Strafer - A Tool To Detect Potential Infections In Elasticsearch Instances

Elasticsearch infections are rising exponentially. The adversaries are exploiting open and exposed Elasticsearch interfaces to trigger infections in the cloud and non-cloud deployments. During this talk, we will release a tool named "STRAFER" to detect potential infections in the Elasticsearch...

Cyberattacks See Fundamental Changes, A Year into COVID-19

COVID-19-related phishing emails, brute-force attacks on remote workers, and a focus on exploiting or abusing collaboration platforms are the hallmarks of cybercriminal enterprise as the coronavirus marks its first anniversary of going global. A year after the COVID-19 crisis was officially...

CVE-2021-26411

Internet Explorer Memory Corruption Vulnerability Recent assessments: ccondon-r7 at April 05, 2021 1:20pm UTC reported: There is now public threat intelligence that the Purple Fox exploit kit has incorporated this vulnerability and is exploiting it. gwillcox-r7 at March 11, 2021 5:57pm UTC...

Microsoft Exchange Cyber Attack — What Do We Know So Far?

Microsoft on Friday warned of active attacks exploiting unpatched Exchange Servers carried out by multiple threat actors, as the hacking campaign is believed to have infected tens of thousands of businesses, government entities in the U.S., Asia, and Europe. The company said "it continues to see...

Procrustes - A Bash Script That Automates The Exfiltration Of Data Over Dns In Case We Have A Blind Command Execution On A Server Where All Outbound Connections Except DNS Are Blocked

A bash script that automates the exfiltration of data over dns in case we have a blind command execution on a server where all outbound connections except DNS are blocked. The script currently supports sh, bash and powershell and is compatible with exec style command execution e.g...

Babuk Ransomware

ARCHIVED STORY Babuk Ransomware By Alexandre Mundo · February 23, 2021 Executive Summary Babuk ransomware is a new ransomware threat discovered in 2021 that has impacted at least five big enterprises, with one already paying the criminals $85,000 after negotiations. As with other variants, this...

Supply-Chain Hack Breaches 35 Companies, Including PayPal, Microsoft, Apple

An ethical hacker has demonstrated a novel supply-chain attack that breached the systems of more than 35 technology players, including Microsoft, Apple, PayPal, Shopify, Netflix, Tesla and Uber, by exploiting public, open-source developer tools. The attack, devised by security researcher Alex...

Fake Trump’s scandle video campaign spreading QNode RAT

By Deeba Ahmed Hackers are benefitting from the unrest after the US Presidential elections and spreading QNode malware. Here's what's going on behind the scene. This is a post from HackRead.com Read the original post: Fake Trumps scandle video campaign spreading QNode RAT...

ImageMagick Input Validation Error Vulnerability (CNVD-2021-10262)

ImageMagick is a software for creating, editing, and composing images that can read, convert, and write images in many formats. An input validation error vulnerability exists in ImageMagick, where MagickCore/quantum.h in versions prior to ImageMagick 7.0.9-0 has a range of representable values...

NSA Releases Advisory on Russian State-Sponsored Malicious Cyber Actors Exploiting CVE-2020-4006

The National Security Agency NSA has released a Cybersecurity Advisory on Russian state-sponsored actors exploiting CVE-2020-4006, a command-injection vulnerability in VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector. The actors were found exploiting...

Android Security Bulletin—December 2020Stay organized with collectionsSave and categorize content based on your preferences.

The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. Security patch levels of 2020-12-05 or later address all of these issues. To learn how to check a device's security patch level, see Check and update your Android version. Android partners are...

Think-Tanks Under Attack by Foreign APTs, CISA Warns

The Cybersecurity and Infrastructure Security Agency CISA and the FBI have issued a warning on what they say are persistent, continued cyberattacks by advanced persistent threat APT actors targeting U.S. think-tanks. The attackers are looking to steal sensitive information, acquire user credentia...

Cross site scripting

In Ericsson BSCS iX R18 Billing & Rating iX R18, MX is a web base module in BSCS iX that is vulnerable to stored XSS via an Alert Dashboard comment. In most test cases, session hijacking was also possible by utilizing the XSS vulnerability. This potentially allows for full account takeover, or...

Hardcoded credentials

Barco wePresent WiPG-1600W devices use Hard-coded Credentials issue 2 of 2. Affected Versions: 2.5.1.8, 2.5.0.25, 2.5.0.24, 2.4.1.19. The Barco wePresent WiPG-1600W device has a hardcoded root password hash included in the firmware image. Exploiting CVE-2020-28329, CVE-2020-28330 and CVE-2020-283...

Authorization

JamoDat TSMManager Collector version up to 6.5.0.21 is vulnerable to an Authorization Bypass because the Collector component is not properly validating an authenticated session with the Viewer. If the Viewer has been modified binary patched and the Bypass Login functionality is being used, an...

CVE-2020-28054

JamoDat TSMManager Collector version up to 6.5.0.21 is vulnerable to an Authorization Bypass because the Collector component is not properly validating an authenticated session with the Viewer. If the Viewer has been modified binary patched and the Bypass Login functionality is being used, an...

Premium-Rate Phone Fraudsters Hack VoIP Servers of 1200 Companies

Cybersecurity researchers today took the wraps off an on-going cyber fraud operation led by hackers in Gaza, West Bank, and Egypt to compromise VoIP servers of more than 1,200 organizations across 60 countries over the past 12 months. According to findings published by Check Point Research, the...

NoSQLi - NoSql Injection CLI Tool

NoSQL scanner and injector. About Nosqli I wanted a better nosql injection tool that was simple to use, fully command line based, and configurable. To that end, I began work on nosqli - a simple nosql injection tool written in Go. It aims to be fast, accurate, and highly usable, with an easy to...

Windows Setup Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists in Windows Setup in the way it handles directories. A locally authenticated attacker could run arbitrary code with elevated system privileges. After successfully exploiting the vulnerability, an attacker could then install programs; view, change, or...

Amid an Embarrassment of Riches, Ransom Gangs Increasingly Outsource Their Work

Theres an old adage in information security: "Every company gets penetration tested, whether or not they pay someone for the pleasure." Many organizations that do hire professionals to test their network security posture unfortunately tend to focus on fixing vulnerabilities hackers could use to...