many parts make the whole
The big news this past week was a ransomware attack against MGM Resorts and Caesar’s Entertainment. The attacks have both been attributed to ALPHV and apparently Caesar’s quickly paid the ransom, (which may have been tens of millions according to bloomberg), while MGM seems to have refused to pay up and is still having issues … Read More “MGM AND CAESARS RANSOMWARE ATTACKS” »
21 years after its’ launch, the Windows XP activation algorithm has been completely cracked allowing for offline activation. Unfortunately it is common for very out of date Operating Systems to still be deployed, especially in manufacturing and industrial settings. Software that is required to run or communicate with an essential piece of equipment was written … Read More “Windows XP ACTIVATION ALGORITHM CRACKED” »
The City of Dallas is currently dealing with a ransomware attack that is affecting multiple departments including the Police. Apparently while their systems are locked down Police and dispatch are having to do their work by hand which is slowing things down, although they are still responding as normal to calls. The City is advising … Read More “CITY OF DALLAS RANSOMWARE ATTACK” »
If you were not able to attend Shmoocon 2023 you can still view the talks and presentations. There are presentations on a wide variety of topics including career development, hardware hacking, Open Source Software, blue team operations, OSINT, and more! Videos are available here!
In it’s too good to be true news, what if you could just ask your target system to execute code? Lucas Luitjes has an interesting article about simply asking AI chatbots to execute code and it turns out they will! Sanitizing user input has been a known issue for quite some time. Without sanitized input … Read More “REMOTE CODE EXECUTION BY ASKING NICELY – InjectGPT” »
Veeam has recently disclosed a vulnerability which allows unauthenticated access to cleartext credentials. A bad actor would only require network access to exploit this vulnerability and it has been assigned a CVSS score of 7.5 HIGH. Versions before 12.0.0.1420 P20230223 and 11.0.1.1261 P20230227 are vulnerable. Leaked credentials are especially concerning in this case because they … Read More “Veeam Backup & Replication – CVE-2023-27532” »
A malware campaign is currently underway targeting popular Python packages by typosquatting. Once deployed the malware replaces crypto wallet addresses stored in the clipboard with a wallet controlled by the attacker. Phylum has discovered over 450 malicious packages in the wild mostly targeting crypto, finance, and web development packages. More information on affected packages and … Read More “ACTIVE MALWARE CAMPAIGN TARGETING POPULAR Python PACKAGES” »
A buffer overflow vulnerability has been disclosed that could allow for local privilege escalation to root and leakage of stack and heap addresses. The CVSS score is 7.8 HIGH. A patch has been proposed and mitigation is available by disabling unprivileged user namespaces. This is another buffer overflow in nf_tables similar to the one we … Read More “KERNEL STACK BUFFER OVERFLOW in Linux – CVE-2023-0179” »
AI chatbots are all the rage! Many people are experimenting with new and exciting ways to leverage them to accomplish routine tasks and there is a lot of concern that they may eventually automate away a lot of entry level jobs. Of course this is always the fear when there is a step forward in … Read More “ChatGPT AI GENERATED PHISHING CAMPAIGNS” »
Tom Forbes recently published an interesting article detailing how a strange pull request on his pypi-data project led him to discover a publicly available release file that contained a hard coded AWS access key and an AWS secret key. This key was still active and allowed Tom access to an AWS bucket containing clinical data … Read More “InfoSys LEAKS FullAdminAccess AWS KEYS ON PyPi FOR OVER A YEAR” »