IM
IronMonkey Threat Research
LIVE
|
Articles 27,084
|
CVEs 348,613
|
APT Groups 800
|
Tools 2,196
|
Updated recently
Today Yesterday All 27,052 articles — Page 842 of 902
maxwelldulin ·

On Zoom, the cookie _zm_csp_script_nonce was used on every single page as part of the CSP script-src field. The CSP was set within an HTML tag that wasn't being escaped. So, it was possible to...

@BushidoToken Threat Intel ·

Welcome to the Cyber Threat Intelligence (CTI) Analyst Challenge! I am excited to introduce a comprehensive repository designed to enhance the skills and expertise of CTI analysts through a...

Financial Services Energy
Cloud Threat Landscape ·

On 2024-06-08, an incident was reported, involving an unknown actor, gaining initial access via End-user compromise, targeting GitHub to achieve Data exfiltration.

Wiz Blog | RSS feed ·

Learn how the threat actors behind the 2023 DERO cryptojacking campaign have adapted their techniques to evade detection, and the best practices for mitigation.

Chemical Information Technology
Cloud Threat Landscape ·

Wiz Threat Research discovered a new variant of a cryptojacking campaign targeting misconfigured Kubernetes clusters in cloud environments. The threat actor abuses cluster anonymous access to...

maxwelldulin ·

The vulnerability is a known issue that was originally processed over 10 years ago. However, it's such a common mistake that languages keep making the mistake again and again. When executing...

Maxwell Dulin's Resources ·

Parser bugs can be real bad, given the wide spread use of them. The article has a few awards: most impactful, parser differential, hardest to fix and weirdest machine. For most impactful, it was...

Maxwell Dulin's Resources ·

XML eXternal Entity (XXE) injection is a vulnerability in XML parsing that allows for the adding of entities for file reads, SSRF and other issues. Most of the time, XXE bugs are fairly simple but...

Cloud Threat Landscape ·

On 2024-06-06, a campaign was reported, involving an unknown actor, gaining initial access via End-user compromise, while using LLMjacking, Cloud key compromise, Cloud API e, targeting Amazon...

Maxwell Dulin's Resources ·

devfiles are a mechanism for describes Workspaces in Kubernetes environments for Gitlab. Workspaces are isolated environments. The parent field can be used as a base for a workspace, but was...

Wiz Blog | RSS feed ·

Learn how Wiz's latest feature identifies outdated EKS clusters, helping organizations save millions on cloud spend. Find out how to optimize costs and reinvest savings in strategic initiatives.

Energy
Wiz Blog | RSS feed ·

Great news for State and Local Governments! Wiz for Gov is now StateRAMP authorized

Government Facilities Information Technology
Cloud Threat Landscape ·

On 2024-06-05, a campaign was reported, involving Gitloker, gaining initial access via End-user compromise, while using Repo encryption for extortion, targeting GitHub to achieve RansomOp.

Cloud Threat Landscape ·

Club Penguin fans hacked a Disney Confluence server to obtain information about their favorite game, but ended up with 2.5 GB of internal corporate data. Club Penguin, a popular MMO from 2005 to...

Cloud Threat Landscape ·

On 2024-06-05, a campaign was reported, involving an unknown actor, gaining initial access via 1-day vulnerability, while using Vulnerability exploitation, targeting ThinkPHP to achieve Resource...

Threat Analysis Group (TAG) ·

Our bulletin covering coordinated influence operation campaigns terminated on our platforms in Q2 2024.

Defense Industrial Base
Pulsedive Blog ·

This research examines the distribution mechanisms, C2 traffic patterns, and functionality of Latrodectus loader.

Cloud Threat Landscape ·

On 2024-06-04, a campaign was reported, involving UTG-Q-008, gaining initial access via Password attack, while using SSH bruteforcing, to achieve Resource hijacking.

Cloud Threat Landscape ·

Researchers uncovered a new campaign using Muhstik malware to target Apache RocketMQ, a distributed messaging platform, exploiting a remote code execution vulnerability (CVE-2023-33246). Attackers...

Kaspersky ICS CERT ·

A total of 30 incidents were confirmed by victims. 37% of victims reported denial of operations or product shipment caused by the incident. Almost half of all incidents resulted in disruption of...

Critical Manufacturing Publications
McAfee Labs | McAfee Blogs ·

Authored by Dexter Shin Many government agencies provide their services online for the convenience of their citizens. Also, if this... The post Fake Bahrain Government Android App Steals Personal...

Financial Services Government Facilities
Cloud Threat Landscape ·

On 2024-05-31, a research was reported, involving , gaining initial access via Software misconfig, targeting GitHub to achieve Resp. disclosure.

Blue Team Archives - Black Hills Information Security, Inc. ·

Start this blog series from the beginning here: PART 1 Misconfigurations in Active Directory Certificate Services (ADCS) can introduce critical vulnerabilities into an Enterprise environment. In...

Information Technology Alyssa Snow Blue Team
Orange Cyberdefense ·

Inside industrial systems (also known as Operational Technology, or OT), devices communicate with each other and can be accessed over IP using familiar IT protocols (such as SSH, web services,...

Critical Manufacturing Communications
Wiz Blog | RSS feed ·

Detect malicious hosted AI models with Wiz AI-SPM and gain confidence in the models your data scientists use

Energy Information Technology
ICS Medical Advisories ·

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.1 ATTENTION: Exploitable remotely Vendor: Baxter Equipment: Welch Allyn Connex Spot Monitor (CSM) Vulnerability: Use of Default Cryptographic Key 2. RISK...

Critical Manufacturing Healthcare and Public Health
ICS Medical Advisories ·

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.4 ATTENTION: Exploitable remotely Vendor: Baxter Equipment: Welch Allyn Configuration Tool Vulnerability: Insufficiently Protected Credentials 2. RISK...

Critical Manufacturing Healthcare and Public Health
Maxwell Dulin's Resources ·

WinRAR is a Windows specific compression tool. It also has a terminal version as well. ANSI is the escapes sequences used in terminals to change the color, orientation and many other things about...

maxwelldulin ·

CVE-2023-34992 was for FortiSIEM command injection vulnerability. The phMonitor takes in a server_ip variable. This was being used to execute a python script via os.system that led to a command...

Financial Services Critical Manufacturing
Cloud Threat Landscape ·

The RedTail cryptomining malware has been updated to exploit CVE-2024-3400, a vulnerability in PAN-OS. The attackers are using private cryptomining pools for greater control, and the malware now...