Attacks & Vulnerabilities
|
Zimbra RCE Vulnerability Under Attack (3 minute read)
Zimbra has disclosed a new RCE vulnerability in its SMTP server. The vulnerability arises from improper sanitation, which can lead to a maliciously crafted CC line being executed as shell commands by the server. Researchers at Proofpoint report that there have been attacks since September 28 attempting to exploit this vulnerability and urge immediate patching.
|
New Linux Malware ‘Perfctl' Targets Millions by Mimicking System Files (3 minute read)
A new Linux malware called Perfctl is targeting millions worldwide by mimicking system files to avoid detection. This sophisticated malware compromises Linux servers for cryptomining and resource hijacking, using rootkit and evasion techniques to hide its presence. To protect your Linux systems, update regularly, conduct vulnerability assessments, and use security tools like firewalls.
|
Thousands of Adobe Commerce e-stores hacked by exploiting the CosmicSting bug (3 minute read)
Over 4,000 Adobe Commerce and Magento e-stores were hacked due to a critical vulnerability, CosmicSting (CVE-2024-34102), which allows attackers to execute arbitrary code. The attacks have impacted major organizations and resulted in the installation of payment skimmers on victim stores. Merchants are urged to update their systems immediately to protect against these exploits.
|
|
Opaque Predicates and How to Hunt Them (8 minute read)
Opaque predicates are a conditional expression that the programmer knows the answer to but chooses to check anyway. They can be utilized to obscure the control flow for anti-reversing. This post utilizes the MIASM Python library to create an IDA Pro plugin to detect and patch unreachable blocks. The plugin utilizes the Symbolic Execution engine to detect opaque predicates and then patches them with NOPs.
|
How to Intercept Data Exfiltrated by Malware via Telegram and Discord (9 minute read)
This blog post explains how to gather information on threat actors, using Telegram API to identify them and attribute malware samples. It demonstrates steps to intercept data exfiltrated by malware through Telegram and Discord, including obtaining bot tokens, chat IDs, and forwarding messages for analysis. The post provides scripts and examples for interacting with Telegram bots and Discord webhooks to monitor and analyze malware activities in real time.
|
|
Ax (GitHub Repo)
Ax is a framework that utilizes packer files to prepare base images to deploy across multiple cloud providers for penetration testing or bug bounty hunting.
|
|
Differential fuzzing for cryptography (13 minute read)
Differential fuzzing uses multiple implementations to compare outputs for finding bugs like logic errors and incorrect computations, beyond just memory bugs and crashes. LibAFL is a tool that helps with custom input generation for differential fuzzing, allowing for more efficient bug discovery in cryptographic implementations. The quality of input generation and harness design is crucial for a successful fuzzing campaign, highlighting the importance of testing edge cases while restricting the test range to what the target can handle.
|
|
Love TLDR? Tell your friends and get rewards!
|
Share your referral link below with friends to get free TLDR swag!
|
|
Track your referrals here. |
Want to advertise in TLDR? 📰
|
If your company is interested in reaching an audience of cybersecurity professionals and decision makers, you may want to advertise with us.
If you have any comments or feedback, just respond to this email!
Thanks for reading,
Prasanna Gautam, Eric Fernandez & Sammy Tbeile
|
|
|
|