products
Synology warns customers that some of its NAS devices are affected by multiple critical Netatalk vulnerabilities. Synology has warned customers...
Hackers stole +80M from DeFi platforms Rari Capital and Fei Protocol
Threat actors exploited a bug in the Fuse protocol used by DeFi platforms Rari Capital and Fei Protocol and stole...
BackupOperatorToDA – From An Account Member Of The Group Backup Operators To Domain Admin Without RDP Or WinRM On The Domain Controller
If you compromise an account member of the group Backup Operators you can become the Domain Admin without RDP or...
Apr 24 – Apr 30 Ukraine – Russia the silent cyber conflict
This post provides a timeline of the events related to the Russian invasion of Ukraine from the cyber security perspective....
Security Affairs newsletter Round 363 by Pierluigi Paganini
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free...
Microsoft Azure flaws could allow accessing PostgreSQL DBs of other customers
Researchers discovered flaws in the Azure Database for PostgreSQL Flexible Server that could result in unauthorized cross-account database access in...
