Malicious Package

Overview ruby-bitcoin is a malicious package. Within version.rb, hidden obfuscated code is present which, on Windows systems, generates and runs a malicious VBScript theScore.vb. Note: The code present in this package is slightly different to the malicious package prettycolor. Remediation Avoid...

GHSA-86WM-RRJM-8WH8 Buffer not correctly recycled in Gzip Request inflation

Impact If GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection and if an attacker can send a request with a body that is received entirely by not consumed by the application, then a subsequent request on the same connection will see...

amtra.pl Cross Site Scripting vulnerability OBB-1456627

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

Overlay Malware Targets Windows Users with a DLL Hijack Twist

Brazilians are being warned of a new overlay malware targeting Windows users in order to siphon victims’ financial data and drain their bank accounts. Researchers say what the malware, dubbed Vizom, lacks in sophistication it makes up for in its creative abuse of the Windows ecosystem. Trusteer, ...

DEF CON 28: ILS and TCAS Spoofing

This post is a companion to the DEF CON 28 video available here The purpose here is to give some practical demonstrations of two kinds of radio frequency spoofing attack against two different types of cockpit instruments that are found in virtually every single commercial aircraft flying today...

Exploit for Double Free in Whatsapp

WhatsPayloadRCE This is a Automated Generate Payload for CVE-...

GHSA-7Q25-QRJW-6FG2 Malicious package may avoid detection in python auditing

Python Auditing Vulnerability Demonstrates how a malicious package can insert a load-time poison pill to avoid detection by tools like Safety. Tools that are designed to find vulnerable packages can not ever run in the same python environment that they are trying to protect. Usage Install safety,...

Syborg - Recursive DNS Subdomain Enumerator With Dead-End Avoidance System

Syborg is a Recursive DNS Domain Enumerator which is neither active nor completely passive. This tool simply constructs a domain name and queries it with a specified DNS Server. Syborg has a Dead-end Avoidance system inspired from @Tomnomnom's ettu. When you run subdomain enumeration with some of...

SUSE SLES12 Security Update : xen (SUSE-SU-2020:0334-1)

This update for xen fixes the following issues : CVE-2020-7211: potential directory traversal using relative paths via tftp server on Windows host bsc1161181. CVE-2019-19579: Device quarantine for alternate pci assignment methods bsc1157888. CVE-2019-19581: findnextbit issues bsc1158003...

Introducing Slackor, a Remote Access Tool Using Slack as a C2 Channel

As a penetration tester at Coalfire Labs, I frequently use exploitation frameworks such as Metasploit or PowerShell Empire to perform post-exploitation actions on compromised endpoints. While anti-virus AV bypass and detection avoidance is often trivial in all but the most mature environments,...

Traffic Management for Peace of Mind

Ensure Quality of Experience and Readiness with CDN Capacity Overflow Have you ever planned and launched a system with painstaking detail and, at some point in time, something unexpected breaks the system? An unexpected event might be an unanticipated scenario a bug! or user adoption beyond...

Meet ‘TajMahal,’ A New and Highly Advanced APT Framework

SINGAPORE – Researchers at Kaspersky Lab have discovered a new, highly sophisticated advanced persistent threat APT framework targeting a single Central Asian diplomatic agency. Malware samples associated with the APT reveal a complex never-before-seen code base, making it extremely hard to detec...

openSUSE Security Update : Chromium (openSUSE-2019-712)

This update for Chromium to version 70.0.3538.67 fixes multiple issues. Security issues fixed bsc1112111 : - CVE-2018-17462: Sandbox escape in AppCache - CVE-2018-17463: Remote code execution in V8 - Heap buffer overflow in Little CMS in PDFium - CVE-2018-17464: URL spoof in Omnibox -...

Protecting Against Identity Theft

As the holidays draw near, many consumers turn to the internet to shop for goods and services. Although online shopping can offer convenience and save time, shoppers should be cautious online and protect personal information against identity theft. Identity thieves steal personal information, suc...

Hackers behind Mirai botnet to avoid jail for working with the FBI

By Waqas Mirai has been known as one of the most powerful botnets comprised of millions of hacked Internet of Things IoT devices including routers, digital video recorders DVRs and security cameras. Mirai was also used by hackers to carry out one of the largest DDoS attacks on the servers of DynD...

Unbreakable Enterprise kernel security update

4.1.12-124.18.9 - rebuild bumping release 4.1.12-124.18.8 - Cipso: cipsov4optptr enter infinite loop yujuan.qi Orabug: 28563992 CVE-2018-10938 - Btrfs: fix listadd corruption and soft lockups in fsync Liu Bo Orabug: 28119834 - x86/paravirt: Fix spectre-v2 mitigations for paravirt guests Peter...

Phishing, Part 2: Staying Safe

As mentioned in Phishing Part 1: On the Lookout, phishing attacks have been around for years, but today’s cybercriminals are adept at using them in an ever-increasing variety of ways to get what they want. According to the most recent FBI figures, phishing and its variants was the third most...

OracleVM 3.3 : Unbreakable / etc (OVMSA-2018-0237)

The remote OracleVM system is missing necessary patches to address critical security updates : - dm: fix race between dmgetfromkobject and dmdestroy Hou Tao CVE-2017-18203 - drm: udl: Properly check framebuffer mmap offsets Greg Kroah-Hartman Orabug: 27986407 CVE-2018-8781 - kernel/exit.c: avoid...

An Example of Deterrence in Cyberspace

In 2016, the US was successfully deterred from attacking Russia in cyberspace because of fears of Russian capabilities against the US. I have two citations for this. The first is from the book Russian Roulette: The Inside Story of Putin's War on America and the Election of Donald Trump, by Michae...

Mining of the virus through the Flash vulnerability propagation, a careful computer becomes mine machine-vulnerability warning-the black bar safety net

4 on 24 May, tinder the security team Alarm, the virus groups the use of Adobe Flash vulnerability propagation mining viruses. Virus gang the mining program implanted to the game download Station“52pk”, www.52pk.com when the user visits the website, the poison page to show after, without any...