I'm transitioning to more of a #research role within my company and would really appreciate advice from experienced #researchers, whatever your specialty.

This is kinda cool - my #Azure #VaultRecon vulnerability (that #Microsoft say is by design and is not a vulnerability) is now listed in the #CloudVulnDB #SecurityResearch —#CloudSecurity #KeyVault #Enumeration #SharingIsSecuring #WeAllWinTogether

https://www.cloudvulndb.org/azure-vault-recon-keyvault-secret-metadata-control-plane-exfiltration

What distro are people using as their daily driver for security research?

Our privacy-preserving digital identity system uses publicly verifiable secret sharing to distribute revocation responsibilities among multiple issuers, ensuring protection against issuer corruption. https://ieeexplore.ieee.org/document/10664234/ #DigitalIdentity #Privacy #Cryptography #Blockchain #SecurityResearch
https://ieeexplore.ieee.org/document/10664234/

Imagine you have a friend who’s worked in security for nearly a decade and they’re feeling burned out. The spark is still there, they care about the work, but they are tired. Nothing feels exciting or interesting anymore.

Apart from taking some time off, they’ve asked for podcast or book recs—stories that will help them feel that twinge of excitement, that will remind them of how rewarding and fascinating this field can be.

What do you suggest?

Significant increases from QuasarRAT, the second most popular remote access trojan associated with botnet C&Cs – get the full list here:

https://info.spamhaus.com/botnet-threat-updates

While I may publish a more complete blog post about this later
I also sent this on twitter to make #Github aware of it quicker
However I felt that I should also publish it here.

I recently came upon this post on reddit: https://www.reddit.com/r/cybersecurity_help/comments/196qhup/how_do_i_remove_this_malware/

Which awakened my curiosity about this user who has quite a few repo's with multiple stars: github[.]com/AppsForDesktop

looking at their profile I noticed various repo's claiming to be desktop app for various popular websites and apps.

When I investigated these repo's in my sandboxes I discovered they installed the file: cnertucbrcaj[.]exe and performed various persistence techniques,
Adding several exclusions to defender
and uninstalling various windows security components such as MRT.

After which it of course connected to various Monero mining pools.

​ And we’re on Mastodon!

If you’re new to The Spamhaus Project, check out our bio above ​

Ultimately, we’re here to build a community. A community of like-minded individuals, who want to make the internet a safer place. On Mastodon, we’ll be sharing latest threat intelligence from our researchers and threat hunters, and we’d like to invite you to do the same….

Earlier this month, we launched our Threat Intel Community, giving anyone the ability to submit malicious domains, IPs, email source codes, or URLs to Spamhaus through our user-friendly portal.

If you’re curious to know more, read this blog:
https://www.spamhaus.org/news/article/821/want-to-submit-data-be-our-guest

Or visit the Threat Intel Community here:
https://submit.spamhaus.org

Last week I chatted with @mattburgess at WIRED about the long tail of fallout from #MOVEit. Read my comments and the excellent article by Matt and @lhn here:

#CensysResearch #securityResearch #infosec #security #cybersecurity #MFT

https://www.wired.com/story/moveit-breach-victims/

On Friday at #LABScon23, I shared some research on the state of #MFT tool hacks. In particular, I talked about how #MOVEit has become a supply chain issue at this point, and that I strongly suspect we’ll see a long tail of breach disclosures as a result. You may not use it, but if you contract with a vendor who does (and do you even know?), your users’ data is at risk.

Last month, the Colorado Department of Health Care Policy and Financing disclosed that health data for 4 million people was stolen through the #MOVEit campaign—not because they used the tool, but because they contracted with IBM, who used it. (https://hcpf.colorado.gov/moveit)

Just this morning, I saw the news that the National Student Clearinghouse has filed a breach notification indicating that the data for more than 900 universities has been affected by #MOVEit. (https://www.helpnetsecurity.com/2023/09/25/clearinghouse-moveit-breach/)

It's been about 4 months since the initial MOVEit vulnerability disclosure, and I think we may be seeing fallout—especially from a supply chain angle, as vendors complete investigations and notify affected customers—for months to come.

I'm very happy to share with you all my latest research #blogpost along with my awesome team mate Reuven Yakar. Reuven and I found a critical vulnerability in the popular Wemo smart electrical socket by Belkin. This research had all the fun stuff - software AND hardware hacking and reverse engineering and I'm super excited to finally be able to share it. Note that Belkin WILL NOT be releasing a patch to this vulnerability:
https://sternumiot.com/iot-blog/mini-smart-plug-v2-vulnerability-buffer-overflow/

Attention all security professionals and enthusiasts! We are excited to announce our upcoming SecurityBSides event in Milan on July 8, 2023. This is your chance to share your knowledge, insights, and experiences with the community. We are now accepting proposals for presentations and workshops. Submit your ideas on cutting-edge security topics for a chance to speak at the event. Don't miss this opportunity to be a part of the security conversation in Milan. Submit your proposal now! #SecurityBSides #Milan2023 #BSML23 #cybersecurity #infosec #information #cfp #research #threatintel @SecurityBSidesGlobal #securityresearch #securityawareness #trainings Check out our website!! https://milano.securitybsides.it and the call for paper page!! https://easychair.org/cfp/bsml23
We are waiting for you, are you up for it!!

Alrighty nerds, strap in - got another #Microsoft vulnerability write up, hot off the press!
 
You may remember the vulnerability disclosed by the #NCSC and #NSA to Microsoft about #CryptoAPI (CVE-2022-34689) which can lead to masquerading as legitimate entities (such as google or Microsoft.)
 
We analyzed and exploited it. Pretty neat.

in the PoC, you can see the source code for how it could be exploited in the wild using an old version of Chrome.
 
Link to write-up: https://www.akamai.com/blog/security-research/exploiting-critical-spoofing-vulnerability-microsoft-cryptoapi

Link to github repo: https://github.com/akamai/akamai-security-research/tree/main/PoCs/CVE-2022-34689

Awesome work Tomer and @yoni !!!

I'm writing all of these GPS trackers I'm ordering off as an unreimbursed work expense. #securityresearch

The docker images have been updated with the Ronin 2.0.0 (beta) gem to allow for easier beta testing.
https://hub.docker.com/r/roninrb/ronin
#docker #ruby #security #infosec #securityresearch #beta

I can finally show off what I've been quietly working on non-stop for the past year: a large refactoring of one of my older/bigger projects, Ronin - a Ruby toolkit for security research and development.
700 closed issues and 4153 commits later, The Big Refactor is complete. Last night I was busy releasing the beta versions of the gems. Just announced an Open Beta with instructions on how to install everything. Please consider installing it and testing it. A lot of work has gone into it. Now I can relax and maybe work on other projects.​
https://ronin-rb.dev/blog/2023/01/01/announcing-the-ronin-2-0-0-open-beta.html
#ruby #opensource #passionproject #security #infosec #securityresearch

A new episode has been published on @ITSPmagazine

Show: The Hacker Factory Podcast With Phillip Wylie @phil

Episode: A Conversation With OWASP Amass Creator Jeff Foley

Podcast format: Audio

Enjoy!

https://www.itspmagazine.com/the-hacker-factory-podcast