Security News13

• OpenSSL 3.0.0 ~ 3.0.6 취약점 패치 발표 어제 블로그에 작성한 OpenSSL 3.x 버전의 취약점에 대한 패치가 발표되었다. 3.0.7로 업데이트를 권고하고 있으며, 해당 취약점은 오버플로우를 일으킨다. https://www.openssl.org/blog/blog/2022/11/01/email-address-overflows/ CVE-2022-3786 and CVE-2022-3602: X.509 Email Address Buffer Overflows - OpenSSL Blog Today we published an advisory about CVE-2022-3786 (“X.509 Email Address Variable Length Buffer Overflow”) and CVE-2022-3602 (“X.509 Email Address 4-byt.. Security News 2022. 11. 2.  0

• 제2의 하트블리드 OpenSSL 취약점 주의 2014년도에 openssl에서 하트블리드(CVE-2014-0160) 메모리 누수 취약점이 발생했었는데요. 이번에는 openssl 3.0 버전 및 3.0.6까지의 버전에서 제2의 하트블리드라고 불리는 취약점이 발생했다고 합니다. https://www.boannews.com/media/view.asp?idx=111111 11월 1일로 패치가 예고된 오픈SSL 취약점, 어쩌면 제2의 하트블리드 오픈SSL 프로젝트(OpenSSL Project) 측에서 예고한 중요한 패치 일자가 일주일도 남지 않았다. 오픈SSL 3.0 및 후속 버전을 사용하고 있는 모든 조직들이 지금이라도 달력에 표시를 해야 할 만큼 중요한 www.boannews.com 해당 내용을 보면 설명되어 있는 것처럼 22년 11월 1일 화요일에 내용.. Security News 2022. 11. 1.  0

• 랜섬웨어 걸리신 분들 :) 복구방법입니다.(ransomware) 랜섬웨어 걸리신 분들 한국 인터넷 진흥원에서 글을 읽어보아요:) 복구방법에 대해 설명되어있습니다.!! https://www.krcert.or.kr/ransomware/recovery.do Security News 2016. 12. 27.  0

• PHPMailer-Exploit-Remote-Code_CVE-2016-10033 __ __ __ __ __ / / ___ ____ _____ _/ / / / / /___ ______/ /_____ __________ / / / _ \/ __ `/ __ `/ / / /_/ / __ `/ ___/ //_/ _ \/ ___/ ___/ / /___/ __/ /_/ / /_/ / / / __ / /_/ / /__/ ,< / __/ / (__ ) /_____/\___/\__, /\__,_/_/ /_/ /_/\__,_/\___/_/|_|\___/_/ /____/ /____/ ============================================= - Discovered by: Dawid Golunski - dawid[at]legalhackers.com - https://legalhack.. Security News 2016. 12. 27.  0

• It’s Parliamentary: KeyBoy and the targeting of the Tibetan Community Key FindingsIn this report we track a malware operation targeting members of the Tibetan Parliament over August and October 2016.The operation uses known and patched exploits to deliver a custom backdoor known as KeyBoy.We analyze multiple versions of KeyBoy revealing a development cycle focused on avoiding basic antivirus detection.This operation is another example of a threat actor using “just.. Security News 2016. 12. 23.  0

• Pivoting kerberos golden tickets in Linux ’ Pivoting kerberos golden tickets in LinuxKerberos golden ticket allows attacker to establish persistent and covert authenticated access to Windows domain. The attack works as follows: Attacker gains administrator privileges in domainAttacker extracts ntlm hash of a domain user "krbtgt" and obtains SID of the target domainThe attacker forges kerberos ticketThis ticket is used to authenticate in.. Security News 2016. 12. 19.  0

• unserstanding larger disassembly Understanding larger disassemblyThis past weekend I was disassembling something and it struck me how few people knew how to do what I was doing. So I figured I would quickly document the process of taking a chunk of disassembled code and putting it into a format that's easier to understand. The disassembly I'm going to use for my examples is the same disassembly I was working on this weekend. It.. Security News 2016. 12. 15.  0

• CHAKRA JIT CFG BYPASS CHAKRA JIT CFG BYPASSby Theori — 14 Dec 2016IntroductionAs promised in our previous blog post, we are going to take a look at a method to bypass Microsoft’s Control Flow Guard (CFG) when attacking Internet Explorer and Edge browsers. Our previous proof-of-concept exploit worked by ovewriting the function pointer of an object. However, with CFG in place, we cannot simply do that without aborting... Security News 2016. 12. 15.  0

• 펜테스트를 위한 유용한 사이트 북마크 모음 펜테스트를 위한 유용한 사이트 들입니다. 페이스북에서 가져 온거지만 한번 정도 보면 좋을 것 같습니다, :) https://github.com/jhaddix/pentest-bookmarks/blob/master/wiki/BookmarksList.wiki Security News 2016. 12. 14.  0

• 구글, 고차원 데이터 시각화 도구 오픈소스 공개 구글, 고차원 데이터 시각화 도구 오픈소스 공개 자세한 내용 :) http://www.bloter.net/archives/269041 Security News 2016. 12. 13.  0

• Resource Hacker Version 4.2.5 Last updated: 17 August 2015 Copyright � 1999-2015 Angus Johnson Freeware - no nags, no ads and fully functional. Download Overview: Resource Hacker� has been designed to be the complete resource editing tool: compiling, viewing, decompiling and recompiling resources for both 32bit and 64bit Windows executables. Resource Hacker� can open any type of Windows executable (*.exe; *.dll.. Security News 2015. 9. 7.  0

• 국민 은행, 액티브X없이 인터넷뱅킹 KB국민은행에서 국내 최초로 액티브X없이 은행사용 여건 마련 http://www.hani.co.kr/arti/economy/economy_general/706985.html Security News 2015. 9. 3.  0

• Hidden password-stealing malware lurking in your GPU card? Intel Security thinks not Fears that malware is hiding in people's graphics chipsets may be overclocked, according to Intel Security.Earlier this year, researchers from the self-styled “Team JellyFish” released a proof-of-concept software nasty capable of exploiting GPUs to swipe passwords and other information typed in by a PC's user. The same research raised doubts about whether security tools can defend against this k.. Security News 2015. 9. 3.  0