Erbium Stealer, a new Infostealer enters the scene
Analysis of Erbium Stealer, the new Infostealer targeting multiple sectors all around the world
OWASP 10: A Cybersecurity Journey (Part-I)
Web application security is crucial in today’s digital world. Web applications handle sensitive data, including personal data and more.
Access control vulnerabilities :
This lab has an admin panel at /admin. It's only accessible to logged-in users with a roleid of 2.
Essential Cybersecurity: Benefits, Threats, And Its Importance
Explore the essential benefits, common threats, and importance of cybersecurity with Bluechip Computer Systems LLC. Learn how we safeguard…
Security Notice: Critical Arbitrary File Delete Vulnerability in SonicWall SMA 100 Series Appliances | SonicWall
A critical vulnerability (CVSS 9.1) in SMA 100 series appliances, which includes SMA 200, 210, 400, 410 and 500v, could potentially allow a remote unauthenticated attacker the ability to delete arbitrary files from a SMA 100 series appliance and potentially gain administrator access to the device.The vulnerability (SNWLID-2021-0021) is due to an improper limitation of a file path to a restricted directory potentially leading to arbitrary file deletion as ‘nobody.’There is no evidence that this vulnerability is being exploited in the wild.SonicW
A Tale of Two Targets
ThreatConnect identifies Chinese targeting of two companies. Economic espionage or military intelligence? It was the best of times; it was the worst of times. While Russian advanced persistent threat (APT) activity against the US and other international organizations has dominated the headlines recently, Chinese APT actors have been active outside the limelight. In June 2016, […]
Deep Analysis of Vidar Stealer
Author: hypen (Sojun Ryu) @ Talon
How Cloudflare runs Prometheus at scale
Here at Cloudflare we run over 900 instances of Prometheus with a total of around 4.9 billion time series. Operating such a large Prometheus deployment doesn’t come without challenges . In this blog post we’ll cover some of the issues we hit and how we solved them
Tainted Leaks: Disinformation and Phishing With a Russian Nexus - The Citizen Lab
Documents stolen from a prominent journalist and critic of the Russian government were manipulated and then released as a “leak” to discredit domestic and foreign critics of the government. We call this technique “tainted leaks.”
Rising Tide: Chasing the Currents of Espionage in the South China Sea | Proofpoint US
CVE-2022-37734: graphql-java Denial-of-Service
One of the most challenging tasks for developers who work with GraphQL servers is Denial-of-Service (DoS) protection. Directive overloading (submitting multiple directives) is one of the DoS vectors to be concerned about.
The Thomghost THM Box Report
I will be sharing today the penetration testing report that I had written about the TryHackMe.com’s Thomghost box. A tomcat vulnerable…
Cybersecurity Promotion & Sponsorship — ZeusCybersec
“ Start your content journey and boost your brand Awareness & Sales with ZeusCybersec“
CVE Alert: CVE-2024-12257 - RedPacket Security
The CardGate Payments for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and
Rewterz Threat Advisory – Multiple Microsoft Products Vulnerabilities - Rewterz
Severity High Analysis Summary CVE-2024-21419 CVSS:7.6 Microsoft Dynamics 365 (on-premises) is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote authenticated attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web
CVE Alert: CVE-2024-11436 - RedPacket Security
The Drag & Drop Builder, Human Face Detector, Pre-built Templates, Spam Protection, User Email Notifications & more! plugin for WordPress is
Kriptografik Hashing
Hashing nedir? Nasıl Çalışır? Kim kullanır? Kripto paralarda ve siber güvenlikteki yeri…
How I Found My First Bug $$$
Introduction: The First Bug You Never Forget
HTTP
Merhaba bugün size HTTP protokolünün nasıl işlediğini, çalışma mantığını ve HTTP’nin internet dünyasındaki rolünü anlatmak istedim.
Packrat: Seven Years of a South American Threat Actor
Report uncovering a South American group targeting politicians, journalists, and civil society with malware campaigns, phishing, and elaborate fake organizations.
Microsoft Patches Multiple Vulnerabilities Allow Attackers to Elevate Privileges
Microsoft has released patches addressing multiple vulnerabilities that could enable attackers to elevate privileges across various Microsoft products.
Cobalt Strike Beacon Detected - 4[.]227[.]107[.]145:443 - RedPacket Security
Cobalt Strike Beacon Detection Alerts
Attacker Uses a Popular TikTok Challenge to Lure Users Into Installing Malicious Package
After a cat-mouse game, as the attacker’s packages have been caught, reported and removed by PyPi, the attacker decided to move his malicious infection line from the Python package to the requirements.txt as you can see in the blog.
CISA Alert AA24-249A: Russian GRU Unit 29155 Targeting U.S. and Global Critical Infrastructure
Russian GRU Unit 29155 is a military intelligence group targeting U.S. and global critical infrastructure through cyber espionage, sabotage, and data theft. Learn about their tactics and how to defend against these threats.
Rewterz Threat Intel – CVE-2023-0026 – Juniper Networks Junos OS and Junos OS Evolved Vulnerability
Severity High Analysis Summary CVE-2023-0026 Juniper Networks Junos OS and Junos OS Evolved is vulnerable to a denial of service, caused by improper input validation vulnerability […]
Security Recruiter Directory
To find the right security job or hire the right candidate, you first need to find the right recruiter. CSO's security recruiter directory is your one-stop shop.
Ransomware NetWalker: análisis y medidas preventivas
Path traversal :
Path traversal is also known as directory traversal. These vulnerabilities enable an attacker to read arbitrary files on the server that…
Russian Hackers Target Ukrainians' Personal Data, Says Kyiv
Ukraine's top cybersecurity agency says Russian hackers took a sudden interest in obtaining personal data and mounted successful attacks against more than one-third
Trend Micro Deep Security Vulnerable to Command Injection Attacks
Trend Micro has released a critical update addressing a remote code execution (RCE) vulnerability (CVE-2024-51503) in its Trend Micro Deep Security 20 Agent.
CircleCI CI/CD Security Breach
The CircleCI breach exposed critical security flaws in CI/CD pipelines. Learn how to protect against similar incidents
API Heaven ICO
finally an ICO for an existing product
Latrodectus Backdoor IOCs - 11 - SEC-1275-1
Latrodectus Backdoor IOCs - 11 - SEC-1275-1
CVE Alert: CVE-2024-11351 - RedPacket Security
The Restrict – membership, site, content and user access restrictions for WordPress plugin for WordPress is vulnerable to Sensitive Information Exposure in
Whispers: A Powerful Static Code Analysis Tool for Credential Detection
“My little birds are everywhere, even in the North, they whisper to me the strangest stories.” – Lord Varys Meet Whispers, an advanced static code analysis tool meticulously desig…
DDE Exploitation Detection
DFIR, IR, Threat Hunting,Incident Response, IOC, TTPs, ATT&CK, SIEM, Detection, Digital Forensics, Threat Intelligence, Malware Analysis and Reversing
A nefarious use of Google Drive to load malicious redirects | Malwarebytes Labs
Google Drive is being abused to host malicious JavaScript code that redirects to exploit sites.
Operation Triangulation: Experts Uncover Deeper Insights into iOS Zero-Day Attacks
Sophisticated Apple iOS attack dubbed Operation Triangulation employed clever techniques to targets victims with a backdoor implant called "TriangleDB
Cerber Actor Distributing Malware Over E-mail Via WSF Files
Rewterz Threat Advisory – CVE-2021-29491 – Node.js Mixme Module Vulnerability - Rewterz
Severity High Analysis Summary CVE-2021-29491 Node.js mixme module is vulnerable to a denial of service which is caused by a prototype pollution flaw in the mutate() and merge() functions. A remote attacker can exploit the vulnerability by sending a specially-crafted request that can cause a denial of service condition. Impact Denial of Service Affected Vendors
Flash Notice: Critical Vulnerabilities Found in FortiNAC and FortiWeb
Fortinet released security updates for two critical vulnerabilities (CVE-2022-39952 and CVE-2022-42756) found in FortiNAC and FortiWeb products.
Thread Name-Calling - using Thread Name for offense - Check Point Research
Research by: hasherezade Highlights: Introduction Process injection is one of the important techniques used by attackers. We can find its variants implemented in almost every malware. It serves purposes such as: Due to the fact that interference in the memory of a process by malicious modules can cause a lot of damage, all sorts of AV […]
Growing Abuse of SSH Keys: Commodity Malware Campaigns Now Equipped with SSH Capabilities | Venafi
Once the purview of only the most sophisticated, well-financed Advanced Persistent Threats (APTs), it now seems that there is a ‘trickle-down’ effect, where SSH capabilities are becoming part of “off-the-shelf” commodity malware. Read more.
SensePost | A new look at null sessions and user enumeration
Leaders in Information Security
Ostap malware analysis (Backswap dropper)
Malicious scripts, distributed via spam e-mails, have been getting more complex for some time. Usually, if you got an e-mail with .js attachment, you could safely assume it’s just a simple dropper, which is limited to downloading and executing malware. Unfortunately, there is a growing number of campaigns these …
CVE Alert: CVE-2024-9698 - RedPacket Security
The Crafthemes Demo Import plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'process_uploaded_files'
Scenario Based Cyber Security Interview Questions
Question 1: What is the cyber kill chain? It is a framework that outlines the stages of a cyber-attack, including reconnaissance…
Vivre Sans Travailler : Mythe ou Réalité ?
Qui n’a jamais rêvé de vivre une vie sans contraintes, sans réveil stressant et sans l’obligation d’échanger son temps contre de l’argent …
CVE Alert: CVE-2024-11877 - RedPacket Security
The Cricket Live Score plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'cricket_score' shortcode in all versions up to, and
CVE-2023-1671: Sophos Command Injection Vulnerability Exploited in the Wild
Sophos CVE-2023-1671 vulnerability is actively exploited in the wild. Check out this blog to learn how the CVE-2023-1671 exploit works and get mitigation suggestions.
Belling the BEAR
ThreatConnect reviews activity targeting Bellingcat, a key contributor in the MH17 investigation. Read the full series of ThreatConnect posts following the DNC Breach: “Rebooting Watergate: Tapping into the Democratic National Committee“, “Shiny Object? Guccifer 2.0 and the DNC Breach“, “What’s in a Name Server?“, “Guccifer 2.0: the Man, the Myth, the Legend?“, “Guccifer 2.0: All Roads […]
Operation AppleJeus: Lazarus hits cryptocurrency exchange with fake installer and macOS malware
While investigating a cryptocurrency exchange attacked by Lazarus, we made an unexpected discovery. The victim had been infected with the help of a trojanized cryptocurrency trading application, which had been recommended to the company over email.
12 Days of HaXmas: Improvements to jsobfu | Rapid7 Blog
Storing Tokens in Cookies with React
Token-based authentication is a popular way to secure web applications.
Try Hack Me / Google Dorking [Day 10]
Task 1 — Ye Ol’ Search Engine Massive indexers, specifically of content dispersed across the World Wide Web, are “Search Engines” like…
CVE Alert: CVE-2024-12850 - RedPacket Security
The Database Backup and check Tables Automated With Scheduler 2024 plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and
Understanding SQL Injections: Lessons from a Hack The Box Lab
As an native Blue Team security professional, I often focus on building secure, scalable, and reliable infrastructure. But recently, I have…
CVE Alert: CVE-2024-12468 - RedPacket Security
The WP Datepicker plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'wpdp_get_selected_datepicker' parameter in all versions up to,
CVE Alert: CVE-2024-12103 - RedPacket Security
The Content No Cache: prevent specific content from being cached plugin for WordPress is vulnerable to Information Exposure in all versions up to, and
ANY.RUN Sandbox Now Automates Interactive Analysis of Complex Cyber Attack Chains
Smart Content Analysis is a mechanism that allows the ANY.RUN sandbox to execute multi-stage cyber attacks without any user involvement.
Protecting Your Kubernetes Environment With KubeArmor
A real-world example of preventing the ShellShock vulnerability
Operation Triangulation iOS Attack Details Revealed
Kaspersky said the attack exploited five vulnerabilities, four of which were unknown zero-days
Apple issued another patch to stop TriangleDB cyber snooping
Kaspersky first found this software nasty on its own phones
Threat Brief: Attacks on Critical Infrastructure Attributed to Volt Typhoon
Volt Typhoon, a nation-state TA attributed to the People's Republic of China, is targeting critical infrastructure. We provide an overview of their current activity and mitigations recommendations.
Kimsuky2021年上半年窃密活动总结
纵观2021上半年Kimsuky的活动,攻击目标仍以韩国的政府外交、国防军工、大学教授、智囊团为主。相关攻击活动仍以鱼叉邮件投递诱饵文档为主,同时也在积极利用社会热点事件为诱饵进行攻击。
Отчет «Лаборатории Касперского» о спаме и фишинге в 2022 году
Статистика и тенденции в спаме и фишинге в 2022 году: двухэтапный целевой фишинг, угон аккаунтов в соцсетях и мессенджерах, импортозамещение и фишинг через сервисы для проведения опросов.
Stylish Magento Card Stealer loads Without Script Tags
Recently one of our analysts, Weston H., found a very interesting credit card stealer in a Magento environment which loads a malicious JavaScript without using any script tags. In this post I will go over
Arctic Wolf Earns “Vendor of the Year” Award at Annual Ingram Micro Experience Event - Arctic Wolf
Industry honor spotlights success of Arctic Wolf’s channel-focused engagement strategy and growing go-to-market relationship with Ingram Micro January 21, 2025 — Eden Prairie, MN — Arctic Wolf®, a global leader in Security Operations, today announced that it has been named “Vendor of the Year” – Managed Security Service Provider by Ingram Micro Inc., a leading ... Arctic Wolf Earns “Vendor of the Year” Award at Annual Ingram Micro Experience Event
Russian hackers linked to widespread attacks targeting NATO and EU
Poland's Military Counterintelligence Service and its Computer Emergency Response Team have linked APT29 state-sponsored hackers, part of the Russian government's Foreign Intelligence Service (SVR), to widespread attacks targeting NATO and European Union countries.
The Rise Of Quantum Company: What it means for Business.
Quantum company is no longer considered a sci-fi concept — It is a reality, and it's head bent on shaking up the business world. Unlike…
Stop Fighting Anti-Virus: Pentester’s Viewpoint - Privacy PC
Privacy PC Stop Fighting Anti-Virus: Pentester’s Viewpoint
Rewterz Threat Alert – AZORult Malware – Active IOC’s - Rewterz
Severity Medium Analysis Summary AZORult is a Trojan stealer that collects various data on infected computers and sends it to the C&C server, including browser history, login credentials, cookies, files from folders as specified by the C&C server (for example, all TXT files from the Desktop folder), cryptowallet files, etc. The malware can also be
macOS WorkflowKit Race Flaw Allows Malicious Apps to Intercept Shortcuts
A race condition vulnerability in Apple's WorkflowKit has been identified, allowing malicious applications to intercept and manipulate shortcuts on macOS systems.
CVE Alert: CVE-2024-12583 - RedPacket Security
The Dynamics 365 Integration plugin for WordPress is vulnerable to Remote Code Execution and Arbitrary File Read in all versions up to, and including, 1.3.23
CVE Alert: CVE-2025-1103 - RedPacket Security
A vulnerability, which was classified as problematic, was found in D-Link DIR-823X 240126/240802. This affects the function set_wifi_blacklists of the file
GRC Lab Series: Security Control Assessment
The last article was theory heavy on the assess step of the NIST RMF. An important one to understand, but today we will go through the…
개인을 도청하는 RedEyes 그룹 (APT37) - ASEC BLOG
1.개요 RedEyes(also known as APT37, ScarCruft, Reaper) 그룹은 국가 지원을 받는 APT 조직이며 주로 북한 이탈 주민, 인권 운동가, 대학 교수 등의 개인을 대상으로 공격을 수행한다. 이들의 임무는 특정인들의 일상을 감시하는 것으로 알려져 있다. ASEC(AhnLab Security Emergengy response Center)은 2023년 5월 RedEyes 그룹이 Ably 플랫폼을 악용한 Golang 백도어를 유포 및 마이크 도청 기능을 포함한 이전에 알려지지 않은 새로운 정보 유출 악성코드 사용 정황을 확인하였다.* ABLY[1]는 실시간 데이터 전송 및 메시지를 위한 플랫폼이며 Pub/Sub 메시징, 푸시 알림, 실시간 쿼리, 상태 동기화를...
Creating WordPress Site Visualization Plugin with PHP
Read the Real-time communication API Blog now.
JavaScript – How To Execute a Function with Variables when Button is Clicked | Incredigeek
AhnLab EDR을 활용한 Akira 랜섬웨어 공격 사례 탐지 - ASEC
Akira는 상대적으로 새롭게 등장한 랜섬웨어 공격자로서 2023년 3월부터 활동하고 있다. 다른 랜섬웨어 공격자들과 유사하게 조직에 침투한 이후 파일을 암호화할 뿐만 아니라 민감한 정보를 탈취해 협상에 사용한다. 실제 다음과 같은 2024년 통계에서도 Akira 랜섬웨어에 의한 피해 기업의 수가 상위권을 차지하고 있다. [1] Figure 1. 2024년 랜섬웨어 피해 통계 공격자는 랜섬웨어를 통해 조직의 시스템을 암호화한 이후 협상을 […]
Magento shopping cart attack targets critical vulnerability
Really? You didn't bother to patch a 9.8 severity critical flaw?
Anatomy of an Exploit Chain: CISA, FBI Detail Ivanti CSA Attacks
Introduction to Malware Binary Triage (IMBT) Course Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor. Enroll Now and Save 10%: Coupon Code MWNEWS10 Note: Affiliate link – your enrollment helps support this platform at no extra cost to you. Threat actors chained together four vulnerabilities in Ivanti Cloud Service Appliances (CSA) in confirmed attacks on multiple organizations in September, according to an advisory released this week by the FBI and...
Two-factor Authentication in Cyber Protection for Businesses
By the end of 2021,ransomware will hit businesses every 11 seconds. Phishing and spear-phishing continue to be the number one infection…
CMMC, DFARS, and NIST 800-171 with NodeZero
Streamline compliance with CMMC, DFARS, and NIST 800-171 using NodeZero: Continuous testing, real-world attack simulations, and actionable insights for seamless security.
What Happens When Enterprise Meets Academia?
eSentire continues innovation by partnering with the Cyber Science Lab at the University of Guelph and Mitacs for two research projects.
GRC Lab Series: NIST RMF Step 2 : Control Selection
We’ve been able to categorize a system using NIST RMF in the last article. Today, we dive into the next step in implementing the NIST RMF…
Ghost Tap Attack, Hackers Stolen Credit Card Linked To Google Pay Or Apple Pay
Threat actors are exploiting a new cash-out tactic called "Ghost Tap" to siphon funds from stolen credit card details linked to mobile
Advent of Cyber 4 writeup: A very short introduction to secure coding
A lot of the time, malicious hackers gain access to their target systems by exploiting code injection vulnerabilities and other kinds of…
APT35 exploits Log4j vulnerability to distribute new modular PowerShell toolkit - Check Point Research
Introduction With the emergence of the Log4j security vulnerability, we’ve already seen multiple threat actors, mostly financially motivated, immediately add it to their exploitation arsenal. It comes as no surprise that some nation-sponsored actors also saw this new vulnerability as an opportunity to strike before potential targets have identified and patched the affected systems. APT35... Click to Read More
A window of opportunity: exploiting a Chrome 1day vulnerability - Exodus Intelligence
This post explores the possibility of developing a working exploit for a vulnerability already patched in the v8 source tree before the fix makes it into a stable Chrome release. Chrome Release Schedule Chrome has a relatively tight release cycle of pushing a new stable version every 6 weeks with stable refreshes in between if ... Read more A window of opportunity: exploiting a Chrome 1day vulnerability
The biggest supply chain attacks in 2024
Attacks on supply chains were one of the biggest threats in 2024. We discuss the most notable incidents of last year, and their consequences for the attacked.
SkyHunter AI: Revolutionizing Cyber and Physical Security Through AI-Driven Analysis
SkyHunter AI: Revolutionizing Cyber and Physical Security Through AI-Driven Analysis
New Book Recommendation
Wiley’s anticipated book Generative AI, Cybersecurity, and Ethics by Dr. Ray Islam (Mohammad Rubyet Islam) is here!
Turla Activity Detection: russian Cyberespionage Group Targeting Ukraine Uses Decade-Old USB-Delivered Andromeda Malware to Spread Novel Backdoors - SOC Prime
Detect Turla attacks against Ukraine exploiting expired Andromeda C2 domains to deploy new backdoors with Sigma rules from SOC Prime Platform.
CVE Alert: CVE-2025-0065 - RedPacket Security
Improper Neutralization of Argument Delimiters in the TeamViewer_service.exe component of TeamViewer Clients prior version 15.62 for Windows allows an
AvosLocker Ransomware Update | Kroll
Kroll has identified new tactics targeting backup systems being used by threat actors associated with the distribution of AvosLocker ransomware. Read more.
Russia's intelligence recruits Ukrainians for terror attacks via messaging apps
Russia's intelligence recruits Ukrainians for terror attacks via messaging apps and forums, offering quick pay, Ukraine's law enforcement warns.