Aggregator

On March 2, 2021, the Microsoft Security Response Center alerted its customers to several?critical security?updates to Microsoft Exchange Server, addressing vulnerabilities currently?under attack.

ok

It's been an interesting start to March in terms of public security incidents. This month kicked off with multiple zero-day exploits being used to attack on-premises versions of Microsoft Exchange Server. And, as if that wasn't enough, that attack was quickly followed by the news that a hacktivist

0x00 前言前段时间在看某个cms代码的时候，发现log4j组件版本存在漏洞，并且开启了端口，但web站点

0x00 前言前段时间在看某个cms代码的时候，发现log4j组件版本存在漏洞，并且开启了端口，但web站点

0x00 前言前段时间在看某个cms代码的时候，发现log4j组件版本存在漏洞，并且开启了端口，但web站点

0x00 前言前段时间在看某个cms代码的时候，发现log4j组件版本存在漏洞，并且开启了端口，但web站点

0x00 前言前段时间在看某个cms代码的时候，发现log4j组件版本存在漏洞，并且开启了端口，但web站点

0x00 前言前段时间在看某个cms代码的时候，发现log4j组件版本存在漏洞，并且开启了端口，但web站点

Summary A new Linux backdoor has been discovered by Intezer and has been named RedXOR. It's likely to have been developed by Chinese nation-state actors. Threat Type Malware, Backdoor, RAT, APT Overview Intezer discovered a new, sophisticated backdoor targeting Linux systems. It's likely to have been developed by Chinese nation-state actors based on the TTPs observed. Intezer has named the backdoor RedXOR due to it's encoding scheme based on XOR. RedXOR masquerades itself as polkit daemon. Intezer compares

Summary SideWinder is an APT that targets South Asian government and military organizations with espionage campaigns, likely acting in Indian interests. DeepEnd Research reports on the most recent wave of activity from this threat group. Threat Type Malware, Phishing, Spyware, APT Overview DeepEnd Research published a blog post analyzing the most recent wave of SideWinder APT activity. This specific campaign appears to target government entities in Nepal. Their research began with the discovery of a server

Summary On March 8, 2021, all GitHub authenticated sessions were invalidated due to a rare security vulnerability. Microsoft-owned GitHub released a security update on its blog with information about the vulnerability and their subsequent actions taken. Threat Type Vulnerability Overview An extremely rare but serious vulnerability was found by GitHub on March 8 affected a small number of GitHub sessions. This comes on the heels of a March 2 incident in which anomalous traffic was observed for an authenticat

Summary Clast82 is a Android dropper spreading via the Google Play store and distributing the AlienBot banker and MRAT. Check Point reports on their analysis of this new dropper in a recent blog post. Threat Type Malware, Dropper, Banker, RAT Overview Check Point published a blog post analyzing a new dropper dubbed "Clast82." This dropper is bypassing the Google Play store defenses by ensuring that it does not drop any malicious payloads until after the Google Play Protect evaluation period is complete. Fir

黑客都有一个共同的梦，那便是自己写的木马能够永远不会被杀毒软件查杀，而达成这个方法最粗暴的就是让杀毒软件厂商

Summary A report from CyberArk looks at Kinsing and NSPPS which were thought to be two different families of malware. CyberArk's research concludes they are both from the same, single family. Threat Type Malware Overview The Kinsing and NSPPS malwares were thought to be from two different families of malware. A report from CyberArk concludes they are both variants of the same family of malware. CyberArk believes the first version of the malware was compiled prior to November 2019, was used as a RAT and was

2021年度司法鉴定能力验证报名即将截止

2021年度司法鉴定能力验证报名即将截止