Exploit Blog News(87)  -   2024  2023  2022  2021  2020  2019  2018

APT blog  Attack blog  BigBrother blog  BotNet blog  Cyber blog  Cryptocurrency blog  Exploit blog  Hacking blog  ICS blog  Incident blog  IoT blog  Malware blog  OS Blog  Phishing blog  Ransom blog  Safety blog  Security blog  Social blog  Spam blog  Vulnerebility blog

DATE

NAME

Info

CATEG.

WEB

21.12.24

The Qualcomm DSP Driver - Unexpectedly Excavating an Exploit

Earlier this year, Google's TAG received some kernel panic logs generated by an In-the-Wild (ITW) exploit. Those logs kicked off a bug hunt that led to the discovery of 6 vulnerabilities in one Qualcomm driver over the course of 2.5 months, including one issue that TAG reported as ITW. This blog post covers the details of the original artifacts, each of the bugs discovered, and the hypothesized ITW exploit strategy gleaned from the logs.

Exploit blog

Project Zero

2.11.24

Threat actors exploiting zero-days faster than ever – Week in security with Tony AnscombeThe average time it takes attackers to weaponize a vulnerability, either before or after a patch is released, shrank from 63 days in 2018-2019 to just five days last yearExploit blog

Eset

21.9.24

Discovering Splinter: A First Look at a New Post-Exploitation Red Team ToolThis article discusses the discovery of a new post-exploitation red team tool called Splinter that we found on customer systems using Advanced WildFire’s memory scanning tools. Penetration testing toolkits and adversary simulation frameworks are often useful for identifying potential security issues in a company's network.Exploit blogPalo Alto

1.9.24

North Korean threat actor Citrine Sleet exploiting Chromium zero-dayMicrosoft identified a North Korean threat actor exploiting a zero-day vulnerability in Chromium, now identified as CVE-2024-7971, to gain remote code execution (RCE).Exploit blogMicrosoft Blog

13.7.24

EXPLORING COMPILED V8 JAVASCRIPT USAGE IN MALWAREIn recent months, CPR has been investigating the usage of compiled V8 JavaScript by malware authors. Compiled V8 JavaScript is a lesser-known feature in V8, Google’s JavaScript engine, that enables the compilation of JavaScript into low-level bytecode. This technique assists attackers in evading static detections and hiding their original source code, rendering it almost impossible to analyze statically. Exploit blogCheckpoint

6.7.24

Attackers Exploiting Public Cobalt Strike ProfilesIn this article, Unit 42 researchers detail recent findings of malicious Cobalt Strike infrastructure. We also share examples of malicious Cobalt Strike samples that use Malleable C2 configuration profiles derived from the same profile hosted on a public code repository. Exploit blogPalo Alto
15.6.24Commando Cat: A Novel Cryptojacking Attack Abusing Docker Remote API ServersWe analyze a cryptojacking attack campaign exploiting exposed Docker remote API servers to deploy cryptocurrency miners, using Docker images from the open-source Commando project.Exploit blogTrend Micro
15.6.24Decoding Router Vulnerabilities Exploited by Mirai: Insights from SonicWall’s Honeypot DataSonicWall recently identified a significant increase in Mirai honeypot activity. In this deep dive, we explore the evolution of Mirai, who is most at risk and the best ways to mitigate attacks.Exploit blogSonicWall

18.5.24

FOXIT PDF “FLAWED DESIGN” EXPLOITATIONPDF (Portable Document Format) files have become an integral part of modern digital communication. Renowned for their universality and fidelity, PDFs offer a robust platform for sharing documents across diverse computing environmentsExploit blogCheckpoint