According to Cisco Talos, Chinese-speaking threat actors used a zero-day vulnerability in the Trimble Cityworks software to attack local governing bodies across the United States.
CONTINUE READING 🡒 
More than 100 dual-function Chrome extensions hijack sessions and steal…
According to DomainTools Intelligence (DTI), more than 100 malicious Chrome browser extensions disguised as VPN services, AI assistants, crypto utilities, etc. are used to steal cookies and covertly execute remote scripts.
CONTINUE READING 🡒 
IP cameras in pentesting. Improper use of security cameras
In the course of a pentesting audit, you can capture an image from a security camera and attach it to your report – just to please the customer. No doubt, such pictures are impressive, but what can be the real impact of attacks targeting cameras? Today I will…
CONTINUE READING 🡒 
Defendnot utility disables Microsoft Defender in Windows
A new tool called Defendnot can disable Microsoft Defender protection on Windows devices even if no real antiviruses are installed in the system.
CONTINUE READING 🡒 
Malware contained in NPM hides itself using Unicode-based steganography
A malicious package discovered in npm (node package manager) hides its code using invisible Unicode characters and uses Google Calendar links for communication with its C&C servers.
CONTINUE READING 🡒 
Customer support agents of Coinbase cryptocurrency exchange sold stolen user…
Coinbase, Inc., a cryptocurrency exchange with over 100 million users, announced that some rogue customer support agents sold customer data to cybercriminals. The extortionists demanded a 20 million USD ransom for nondisclosure of the stolen information.
CONTINUE READING 🡒 
Agent Tesla: Reversing combat malware in Ghidra
Recently I encountered an interesting piece of malware called Agent Tesla. It’s still widespread and actively used by cybercriminals (the analyzed sample was dated 2023). Let’s dissect this remote access trojan and find out what’s hidden inside it.
CONTINUE READING 🡒 
Chrome employs AI to stop scammers
Google introduces a new security feature to Chrome. The new protection system uses the on-device Gemini Nano large language model (LLM) to detect and block scams while users are browsing the web.
CONTINUE READING 🡒 
OttoKit WordPress plugin targeted by massive attacks
Hackers exploit a critical privilege escalation vulnerability in the OttoKit (formerly SureTriggers) WordPress plugin to create new admin accounts on vulnerable sites.
CONTINUE READING 🡒 
In the footsteps of Phrack. Searching for LKM rootkits in…
A long time ago, in the early days of my journey to Linux kernel rootkits, I came across a Phrack article describing a rootkit detection technique implemented for i386. The article wasn’t new and referred to a vintage Linux kernel dated 2003. Something in that paper…
CONTINUE READING 🡒 
Threadless Injection. Injecting shellcode into third-party processes to circumvent EDR
This article discusses Threadless Injection: a technique making it possible to make injections into third-party processes. At the time of writing, it effectively worked on Windows 11 23H2 x64 running on a virtual machine isolated from the network with OS security features enabled.
CONTINUE READING 🡒 
Malicious Python packages exploit Gmail and WebSockets
Socket’s Threat Research Team discovered seven malicious Python packages that use Gmail SMTP servers and WebSockets for data exfiltration and remote command execution.
CONTINUE READING 🡒 
Kali Ashes: Hardening hacker distribution and mastering silent pentesting techniques
Kali Linux is extremely popular among pentesters. However, if you penetrate into a network using default settings of this distribution, it would create much noise on the air, which won’t go unnoticed. This article discusses Kali hardening and explains how to make Linux as…
CONTINUE READING 🡒 
Coinbase fixes 2FA bug that made customers panic
Cryptocurrency exchange Coinbase has fixed a bug in its Account Activity logs that caused customers to think their credentials were compromised.
CONTINUE READING 🡒 
FBI Offers 10 million USD for information on Salt Typhoon…
The FBI offers up to 10 million USD for information about members of the Chinese hacker group Salt Typhoon and last year’s attack that had compromised multiple US telecommunications companies.
CONTINUE READING 🡒 
Process Ghosting. Circumvent antiviruses in the most dangerous way
One of the main priorities for hackers is to hide the execution of their malicious code. This article explains how to start processes using the Process Ghosting technique and discusses operation principles of malware detection systems.
CONTINUE READING 🡒 
Asus patches vulnerability in AMI’s MegaRAC enabling attackers to brick…
Asus released patches for the CVE-2024-54085 vulnerability that allows attackers to seize and disable servers. The security hole affects the American Megatrends International (AMI) MegaRAC Baseboard Management Controller (BMC) software used by many server equipment manufacturers, including Asus, HPE, and ASRock.
CONTINUE READING 🡒 
Tunnels Nightmare: ISP protocols expand your pivoting capacity
The modern TCP/IP protocol stack includes plenty of tunneling protocols. Normally, they are used to expand production networks and build infrastructure. But in this research, I will use them as pentesting tools.
CONTINUE READING 🡒 
Improper authentication control vulnerability affects ASUS routers with AiCloud
ASUSTeK Computer Inc. fixed an improper authentication control vulnerability in routers with AiCloud. The bug allows remote attackers to perform unauthorized actions on vulnerable devices.
CONTINUE READING 🡒 
Scammers pose as FBI IC3 specialists, offer ‘assistance’ to fraud…
According to the FBI, scammers impersonating employees of the FBI Internet Fraud Complaint Center (IC3) contact fraud victims offering them ‘assistance’ in getting their money back
CONTINUE READING 🡒