All posts tagged hack

■■■■□ Ransomware groups can now afford to pay as much as $10M for zero-day exploits, but for those without the money, developers have discussed renting out malicious code, according to Digital Shadows. https://www.infosecurity-magazine.com/news/ransomware-gangs-lease-zero-day/ https://t.me/cKure/10119

■■■■□ Sky-Global: An Encrypted Phone Company Sues the Government to Save Itself. https://www.vice.com/en/article/epxnnp/crime-boss-or-tech-ceo-sky-global-sues-government-domains https://t.me/cKure/10118

■■■■■ CVE-2021-34991: Pre-Authentication Buffer Overflow on Multiple Products, PSV-2021-0168 (Critical Root RCE Bug Affects Multiple Netgear SOHO Router Models). Networking equipment company Netgear has released yet another round of patches to remediate a high-severity remote code execution vulnerability affecting multiple routers that could be exploited by remote attackers to take control of an affected system. https://kb.netgear.com/000064361/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Multiple-Products-PSV-2021-0168 https://thehackernews.com/2021/11/critical-root-rce-bug-affects-multiple.html https://t.me/cKure/10117

■■■□□ Alleged hacker claims to have PII of Snapchat users that contains 14K rows with encrypted password in bcrypt hashes. We could not confirm the authenticity of this post. https://t.me/cKure/10115

■■■□□ IoT: Mysterious malware could threaten millions of routers and IoT devices Cybersecurity researchers detail BotenaGo malware, which takes advantage of over 30 different security vulnerabilities. https://www.zdnet.com/article/this-mysterious-malware-could-threaten-millions-of-routers-and-iot-devices/ https://t.me/cKure/10114

■■■□□ Strategic web compromises in the Middle East with a pinch of Candiru ESET researchers have discovered strategic web compromise (aka watering hole) attacks against high‑profile websites in the Middle East. United States United Kingdom Israel KSA UAE https://www.welivesecurity.com/2021/11/16/strategic-web-compromises-middle-east-pinch-candiru/ https://t.me/cKure/10113

■■■□□ “Persistence via the Recycle Bin”. This is a programmatic implementation of @Hexacorn’s “Beyond good ol’ Run key, Part 78”. Check PoC here: https://github.com/vxunderground/VXUG-Papers/tree/main/The%20Persistence%20Series/Persistence%20via%20Recycle%20Bin https://t.me/cKure/10112

■□□□□ Privacy https://freedomhouse.org/event/responding-transnational-repression https://t.me/cKure/10111

■■□□□ Checklist of the most important security countermeasures when designing, testing, and releasing your API. https://github.com/shieldfy/API-Security-Checklist https://t.me/cKure/10110

■■■■□ DLL https://www.secforce.com/blog/dll-hollowing-a-deep-dive-into-a-stealthier-memory-allocation-variant/ https://t.me/cKure/10109