All posts tagged news

■■□□□ Apple fixes SUDO root privilege escalation flaw in macOS. This comes weeks after the critical privilege escalation flaw surfaced; which was reported first here: https://t.me/cKure/6720 a week before it was publicly disclosed. https://www.bleepingcomputer.com/news/apple/apple-fixes-sudo-root-privilege-escalation-flaw-in-macos/ https://t.me/cKure/6830

■■■□□ #NorthKorea sponsored #CyberCrime: North Korean attacks on crypto exchanges reportedly netted $316m in two years. https://go.theregister.com/feed/www.theregister.com/2021/02/10/north_korea_cryptocurrency/ https://t.me/cKure/6829

■■■■■ #UnitedStates #CyberAttack / #CyberWar: Someone tried to poison a Florida city by hijacking its water treatment plant via TeamViewer, says sheriff. Hacker Raised Chemical Settings at Water Treatment to Dangerous Levels. ︎ https://www.zdnet.com/article/hacker-modified-drinking-water-chemical-levels-in-a-us-city/ ︎ https://www.bleepingcomputer.com/news/security/hackers-tried-poisoning-town-after-breaching-its-water-facility/ ︎ https://go.theregister.com/feed/www.theregister.com/2021/02/09/florida_water_hacked/ ︎ https://www.darkreading.com/attacks-breaches/hacker-raised-chemical-settings-at-water-treatment-to-dangerous-levels/d/d-id/1340095 https://t.me/cKure/6826

■■■□□ BendyBear #China https://unit42.paloaltonetworks.com/bendybear-shellcode-blacktech/ https://t.me/cKure/6825

■■■■■ Dependency Confusion: How I Hacked Into Apple, Microsoft and Dozens of Other Companies https://medium.com/@alex.birsan/dependency-confusion-4a5d60fec610 https://t.me/cKure/6824

■■■■□ Windows Red-Team utility. https://github.com/pickfordmatt/sharplocker https://t.me/cKure/6822

■■■■■ UAC bypass tactics research ends off with combining the use of trusted directories using trailing spaces “c:\windows \system32\” and a shellcode injector utilizing process fibers, inevitably resulting in a C2 channel with high integrity. What’s interesting about these trending UAC bypasses our CTI engine has been articulating is that MS doesn’t seem to consider…

■■□□□ Osiris Trojan targeting #Germany . https://blog.morphisec.com/long-live-osiris-banking-trojan-targets-german-ip-addresses https://t.me/cKure/6820

■■■■■ Cheatsheet: XSS that works in 2021 https://netsec.expert/posts/xss-in-2021/ https://t.me/cKure/6819

■□□□□ A Swiss Company Says It Found Weakness That Imperils Encryption. https://www.bloomberg.com/amp/news/articles/2021-02-07/a-swiss-company-says-it-found-weakness-that-imperils-encryption https://t.me/cKure/6818