The Never-Ending Fuzzing Time Nightmare
Jazzer is a coverage-guided, in-process fuzzer for the JVM platform developed by Code Intelligence. It is based on libFuzzer and brings many of its instrumentation-powered mutation features to the JVM.
Think Tanks and NGOs: The Perfect Cover for Cyber Espionage
TA427, also known as Leviathan or TEMP.Periscope, is a cyber espionage group believed to be linked to North Korea. Their primary goal is to gather intelligence on foreign policy matters related to the U.S., South Korea, and other countries of strategic interest to the North Korean regime. TA427 employs a sophisticated attack flow that involves multiple stages:
Skipping Authentication: Telerik Report Server’s New Feature?
The Progress Telerik Report Server pre-authenticated Remote Code Execution (RCE) chain, identified as CVE-2024-4358 and CVE-2024-1800, involves a critical vulnerability that allows unauthenticated attackers to execute arbitrary code on affected servers.
The Dark Side of LSASS: How Evil Twins Bypass Security Measures
The EvilLsassTwin project on GitHub, found in the Nimperiments repository, focuses on a specific technique for extracting credentials from the Local Security Authority Subsystem Service (LSASS) process on Windows systems.
Check Point’s 'Best Security' Slogan Meets Reality: CVE-2024-24919
The technical details and real-world exploitation of CVE-2024-24919 highlight the critical nature of this vulnerability and the importance of prompt remediation to protect against potential data breaches and network compromises.
CVE-2024-27130 in QNAP: When 'Secure' is Just a Marketing Term
The article «QNAP QTS — QNAPping At The Wheel (CVE-2024-27130 and friends)» from WatchTowr Labs provides a detailed analysis of several vulnerabilities found in QNAP NAS devices.
Root Privileges for Dummies: Just Exploit CVE-2024-3400 CVE-2024-3400
CVE-2024-3400 (+ url + github url#1, url#2) is a critical command injection vulnerability in Palo Alto Networks' PAN-OS software, specifically affecting the GlobalProtect feature. This vulnerability allows an unauthenticated, remote attacker to execute arbitrary code with root privileges on the affected firewall. The vulnerability impacts PAN-OS versions 10.2, 11.0, and 11.1 when configured with GlobalProtect gateway or GlobalProtect portal.
Breaking News: Chinese AVs Outwitted by Go Code
The GitHub repository «darkPulse» by user «fdx-xdf» is a shellcode packer written in Go.
AMSI Bypass: The Malware’s Express Lane
The GitHub repository «V-i-x-x/AMSI-BYPASS» provides information about a vulnerability known as «AMSI WRITE RAID» that can be exploited to bypass the Antimalware Scan Interface (AMSI).
MS-DOS: For those who think modern OSes are too user-friendly
The release of the MS-DOS source code is significant for educational purposes, historical preservation, community engagement, and as a technical reference, making it a valuable resource even in the modern era.