Socket’s Post

By sandboxing a sample of the malicious backdoor malware #GootLoader, Unit 42 researchers analyzed and then bypassed its anti-analysis techniques. They've broken these steps down in this article. Security researchers will learn how Visual Code Studio and Node.js debugging played a hand in the process. https://bit.ly/4cMLXGG

A threat actor is now advising StackOverflow devs asking debugging questions to install a 'pytoileur' #Python package as a "solution" to their code troubles. 🛑 DO NOT fall for this, it's a trap—the package has encoded code hidden on line 17 via whitespaces and infects Windows users with #trojan as soon as it's installed! https://lnkd.in/ehvGhas3 #opensource #malware

TryHackMe nice machine CTF about enumeration Active Directory #hackerman #bhfyp #developer #computer #javascript #privacy #code #or #hackerspace #termux #hacks #phishing #datasecurity #html #ransomware #hackingnews #programmingmemes #android #secutiy #bugbounty #software #cybersecuritytraining #learnhacking #windows #webdeveloper #softwaredeveloper #termuxhacking #dataprotection #hackinginstagram #pythonprogramming

Cybersecurity researchers found a malicious #Python package on PyPI designed to deliver an information stealer called #Lumma. The package, crytic-compilers, mimicked a legitimate library and was downloaded 441 times before removal. It initially installed the real library to avoid detection but later versions targeted #Windows systems with additional malware. This highlights threats to Python developers and abuse of open-source registries. Additionally, over 300 #WordPress sites were compromised with fake Chrome update pop-ups. Attackers used legitimate plugins for #malicious purposes, evading detection. Read more here: https://lnkd.in/dpJKSyCP #Cybernews #CybersecurityNews  

Malware Campaign Exploits Popup Builder WordPress Plugin to Infect 3,900+ Sites http://ow.ly/gX1V105lyM6

Malware Campaign Exploits Popup Builder WordPress Plugin to Infect 3,900+ Sites http://ow.ly/gX1V105lyM6

Day 73 of #100daysofcybersecurity I took the day to practice my skills. I pawned Surveillance on Hack The Box. This box really emphasized system enumeration. It also featured two recent CVEs which is always great, to stay on top of vulnerabilities. I also pawned Hospital though I was not able to do it without help. I learned a lot of things with this challenge such as how to: - Identify for disabled functions in PHP - Use P0wny-shell and weevely - Use the keystroke logger script with Meterpreter

XSS attack happens when someone injects malicious code into your website. Code that can listen to your key inputs and send them to hackers, code that can make a LinkedIn post on your behalf, or send your cookies to an attacker. Know more about it in my new blog h͟t͟t͟p͟s͟:͟/͟/͟r͟a͟j͟a͟n͟l͟a͟g͟a͟h͟.͟m͟e͟d͟i͟u͟m͟.͟c͟o͟m͟/͟w͟h͟a͟t͟-͟e͟x͟a͟c͟t͟l͟y͟-͟i͟s͟-͟x͟s͟s͟-͟a͟t͟t͟a͟c͟k͟-͟0͟7͟6͟f͟a͟8͟2͟5͟5͟3͟a͟6͟ #React #Security #XSS #Javascript

This is a unique approach to malware evasion, essentially creating a new programming language using EMOJIS! While a few of the emojis used have been decoded there are still hundreds of others available; threat actors can also change the meanings of discovered emojis too, further obfuscating commands. https://lnkd.in/e5tdrQ4v

🚨 Qualys Threat Research Unit have discovered five critical local privilege escalation vulnerabilities in Ubuntu's needrestart utility. 💥 These flaws have existed since 2014 and allow for any unprivileged user to gain root access. They affect a core component of Ubuntu Server installations: needrestart. 🔍 needrestart is a tool that checks if system services need restarting after updates. The vulnerabilities arise from how it interacts with Python and Ruby interpreters, allowing attackers to execute malicious code with root privileges by manipulating environment variables or exploiting race conditions. 💻 The vulnerabilities (CVE-2024-48990, CVE-2024-48991, CVE-2024-48992, CVE-2024-10224 and CVE-2024-11003) could lead to complete system compromise, enabling data theft, malware installation, or operational disruptions. ✅ To mitigate the risk, users should update needrestart to version 3.8 or disable the vulnerable interpreter heuristic in the configuration file. Given the severity of the vulnerabilities and the ease of their exploitation, immediate action is crucial for Ubuntu Server users to protect their systems from potential compromise. Source: Qualys #ubuntu #privesc #needrestart -- P.S.: If you discover us through this post, we invite you to follow our content here on LinkedIn, or on YouTube. All the links are in the comments below 👇