RSS Dashboard

The Hackers News

Microsoft Security Response Centre

The National Cyber Security Centre

Zero Day Initiative: Published

NHS High CareCerts

ThreatPost

Mandiant

Darknet's Largest Mobile Malware Marketplace Threatens Users Worldwide

Cybersecurity researchers have shed light on a darknet marketplace called InTheBox that's designed to specifically cater to mobile malware operators. The actor behind the criminal storefront, believed to be available since at… [...]

Understanding NIST CSF to assess your organization's Ransomware readiness

Ransomware attacks keep increasing in volume and impact largely due to organizations' weak security controls. Mid-market companies are targeted as they possess a significant amount of valuable data but lack… [...]

Telcom and BPO Companies Under Attack by SIM Swapping Hackers

A persistent intrusion campaign has set its eyes on telecommunications and business process outsourcing (BPO) companies at lease since June 2022. "The end objective of this campaign appears to be… [...]

Open Source Ransomware Toolkit Cryptonite Turns Into Accidental Wiper Malware

A version of an open source ransomware toolkit called Cryptonite has been observed in the wild with wiper capabilities due to its "weak architecture and programming." Cryptonite, unlike other ransomware strains, is… [...]

New BMC Supply Chain Vulnerabilities Affect Servers from Dozens of Manufacturers

Three different security flaws have been disclosed in American Megatrends (AMI) MegaRAC Baseboard Management Controller (BMC) software that could lead to remote code execution on vulnerable servers. "The impact of exploiting… [...]

We are excited to announce that applications to attend BlueHat 2023 are now open!   BlueHat 2023 will be the 20th version of the BlueHat conference and will once again be… [...]

Beverage of Choice: Krating Daeng (Thai Red Bull) Industry Influencer he Admires: Casey John Ellis What did you want to be when you grew up? A physician and nearly did… [...]

We’re excited to announce the launch of a new competition focusing on the security and privacy of machine learning (ML) systems. Machine learning has already become a key enabler in… [...]

Summary   Microsoft is aware and actively addressing the impact associated with the recent OpenSSL vulnerabilities announced on October 25th 2022, fixed in version 3.0.7. As part of our standard processes,… [...]

Summary Microsoft recently fixed an authentication bypass vulnerability in Jupyter Notebooks for Azure Cosmos DB (currently in preview) reported by Orca Security.  Customers not using Jupyter Notebooks (99.8% of Azure… [...]

The NCSC's threat report is drawn from recent open source reporting. [...]

The NCSC's threat report is drawn from recent open source reporting. [...]

The NCSC's threat report is drawn from recent open source reporting. [...]

The NCSC's threat report is drawn from recent open source reporting. [...]

The NCSC's threat report is drawn from recent open source reporting. [...]

This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Network Performance Monitor. Authentication is required to exploit this vulnerability. [...]

This vulnerability allows remote attackers to execute code on affected installations of SolarWinds Network Performance Monitor. Authentication is required to exploit this vulnerability. [...]

This vulnerability allows remote attackers to escalate privileges on affected installations of SolarWinds Network Performance Monitor. Authentication is required to exploit this vulnerability. [...]

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit… [...]

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit… [...]

Severity: Information only Critical security advisory addresses seven vulnerabilities including RCE Critical security advisory addresses seven vulnerabilities including RCE Updated: 06 Dec 2022 [...]

Severity: Information only Security update released to address an actively exploited zero-day vulnerability in Chrome Security update released to address an actively exploited zero-day vulnerability in Chrome Updated: 05 Dec… [...]

Severity: Low CISA Advisory includes a missing protection mechanism for alternate hardware interface vulnerability that could allow an attacker to change configuration settings or disable the pump CISA Advisory includes a… [...]

Severity: Information only Scheduled updates for Apple products Scheduled updates for Apple products Updated: 01 Dec 2022 [...]

Severity: High Microsoft security updates addressed a remote code execution vulnerability in IKE Protocol Extensions Microsoft security updates addressed a remote code execution vulnerability in IKE Protocol Extensions Updated: 30… [...]

Severity: Information only Security update released to address an actively exploited zero-day vulnerability in Chrome Security update released to address an actively exploited zero-day vulnerability in Chrome Updated: 29 Nov… [...]

Severity: Information only Scheduled updates for multiple Oracle Products Scheduled updates for multiple Oracle Products Updated: 29 Nov 2022 [...]

Severity: Information only Cisco confirms that IoT Field Network Director and Operational Insights Collector are impacted by buffer overflow vulnerabilities in OpenSSL Cisco confirms that IoT Field Network Director and Operational Insights… [...]

Severity: Information only Zyxel update addresses a pre-configured password vulnerability Zyxel update addresses a pre-configured password vulnerability Updated: 23 Nov 2022 [...]

Severity: Low Two out-of-bounds read and write issues are causing vulnerabilities in the Hillrom medical device management tools, which are Welch Allyn products. Two out-of-bounds read and write issues are… [...]

Student Loan Breach Exposes 2.5M Records
2.5 million people were affected, in a breach that could spell more trouble down the line.
Watering Hole Attacks Push ScanBox Keylogger
Researchers uncover a watering hole attack likely carried out by APT TA423, which attempts to plant the ScanBox JavaScript-based reconnaissance tool.
Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms
Over 130 companies tangled in sprawling phishing campaign that spoofed a multi-factor authentication system.
Ransomware Attacks are on the Rise
Lockbit is by far this summer’s most prolific ransomware group, trailed by two offshoots of the Conti group.
Cybercriminals Are Selling Access to Chinese Surveillance Cameras
Tens of thousands of cameras have failed to patch a critical, 11-month-old CVE, leaving thousands of organizations exposed.

FLARE VM is a collection of software installations scripts for Windows systems that allows you to easily setup and maintain a reverse engineering environment on a virtual machine (VM). Thousands of reverse engineers, malware analysts, and security researchers rely on FLARE VM to configure Windows and to install an expert collection of security tools.

Our most recent updates make FLARE VM more open and maintainable. This allows the community to easily add and update tools and to make them quickly available to everyone. We’ve worked hard to open source the packages which detail how to install

Intro

This blog post is the next episode in the FLARE team IDA Pro Script series. All scripts and plug-ins are available from our GitHub repo.

Automating the Repetitive

I am a big believer in automating repetitive tasks to improve and simplify reverse engineering. The task described in this blog post comes up frequently in malware analysis: identifying all of the arguments given to a function within a program. This situation may come up when trying to:

Identify the size, location, and possible key used to decrypt encoded strings used by the malware. Identify each function pointer

IDA Pro comes with an incredibly useful array of type information gathered from various compilers. Whenever a user names a location, IDA searches its currently loaded type libraries to see if that name is a known function. If the function is found, IDA applies the function declaration to that location. For example, Figure 1 shows an array of DWORDS. During reverse engineering, I determined that these are function pointers to MS SDK API functions.

Naming the location with the corresponding function name causes IDA to automatically apply the type information. Figure 2 shows the result of

The FireEye Labs Advanced Reverse Engineering (FLARE) Team is dedicated to sharing knowledge and tools with the community. We started with the release of the FLARE On Challenge in early July where thousands of reverse engineers and security enthusiasts participated. Stay tuned for a write-up of the challenge solutions in an upcoming blog post.

This post is the start of a series where we look to aid other malware analysts in the field. Since IDA Pro is the most popular tool used by malware analysts, we’ll focus on releasing scripts and plug-ins to help make it an even more effective tool for

The FireEye Labs Advanced Reverse Engineering (FLARE) Team continues to share knowledge and tools with the community. We started this blog series with a script for Automatic Recovery of Constructed Strings in Malware. As always, you can download these scripts at our Github page. We hope you find all these scripts as useful as we do.

Motivation

During my summer internship with the FLARE team, my goal was to develop IDAPython plug-ins that speed up the reverse engineering workflow in IDA Pro. While analyzing malware samples with the team, I realized that a lot of time is spent looking up