borari

Team Cymru published a report detailing infrastructure and configuration changes to the Vidar info-stealer malware that were made in an attempt to evade detection and anonymize activities.

ESET researchers identified an updated version of the Android GravityRAT spyware being distributed as the messaging apps BingeChat and Chatico.

It seems like attackers have discovered a way to leverage NPM packages to deliver malicious binaries without needing to make any changes to the NPM package itself.

This is an interesting report by Symantec about a Russian 'Cyber Campaign' against Ukraine, targeting security services, military, and government organizations.

It's crazy that we're witness to the first case in history of cyber warfare campaigns being waged alongside, and in support of, a hot war, in real time.

Looks like Mandiant has discovered active exploitation of CVE-2023-20867, which was given a CVSS score of 3.9 when it was assigned.

This new malware strain, written in Go, has been seen compromising systems across Europe, Southeast Asia, an the U.S. It's stealing sensitive information from Discord, web browsers, etc.

This won't apply to anyone here, because we're all reviewing any code we clone from GitHub prior to executing it on our system, right?

This new stealer has five stages, and shows a high level of sophistication, akin to APTs. Targeted victims have been seen in Europe, the USA, and Latin America.

Several pieces of Russian text were found in the malware.

The first part of the C2 URL is “Privetsvoyu” which is a misspelled transliteration of the Russian word for “Greetings.” Secondly, we found the string “salamvsembratyamyazadehayustutlokeretodlyagadovveubilinashusferu.” Despite the weird transliteration, it roughly translates to: “Greetings to all brothers, I’m suffocating here, locker is for bastards, you’ve messed up our area of interest.”

MD5 sum and C2 URL IOCs are included at the end of the report.

The researcher chained an insecure password reset API route to bypass authentication, then discovered an IDOR vulnerability could be leveraged to access sensitive customer data.

For everyone that says "The real world can't be as easy as training labs make it seem out to be!", sometime it really do be that ez.

I thought I'd take a break from posting stories that come across my RSS feed to let people know about an upcoming Hack-A-Thon/CTF event that OffSec is running next weekend.

I'm not really sure what the challenges will entail, since I'm not eligible for any of the prizes I haven't been paying much attention to info about it at all. I do know that in order to compete you will have to have an active PG Practice subscription, which is $19 USD/mo, more info is here. I don't really like that they're requiring people to already have a paid subscription to compete, but it's their ecosystem and their rules.

There are three different tiers you can compete in, a PEN-300 tier, an EXP-301 tier, and an PEN-200 tier. The 1st prize for each tier is a year long LearnOne subscription to the tier course, 2nd place is a 90 day course subscription to the tier course, and 3rd place is a 90 day subscription to the PG Practice environment.

While SANS is the king of wildly expensive courses, the OffSec subscriptions definitely aren't cheap either, especially if you're self-paying. I get the irony of making people pay for entry into a contest where they might win a subscription they otherwise couldn't afford, but it's better than nothing I guess.

Elastic Security Labs has discovered the SPECTRALVIPER malware targeting a national Vietnamese agribusiness.