What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2020-08-18 17:13:54 | Rocket.Chat Cross-Site Scripting leading to Remote Code Execution CVE-2020-15926 (lien direct) | Product descriptionRocket.Chat [https://rocket.chat] is an open source multiplatform messaging application similar to Slack. It is available as a self-hosted solution or in a SaaS model. Rocket.Chat can be used via a web browser, iOS, Android or using Electron based clients available for Windows, Linux and MacOS.Affected softwareThe following application versions are vulnerable:Rocket.Chat | Vulnerability Guideline | ||
|
2020-06-24 00:15:32 | Google Chrome fuzzing conclusion (lien direct) | BackgroundThis post will be a summary of a small fuzzing exercise that I was running over the course of a few months (from May 2019 to March 2020) where the focus was mostly on experimental and non-default features of the Google Chrome browser. As described in the first blog post [https://blog.redteam.pl/2019/12/chrome-portal-element-fuzzing.html] domato [https://github.com/googleprojectzero/domato] was used for test case generation due to the reason I wanted to start as soon as possible.Initially it was only about the element. However various other features were added to the fuzzing grammar over time with some of them providing good results as well. Results | Vulnerability | ||
|
2020-06-12 21:35:46 | Black Kingdom ransomware (TTPs & IOC) (lien direct) | We would like to share with the community the following TTPs and IOC related to Black Kingdom ransomware and threat actors using it.Attackers gained initial access to the infrastructure via Pulse Secure VPN vulnerability [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510].For persistence they use a scheduled task [https://attack.mitre.org/techniques/T1053/]. Task name is GoogleUpdateTaskMachineUSA, which resembles a legitimate task of | Ransomware Vulnerability Threat | ||
|
2020-06-03 13:55:20 | Kinsing cryptocurrency mining malware (TTPs & IOC) (lien direct) | We would like to share with the community the following TTPs and IOC related to Kinsing cryptocurrency mining malware as most research is focused directly on analysis malware samples rather than how it infects the system.TTPsAttackers are using RCE vulnerability in Liferay which is identified as CVE-2020-7961 [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7961]. There is a publicly available PoC on GitHub [https://github.com/mzer0one/CVE-2020-7961-POC/blob/master/poc.py] for this vulnerability, which matched most artifacts we have found on the targeted system.Attackers are sending the payload using a HTTP POST request:POST /api/jsonws/invoke | Malware Vulnerability | ||
|
2020-05-20 13:43:15 | Sodinokibi / REvil / Maze ransomware (TTPs & IOC) (lien direct) | We secured forensics evidence data in the form of disk images of VPS servers used by cybercriminals behind Sodinokibi / REvil ransomware (we also found Maze ransomware there):decryptor.ccdnpscnbaix6nkwvystl3yxglz7nteicqrou3t75tpcc5532cztc46qyd.onion | Ransomware Vulnerability | ||
|
2020-04-14 11:45:32 | Google Chrome display locking fuzzing (lien direct) | BackgroundWhile searching for interesting new functionalities in Google Chrome that would potentially be good targets for hunting security bugs I found display locking [https://www.chromestatus.com/feature/4613920211861504]. In general it is related to rendering optimization, so it caught my attention as something that is affecting how the web page layout is displayed. Functionalities like this should always attract attention as potential source of vulnerabilities. Currently display locking is hidden behind a flag (#enable-display-locking).SetupI used the same setup already described in my previous blog post about fuzzing the portal element [ | Vulnerability | ||
|
2019-09-05 19:27:02 | CVE-2019-10677 Multiple Cross-Site Scripting (XSS) in the web interface of DASAN Zhone ZNID (lien direct) | With recent software update of DASAN Zhone Solutions (DZS) routers, the company pushed fixes for multiple vulnerabilities I found in it [https://redteam.pl/poc/dasan-zhone-znid-gpon-2426a-eu.html, https://www.exploit-db.com/exploits/47351]. Vulnerabilities got registered under CVE-2019-10677 [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10677]. Multiple Cross-Site Scripting (XSS) in the web interface of DASAN Zhone ZNID allows a remote attacker to execute arbitrary JavaScript via manipulation of an unsanitized GET parameters. This vulnerability affects all zNID(s) models running following firmware versions: all releases of 3.0.xxx SW (on 3.0 branch), release 3.1.349 and earlier (on 3.1 branch), release 3.2.087 and earlier (on 3.2 branch), release 4.1.253 and earlier (on 4.1 branch), release 5.0.019 and earlier (on 5.0 branch).You can find a short description of this issues and proof-of-concept code below.There is a limit of characters passed from the user to variables in the application, when we will pass 50*A and 50*B in vulnerable GET parameters:http://admin:admin@192.168.1.1/wlsecrefresh.wl?wl_wsc_reg= | Vulnerability |
1
We have: 7 articles.
We have: 7 articles.
To see everything:
Our RSS (filtrered)
