GitHub discloses a security incident involving stolen OAUTH tokens that affects Heroku & Travis CI. More
EnemyBot is latest DDoS botnet analyzed by Fortinet, based on Gafgyt & Mirai source code. More
Remote Code Execution found in WordPress Elementor, a plugin with over 5 million installations. More
A new method of running code via Office documents, using VSTO. More
Exploiting a DoS in Snort, a popular network security tool used for Intrusion Detection. More
Microsoft patches over 100 CVEs this month, a few of which might be wormable. Hurry up and patch! CVE-2022-26809 is one of the most feared, having a CVSS score of 9.8. It’s a zero-click vulnerability in Windows’ RPC system so it’s remotely exploitable via port 445, although initial analysis by researchers indicates that it doesn’t work on a default configuration. More
CISA issued an alert about North Korean hackers targeting blockchain companies via malicious apps than install a RAT. More
Recent paper shows that popular videoconference apps keep the microphone active, even when the “Mute” button is activated. More
Kaspersky released a free decryptor for Yanlouwang ransomware. More
Mandiant published an analysis of the state-sponsored SCADA malware used in recent attacks dubbed as INCONTROLLER. More
According to Mandiant’s 2022 M-trends report, median dwell time for intrusions identified by external third parties and disclosed to the victims dropped to 28 days in 2021 from 73 days in 2020. The report covers 2 hacker groups FIN12 & FIN13, observations on Microsoft Exchange hacking attempts and more. Great read for defenders. More
Unit42 identified a container escape/privilege escalation vulnerability in AWS’ Log4Shell hotpatches. More
3 days. That’s all it took a ransomware group to encrypt file since initial access. More
Don’t have time to check this page? You can get the news summary every week in your email inbox by subscribing to my newsletter.
OSCE3, OSEP, OSED, OSWE, OSCP certified. Over 10 years of experience in the IT industry, now working in Product Security and leading a Red Team. Huge Offensive Security and CTF nerd. I enjoy music, teaching and hiking.