Jump to content


Active Members
  • Posts

  • Joined

  • Days Won


Kev last won the day on May 1

Kev had the most liked content!


275 Excellent


About Kev

  • Rank

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. The Malwarebytes report said a new threat actor may be targeting Russian and pro-Russian individuals. Hossein Jazi and Malwarebytes' Threat Intelligence team released a report on Thursday highlighting a new threat actor potentially targeting Russian and pro-Russian individuals. The attackers included a manifesto about Crimea, indicating the attack may have been politically motivated. The attacks feature a suspicious document named "Manifest.docx" that uniquely downloads and executes double attack vectors: remote template injection and CVE-2021-26411, an Internet Explorer exploit. Jazi attributed the attack to the ongoing conflict between Russian and Ukraine, part of which centers on Crimea. The report notes that cyberattacks on both sides have been increasing. But Jazi does note that the manifesto and Crimea information may be used as a false flag by the threat actors. Malwarebytes' Threat Intelligence team discovered the "Манифест.docx" ("Manifest.docx") on July 21, finding that it downloads and executes the two templates: one is macro-enabled and the other is an html object that contains an Internet Explorer exploit. The analysts found that the exploitation of CVE-2021-26411 resembled an attack launched by the Lazarus APT. According to the report, the attackers combined social engineering and the exploit in order to increase their chances of infecting victims. Malwarebytes was not able to attribute the attack to a specific actor, but said that a decoy document was displayed to victims that contained a statement from a group associating with a figure named Andrey Sergeevich Portyko, who allegedly opposes Russian President Vladimir Putin's policies on the Crimean Peninsula. Jazi explained that the decoy document is loaded after the remote templates are loaded. The document is in Russian but is also translated into English. The attack also features a VBA Rat that collects victim's info, identifies the AV product running on victim's machine, executes shell-codes, deletes files, uploads and downloads files while also reading disk and file systems information. Jazi noted that instead of using well known API calls for shell code execution which can easily get flagged by AV products, the threat actor used the distinctive EnumWindows to execute its shell-code. Via zdnet.com
  2. vezi in sectiunea de stiri PS: bine ca nu ti-ai lasat adersa
  3. Pentru ca nu sunt banii tai, daca nu ai semnatura digitala (PGP) iti iei adio de la ei
  4. The software-engineering platform is urging users to patch the critical flaw ASAP. Atlassian has dropped a patch for a critical vulnerability in many versions of its Jira Data Center and Jira Service Management Data Center products, which can lead to arbitrary code execution. Atlassian is a platform that’s used by 180,000 customers to engineer software and manage projects, and Jira is its proprietary bug-tracking and agile project-management tool. On Wednesday, Atlassian issued a security advisory concerning the vulnerability, which is tracked as CVE-2020-36239. The bug could enable remote, unauthenticated attackers to execute arbitrary code in some Jira Data Center products. BleepingComputer got ahold of an email Atlassian sent to enterprise customers on Wednesday that urged them to update ASAP. The vulnerability has to do with a missing authentication check in Jira’s implementation of Ehcache, which is an open-source, Java distributed cache for general-purpose caching, Java EE and lightweight containers that’s used for performance and which simplifies scalability. Atlassian said that the bug was introduced in version 6.3.0 of Jira Data Center, Jira Core Data Center, Jira Software Data Center and Jira Service Management Data Center (known as Jira Service Desk prior to 4.14). According to Atlassian’s security advisory, that list of products exposed a Ehcache remote method invocation (RMI) network service that attackers – who can connect to the service on port 40001 and potentially 40011 – could use to “execute arbitrary code of their choice in Jira” through deserialization, due to missing authentication. RMI is an API that acts as a mechanism to enable remote communication between programs written in Java. It allows an object residing in one Java virtual machine (JVM) to invoke an object running on another JVM; Often, it involves one program on a server and one on a client. The advantage of RMI, as BleepingComputer describes it, is that Workings of RMI. Source: Wikipedia. Atlassian “strongly suggests” restricting access to the Ehcache ports to only Data Center instances, but noted that there’s a caveat: “Fixed versions of Jira will now require a shared secret in order to allow access to the Ehcache service,” according to the advisory. Affected Versions These are the affected versions of Jira Data Center and Jira Service Management Data Center: Jira Data Center, Jira Core Data Center, and Jira Software Data Center – ranges 6.3.0 <= version < 8.5.16 8.6.0 <= version < 8.13.8 8.14.0 <= version < 8.17.0 Jira Service Management Data Center – ranges 2.0.2 <= version < 4.5.16 4.6.0 <= version < 4.13.8 4.14.0 <= version < 4.17.0 Jira Data Center, Jira Core Data Center, and Jira Software Data Center All 6.3.x, 6.4.x versions All 7.0.x, 7.1.x , 7.2.x, 7.3.x, 7.4.x, 7.5.x, 7.6.x, 7.7.x, 7.8.x, 7.9.x, 7.10.x, 7.11.x, 7.12.x, 7.13.x versions All 8.0.x, 8.1.x, 8.2.x, 8.3.x, 8.4.x versions All 8.5.x versions before 8.5.16 All 8.6.x, 8.7.x, 8.8.x, 8.9.x, 8.10.x, 8.11.x, 8.12.x versions All 8.13.x versions before 8.13.8 All 8.14.x, 8.15.x, 8.16.x versions Jira Service Management Data Center All 2.x.x versions after 2.0.2 All 3.x.x versions All 4.0.x, 4.1.x, 4.2.x, 4.3.x, 4.4.x versions All 4.5.x versions before 4.5.16 All 4.6.x, 4.7.x, 4.8.x, 4.9.x, 4.10.x, 4.11.x, 4.12.x versions All 4.13.x versions before 4.13.8 All 4.14.x, 4.15.x, 4.16.x versions Atlassian’s advisory said that customers who have downloaded and installed any affected versions “must upgrade their installations immediately to fix this vulnerability.” Having said that, Atlassian also noted that the “critical” rating is its own assessment and that customers “should evaluate its applicability to your own IT environment.” Non-Affected Versions Here’s the list of products that aren’t affected by the flaw: Atlassian Cloud Jira Cloud Jira Service Management Cloud Non-Data Center instances of Jira Server (Core & Software) and Jira Service Management Also, customers who have upgraded Jira Data Center, Jira Core Data Center, Jira Software Data Center to versions 8.5.16, 8.13.8, 8.17.0 and/or Jira Service Management Data Center to versions 4.5.16, 4.13.8 or 4.17.0 are off the hook: They don’t need to upgrade. Atlassian is Attacker Catnip Some of the largest enterprises with the most sophisticated product development use Atlassian products. Among its more than 65,000 users, Jira counts some big fans, including the likes of the Apache Software Foundation, Cisco, Fedora Commons, Hibernate, Pfizer and Visa. Unfortunately, its popularity – particularly with the big fish – and its capabilities make it a tempting target for attackers. In June, researchers uncovered Atlassian bugs that could have led to one-click takeover: A scenario that brought to mind the potential for an exploit that would have been similar to the SolarWinds supply-chain attack, in which attackers used a default password as an open door into a software-updating mechanism. Chris Morgan, senior cyber-threat intelligence analyst at digital-risk provider Digital Shadows, said that the vulnerability at the heart of Wednesday’s advisory is just the latest in a series of bugs facing software engineering and management platforms that, if exploited, “could lead to a range of pernicious outcomes.” While there’s no evidence of active exploitation at this time, we can expect attempts to show up in the coming one to three months, Morgan predicted. He pointed to several recent supply-chain attacks, including attacks against software providers Accellion and Kaseya, that have leveraged vulnerabilities to gain initial access and to compromise software builds “known to be used by a diverse client base.” Other security experts agreed with Morgan’s assessment. Andrew Barratt, managing principal of solutions and investigations at cybersecurity advisory firm Coalfire, told Threatpost on Thursday that the vulnerability Atlassian disclosed on Wednesday “shows that attackers are still looking to leverage economies of scale and compromise multiple parties using single platform-wide vulnerabilities.” Expect Exploitation, In the Wild Attacks TL;DR: Apply the update ASAP, or implement Atlassian’s workarounds, Morgan emphasized. On the optimistic side, the issue may blow over before it gets dire, given that Atlassian is already issuing patches and advising on temporary mitigations, Barratt added. Barratt thinks that the most concerning thing should be “the renewed focus on potentially a gold mine of opportunity.” While targeting developers isn’t new, he said, targeting their tools, platform and reducing potential confidence in the product “shows the need for security orchestration tools that can help bring the diversity of the problem to single-management view.” On the technical side of things, Shawn Smith – director of infrastructure at application security provider nVisium – posited that supply-chain attacks are a good argument against auto-updating dependencies, but “this also means that security teams have to monitor and manage them effectively and efficiently,” as he told Threatpost via email on Thursday. Via threatpost.com
  5. Kev

    Sugestii monitor

    //dublu post
  6. Kev

    Sugestii monitor

    Pentru? Gaming, Design,... ASUS - Nvidia ®
  7. Dude, nenorocit, antet, subtext nu aveti?, alineat.... Ma angajez eu la baut vodka Amin!
  8. Iti trimit un colet cu mezeluri, lapte, grâu, ... alimente, imbracaminte pentru varsta de 2 ani nu am, lasa-mi mesaj privat Edit: + 10 bonuri de 20% reducere la Kaufland
  9. Malaysian authorities did not mess around when they broke up a cryptocurrency mining farm and charged the operators with stealing electricity. As Bitcoin’s price surged this spring to a new all-time high, the spotlight shining on its controversial mining process only got brighter. Bitcoin, Ethereum, and many other cryptocurrencies use an energy-intensive “proof-of-work” process that makes computers on its decentralized network compete to solve complex mathematical equations to verify a batch of transactions; this makes the network less susceptible to certain attacks, and earns miners crypto rewards. Given the competitive element in the quest for valuable cryptocurrency, powerful mining rigs—essentially, PCs purpose-built to maximize mining rewards—are the preferred tool of serious crypto miners. They are expensive, and persistent demand and manufacturing delays can mean months-long waits for rigs to be delivered. This week, police in Malaysia crushed 1,069 of them with a steamroller. Authorities in the city of Miri in Sarawak, Malaysia seized 1,069 rigs from miners alleged to have stolen electricity for their operations, per a report from local publication The Star. The devices were seized in a joint operation between Miri police and Sarawak Energy Berhad between February and April, and have an estimated value of RM5.3 million ($1.25 million USD), according to the outlet. Six individuals were arrested for electricity theft in the operation, and “have been fined up to RM8,000 and jailed for up to eight months," according to a statement from Miri police chief ACP Hakemal Hawari that was quoted by The Star. Local Sarawak news outlet Dayak Daily adds that the rigs were collected over the course of six separate raids. Sarawak Energy Berhad estimates that it lost RM8.4 million ($2 million USD) in energy that was stolen from its lines for the mining operation, the outlet reported. Dayak Daily also uploaded a video to YouTube showing the miners being steamrolled. Neither outlet stated why the police felt it was necessary to destroy the machines in such dramatic fashion, though it certainly sends a strong message. Electricity theft is a persistent issue in numerous regions where Bitcoin is mined, as some operators use illegal means to secure the cheap electricity necessary to make a big profit mining cryptocurrency. According to the report, the mining rigs were demolished in the parking lot of the Miri district police headquarters this week, as seen in the video above. Bitcoin enthusiasts might watch the video and see dreams of prospective crypto wealth crushed to bits, while anti-mining advocates are likely to see Bitcoin’s ecological impact being slightly curtailed amidst all of that e-waste. Bitcoin’s distributed ledger design ensures the security and stability of the blockchain network, but the mining model requires exorbitant amounts of energy. Digiconomist estimates that the Bitcoin network now uses as much energy annually as the entire county of Sweden, and the energy use of the network is sure to rise as more mining power is added to the network (and vice versa). The leading cryptocurrency’s early-year surge was halted in part by Tesla announcing in May that it would no longer accept Bitcoin payments, citing concerns over the use of fossil fuels in mining. It was an about-face for the electric car maker, which announced in February that it had purchased $1.5 billion worth of Bitcoin to hold on its balance sheet, and soon after began accepting Bitcoin payments for a brief span. Tesla CEO Elon Musk, the terminally-online Dogecoin member, has since become reviled by many crypto enthusiasts for his perceived meddling in the scene, including the formation of a “Bitcoin Mining Council.” Bitcoin’s price fell swiftly following Tesla’s announcement, and at a current price just above $32,000 per coin, it’s worth about half of its all-time high set in April. China’s increasing crackdown on cryptocurrency has also recently dampened enthusiasm around the industry. Crypto mining has been banned in multiple provinces, causing the Bitcoin network’s hash rate (or total computational power) to sink as miners shut down or move abroad. The People’s Bank of China also told top banks and payments services to root out cryptocurrency users and implement stricter know-your-customer processes. Earlier this week, the Ukrainian Security Service (SBU) similarly busted a crypto mining operation for allegedly stealing electricity from a nearby regional energy provider. That bust had its own unique hook: some 3,800 PlayStation 4 consoles made up the majority of the seized devices, as the systems had apparently been modified to mine an unidentified cryptocurrency. Game consoles are significantly less powerful than dedicated PC mining rigs, but there’s still potential for profit when the energy cost is zero. Via vice.com
  10. Conteaza pasta, te poti spala si cu peiruita din par de porc
  11. Ati deviat de la subiect toti cu psihologia lui On: omul a intrebat cum poate tine mai multe tab-uri deschise fara sa-i bubuie capul On2: vezi in market ce gasesti
  12. Kev

    SSH Scanner

  13. frânã bããã Ioane, hooo
  14. Mythril is a security analysis tool for EVM bytecode. It detects security vulnerabilities in smart contracts built for Ethereum, Hedera, Quorum, Vechain, Roostock, Tron and other EVM-compatible blockchains. It uses symbolic execution, SMT solving and taint analysis to detect a variety of security vulnerabilities. It's also used (in combination with other tools and techniques) in the MythX security analysis platform. If you are a smart contract developer, we recommend using MythX tools which are optimized for usability and cover a wider range of security issues. Whether you want to contribute, need support, or want to learn what we have cooking for the future, our Discord server will serve your needs. Installation and setup Get it with Docker: $ docker pull mythril/myth Install from Pypi: $ pip3 install mythril See the docs for more detailed instructions. Usage Run: $ myth analyze <solidity-file> Specify the maximum number of transaction to explore with -t <number>. You can also set a timeout with --execution-timeout <seconds>. Example (source code) > myth a killbilly.sol -t 3 ==== Unprotected Selfdestruct ==== SWC ID: 106 Severity: High Contract: KillBilly Function name: commencekilling() PC address: 354 Estimated Gas Usage: 574 - 999 The contract can be killed by anyone. Anyone can kill this contract and withdraw its balance to an arbitrary address. -------------------- In file: killbilly.sol:22 selfdestruct(msg.sender) -------------------- Transaction Sequence: Caller: [CREATOR], data: [CONTRACT CREATION], value: 0x0 Caller: [ATTACKER], function: killerize(address), txdata: 0x9fa299ccbebebebebebebebebebebebedeadbeefdeadbeefdeadbeefdeadbeefdeadbeef, value: 0x0 Caller: [ATTACKER], function: activatekillability(), txdata: 0x84057065, value: 0x0 Caller: [ATTACKER], function: commencekilling(), txdata: 0x7c11da20, value: 0x0 Instructions for using Mythril are found on the docs. For support or general discussions please join the Mythril community on Discord. Building the Documentation Mythril's documentation is contained in the docs folder and is published to Read the Docs. It is based on Sphinx and can be built using the Makefile contained in the subdirectory: cd docs make html This will create a build output directory containing the HTML output. Alternatively, PDF documentation can be built with make latexpdf. The available output format options can be seen with make help. Vulnerability Remediation Visit the Smart Contract Vulnerability Classification Registry to find detailed information and remediation guidance for the vulnerabilities reported. Download mythril-develop.zip or git clone https://github.com/ConsenSys/mythril.git Source
  • Create New...