When URL parsers disagree (CVE-2023-38633) - Canva Engineering Blog
https://www.canva.dev/blog/engineering/when-url-parsers-disagree-cve-2023-38633/
Blog: CVE-2023-4634 - Tricky Unauthenticated RCE on Wordpress Media Library Assistant Plugin using a good old Imagick
https://patrowl.io/blog-wordpress-media-library-rce-cve-2023-4634/
MalwareBazaar | SHA256 1b29005d1fa110dfb5b924c879e64d7d4cce8af163f9e6853e4bbda2c298acf0 (Formbook)
https://bazaar.abuse.ch/sample/1b29005d1fa110dfb5b924c879e64d7d4cce8af163f9e6853e4bbda2c298acf0/
TLS 1.0 and TLS 1.1 soon to be disabled in Windows - Microsoft Community Hub
https://techcommunity.microsoft.com/t5/windows-it-pro-blog/tls-1-0-and-tls-1-1-soon-to-be-disabled-in-windows/ba-p/3887947
Shadow Wizard Registry Gang: Structured Registry Querying | by Max Harley | Sep, 2023 | Posts By SpecterOps Team Members
https://posts.specterops.io/shadow-wizard-registry-gang-structured-registry-querying-9a2fab62a26f
From NTAuthCertificates to “Silver” Certificate – Decoder's Blog
https://decoder.cloud/2023/09/05/from-ntauthcertificates-to-silver-certificate/
ASUS routers vulnerable to critical remote code execution flaws
https://www.bleepingcomputer.com/news/security/asus-routers-vulnerable-to-critical-remote-code-execution-flaws/
MITRE and CISA Release Open Source Tool for OT Attack Emulation - SecurityWeek
https://www.securityweek.com/mitre-and-cisa-release-open-source-tool-for-ot-attack-emulation/
GitHub - tastypepperoni/PPLBlade: Protected Process Dumper Tool
https://github.com/tastypepperoni/PPLBlade
Microsoft reminds users Windows will disable insecure TLS soon
https://www.bleepingcomputer.com/news/microsoft/microsoft-reminds-users-windows-will-disable-insecure-tls-soon/
Famed hacker and Twitter whistleblower Peiter 'Mudge' Zatko is joining the Biden administration - The Washington Post
https://www.washingtonpost.com/politics/2023/09/05/cisa-makes-big-name-hire-its-crusade-against-insecure-products/
Malware2/DarkGate at main · rivitna/Malware2 · GitHub
https://github.com/rivitna/Malware2/tree/main/DarkGate
후쿠시마 오염수 방류 내용을 이용한 CHM 악성코드 : RedEyes(ScarCruft) - ASEC BLOG
https://asec.ahnlab.com/ko/56654/
PyScript | Run Python in your HTML
http://pyscript.net
New BLISTER Malware Update Fuelling Stealthy Network Infiltration
https://thehackernews.com/2023/09/new-blister-malware-update-fuelling.html
DDoS attack took down the site of German financial agency BaFin
https://securityaffairs.com/150359/hacking/ddos-attack-on-bafin.html
Researchers Warn of Cyber Weapons Used by Lazarus Group's Andariel Cluster
https://thehackernews.com/2023/09/researchers-warn-of-cyber-weapons-used.html
Meta Takes Down Thousands of Accounts Involved in Disinformation Ops from China and Russia
https://thehackernews.com/2023/09/meta-takes-down-thousands-of-accounts.html
Special Offer for Asia Pacific Students | SANS Online Training
https://www.sans.org/u/1rOI
Chaes malware now uses Google Chrome DevTools Protocol to steal data
https://www.bleepingcomputer.com/news/security/chaes-malware-now-uses-google-chrome-devtools-protocol-to-steal-data/
9 Vulnerabilities Patched in SEL Power System Management Products - SecurityWeek
https://www.securityweek.com/9-vulnerabilities-patched-in-sel-power-system-management-products/
ELF 101 - Part 1 Sections and Segments - Intezer
https://intezer.com/blog/research/executable-linkable-format-101-part1-sections-segments/
Norfolk Southern Says a Software Defect — Not a Hacker — Forced It to Park Its Trains This Week - SecurityWeek
https://www.securityweek.com/norfolk-southern-says-a-software-defect-not-a-hacker-forced-it-to-park-its-trains-this-week/
Triage | Malware sandboxing report by Hatching Triage
https://tria.ge/230904-qwxwgagg94/
Freecycle data breach impacted 7 Million users
https://securityaffairs.com/150392/security/the-freecycle-network-data-breach.html
CISA Hires ‘Mudge’ to Work on Security-by-Design Principles - SecurityWeek
https://www.securityweek.com/cisa-hires-mudge/
New Python Variant of Chaes Malware Targets Banking and Logistics Industries
https://thehackernews.com/2023/09/new-python-variant-of-chaes-malware.html
Okta Says US Customers Targeted in Sophisticated Attacks - SecurityWeek
https://www.securityweek.com/okta-says-us-customers-targeted-in-sophisticated-attacks/
MalwareBazaar | SHA256 339ff720c74dc44265b917b6d3e3ba0411d61f3cd3c328e9a2bae81592c8a6e5
https://bazaar.abuse.ch/sample/339ff720c74dc44265b917b6d3e3ba0411d61f3cd3c328e9a2bae81592c8a6e5/
Crypto casino Stake.com loses $41 million to hot wallet hackers
https://www.bleepingcomputer.com/news/security/crypto-casino-stakecom-loses-41-million-to-hot-wallet-hackers/
Uncovering Web Cache Deception: A Missed Vulnerability in the Most Une – Agilehunt
https://blog.agilehunt.com/blogs/security/web-cache-deception-attack-on-404-page-exposing-pii-data-to-unauthenticated-users
Ransomware Attack on Fencing Systems Maker Zaun Impacts UK Military Data - SecurityWeek
https://www.securityweek.com/ransomware-attack-on-fencing-systems-maker-zaun-impacts-uk-military-data/
Detecting BPFDoor Backdoor Variants Abusing BPF Filters
https://www.trendmicro.com/en_ph/research/23/g/detecting-bpfdoor-backdoor-variants-abusing-bpf-filters.html
7 Million Users Possibly Impacted by Freecycle Data Breach - SecurityWeek
https://www.securityweek.com/7-million-users-possibly-impacted-by-freecycle-data-breach/
APT34 Unleashes New Wave of Phishing Attack with Variant of SideTwist Trojan - NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks.
https://nsfocusglobal.com/apt34-unleashes-new-wave-of-phishing-attack-with-variant-of-sidetwist-trojan/
Atlas VPN zero-day vulnerability leaks users' real IP address
https://www.bleepingcomputer.com/news/security/atlasvpn-zero-day-vulnerability-leaks-users-real-ip-address/