News

TA427, also known as Leviathan or TEMP.Periscope, is a cyber espionage group believed to be linked to North Korea. Their primary goal is to gather intelligence on foreign policy matters related to the U.S., South Korea, and other countries of strategic interest to the North Korean regime. TA427 employs a sophisticated attack flow that involves multiple stages: Reconnaissance and Information Gathering 📌TA427 conducts extensive open-source intelligence (OSINT) gathering to identify potential targets, such as foreign policy experts, think tanks, and academic institutions...

The Progress Telerik Report Server pre-authenticated Remote Code Execution (RCE) chain, identified as CVE-2024-4358 and CVE-2024-1800, involves a critical vulnerability that allows unauthenticated attackers to execute arbitrary code on affected servers. Attack Flow 📌Initial Access: The attacker identifies a vulnerable Telerik Report Server instance. 📌Exploitation of CVE-2024-4358: The attacker sends a crafted request to the /Startup/Register endpoint to create a new administrator account. 📌Privilege Escalation: The attacker logs in using the newly created administrator account...

The EvilLsassTwin project on GitHub, found in the Nimperiments repository, focuses on a specific technique for extracting credentials from the Local Security Authority Subsystem Service (LSASS) process on Windows systems. 📌Objective: The project aims to demonstrate a method for credential dumping from the LSASS process, which is a common target for attackers seeking to obtain sensitive information such as passwords and tokens. 📌Technique: The method involves creating a «twin» of the LSASS process...

The technical details and real-world exploitation of CVE-2024-24919 highlight the critical nature of this vulnerability and the importance of prompt remediation to protect against potential data breaches and network compromises. Vulnerability Description 📌CVE-2024-24919 is an information disclosure vulnerability that allows an unauthenticated remote attacker to read the contents of arbitrary files on the affected appliance. 📌It is categorized as an «Exposure of Sensitive Information to an Unauthorized Actor» vulnerability...

CVE-2024-3400 (+ url + github url#1, url#2) is a critical command injection vulnerability in Palo Alto Networks' PAN-OS software, specifically affecting the GlobalProtect feature. This vulnerability allows an unauthenticated, remote attacker to execute arbitrary code with root privileges on the affected firewall. The vulnerability impacts PAN-OS versions 10.2, 11.0, and 11.1 when configured with GlobalProtect gateway or GlobalProtect portal. Initial Discovery and Exploitation: 📌The vulnerability was first identified by Volexity, who observed zero-day exploitation attempts on March 26, 2024...

The GitHub repository «darkPulse» by user «fdx-xdf» is a shellcode packer written in Go. 📌Purpose: darkPulse is designed to generate various shellcode loaders that can evade detection by Chinese antivirus software such as Huorong and 360 Total Security. 📌Shellcode Loader Generation: Generates different types of shellcode loaders. 📌Antivirus Evasion: Focuses on evading detection by popular Chinese antivirus programs like Huorong and 360 Total Security...