Author: iocOne

The Feed 2025, 01, 14
A summary of recent cybersecurity threats including ransomware targeting AWS S3 buckets, a macOS vulnerability allowing SIP bypass, a cyber espionage campaign linked to Russia, and exploitation of a critical RCE vulnerability in Aviatrix Controller. Affected: AWS, macOS, Aviatrix, Microsoft Office

Keypoints :

Codefinger ransomware targets Amazon S3 buckets using SSE-C.…
Read More
Javascript Sample – Swift Transaction Report.js
This article discusses the analysis of a JavaScript file that initiates a series of behaviors including checking for Java installation, creating persistence, and dumping email addresses. The analysis includes both static and dynamic methods to uncover the malicious activities associated with the file. Affected: JavaScript, Java

Keypoints :

The analysis begins with a JavaScript file named “Swift Transaction Report.js”.…
Read More
Critical Vulnerabilities in SimpleHelp Remote Support Software
A recent security audit of SimpleHelp revealed three critical vulnerabilities that could compromise both the server and client machines. These vulnerabilities include unauthenticated path traversal, arbitrary file upload leading to remote code execution, and privilege escalation from technician to admin. SimpleHelp has since patched these vulnerabilities, and users are urged to upgrade to the latest versions.…
Read More
The Breach Report: My Top Picks from Christmas, January 12, 2025
In the latest cybersecurity incidents, various platforms faced significant breaches and hacks, including Litecoin and Foresight Ventures on Twitter, a vulnerability in Ivanti’s products, and a cyberattack on Russia’s oil sector by Ukraine. Additionally, Japan Airlines experienced flight disruptions due to a cyberattack, while the International Civil Aviation Organization revealed a massive data breach.…
Read More
This article discusses several recent cybersecurity threats, including vulnerabilities in Windows LDAP and Ivanti products, as well as various malware and phishing attacks targeting users and organizations. Affected: Windows, Ivanti, Chrome, Redis

Keypoints :

Windows LDAP vulnerability (CVE-2024-49113) allows unauthenticated attackers to cause denial of service or information disclosure.…
Read More
This article provides a comprehensive overview of significant cybersecurity incidents and vulnerabilities reported recently, including outages, data breaches, and exploits targeting various platforms. Affected: Proton Mail, Ivanti VPN, Banshee, BayMark Health Services, Medusind, MirrorFace, STIIIZY, Samsung, GFI KerioControl, Mitel MiCollab, CrowdStrike, Akamai, Casio.

Keypoints :

Proton Mail experienced a worldwide outage due to a surge in database connections during infrastructure migration.…
Read More
RST TI Report Digest: January 13, 2025
This week’s threat intelligence report from RST Cloud highlights significant cyber threats from various actors, including the Chinese state-sponsored group RedDelta targeting Mongolia, Taiwan, and Southeast Asia, as well as the emergence of new malware like Banshee and the Gayfemboy botnet. The report summarizes key findings from 29 threat intelligence reports, detailing tactics, techniques, and procedures (TTPs) used in these attacks, and includes numerous indicators of compromise (IoCs).…
Read More
Hack The Box Escape
This article provides a detailed walkthrough of the “Escape” machine on Hack The Box, focusing on Active Directory enumeration techniques and exploitation methods. The author shares insights gained from the experience, including working with Kerberos, NTLM, and Certificate Authority. Affected: Hack The Box

Keypoints :

The box “Escape” is rated Medium and is the author’s first Active Directory machine.…
Read More
VulnNet: Internal – From Recon to Root
This article provides a detailed walkthrough of exploiting a vulnerable machine named VulnNet: Internal. The process includes initial reconnaissance, service enumeration, and privilege escalation to achieve root access. Key techniques utilized include Nmap scans, SMB and NFS enumeration, Redis exploitation, and TeamCity manipulation. Affected: VulnNet: Internal

Keypoints :

Initial reconnaissance performed using Nmap to identify open ports and services.…
Read More
CVE-2024-50603 is a critical code execution vulnerability in Aviatrix Controller, allowing unauthenticated attackers to execute arbitrary commands remotely due to improper input handling. This vulnerability poses a significant risk, especially in AWS environments where privilege escalation is possible. Immediate upgrades to patched versions are recommended to mitigate exploitation risks.…
Read More
The Most Active Threat Actors of Q1 2025: An In-Depth Analysis
In Q1 2025, various cyber threat actors, including state-sponsored groups and ransomware operators, have intensified their activities, targeting critical infrastructure and private entities globally. Notable groups include Volt Typhoon, Salt Typhoon, RansomHub, Andariel, and emerging hacktivist collectives. Organizations are urged to adopt robust defense strategies to mitigate these threats.…
Read More