728x90 λ°μν Security News13 OpenSSL 3.0.0 ~ 3.0.6 μ·¨μ½μ ν¨μΉ λ°ν μ΄μ λΈλ‘κ·Έμ μμ±ν OpenSSL 3.x λ²μ μ μ·¨μ½μ μ λν ν¨μΉκ° λ°νλμλ€. 3.0.7λ‘ μ λ°μ΄νΈλ₯Ό κΆκ³ νκ³ μμΌλ©°, ν΄λΉ μ·¨μ½μ μ μ€λ²νλ‘μ°λ₯Ό μΌμΌν¨λ€. https://www.openssl.org/blog/blog/2022/11/01/email-address-overflows/ CVE-2022-3786 and CVE-2022-3602: X.509 Email Address Buffer Overflows - OpenSSL Blog Today we published an advisory about CVE-2022-3786 (βX.509 Email Address Variable Length Buffer Overflowβ) and CVE-2022-3602 (βX.509 Email Address 4-byt.. Security News 2022. 11. 2. 0 μ 2μ ννΈλΈλ¦¬λ OpenSSL μ·¨μ½μ μ£Όμ 2014λ λμ opensslμμ ννΈλΈλ¦¬λ(CVE-2014-0160) λ©λͺ¨λ¦¬ λμ μ·¨μ½μ μ΄ λ°μνμλλ°μ. μ΄λ²μλ openssl 3.0 λ²μ λ° 3.0.6κΉμ§μ λ²μ μμ μ 2μ ννΈλΈλ¦¬λλΌκ³ λΆλ¦¬λ μ·¨μ½μ μ΄ λ°μνλ€κ³ ν©λλ€. https://www.boannews.com/media/view.asp?idx=111111 11μ 1μΌλ‘ ν¨μΉκ° μκ³ λ μ€νSSL μ·¨μ½μ , μ΄μ©λ©΄ μ 2μ ννΈλΈλ¦¬λ μ€νSSL νλ‘μ νΈ(OpenSSL Project) μΈ‘μμ μκ³ ν μ€μν ν¨μΉ μΌμκ° μΌμ£ΌμΌλ λ¨μ§ μμλ€. μ€νSSL 3.0 λ° νμ λ²μ μ μ¬μ©νκ³ μλ λͺ¨λ μ‘°μ§λ€μ΄ μ§κΈμ΄λΌλ λ¬λ ₯μ νμλ₯Ό ν΄μΌ ν λ§νΌ μ€μν www.boannews.com ν΄λΉ λ΄μ©μ 보면 μ€λͺ λμ΄ μλ κ²μ²λΌ 22λ 11μ 1μΌ νμμΌμ λ΄μ©.. Security News 2022. 11. 1. 0 λμ¬μ¨μ΄ 걸리μ λΆλ€ :) 볡ꡬ방λ²μ λλ€.(ransomware) λμ¬μ¨μ΄ 걸리μ λΆλ€ νκ΅ μΈν°λ· μ§ν₯μμμ κΈμ μ½μ΄λ³΄μμ:) 볡ꡬ방λ²μ λν΄ μ€λͺ λμ΄μμ΅λλ€.!! https://www.krcert.or.kr/ransomware/recovery.do Security News 2016. 12. 27. 0 PHPMailer-Exploit-Remote-Code_CVE-2016-10033 __ __ __ __ __ / / ___ ____ _____ _/ / / / / /___ ______/ /_____ __________ / / / _ \/ __ `/ __ `/ / / /_/ / __ `/ ___/ //_/ _ \/ ___/ ___/ / /___/ __/ /_/ / /_/ / / / __ / /_/ / /__/ ,< / __/ / (__ ) /_____/\___/\__, /\__,_/_/ /_/ /_/\__,_/\___/_/|_|\___/_/ /____/ /____/ ============================================= - Discovered by: Dawid Golunski - dawid[at]legalhackers.com - https://legalhack.. Security News 2016. 12. 27. 0 It’s Parliamentary: KeyBoy and the targeting of the Tibetan Community Key FindingsIn this report we track a malware operation targeting members of the Tibetan Parliament over August and October 2016.The operation uses known and patched exploits to deliver a custom backdoor known as KeyBoy.We analyze multiple versions of KeyBoy revealing a development cycle focused on avoiding basic antivirus detection.This operation is another example of a threat actor using βjust.. Security News 2016. 12. 23. 0 Pivoting kerberos golden tickets in Linux β Pivoting kerberos golden tickets in LinuxKerberos golden ticket allows attacker to establish persistent and covert authenticated access to Windows domain. The attack works as follows: Attacker gains administrator privileges in domainAttacker extracts ntlm hash of a domain user "krbtgt" and obtains SID of the target domainThe attacker forges kerberos ticketThis ticket is used to authenticate in.. Security News 2016. 12. 19. 0 unserstanding larger disassembly Understanding larger disassemblyThis past weekend I was disassembling something and it struck me how few people knew how to do what I was doing. So I figured I would quickly document the process of taking a chunk of disassembled code and putting it into a format that's easier to understand. The disassembly I'm going to use for my examples is the same disassembly I was working on this weekend. It.. Security News 2016. 12. 15. 0 CHAKRA JIT CFG BYPASS CHAKRA JIT CFG BYPASSby Theori β 14 Dec 2016IntroductionAs promised in our previous blog post, we are going to take a look at a method to bypass Microsoftβs Control Flow Guard (CFG) when attacking Internet Explorer and Edge browsers. Our previous proof-of-concept exploit worked by ovewriting the function pointer of an object. However, with CFG in place, we cannot simply do that without aborting... Security News 2016. 12. 15. 0 νν μ€νΈλ₯Ό μν μ μ©ν μ¬μ΄νΈ λΆλ§ν¬ λͺ¨μ νν μ€νΈλ₯Ό μν μ μ©ν μ¬μ΄νΈ λ€μ λλ€. νμ΄μ€λΆμμ κ°μ Έ μ¨κ±°μ§λ§ νλ² μ λ 보면 μ’μ κ² κ°μ΅λλ€, :) https://github.com/jhaddix/pentest-bookmarks/blob/master/wiki/BookmarksList.wiki Security News 2016. 12. 14. 0 ꡬκΈ, κ³ μ°¨μ λ°μ΄ν° μκ°ν λꡬ μ€νμμ€ κ³΅κ° κ΅¬κΈ, κ³ μ°¨μ λ°μ΄ν° μκ°ν λꡬ μ€νμμ€ κ³΅κ° μμΈν λ΄μ© :) http://www.bloter.net/archives/269041 Security News 2016. 12. 13. 0 Resource Hacker Version 4.2.5 Last updated: 17 August 2015 Copyright οΏ½ 1999-2015 Angus Johnson Freeware - no nags, no ads and fully functional. Download Overview: Resource HackerοΏ½ has been designed to be the complete resource editing tool: compiling, viewing, decompiling and recompiling resources for both 32bit and 64bit Windows executables. Resource HackerοΏ½ can open any type of Windows executable (*.exe; *.dll.. Security News 2015. 9. 7. 0 κ΅λ―Ό μν, μ‘ν°λΈXμμ΄ μΈν°λ·λ± νΉ KBκ΅λ―Όμνμμ κ΅λ΄ μ΅μ΄λ‘ μ‘ν°λΈXμμ΄ μνμ¬μ© μ¬κ±΄ λ§λ ¨ http://www.hani.co.kr/arti/economy/economy_general/706985.html Security News 2015. 9. 3. 0 Hidden password-stealing malware lurking in your GPU card? Intel Security thinks not Fears that malware is hiding in people's graphics chipsets may be overclocked, according to Intel Security.Earlier this year, researchers from the self-styled βTeam JellyFishβ released a proof-of-concept software nasty capable of exploiting GPUs to swipe passwords and other information typed in by a PC's user. The same research raised doubts about whether security tools can defend against this k.. Security News 2015. 9. 3. 0 μ΄μ 1 λ€μ κ΄κ³ νλ² λ³΄κ³ κ°μ€κ²μ! 728x90 λ°μν
