Aggregator

Summary Microsoft and FireEye have identified new malware that is believed to be used by the same attackers who attacked SolarWinds. FireEye refers to them as UNC2452, Microsoft has named them NOBELIUM. One notable feature available in the backdoor is the option to use decoy network traffic mixed in with C2 queries. Threat Type Malware, Backdoor, RAT Overview FireEye has discovered a new sophisticated second-stage backdoor that is possibly connected to UNC2452, the same group believed to be behind the attac

We are pleased to announce the launch of EdgeKV, our distributed key-value store, into beta! EdgeKV is enabling technology for EdgeWorkers, our serverless computing platform that enables developers to create services using JavaScript and deploy them across our platform. When writing JavaScript, data persistence is often necessary to save data from a user interaction, or to retrieve contextual data to evaluate inside a function.

0x00 前言偶然间看到SnakeYaml的资料感觉挺有意思，发现SnakeYaml也存在反序列化利用的问题

0x00 前言偶然间看到SnakeYaml的资料感觉挺有意思，发现SnakeYaml也存在反序列化利用的问题

0x00 前言偶然间看到SnakeYaml的资料感觉挺有意思，发现SnakeYaml也存在反序列化利用的问题

0x00 前言偶然间看到SnakeYaml的资料感觉挺有意思，发现SnakeYaml也存在反序列化利用的问题

0x00 前言偶然间看到SnakeYaml的资料感觉挺有意思，发现SnakeYaml也存在反序列化利用的问题

0x00 前言偶然间看到SnakeYaml的资料感觉挺有意思，发现SnakeYaml也存在反序列化利用的问题

Summary Adobe has released three security updates. The updates are for Framemaker, Creative Cloud Desktop Application, and Connect. Each of the updates address at least one vulnerability rated by Adobe as Critical. Threat Type Vulnerability Overview Adobe has released three security updates. The updates are for Framemaker, Creative Cloud Desktop Application, and Connect. Each of the updates address at least one vulnerability rated by Adobe as Critical. The potential impact of successful exploitation of the

Summary In their March 2021 security updates, Microsoft list eighty-three CVE numbered vulnerabilities. Of those, ten are rated as Critical with the remainder being rated as Important. Aside from the already well publicized exploitation of the Exchange server vulnerabilities, an Internet Explorer vulnerability is reported as being exploited in the wild. Threat Type Vulnerability Overview In their March 2021 security updates, Microsoft list eighty-three CVE numbered vulnerabilities. Of those, ten are rated a

Summary In the wake of a targeted attack against CD Projekt Red, SentinelOne has published a blog post analyzing the HelloKitty ransomware. Threat Type Ransomware Overview SentinelOne has published a blog post analyzing the HelloKitty ransomware family, which was recently leveraged in a targeted attack against CD Projekt Red. HelloKitty appeared in late 2020 and is relatively rudimentary compared to other ransomware families. For example, when processes are being killed a CMD window is spawned in the foregr

Summary Following up on ANSSI's research into recent Sandworm activity, DomainTools reports on their findings related to the infrastructure used by this threat actor. Threat Type Malware, APT Overview DomainTools has published a report identifying Sandworm infrastructure discovered during their investigation into ANSSI's recent report on the threat group. ANSSI's report discussed the exploitation of Centreon to deliver Exaramel, a known Sandworm tool. The report, however, did not detail any network indicato

Summary PAM update 4103.04161 contains 10 new events, 9 new moderate event responses, and 9 new aggressive event responses. Threat Type Vulnerability Overview PAM update 4103.03231 contains 4 new events, 0 new moderate event responses, and 0 new aggressive event responses. This content update is compatible with IBM QRadar Network Security Firmware version 5.4 or later, IBM QRadar Network Security for VMware firmware version 5.4 or later, IBM Security Network IPS GV-Series Virtual Appliances, IBM Security Ne

Summary New research reveals a connection between the Lazarus Group and TFlower; specifically, TFlower's usage of a MATA framework variant in a recent campaign. Threat Type Malware, Backdoor, Ransomware Overview A report from Sygnia indicates a connection or collaboration between Lazarus and TFlower. The TFlower ransomware is deployed using the MATA backdoor, which is a well-known Lazarus commodity. The latest variant has not previously been seen in campaigns to this point. In addition to the MATA backdoor,

Summary The U.S. tax season is often taken advantage of as a source of phishing material for threat actors. Cofense reports on one such case of a file share link purporting to come from the IRS in order to steal Microsoft credentials. Threat Type Phishing Overview Cofense published a blog post analyzing a phishing campaign attempting to steal Microsoft credentials while capitalizing on the U.S. tax season. The sender email address and name have been spoofed in order to match that of a legitimate IRS tax rep

分享RapidDNS.io网站在实践中的应用。

分享RapidDNS.io网站在实践中的应用。

分享RapidDNS.io网站在实践中的应用。

Previously, I introduced the field of sensor systems architecture and posed a real world example scenario of the unnecessary resource costs and hazards that can happen when the deployment of sensors isn't carefully thought out.