Deep technical details of how we combined HTTP request tunneling and path traversal vulnerabilities to permit unauthorized RCE in Qlik Sense.

Undisclosed requests may bypass configuration utility authentication, allowing an attacker with network access to the BIG-IP system through the management port…

In recent weeks OneNote has gotten a lot of media attention as threat actors are abusing the embedded files feature in OneNote in their phishing campaigns.
I first observed this OneNote abuse in the media via Didier’s post. This was later also mentioned in Xavier’s ISC diary and on the podcast. Later, in the beginning of February, the hacker news covered this as well.

During the past 4 months Microsoft Onenote file format has been (ab)used as Malware carrier by different criminal groups. While the main infection vector is still on eMail side - so nothing really relevant to write on - the used techniques, the templates and the implemented code to inoculate Malware changed a lot. So it…

Introduction On January 10, 2023, ManageEngine released a security advisory for CVE-2022-47966 (discovered by Khoadha of Viettel Cyber Security) affecting a wide range of products. The vulnerability allows an attacker to gain remote code execution by issuing a HTTP POST request containing a malicious SAML response. This vulnerability is a result of  using an outdated […]

Since September 2022, Aurora malware is advertised as an infostealer and several traffers teams announced they added it to their malware toolset.

RedLine is an information stealer which operates on a MaaS (malware-as-a-service) model. This stealer is available on underground forums, and priced according to users' needs.

Hidden DNS resolvers and how to compromise your infrastructure