All posts tagged cyber

■■□□□ The US Strengthens Cyber Security in the Indo-Pacific Region. United States Marine Corps Cyber Command (MARFORCYBER) is being sent to the American base in Okinawa (Japan) to address the security of digital networks and critical US Marine Corps infrastructure in the Indo-Pacific region. According to the latest version of the US Department of Defense…

■■■■■ New Linux Bug Could Lead to User Password Leaks and Clipboard Hijacking. The bug, tracked as CVE-2024-28085, has been codenamed WallEscape by security researcher Skyler Ferrante. https://thehackernews.com/2024/03/new-linux-bug-could-lead-to-user.html https://t.me/cKure/13756

■■■■■ Searching for leaked credentials in Chrome. https://github.com/h4x0r-dz/Leaked-Credentials/ ((access_key|access_token|admin_pass|admin_user|algolia_admin_key|algolia_api_key|alias_pass|alicloud_access_key|amazon_secret_access_key|amazonaws|ansible_vault_password|aos_key|api_key|api_key_secret|api_key_sid|api_secret|api.googlemaps AIza|apidocs|apikey|apiSecret|app_debug|app_id|app_key|app_log_level|app_secret|appkey|appkeysecret|application_key|appsecret|appspot|auth_token|authorizationToken|authsecret|aws_access|aws_access_key_id|aws_bucket|aws_key|aws_secret|aws_secret_key|aws_token|AWSSecretKey|b2_app_key|bashrc password|bintray_apikey|bintray_gpg_password|bintray_key|bintraykey|bluemix_api_key|bluemix_pass|browserstack_access_key|bucket_password|bucketeer_aws_access_key_id|bucketeer_aws_secret_access_key|built_branch_deploy_key|bx_password|cache_driver|cache_s3_secret_key|cattle_access_key|cattle_secret_key|certificate_password|ci_deploy_password|client_secret|client_zpk_secret_key|clojars_password|cloud_api_key|cloud_watch_aws_access_key|cloudant_password|cloudflare_api_key|cloudflare_auth_key|cloudinary_api_secret|cloudinary_name|codecov_token|config|conn.login|connectionstring|consumer_key|consumer_secret|credentials|cypress_record_key|database_password|database_schema_test|datadog_api_key|datadog_app_key|db_password|db_server|db_username|dbpasswd|dbpassword|dbuser|deploy_password|digitalocean_ssh_key_body|digitalocean_ssh_key_ids|docker_hub_password|docker_key|docker_pass|docker_passwd|docker_password|dockerhub_password|dockerhubpassword|dot-files|dotfiles|droplet_travis_password|dynamoaccesskeyid|dynamosecretaccesskey|elastica_host|elastica_port|elasticsearch_password|encryption_key|encryption_password|env.heroku_api_key|env.sonatype_password|eureka.awssecretkey)[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:||:).{0,5}[‘\”]([0-9a-zA-Z\-_=]{8,64})[‘\”] https://t.me/cKure/13755

■■□□□ Data-Leak: Indian government entities and energy companies have been targeted by unknown threat actors with an aim to deliver a modified version of an open-source information stealer malware called HackBrowserData and exfiltrate sensitive information in some cases by using Slack as command-and-control (C2). https://blog.eclecticiq.com/operation-flightnight-indian-government-entities-and-energy-sector-targeted-by-cyber-espionage-campaign https://thehackernews.com/2024/03/hackers-target-indian-defense-and.html https://t.me/cKure/13754

■■■■□ OffensiveRust : Rust Weaponization for Red Team Engagements. https://github.com/trickster0/OffensiveRust https://t.me/cKure/13753

■■■□□ SARA – Simple Android Ransomware Attack. https://github.com/termuxhackers-id/SARA https://t.me/cKure/13752

■■■■□ A Keylogger in Rust that Bypasses Almost All AV Engines. https://github.com/Whitecat18/Rust-for-Malware-Development/blob/main/keylogger/src/main.rs https://t.me/cKure/13751

■■■■■ Frida on Java applications and applets in 2024. https://security.humanativaspa.it/frida-on-java-applets-in-2024/ https://t.me/cKure/13750

■■■■■ Microsoft SharePoint: CVE-2023-29357. https://github.com/Chocapikk/CVE-2023-29357 https://t.me/cKure/13748

■■■■■ SolarWinds Security Event Manager AMF RCE (CVE-2024-0692). https://exp10it.io/2024/03/solarwinds-security-event-manager-amf-deserialization-rce-cve-2024-0692/ https://t.me/cKure/13747