Jump to content

Search the Community

Showing results for tags 'ravie lakshmanan'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Informatii generale
    • Anunturi importante
    • Bine ai venit
    • Proiecte RST
  • Sectiunea tehnica
    • Exploituri
    • Challenges (CTF)
    • Bug Bounty
    • Programare
    • Securitate web
    • Reverse engineering & exploit development
    • Mobile security
    • Sisteme de operare si discutii hardware
    • Electronica
    • Wireless Pentesting
    • Black SEO & monetizare
  • Tutoriale
    • Tutoriale in romana
    • Tutoriale in engleza
    • Tutoriale video
  • Programe
    • Programe hacking
    • Programe securitate
    • Programe utile
    • Free stuff
  • Discutii generale
    • RST Market
    • Off-topic
    • Discutii incepatori
    • Stiri securitate
    • Linkuri
    • Cosul de gunoi
  • Club Test's Topics
  • Clubul saraciei absolute's Topics
  • Chernobyl Hackers's Topics
  • Programming & Fun's Jokes / Funny pictures (programming related!)
  • Programming & Fun's Programming
  • Programming & Fun's Programming challenges
  • Bani pă net's Topics
  • Cumparaturi online's Topics
  • Web Development's Forum
  • 3D Print's Topics

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


Website URL


Yahoo


Jabber


Skype


Location


Interests


Biography


Location


Interests


Occupation

Found 3 results

  1. Cybersecurity researchers have disclosed a massive campaign that's responsible for injecting malicious JavaScript code into compromised WordPress websites that redirects visitors to scam pages and other malicious websites to generate illegitimate traffic. This involved infecting files such as jquery.min.js and jquery-migrate.min.js with obfuscated JavaScript that's activated on every page load, allowing the attacker to redirect the website visitors to a destination of their choice. The GoDaddy-owned website security company said that the domains at the end of the redirect chain could be used to load advertisements, phishing pages, malware, or even trigger another set of redirects. In some instances, unsuspecting users are taken to a rogue redirect landing page containing a fake CAPTCHA check, clicking which serves unwanted ads that are disguised to look as if they come from the operating system and not from a web browser. The campaign — a continuation of another wave that was detected last month — is believed to have impacted 322 websites so far, starting May 9. The April set of attacks, on the other hand, has breached over 6,500 websites. Found this article interesting? Follow THN on Facebook, Twitter and LinkedIn to read more exclusive content we post. Source
  2. Microsoft on Friday shared more of the tactics, techniques, and procedures (TTPs) adopted by the Russia-based Gamaredon hacking group to facilitate a barrage of cyber espionage attacks aimed at several entities in Ukraine over the past six months. The attacks are said to have singled out government, military, non-government organizations (NGO), judiciary, law enforcement, and non-profit organizations with the main goal of exfiltrating sensitive information, maintaining access, and leveraging it to move laterally into related organizations. The Windows maker's Threat Intelligence Center (MSTIC) is tracking the cluster under the moniker ACTINIUM (previously as DEV-0157), sticking to its tradition of identifying nation-state activities by chemical element names. The Ukrainian government, in November 2021, publicly attributed Gamaredon to the Russian Federal Security Service (FSB) and connected its operations to the FSB Office of Russia in the Republic of Crimea and the city of Sevastopol. It's worth pointing out that the Gamaredon threat group represents a unique set of attacks divorced from last month's cyber offensives that knocked out multiple Ukrainegovernment agencies and corporate entities with destructive data-wiping malware disguised as ransomware. The attacks primarily leverage spear-phishing emails as an initial access vector, with the messages carrying malware-laced macro attachments that employ remote templates containing malicious code when the recipients open the rigged documents. In an interesting tactic, the operators also embed a tracking pixel-like "web bug" within the body of the phishing message to monitor if a message has been opened, following which, the infection chain triggers a multi-stage process that culminates in the deployment of several binaries, including — PowerPunch – A PowerShell-based dropper and downloader used to retrieve the next-stage executables remotely Pterodo – A constantly evolving feature-rich backdoor that also sports a range of capabilities intended to make analysis more difficult, and QuietSieve – A heavily-obfuscated .NET binary specifically geared towards data exfiltration and reconnaissance on the target host This is far from the only intrusion staged by the threat actor, which also struck an unnamed Western government organization in Ukraine last month via a malware-laced resume for an active job listing with the entity posted on a local job portal. It also targeted the country's State Migration Service (SMS) in December 2021. The findings also arrive as Cisco Talos, in its continuing analysis of the January incidents, disclosed details of an ongoing disinformation campaign attempting to attribute the defacement and wiper attacks to Ukrainian groups that date back at least nine months. Via thehackernews.com
  3. As many as 13 security vulnerabilities have been discovered in the Nucleus TCP/IP stack, a software library now maintained by Siemens and used in three billion operational technology and IoT devices that could allow for remote code execution, denial-of-service (DoS), and information leak. Collectively called "NUCLEUS:13," successful attacks abusing the flaws can "result in devices going offline and having their logic hijacked," and "spread[ing] malware to wherever they communicate on the network," researchers from Forescout and Medigate said in a technical report published Tuesday, with one proof-of-concept (PoC) successfully demonstrating a scenario that could potentially disrupt medical care and critical processes. Siemens has since released security updates to remediate the weaknesses in Nucleus ReadyStart versions 3 (v2017.02.4 or later) and 4 (v4.1.1 or later). Primarily deployed in automotive, industrial, and medical applications, Nucleus is a closed-source real-time operating system (RTOS) used in safety-critical devices, such as anesthesia machines, patient monitors, ventilators, and other healthcare equipment. The most severe of the issues is CVE-2021-31886 (CVSS score: 9.8), a stack-based buffer overflow vulnerability affecting the FTP server component, effectively enabling a malicious actor to write arbitrary code, hijack the execution flow, and achieve code execution, and in the process, take control of susceptible devices. Two other high-severity vulnerabilities (CVE-2021-31887 and CVE-2021-31888), both impacting FTP servers, could be weaponized to achieve DoS and remote code execution. Real-world attacks leveraging the flaw could hypothetically impede the normal functioning of automated train systems by sending a malicious FTP packet, causing a Nucleus-powered controller to crash, in turn, preventing a train from stopping at a station and causing it to collide with another train on the track. ForeScout's telemetry analysis has revealed closed to 5,500 devices from 16 vendors, with most of the vulnerable Nucleus devices found in the healthcare sector (2,233) followed by government (1,066), retail (348), financial (326), and manufacturing (317). The disclosures mark the seventh time security weaknesses have been discovered in the protocol stacks that underpin millions of internet-connected devices. It's also the fifth study as part of a systematic research initiative called Project Memoria aimed at analyzing the security of TCP/IP network communication stacks — URGENT/11 Ripple20 AMNESIA:33 NUMBER:JACK NAME:WRECK INFRA:HALT In an independent advisory, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) urged users to take defensive measures to mitigate the risk of exploitation of these vulnerabilities, including minimizing network exposure for all control system devices, segmenting control system networks from business networks, and using VPNs for remote access. Via thehackernews.com
×
×
  • Create New...