Hacking Blog News 2024 - 2024 2023 2022 2021 2020 2019 2018
AI blog APT blog Attack blog BigBrother blog BotNet blog Cyber blog Cryptocurrency blog Exploit blog Hacking blog ICS blog Incident blog IoT blog Malware blog OS Blog Phishing blog Ransom blog Safety blog Security blog Social blog Spam blog Vulnerebility blog 2024 2023
DATE | NAME | Info | CATEG. | WEB |
21.12.24 | As previously mentioned in the second installment of the blog post series ("A brief history of the feature"), the binary format used to encode registry hives from Windows NT 3.1 up to the modern Windows 11 is called regf. In a way, it is quite special, because it represents a registry subtree simultaneously on disk and in memory, as opposed to most other common file formats. | |||
2.11.24 | Chinese threat actor Storm-0940 uses credentials from password spray attacks from a covert network | Since August 2023, Microsoft has observed intrusion activity targeting and successfully stealing credentials from multiple Microsoft customers that is enabled by highly evasive password spray attacks. Microsoft has linked the source of these password spray attacks to a network of compromised devices we track as CovertNetwork-1658, also known as xlogin and Quad7 (7777). | Hacking blog | Microsoft Blog |
2.11.24 | Are hardware supply chain attacks “cyber attacks?” | It shouldn’t just be viewed as a cybersecurity issue, because for a hardware supply chain attack, an adversary would likely need to physically infiltrate or tamper with the manufacturing process. | Hacking blog | Cisco Blog |
2.11.24 | Quishing attacks are targeting electric car owners: Here’s how to slam on the brakes | Ever alert to fresh money-making opportunities, fraudsters are blending physical and digital threats to steal drivers’ payment details | Hacking blog | |
2.11.24 | GoldenJackal jumps the air gap … twice – Week in security with Tony Anscombe | GoldenJackal jumps the air gap … twice – Week in security with Tony Anscombe | Hacking blog | |
28.9.24 | 10 Years of DLL Hijacking, and What We Can Do to Prevent 10 More | DLL Hijacking — a technique for forcing legitimate applications to run malicious code — has been in use for about a decade at least. In this write-up we give a short introduction to the technique of DLL Hijacking, followed by a digest of several dozen documented uses of that technique over the past decade as documented by MITRE. | Hacking blog | Checkpoint |
31.8.24 | Autoencoder Is All You Need: Profiling and Detecting Malicious DNS Traffic | To improve our detection of suspicious network activity, we leveraged a deep learning method to profile and detect malicious DNS traffic patterns. | ||
31.8.24 | Leaked Environment Variables Allow Large-Scale Extortion Operation of Cloud Environments | Unit 42 researchers found an extortion campaign's cloud operation that successfully compromised and extorted multiple victim organizations. It did so by leveraging exposed environment variable files (.env files) that contained sensitive variables such as credentials belonging to various applications. | ||
31.8.24 | ArtiPACKED: Hacking Giants Through a Race Condition in GitHub Actions Artifacts | This research reviews an attack vector allowing the compromise of GitHub repositories, which not only has severe consequences in itself but could also potentially lead to high-level access to cloud environments. | ||
31.8.24 | Stealing cash using NFC relay – Week in Security with Tony Anscombe | The discovery of the NGate malware by ESET Research is another example of how sophisticated Android threats have become | ||
17.8.24 | Server-Side Template Injection: Transforming Web Applications from Assets to Liabilities | Server-Side Template Injection (SSTI) vulnerabilities refer to weaknesses in web applications which attackers can exploit to inject malicious code into server-side templates. This allows them to execute arbitrary commands on the server, potentially leading to unauthorized data access, server compromise, or exploitation of additional vulnerabilities. | Hacking blog | |
3.8.24 | OneDrive Pastejacking | Phishing campaign exploits Microsoft OneDrive users with sophisticated social engineering, manipulating them into executing a malicious PowerShell script. | Hacking blog | Trelix |
27.7.24 | This network is a highly sophisticated operation that acts as a Distribution as a Service (DaaS). It allows threat actors to share malicious links or malware for distribution through highly victim-oriented phishing repositories. | |||
27.7.24 | We propose a new injection technique: Thread Name-Calling, and offer the advisory related to implementing protection. | |||
15.6.24 | Exposed and vulnerable: Recent attacks highlight critical need to protect internet-exposed OT devices | Since late 2023, Microsoft has observed an increase in reports of attacks focusing on internet-exposed, poorly secured operational technology (OT) devices. Internet-exposed OT equipment in water and wastewater systems (WWS) in the US were targeted in multiple attacks over the past months by different nation-backed actors, including attacks by IRGC-affiliated “CyberAv3ngers” in November 2023, as […] | Hacking blog | Microsoft Blog |
8.6.24 | INSIDE THE BOX: MALWARE’S NEW PLAYGROUND | Over the past few months, we have been monitoring the increasing abuse of BoxedApp products in the wild. BoxedApp products are commercial packers that provide advanced features such as Virtual Storage (Virtual File System, Virtual Registry), Virtual Processes, and a universal instrumentation system (WIN/NT API hooking). | Hacking blog | Checkpoint |
25.5.24 | From trust to trickery: Brand impersonation over the email attack vector | Cisco recently developed and released a new feature to detect brand impersonation in emails when adversaries pretend to be a legitimate corporation. | Hacking blog | Cisco Blog |
18.5.24 | Leveraging DNS Tunneling for Tracking and Scanning | This article presents a case study on new applications of domain name system (DNS) tunneling we have found in the wild. These techniques expand beyond DNS tunneling only for command and control (C2) and virtual private network (VPN) purposes. | Hacking blog | Palo Alto |
2.3.24 | Navigating the Cloud: Exploring Lateral Movement Techniques | We explore cloud lateral movement techniques in all three major cloud providers: Amazon Web Services (AWS), Google Cloud Platform (GCP) and Microsoft Azure, highlighting their differences compared to similar techniques in on-premises environments. | Hacking blog | Palo Alto |
25.2.24 | Intruders in the Library: Exploring DLL Hijacking | Dynamic-link library (DLL) hijacking is one of the oldest techniques that both threat actors and offensive security professionals continue to use today. | Hacking blog | Palo Alto |
14.1.24 | Financial Fraud APK Campaign | During our research discovering threats in legitimate network traffic, activity generated by a certain type of Android Package Kit (APK) files kept hitting our radar. This activity led us to conduct an in-depth investigation on the associated APK files. | Hacking blog | Palo Alto |
14.1.24 | Cracking the 2023 SANS Holiday Hack Challenge | From ChatNPT to Game Boys and space apps, this year’s challenge took us to the Geese Islands for another rollicking romp of fun | Hacking blog | Eset |