15 matches found
Lazarus Deploys RemotePE Memory-Only RAT Against Financial and Crypto Firms
Cybersecurity researchers have shed light on a cross-platform malware called RemotePE that has been put to use by the North Korea-linked Lazarus Group in attacks targeting financial and cryptocurrency organizations. RemotePE, per NCC Group subsidiary Fox-IT, is part of a multi-stage attack chain...
SharpKatz
This is a port of the mimikatz tool, specifically the sekurlsa::logonpasswords, sekurlsa::ekeys, and lsadump::dcsync commands, to C and .NET. The tool is called SharpKatz. The tool is designed to extract sensitive information from a Windows system, including: Logon passwords Kerberos encryption...
Advanced Browser Data Extraction for Chromium and Gecko Browsers
This post-exploitation module extracts sensitive browser data from both Chromium-based and Gecko-based browsers on the target system. It supports the decryption of passwords and cookies using Windows Data Protection API DPAPI and can extract additional data such as browsing history, keyword searc...
Google Chrome Adds App-Bound Encryption to Protect Cookies from Malware
Google has announced that it's adding a new layer of protection to its Chrome browser through what's called app-bound encryption to prevent information-stealing malware from grabbing cookies on Windows systems. "On Windows, Chrome uses the Data Protection API DPAPI which protects the data at rest...
Vulnerabilities fixed in Microsoft Windows
Microsoft has fixed vulnerabilities in Windows. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can lead to the following categories of damage: Denial-of-Service DoS. Remote code execution User Rights Spoofing Access to system data Increased user privilege...
CVE-2023-36004
Windows DPAPI Data Protection Application Programming Interface Spoofing Vulnerability...
CVE-2023-36004 Windows DPAPI (Data Protection Application Programming Interface) Spoofing Vulnerability
...
Windows DPAPI (Data Protection Application Programming Interface) Spoofing Vulnerability
...
Microsoft Windows DPAPI Security Vulnerability
Microsoft Windows is a suite of operating systems for personal devices from the U.S.-based Microsoft Corporation. A security vulnerability exists in Microsoft Windows DPAPI Data Protection Application Programming Interface. An attacker could exploit this vulnerability to perform spoofing attacks...
December 13, 2022—KB5021234 (OS Build 22000.1335)
December 13, 2022—KB5021234 OS Build 22000.1335 11/8/22 IMPORTANT Because of minimal operations during the holidays and the upcoming Western new year, there won’t be a non-security preview release for the month of December 2022. There will be a monthly security release known as a “B” release for...
PT-2022-5615 · Microsoft · Windows Dpapi +1
Name of the Vulnerable Software and Affected Versions: Windows DPAPI affected versions not specified Description: The issue is related to a lack of protection for sensitive data in the Windows DPAPI component, allowing an attacker to disclose protected information. This can enable attackers to...
Microsoft Windows DPAPI 安全漏洞
Microsoft Windows is a suite of operating systems for personal devices from the U.S.-based Microsoft Corporation. A security vulnerability exists in Microsoft Windows DPAPI Data Protection Application Programming Interface. The following products and versions are affected: Windows 11 for x64-base...
ForgeCert - "Golden" Certificates
ForgeCert uses the BouncyCastle C API and a stolen Certificate Authority CA certificate + private key to forge certificates for arbitrary users capable of authentication to Active Directory. This attack is codified as DPERSIST1 in our "Certified Pre-Owned" whitepaper. This code base was released ...
InvisiMole Group Resurfaces Touting Fresh Toolset, Gamaredon Partnership
The InvisiMole threat group has resurfaced in a new campaign, revealing a new toolset and a strategic collaboration with the high-profile Gamaredon advanced persistent threat APT group. InvisiMole was first uncovered by ESET in 2018, with cyberespionage activity dating back to 2013 in operations ...
iOS 9.3.4 Patches Critical Code Execution Flaw
Apple last week patched a critical iOS memory corruption vulnerability that could allow attackers to execute code on compromised devices. The flaw was found by Team Pangu, a Chinese hacker group that specializes in building iOS jailbreak tools. The vulnerability is fixed in iOS 9.3.4. “An...