exploit

Hackers Exploit SonicWall Zero-Day Bug in FiveHands Ransomware Attacks

Apr 30, 2021 by iHash Leave a Comment

An "aggressive" financially motivated threat group tapped into a zero-day flaw in SonicWall VPN appliances prior to it being patched by the company to deploy a new strain of ransomware called FIVEHANDS. The group, tracked by cybersecurity firm Mandiant as UNC2447, took advantage of an "improper SQL command neutralization" flaw in the SSL-VPN SMA100 product (CVE-2021-20016, CVSS … [Read more...] about Hackers Exploit SonicWall Zero-Day Bug in FiveHands Ransomware Attacks

New JavaScript Exploit Can Now Carry Out DDR4 Rowhammer Attacks

Apr 14, 2021 by iHash Leave a Comment

Academics from Vrije University in Amsterdam and ETH Zurich have published a new research paper describing yet another variation of the Rowhammer attack. Dubbed SMASH (Synchronized MAny-Sided Hammering), the technique can be used to successfully trigger the attack from JavaScript on modern DDR4 RAM cards, notwithstanding extensive mitigations that have been put in place by … [Read more...] about New JavaScript Exploit Can Now Carry Out DDR4 Rowhammer Attacks

Critical F5 BIG-IP Bug Under Active Attacks After PoC Exploit Posted Online

Mar 21, 2021 by iHash Leave a Comment

Almost 10 days after application security company F5 Networks released patches for critical vulnerabilities in its BIG-IP and BIG-IQ products, adversaries have begun opportunistically mass scanning and targeting exposed and unpatched networking devices to break into enterprise networks. News of in the wild exploitation comes on the heels of a proof-of-concept exploit code that … [Read more...] about Critical F5 BIG-IP Bug Under Active Attacks After PoC Exploit Posted Online

Beware! Fully-Functional Exploit Released Online for SAP Solution Manager Flaw

Jan 24, 2021 by iHash Leave a Comment

Cybersecurity researchers have warned of a publicly available fully-functional exploit that could be used to target SAP enterprise software. The exploit leverages a vulnerability, tracked as CVE-2020-6207, that stems from a missing authentication check in SAP Solution Manager (SolMan) version 7.2 SAP SolMan is an application management and administration solution that offers … [Read more...] about Beware! Fully-Functional Exploit Released Online for SAP Solution Manager Flaw

How to Enable Kernel Exploit Prevention

Nov 7, 2020 by iHash Leave a Comment

Introduction This document and video will demonstrate how to enable kernel exploit prevention to protect hosts from sophisticated attacks that attempt kernel code execution. Video Overview Malware, and in particular ransomware, is increasingly using sophisticated attack chains to bypass traditional AV and execute successfully. As an example, the Robinhood … [Read more...] about How to Enable Kernel Exploit Prevention

Researchers Fingerprint Exploit Developers Who Help Several Malware Authors

Oct 2, 2020 by iHash Leave a Comment

Writing advanced malware for a threat actor requires different groups of people with diverse technical expertise to put them all together. But can the code leave enough clues to reveal the person behind it? To this effect, cybersecurity researchers on Friday detailed a new methodology to identify exploit authors that use their unique characteristics as a fingerprint to track … [Read more...] about Researchers Fingerprint Exploit Developers Who Help Several Malware Authors

APT Hackers Exploit Autodesk 3D Max Software for Industrial Espionage

Aug 26, 2020 by iHash Leave a Comment

It's one thing for APT groups to conduct cyber espionage to meet their own financial objectives. But it's an entirely different matter when they are used as "hackers for hire" by competing private companies to make away with confidential information.Bitdefender's Cyber Threat Intelligence Lab discovered yet another instance of an espionage attack targeting an unnamed … [Read more...] about APT Hackers Exploit Autodesk 3D Max Software for Industrial Espionage

The State of Exploit Development: Part 2

Aug 22, 2020 by iHash Leave a Comment

In Part 1 of this two-part blog series, we addressed binary exploitation on Windows systems, including some legacy and contemporary mitigations that exploit writers and adversaries must deal with in today’s cyber landscape. In Part 2, we will walk through more of the many mitigations Microsoft has put in place. Modern Mitigation #1: Page Table Randomization As explained in Part … [Read more...] about The State of Exploit Development: Part 2

The State of Exploit Development: Part 1

Aug 7, 2020 by iHash Leave a Comment

Memory corruption exploits have historically been one of the strongest accessories in a good red teamer’s toolkit. They present an easy win for offensive security engineers, as well as adversaries, by allowing the attacker to execute payloads without relying on any user interaction. Fortunately for defenders, but unfortunately for researchers and adversaries, these types of … [Read more...] about The State of Exploit Development: Part 1

Over A Billion Malicious Ad Impressions Exploit WebKit Flaw to Target Apple Users

Oct 1, 2019 by iHash Leave a Comment

The infamous eGobbler hacking group that surfaced online earlier this year with massive malvertising campaigns has now been caught running a new campaign exploiting two browser vulnerabilities to show intrusive pop-up ads and forcefully redirect users to malicious websites.To be noted, hackers haven't found any way to run ads for free; instead, the modus operandi of eGobbler … [Read more...] about Over A Billion Malicious Ad Impressions Exploit WebKit Flaw to Target Apple Users

« Previous Page

JBL Flip 6 Portable Bluetooth Speaker (Open Box) for $74

Navee V25 300W Foldable e-Scooter for $299

Smart Tracker Includes Key Ring – Works with Apple Find My App (2-Pack) for $34

Harmony Premium Plan Lifetime Subscription for $99

Lenovo 11.6" 100e Chromebook 2nd Gen (2019) MediaTek MT8173C 4GB RAM 16GB eMMC (Refurbished) for $54