CyberSecNews Weekly - 0x05-W4721
News
-
New Linux malware hides in cron jobs with invalid dates
Security researchers have discovered a new remote access trojan (RAT) for Linux that keeps an almost invisible profile by hiding in tasks scheduled for execution on a non-existent day, February 31st. -
Check Point Research discover vulnerabilities in smartphones chips embedded in 37% of smartphones around the world
Check Point researcher discovered several vulnerabilities in Mediatek mobile chips. The Mediatek DSP audio can be accessed and exploited from user space applications in order to eavesdrop on the user. -
This New Stealthy JavaScript Loader Infecting Computers with Malware
Hackers are using a new JavaScript malware strain as a loader to distribute remote access Trojans (RATs) and information stealers. -
11 Malicious PyPI Python Libraries Caught Stealing Discord Tokens and Installing Shells
Researchers discover 11 malicious Python libraries distributed via the PyPI repository that aim to install backdooring shells, steal Discord access. -
GoDaddy Announces Security Incident Affecting Managed WordPress Service
On November 17, 2021, GoDaddy declared that his Managed Wordpress service was compromised. The attack may involve up to 1.2 milion of customers.
Tools
- SSH-MITM
An useful tool to intercept and hijack SSH sessions; it can works also as SSH transparent proxy.
Articles
-
How I faked tons of COVID passes — “Weak Key Cryptography in real world”
-
How to Detect Azure Active Directory Backdoors: Identity Federation
Tutorial
-
Hunting for Persistence in Linux (Part 1): Auditd, Sysmon, Osquery, and Webshells
An introduction to monitoring and logging in Linux to look for persistence. -
Detecting a Container Escape with Cilium and eBPF
Learn how to use Isovalent Cilium Enterprise observability to detect container escapes
IR & Reversing
- Reversing a DRM
How to reverse a DRM based on a poorly designed key derivation system