Category: Articles

More Apps Running HiddenAds Campaign Found On App Store And Play Store

~ Dade Murphy ~ Leave a comment

Latest Hacking News-- Criminal hackers infiltrated the Google Play Store and Apple App Store with malicious apps. However, this time, the apps running More Apps Running HiddenAds Campaign Found On App Store And Play Store on Latest Hacking News. View original article on Latest Hacking News

Chinese APT Group Targets Media, Finance, and Electronics Sectors

~ Dade Murphy ~ Leave a comment

The Hacker News-- Cybersecurity researchers on Tuesday uncovered a new espionage campaign targeting media, construction, engineering, electronics, and finance sectors in Japan, Taiwan, the U.S., and China. Linking the attacks to Palmerworm (aka BlackTech) — likely a China-based advanced persistent threat (APT) — Symantec's Threat Hunter Team said the first wave of activity associated with this campaign began last … Continue reading Chinese APT Group Targets Media, Finance, and Electronics Sectors

How to Analyze Web Browser Extensions for Possible Malware & Other Malicious Activity

~ Dade Murphy ~ Leave a comment

Null Byte « WonderHowTo-- Browser extensions are extremely useful since they can expand web browsers like Google Chrome and Mozilla Firefox beyond their built-in features. However, we don't always know who's behind a browser add-on or what it's doing beyond what's advertised. That's where ExtAnalysis comes into play. ExtAnalysis will unpack an extension so that … Continue reading How to Analyze Web Browser Extensions for Possible Malware & Other Malicious Activity

Exploiting fine-grained AWS IAM permissions for total cloud compromise: a real world example (part…

~ Dade Murphy ~ Leave a comment

InfoSec Write-ups - Medium-- Exploiting fine-grained AWS IAM permissions for total cloud compromise: a real world example (part 1/2)IntroductionThis is a real case study of how to enumerate and use IAM permissions to your advantage. I strongly suggest you read my previous article on how IAM permissions work. It’s long, but necessary to understand most of … Continue reading Exploiting fine-grained AWS IAM permissions for total cloud compromise: a real world example (part…

Jailbreaking iOS without a Mac (1/4): The Plan

~ Dade Murphy ~ Leave a comment

InfoSec Write-ups - Medium-- Installing an unsigned iOS app (what is the prerequisite of jailbreaking) using Linux with (semi-)legitimate tools.Consider the following situation: we have a factory-installed iOS device (iPhone 5S here) with a recent iOS version (12.4.8) and we want to jailbreak it. We have a Linux desktop (Arch Linux in the following guide), … Continue reading Jailbreaking iOS without a Mac (1/4): The Plan

LIVE Webinar on Zerologon Vulnerability: Technical Analysis and Detection

~ Dade Murphy ~ Leave a comment

The Hacker News-- I am sure that many of you have by now heard of a recently disclosed critical Windows server vulnerability—called Zerologon—that could let hackers completely take over enterprise networks. For those unaware, in brief, all supported versions of the Windows Server operating systems are vulnerable to a critical privilege escalation bug that resides in … Continue reading LIVE Webinar on Zerologon Vulnerability: Technical Analysis and Detection

Caught in the payment fraud net: when, not if?

~ Dade Murphy ~ Leave a comment

Malwarebytes Labs-- Sometimes, I think there are three certainties in life: death, taxes, and some form of payment fraud. Security reporter Danny Palmer experienced this a little while ago, and has spent a significant amount of time tracking the journey of his card details from the UK to Suriname. His deep-dive confirmed that it is … Continue reading Caught in the payment fraud net: when, not if?