Security Operations

Leaked Secrets and Unlimited Miles: Hacking the Largest Airline and Hotel Rewards Platform::Between March, 2023 and May, 2023 we reported multiple security vulnerabilities to points.com, the backend provider for a large portion of airline and hotel rewards programs...

Targeted npm Malware Attempts to Steal Company Source Code::On July 31, 2023, Phylum's automated risk detection platform alerted us to another series of unusual publications on npm. Within a few hours, we observed the publication of ten different "test" packages. These packages demonstrated increasing functionality and refinement as the attacker seemingly tailored the code for a specific purpose—

Summary: MTE As Implemented - Google Project Zero:: By Mark Brand, Project Zero In mid-2022, Project Zero was provided with access to pre-production hardware implementing the ARM MTE specifi...

Vulnerability Uncovered in Salesforce’s Email Services Exploited for Phishing Facebook Accounts In-The-Wil::undefined

AWS IAM Persistence Methods - Hacking The Cloud::A catalog of methods to maintain access to the AWS control plane.

Multi-threaded secretsdump.py::Enhanced version of secretsdump.py from Impacket. Adds multi-threading and accepts an input file with a list of target hosts for simultaneous secrets extraction. - GitHub - fin3ss3g0d/secretsdump.py: Enhanced version of secretsdump.py from Impacket. Adds multi-threading and accepts an input file with a list of target hosts for simultaneous secrets extraction.

SpyNote continues to attack financial institutions | Cleafy Labs::Discovered at the end of 2022, SpyNote is now executing an extensive campaign against multiple European customers of different banks. Read the technical analysis to know all his functionalities and how to prevent it.

AMD 'Zenbleed' Bug Leaks Data From Zen 2 Ryzen, EPYC CPUs: Most Patches Coming Q4::A security researcher revealed a new Zenbleed vulnerability that allows the stealing of sensitive data from AMD's Zen 2 processors.

Chaining our way to Pre-Auth RCE in Metabase (CVE-2023-38646)::Application security issues found by Assetnote

GitHub - pushsecurity/saas-attacks: Offensive security drives defensive security. We're sharing a collection of SaaS attack techniques to help defenders understand the threats they face. #nolockdown::Offensive security drives defensive security. We're sharing a collection of SaaS attack techniques to help defenders understand the threats they face. #nolockdown - GitHub - pushsecurity/saas-attacks: Offensive security drives defensive security. We're sharing a collection of SaaS attack techniques to help defenders understand the threats they face. #nolockdown

SVG Security Risks - not just a scalable graphic::Embedding Scalable Vector Graphics (SVG) can expose websites to code injection. This article explores how SVGs work, the risks they pose, and how to mitigate them.

Huawei Theme Manager Arbitrary Code Execution Vulnerability::Doyensec's Blog :: Doyensec is an independent security research and development company focused on vulnerability discovery and remediation.

CVE-2023-35078 - Remote Unauthenticated API Access Vulnerability - A vulnerability has been discovered in Ivanti Endpoint Manager Mobile (EPMM), formerly known as MobileIron Core. This vulnerabilit...::<span style="font-size: 11pt;"><span style="line-height: 107%;"><span style="font-family: Calibri,sans-serif;"><span style="font-family: "Arial",sans-serif;">A vulnerability has been discovered in Ivanti Endpoint Manager Mobile (EPMM), formerly known as MobileIron Core. This vulnerability impacts all supported versions – Version 11.4 releases 11.10, 11.9 and 11.8. Older versions/releases are also at risk.<span style="font-family: "Arial",sans-serif;"><span style="color: black;">If exploited, this vulnerability enables an unauthorized, remote (internet-facing) actor to potentially access users’ personally identifiable information and make limited changes to the server.<span style="font-size: 11pt;"><span style="line-height: 107%;"><span style="font-family: Calibri,sans-serif;"><span style="font-family: "Arial",sans-serif;"><span style="color: black;">We have received information from a credible source indicating exploitation has occurred.<span style="font-family: "Arial",sans-serif;"><span style="color: black;"> We continue to work with our customers and partners to investigate this situation.  <span style="font-family: "Arial",sans-serif;"><span style="color: black;">We are only aware of a very limited number of customers that have been impacted. We are actively working with our customers and partners to investigate this situation.    <span style="font-size: 11pt;"><span style="line-height: 107%;"><span style="font-family: Calibri,sans-serif;">   

Zenbleed: A use-after-free in AMD Zen2 processors (CVE-2023-20593)::undefined

Unauthenticated RCE chain on Apache OpenMeetings::Unexpected application states are often overlooked and can introduce severe security vulnerabilities. Read more about this real-world example.

Okta Logs Decoded: Okta Logs Threat Hunting Guide::undefined

Cloud supply chain::undefined

Malicious NPM Packages Attributed To North Korean State Actors::In June 2023, Phylum was the first to unearth a series of suspicious npm publications belonging to what appeared to be a highly targeted attack. The identified packages, published in pairs, required installation in a specific sequence, subsequently retrieving a token that facilitated the download of a final malicious payload

Accurately fingerprint and detect vulnerable (and patched!) versions of Netscaler / Citrix ADC to CVE-2023-3519::Accurately fingerprint and detect vulnerable (and patched!) versions of Netscaler / Citrix ADC to CVE-2023-3519 - GitHub - securekomodo/citrixInspector: Accurately fingerprint and detect vulnerable (and patched!) versions of Netscaler / Citrix ADC to CVE-2023-3519

Compromised Microsoft Key: More Impactful Than We Thought::Our investigation of the security incident disclosed by Microsoft and CISA and attributed to Chinese threat actor Storm-0558, found that this incident seems to have a broader scope than originally assumed. Organizations using Microsoft and Azure services should take steps to assess potential impact.

Blue Team Home Lab Complete Guide::It’s been more than a year since I started writing this guide. It took me this much because I had a lot of personal matters to deal with in the meantime, also from time to time I needed a break from the lab and working on a computer in general, I wanted to spend more time traveling, cooking, spending time with friends and family and also to do nothing, to be honest. Just to lie down, watch movies, play games and that’s all.

Analysis of CVE-2023-3519 in Citrix ADC and NetScaler Gateway::Application security issues found by Assetnote

Kevin Mitnick has passed away::Celebrate the life of Kevin Mitnick, leave a kind word or memory and get funeral service information care of King David Memorial Chapel & Cemetery.

CVE-2023-38408: Remote Code Execution in OpenSSH's forwarded ssh-agent::undefined

Browse millions of secrets leaked in GitHub/NPM via Forager::undefined