Authored by: Sang Ryol Ryu and Chanung Pak McAfee Mobile Research team has found another variant of MalBus on an... The post MalBus Actor Changed Market from Google Play to ONE Store appeared...
In order to learn about serverless architecture, I experimented with implementing a quick proof of concept crash triaging tool using AWS Lambda Functions. There are many benefits of serverless...
On 2020-04-08, a campaign was reported, involving an unknown actor, gaining initial access via , targeting Kubernetes to achieve Resource hijacking.
While not a new practice, the sheer volume of people required to adhere to social distancing best practices means we... The post Transitioning to a Mass Remote Workforce – We Must Verify Before...
Although the use of global events as a vehicle to drive digital crime is hardly surprising, the current outbreak of... The post COVID-19 Threat Update – now includes Blood for Sale appeared first...
In the past month, 10 more hospitals have fallen victim to Ryuk attacks in the US
Recently Apple patched a vulnerability (CVE-2020-3919) in IOHIDFamily in their security update 10.15.4 which may allow a malicious application to execute arbitrary code with kernel privileges. It...
Introduction Recently, I encountered a fully password-less environment. Every employee in this company had their own smart card that they used to login into their computers, emails, internal...
We found just three almost unique samples, all in one country. So we consider the attacks to be targeted and have currently named this operation WildPressure.
LibVNC client code contains heap buffer overflow vulnerability in commit prior to 6073771eed1caf72f196e410182471e0dfd32149. This could possible result into remote code execution. This attack...
TigerVNC version prior to 1.10.1 is vulnerable to stack buffer overflow, which could be triggered from CMsgReader::readSetCursor. This vulnerability occurs due to insufficient sanitization of...
TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow, which occurs in TightDecoder::FilterGradient. Exploitation of this vulnerability could potentially result into remote code...
TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow. Vulnerability could be triggered from CopyRectDecoder due to incorrect value checks. Exploitation of this vulnerability...
TigerVNC version prior to 1.10.1 is vulnerable to stack use-after-return, which occurs due to incorrect usage of stack memory in ZRLEDecoder. If decoding routine would throw an exception,...
TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow, which could be triggered from DecodeManager::decodeRect. Vulnerability occurs due to the signdness error in processing...
A Heap-based Buffer Overflow was found in Emerson OpenEnterprise SCADA Server version 2.83 (if Modbus or ROC Interfaces have been installed and are in use) and all versions of OpenEnterprise 3.1...
Moxa’s cellular management software OnCell Central Manager Version lower than 2.4.1 was affected to XML External Entity (XXE) due to vulnerable third-party component usage (Apache Flex BlazeDS).
Moxa’s cellular management software OnCell Central Manager Version lower than 2.4.1 was affected to Remote Code Execution due to vulnerable third-party component usage (Apache Flex BlazeDS).
Intro In this blog post I want to show a simulation of a real-world Resource Based Constrained Delegation attack scenario that could be used to escalate privileges on an Active Directory domain. I...
Intro Last Christmas I was doing quite a bit of research around an exploit for Chrome’s JavaScript engine, V8. While most of the concepts around the exploit might seem familiar: for example, what...
Do you know what your attackers know? There’s a good chance you know, but you might not be aware of just how much information can be found historically and in […] The post Webcast: Enterprise...
This article will show some initial research into booting a KSAN kernel, testing the KASAN functionality and some initial groundwork on KSANCOV. This functionality is super useful when performing...
Beijing, 23-27 December 2019: Kaspersky ICS CERT together with the China Industrial Control Systems Cyber Emergency Response Team (CIC) conducted a training course on digital forensics and...
Abstract Several targeted attack groups share the tools used in the attack and are reported to be doing similar attacks. Attack tools are also shared in attacks targeting Japanese organizations,...
A summary of the NCSC’s security analysis for the UK telecoms sector
Hacking PlayStation DualShock controllers to stream audio to their internal speakers. Ciao a tutti. Introduction I didn’t really know what this project was going to be about and where or how it...
US military claims to have disrupted the online propaganda activity of the Islamic State (ISIS) in a hacking operation dating back at least to 2016. In 2016, the US Cyber Command carried out...
The company has been forced to stop its operations almost completely. Production recovery will take at least a week
On 2020-01-16, a campaign was reported, involving Kinsing operator, gaining initial access via Software misconfig, 1-day vulnerability, while using Vulnerability exploitation, Misconfigured Docker...
Dustman is an upgraded version of the ZeroCleare wiper. The attack exploited a vulnerability in VPN appliances