Chinese-Linked Hackers Targeted 70+ Global Organizations, SentinelLABS

SentinelLABS uncovers widespread China-linked cyber espionage targeting over 70 global organizations and cybersecurity firms between July 2024 and…...

Agile Approach to Mass Cloud Credential Harvesting and Crypto Mining Sprints Ahead

Developers are not the only people who have adopted the agile methodology for their development processes. From 2023-06-15 to 2023-07-11, Permiso Security's p0 Labs team identified and tracked an attacker developing and deploying eight 8 incremental iterations of their credential harvesting malwa...

Operation Magalenha: Brazilian Hackers Hit Portuguese Banks in Malware Attack

By Waqas SentinelLabs has uncovered a malware campaign in which Brazilian hackers are targeting Portuguese banks for monetary gains. This is a post from HackRead.com Read the original post: Operation Magalenha: Brazilian Hackers Hit Portuguese Banks in Malware Attack...

Researchers Detail Privilege Escalation Bugs Reported in Oracle VirtualBox

A now-patched vulnerability affecting Oracle VM VirtualBox could be potentially exploited by an adversary to compromise the hypervisor and cause a denial-of-service DoS condition. "Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM...

HP Omen Hub Exposes Millions of Gamers to Cyberattack

Millions of devices running the HP Omen Gaming Hub were using on a driver with a bug that could give attackers kernel-mode access without administrator privileges. HP has since released a patch, but a new report on the flaw CVE-2021-3437 from researchers from SentinelLabs details how the gaming...

ZLoader’s Back, Abusing Google AdWords, Disabling Windows Defender

A targeted campaign delivering the ZLoader banking trojan is spreading via Google AdWords, and is using a mechanism to disable all Windows Defender modules on victim machines, researchers have found. That’s according to SentinelLabs, which said that to lower the rates of detection, the infection...

16-Year-Old Security Bug Affects Millions of HP, Samsung, Xerox Printers

Details have emerged about a high severity security vulnerability affecting a software driver used in HP, Xerox, and Samsung printers that has remained undetected since 2005. Tracked as CVE-2021-3438 CVSS score: 8.8, the issue concerns a buffer overflow in a print driver installer package named...

Dell DBUtil_2_3.sys IOCTL Memory Read / Write

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Dell DBUtil23.sys IOCTL memmove', 'Description' = %q The DBUtil23.sys driver distributed by Dell exposes an unprotected IOCTL interface that can ...

Dell DBUtil_2_3.sys IOCTL memmove

The DBUtil23.sys driver distributed by Dell exposes an unprotected IOCTL interface that can be abused by an attacker read and write kernel-mode memory. Module Options msf use exploit/windows/local/cve202121551dbutilmemmove msf exploitcve202121551dbutilmemmove show targets ...targets... msf...

Hundreds of Millions of Dell Users at Risk from Kernel-Privilege Bugs

Five high-severity security flaws in Dell’s firmware update driver are impacting potentially hundreds of millions of Dell desktops, laptops, notebooks and tablets, researchers said. The bugs have gone undisclosed for 12 years, and could allow the ability to bypass security products, execute code...

CobaltStrikeScan - Scan Files Or Process Memory For CobaltStrike Beacons And Parse Their Configuration

Scan files or process memory for Cobalt Strike beacons and parse their configuration. CobaltStrikeScan scans Windows process memory for evidence of DLL injection classic or reflective injection and performs a YARA scan on the target process' memory for Cobalt Strike v3 and v4 beacon signatures...

Lazarus APT Collaborates with Trickbot's Anchor Project

Researchers have found evidence of a link between global crimeware organization Trickbot and North Korean APT group Lazarus, observing direct collaboration via an all-in-one attack framework developed by Trickbot called Anchor Project. The move appears to be the first time an APT group has aligne...