2024-09-03 | Hacker Trends

7 Posts

Off-By-One 2024 Day 1- Exploring WebKit’s Just In Time Compilation: Vignesh S Rao - YouTube

https://www.youtube.com/watch?v=9rt9ErQKnf8

6 Posts

YubiKeys are vulnerable to cloning attacks thanks to newly discovered side channel | Ars Technica

https://arstechnica.com/security/2024/09/yubikeys-are-vulnerable-to-cloning-attacks-thanks-to-newly-discovered-side-channel/

6 Posts

https://re-verse.io/

5 Posts

CVE-2024-8105: An UEFI Flaw Putting Millions of Devices at Risk

https://securityonline.info/cve-2024-8105-an-uefi-flaw-putting-millions-of-devices-at-risk/

5 Posts

Reverse-engineering an encrypted IoT protocol | @smlx's blog

https://smlx.dev/posts/goodwe-sems-protocol-teardown/

5 Posts

D-Link says it is not fixing four RCE flaws in DIR-846W routers

https://www.bleepingcomputer.com/news/security/d-link-says-it-is-not-fixing-four-rce-flaws-in-dir-846w-routers/

5 Posts

Orange Tsai

https://blog.orange.tw/

4 Posts

Most interesting IR cases in 2023: insider threats and more | Securelist

https://securelist.com/incident-response-interesting-cases-2023/113611/

4 Posts

Zyxel warns of critical OS command injection flaw in routers

https://www.bleepingcomputer.com/news/security/zyxel-warns-of-critical-os-command-injection-flaw-in-routers/

4 Posts

GitHub - ashemery/Anti-Forensics: A Repository to Track Anti-Forensic Techniques

https://github.com/ashemery/Anti-Forensics

4 Posts

New Rust-Based Ransomware Cicada3301 Targets Windows and Linux Systems

https://thehackernews.com/2024/09/new-rust-based-ransomware-cicada3301.html

4 Posts

4 exploits, 1 bug: exploiting CVE-2024-20017 4 different ways | hyprblog

https://blog.coffinsec.com/0day/2024/08/30/exploiting-CVE-2024-20017-four-different-ways.html

3 Posts

City of Columbus Sues Researcher Who Disclosed Impact of Ransomware Attack - SecurityWeek

https://www.securityweek.com/city-of-columbus-sues-researcher-who-disclosed-impact-of-ransomware-attack/

3 Posts

Halliburton Confirms Data Stolen in Cyberattack - SecurityWeek

https://www.securityweek.com/halliburton-data-theft/

3 Posts

MalwareBazaar | 185-11-83-153

https://bazaar.abuse.ch/browse/tag/185-11-83-153/

3 Posts

Ex-Engineer Charged in Missouri for Failed $750,000 Bitcoin Extortion Attempt

https://thehackernews.com/2024/09/ex-engineer-charged-in-missouri-for.html

3 Posts

Index of /files/hitbsecconf2024bkk/materials

https://conference.hitb.org/hitbsecconf2024bkk/materials/

3 Posts

New Flaws in Microsoft macOS Apps Could Allow Hackers to Gain Unrestricted Access

https://thehackernews.com/2024/09/new-flaws-in-microsoft-macos-apps-could.html

3 Posts

Halliburton confirms data stolen in recent cyberattack

https://www.bleepingcomputer.com/news/security/halliburton-confirms-data-stolen-in-recent-cyberattack/

3 Posts

Rocinante Trojan Poses as Banking Apps to Steal Sensitive Data from Brazilian Android Users

https://thehackernews.com/2024/09/rocinante-trojan-poses-as-banking-apps.html

3 Posts

SensePost | From a glpi patch bypass to rce

https://sensepost.com/blog/2024/from-a-glpi-patch-bypass-to-rce/

3 Posts

Hacktivists Exploits WinRAR Vulnerability in Attacks Against Russia and Belarus

https://thehackernews.com/2024/09/hacktivists-exploits-winrar.html

3 Posts

Learning Rust for fun and backdoo-rs - hn security

https://security.humanativaspa.it/learning-rust-for-fun-and-backdoo-rs/

3 Posts

MalwareBazaar | WikiLoaderGozi

https://bazaar.abuse.ch/browse/tag/WikiLoaderGozi/

3 Posts

Verkada to Pay $2.95 Million Over FTC Probe Into Security Camera Hacking - SecurityWeek

https://www.securityweek.com/verkada-to-pay-2-95-million-over-ftc-probe-into-security-camera-hacking/

3 Posts

CVE-2024-37084: Spring Cloud Remote Code Execution - SecureLayer7 - Offensive Security, API Scanner & Attack Surface Management

https://blog.securelayer7.net/spring-cloud-skipper-vulnerability/

3 Posts

Off-By-One 2024 Day 1- Exploring WebKit’s Just In Time Compilation: Vignesh S Rao - YouTube

YubiKeys are vulnerable to cloning attacks thanks to newly discovered side channel | Ars Technica

https://re-verse.io/

CVE-2024-8105: An UEFI Flaw Putting Millions of Devices at Risk

Reverse-engineering an encrypted IoT protocol | @smlx's blog

D-Link says it is not fixing four RCE flaws in DIR-846W routers

Orange Tsai

Most interesting IR cases in 2023: insider threats and more | Securelist

Zyxel warns of critical OS command injection flaw in routers

GitHub - ashemery/Anti-Forensics: A Repository to Track Anti-Forensic Techniques

New Rust-Based Ransomware Cicada3301 Targets Windows and Linux Systems

4 exploits, 1 bug: exploiting CVE-2024-20017 4 different ways | hyprblog

City of Columbus Sues Researcher Who Disclosed Impact of Ransomware Attack - SecurityWeek

Halliburton Confirms Data Stolen in Cyberattack - SecurityWeek

MalwareBazaar | 185-11-83-153

Ex-Engineer Charged in Missouri for Failed $750,000 Bitcoin Extortion Attempt

Index of /files/hitbsecconf2024bkk/materials

New Flaws in Microsoft macOS Apps Could Allow Hackers to Gain Unrestricted Access

Halliburton confirms data stolen in recent cyberattack

Rocinante Trojan Poses as Banking Apps to Steal Sensitive Data from Brazilian Android Users

SensePost | From a glpi patch bypass to rce

Hacktivists Exploits WinRAR Vulnerability in Attacks Against Russia and Belarus

Learning Rust for fun and backdoo-rs - hn security

MalwareBazaar | WikiLoaderGozi

Verkada to Pay $2.95 Million Over FTC Probe Into Security Camera Hacking - SecurityWeek

CVE-2024-37084: Spring Cloud Remote Code Execution - SecureLayer7 - Offensive Security, API Scanner & Attack Surface Management

City of Columbus tries to silence security researcher | Malwarebytes

Intel Responds to SGX Hacking Research - SecurityWeek

CyberThreat 2024

EUCLEAK - NinjaLab

Firmware Security: Alcatel-Lucent ALE-DeskPhone | SySS Tech Blog

Clearview AI Fined $33.7 Million by Dutch Data Protection Watchdog Over ‘Illegal Database’ of Faces - SecurityWeek