RSS Dashboard

The Hackers News

Microsoft Security Response Centre

The National Cyber Security Centre

Zero Day Initiative: Published

NHS High CareCerts

ThreatPost

Mandiant

Darknet's Largest Mobile Malware Marketplace Threatens Users Worldwide
Darknet's Largest Mobile Malware Marketplace Threatens Users Worldwide

Cybersecurity researchers have shed light on a darknet marketplace called InTheBox that's designed to specifically cater to mobile malware operators. The actor behind the criminal storefront, believed to be available since at… [...]

Understanding NIST CSF to assess your organization's Ransomware readiness
Understanding NIST CSF to assess your organization's Ransomware readiness

Ransomware attacks keep increasing in volume and impact largely due to organizations' weak security controls. Mid-market companies are targeted as they possess a significant amount of valuable data but lack… [...]

Telcom and BPO Companies Under Attack by SIM Swapping Hackers
Telcom and BPO Companies Under Attack by SIM Swapping Hackers

A persistent intrusion campaign has set its eyes on telecommunications and business process outsourcing (BPO) companies at lease since June 2022. "The end objective of this campaign appears to be… [...]

Open Source Ransomware Toolkit Cryptonite Turns Into Accidental Wiper Malware
Open Source Ransomware Toolkit Cryptonite Turns Into Accidental Wiper Malware

A version of an open source ransomware toolkit called Cryptonite has been observed in the wild with wiper capabilities due to its "weak architecture and programming." Cryptonite, unlike other ransomware strains, is… [...]

New BMC Supply Chain Vulnerabilities Affect Servers from Dozens of Manufacturers
New BMC Supply Chain Vulnerabilities Affect Servers from Dozens of Manufacturers

Three different security flaws have been disclosed in American Megatrends (AMI) MegaRAC Baseboard Management Controller (BMC) software that could lead to remote code execution on vulnerable servers. "The impact of exploiting… [...]

BlueHat 2023: Applications to Attend NOW OPEN!

We are excited to announce that applications to attend BlueHat 2023 are now open!   BlueHat 2023 will be the 20th version of the BlueHat conference and will once again be… [...]

A Ride on the Wild Side with Hacking Heavyweight Sick Codes

Beverage of Choice: Krating Daeng (Thai Red Bull) Industry Influencer he Admires: Casey John Ellis What did you want to be when you grew up? A physician and nearly did… [...]

Announcing the Microsoft Machine Learning Membership Inference Competition (MICO)

We’re excited to announce the launch of a new competition focusing on the security and privacy of machine learning (ML) systems. Machine learning has already become a key enabler in… [...]

Awareness and guidance related to OpenSSL 3.0 – 3.0.6 risk (CVE-2022-3786 and CVE-2202-3602)

Summary   Microsoft is aware and actively addressing the impact associated with the recent OpenSSL vulnerabilities announced on October 25th 2022, fixed in version 3.0.7. As part of our standard processes,… [...]

Microsoft Mitigates Vulnerability in Jupyter Notebooks for Azure Cosmos DB

Summary Microsoft recently fixed an authentication bypass vulnerability in Jupyter Notebooks for Azure Cosmos DB (currently in preview) reported by Orca Security.  Customers not using Jupyter Notebooks (99.8% of Azure… [...]

Threat Report 25th November 2022

The NCSC's threat report is drawn from recent open source reporting. [...]

Threat Report 11th November 2022

The NCSC's threat report is drawn from recent open source reporting. [...]

Threat Report 28th October 2022

The NCSC's threat report is drawn from recent open source reporting. [...]

Threat Report 14th October 2022

The NCSC's threat report is drawn from recent open source reporting. [...]

Threat Report 30th September 2022

The NCSC's threat report is drawn from recent open source reporting. [...]

ZDI-22-1664: SolarWinds Network Performance Monitor DeserializeFromStrippedXml Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Network Performance Monitor. Authentication is required to exploit this vulnerability. [...]

ZDI-22-1663: SolarWinds Network Performance Monitor GetPdf Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute code on affected installations of SolarWinds Network Performance Monitor. Authentication is required to exploit this vulnerability. [...]

ZDI-22-1662: SolarWinds Network Performance Monitor WebUserSettingsCrudHandler Improper Input Validation Privilege Escalation Vulnerability

This vulnerability allows remote attackers to escalate privileges on affected installations of SolarWinds Network Performance Monitor. Authentication is required to exploit this vulnerability. [...]

ZDI-22-1661: Foxit PDF Reader U3D File Parsing Use-After-Free Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit… [...]

ZDI-22-1660: Foxit PDF Reader PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit… [...]

CC-4223 - Critical Security Update for Sophos Firewall

Severity: Information only Critical security advisory addresses seven vulnerabilities including RCE Critical security advisory addresses seven vulnerabilities including RCE Updated: 06 Dec 2022 [...]

CC-4222 - Google Releases Security Update for Chrome Zero Day

Severity: Information only Security update released to address an actively exploited zero-day vulnerability in Chrome Security update released to address an actively exploited zero-day vulnerability in Chrome Updated: 05 Dec… [...]

CC-4221 - BD BodyGuard Pumps Vulnerability

Severity: Low CISA Advisory includes a missing protection mechanism for alternate hardware interface vulnerability that could allow an attacker to change configuration settings or disable the pump CISA Advisory includes a… [...]

CC-4162 - Apple Releases Security Updates for Multiple Products

Severity: Information only Scheduled updates for Apple products Scheduled updates for Apple products Updated: 01 Dec 2022 [...]

CC-4169 - Critical RCE Vulnerability in Microsoft Windows Internet Key Exchange (IKE) Protocol Extensions

Severity: High Microsoft security updates addressed a remote code execution vulnerability in IKE Protocol Extensions Microsoft security updates addressed a remote code execution vulnerability in IKE Protocol Extensions Updated: 30… [...]

CC-4220 - Google Releases Security Update for Chrome

Severity: Information only Security update released to address an actively exploited zero-day vulnerability in Chrome Security update released to address an actively exploited zero-day vulnerability in Chrome Updated: 29 Nov… [...]

CC-4020 - Oracle Releases January 2022 Critical Patch Update

Severity: Information only Scheduled updates for multiple Oracle Products Scheduled updates for multiple Oracle Products Updated: 29 Nov 2022 [...]

CC-4208 - OpenSSL Vulnerabilities Impact Multiple Cisco Products

Severity: Information only Cisco confirms that IoT Field Network Director and Operational Insights Collector are impacted by buffer overflow vulnerabilities in OpenSSL Cisco confirms that IoT Field Network Director and Operational Insights… [...]

CC-4219 - Zyxel Releases Security Update for LTE Indoor Router

Severity: Information only Zyxel update addresses a pre-configured password vulnerability Zyxel update addresses a pre-configured password vulnerability Updated: 23 Nov 2022 [...]

CC-3875 - Hillrom Medical Device Management Tools Vulnerabilities

Severity: Low Two out-of-bounds read and write issues are causing vulnerabilities in the Hillrom medical device management tools, which are Welch Allyn products. Two out-of-bounds read and write issues are… [...]

Student Loan Breach Exposes 2.5M Records
Student Loan Breach Exposes 2.5M Records
2.5 million people were affected, in a breach that could spell more trouble down the line.
Watering Hole Attacks Push ScanBox Keylogger
Watering Hole Attacks Push ScanBox Keylogger
Researchers uncover a watering hole attack likely carried out by APT TA423, which attempts to plant the ScanBox JavaScript-based reconnaissance tool.
Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms
Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms
Over 130 companies tangled in sprawling phishing campaign that spoofed a multi-factor authentication system.
Ransomware Attacks are on the Rise
Ransomware Attacks are on the Rise
Lockbit is by far this summer’s most prolific ransomware group, trailed by two offshoots of the Conti group.
Cybercriminals Are Selling Access to Chinese Surveillance Cameras
Cybercriminals Are Selling Access to Chinese Surveillance Cameras
Tens of thousands of cameras have failed to patch a critical, 11-month-old CVE, leaving thousands of organizations exposed.
FLARE VM: A FLAREytale Open to the Public

FLARE VM is a collection of software installations scripts for Windows systems that allows you to easily setup and maintain a reverse engineering environment on a virtual machine (VM). Thousands of reverse engineers, malware analysts, and security researchers rely on FLARE VM to configure Windows and to install an expert collection of security tools.

Our most recent updates make FLARE VM more open and maintainable. This allows the community to easily add and update tools and to make them quickly available to everyone. We’ve worked hard to open source the packages which detail how to install

FLARE IDA Pro Script Series: Automating Function Argument Extraction
Intro

This blog post is the next episode in the FLARE team IDA Pro Script series. All scripts and plug-ins are available from our GitHub repo.

Automating the Repetitive

I am a big believer in automating repetitive tasks to improve and simplify reverse engineering. The task described in this blog post comes up frequently in malware analysis: identifying all of the arguments given to a function within a program. This situation may come up when trying to:

Identify the size, location, and possible key used to decrypt encoded strings used by the malware. Identify each function pointer
Applying Function Types to Structure Fields in IDA

IDA Pro comes with an incredibly useful array of type information gathered from various compilers. Whenever a user names a location, IDA searches its currently loaded type libraries to see if that name is a known function. If the function is found, IDA applies the function declaration to that location. For example, Figure 1 shows an array of DWORDS. During reverse engineering, I determined that these are function pointers to MS SDK API functions.

Naming the location with the corresponding function name causes IDA to automatically apply the type information. Figure 2 shows the result of

FLARE IDA Pro Script Series: Automatic Recovery of Constructed Strings in Malware

The FireEye Labs Advanced Reverse Engineering (FLARE) Team is dedicated to sharing knowledge and tools with the community. We started with the release of the FLARE On Challenge in early July where thousands of reverse engineers and security enthusiasts participated. Stay tuned for a write-up of the challenge solutions in an upcoming blog post.

This post is the start of a series where we look to aid other malware analysts in the field. Since IDA Pro is the most popular tool used by malware analysts, we’ll focus on releasing scripts and plug-ins to help make it an even more effective tool for

FLARE IDA Pro Script Series: MSDN Annotations Plugin for Malware Analysis

The FireEye Labs Advanced Reverse Engineering (FLARE) Team continues to share knowledge and tools with the community. We started this blog series with a script for Automatic Recovery of Constructed Strings in Malware. As always, you can download these scripts at our Github page. We hope you find all these scripts as useful as we do.

Motivation

During my summer internship with the FLARE team, my goal was to develop IDAPython plug-ins that speed up the reverse engineering workflow in IDA Pro. While analyzing malware samples with the team, I realized that a lot of time is spent looking up