hadess

Threat Intel Roundup: CoinEx, Azure Dataleak, Kafka, Lumma

Leave a Comment / Case Study / By hadess

Week in Overview(14 Sep-19 Sep) Technical Summary Silent Skimmer Campaign CVE-2023-34040 – Spring Kafka Deserialization RCE Vulnerability North Korean Lazarus Group’s Involvement in Cryptocurrency Hacks Microsoft AI Data Exposure of 38 Terabytes Exploitation of “search-ms” URI Protocol Handler Distributing XWorm Malware Lumma Stealer Malware Variant (14.09) Detection and Mitigation Key Findings it is crucial for …

Threat Intel Roundup: CoinEx, Azure Dataleak, Kafka, Lumma Read More »

Pi-hole Attack Surface EBook

Leave a Comment / Case Study / By hadess

A network-wide ad-blocking tool with the capability to execute arbitrary commands. Executive Summary Path Traversal to RCE via teleporter.php and zip_file Parameter: The teleporter.php script in Pi-hole and zip_file parameter, which handles the import and export of settings, contains a vulnerability in its file upload functionality. The application does not adequately validate the contents and …

Pi-hole Attack Surface EBook Read More »

Pi-hole Attack Surface

Threat Intel Roundup: Lazarus, Lumma, Superset, RocketMQ

Leave a Comment / Case Study / By hadess

Week in Overview(5 Sep-12 Sep) Technical Summary Key Findings it is crucial for organizations and individuals to prioritize remediation and patching efforts to safeguard their systems and data. The following key findings highlight the importance of proactive measures to mitigate risks associated with various vulnerabilities and threats:

Rocket.Chat IOS Application (EBook)

Leave a Comment / Case Study / By hadess

A modern iOS application that exposes your account token and runs arbitrary commands. Executive Summary Exposed API Key in GET URL (/api/v1/users.info?userId): RTLO Character Injection in Chat:

What Is Rocket.Chat For IOS Application?

Threat Intel Roundup: QakBot, Ignition, RICHIESTA DI PAGAMENTO

Leave a Comment / Case Study / By hadess

Week in Overview(28 Aug-5 Sep) Technical Summary Apache Ignition Unauthenticated Remote Code Execution Vulnerability CVE-2023-37895 Apache Jackrabbit RMI #RCE Exploitation of MinIO Storage System Vulnerabilities Phishing Campaign Targeting Italian Audience – RICHIESTA DI PAGAMENTO 04/09/2023 QakBot Takedown – Bot Connections to Active C2s

Redmine Attack Surface(EBook)

Leave a Comment / Case Study / By hadess

XSS to Account Takeover with Read CSRF-Token in Body: CSV Injection Leading to OS Command Execution:

REDMINE Attack Surface

Threat Intel Roundup: XWiki, cl0p, HTML Smuggling

Leave a Comment / Case Study, Ebook / By hadess

XWiki Remote Code Execution (CVE-2023-35150) The XWiki vulnerability (CVE-2023-35150) involves improper input validation within the “Invitation Application.” Authenticated attackers can exploit this flaw by manipulating requests, leading to arbitrary code execution. XWiki’s scripting feature, used to create web applications, includes an “Invitation Application” facilitating email notifications for user registration. The vulnerability arises when unvalidated user …

Threat Intel Roundup: XWiki, cl0p, HTML Smuggling Read More »

Threat Intel Roundup: Winrar, Discord, USDC Holdings

Leave a Comment / Case Study / By hadess

Technical Summary WinRAR CVE-2023-40477 RCE CVE-2023-40477 is a Remote Code Execution (RCE) vulnerability in WinRAR, a popular Windows file archiver utility. This high-severity flaw is attributed to inadequate validation of user-supplied data in the processing of recovery volumes. Attackers exploit this vulnerability by crafting specially designed RAR archive files. When a victim opens the malicious …

Threat Intel Roundup: Winrar, Discord, USDC Holdings Read More »

Unveiling the Art of Face Generation (EBook)

Leave a Comment / Case Study, Ebook / By hadess

Welcome to a captivating journey into the fascinating realm of face generation, where artistry, innovation, and practicality converge in the world of Open Source Intelligence (OSINT). In an era defined by rapid technological advancements and the relentless expansion of digital footprints, the ability to manipulate and generate facial images has emerged as a dynamic tool …

Unveiling the Art of Face Generation (EBook) Read More »

Threat Intel Roundup: CoinEx, Azure Dataleak, Kafka, Lumma

Pi-hole Attack Surface EBook

Pi-hole Attack Surface

Threat Intel Roundup: Lazarus, Lumma, Superset, RocketMQ

Rocket.Chat IOS Application (EBook)

What Is Rocket.Chat For IOS Application?

Threat Intel Roundup: QakBot, Ignition, RICHIESTA DI PAGAMENTO

Redmine Attack Surface(EBook)

REDMINE Attack Surface

Threat Intel Roundup: XWiki, cl0p, HTML Smuggling

Threat Intel Roundup: Winrar, Discord, USDC Holdings

Unveiling the Art of Face Generation (EBook)

Services and Products

"Hadess" is a cybersecurity company focused on safeguarding digital assets and creating a secure digital ecosystem. Our mission involves punishing hackers and fortifying clients' defenses through innovation and expert cybersecurity services.

Contact Us

Contact Us

About Us

Blog

DevSecOps Guide

Red Team Guide

Copyright@2024_All Rights Reserved

Free Consultation

For a Free Consultation And Analysis Of Your Business, Please Fill Out The Opposite Form, Our Team Will Contact You As Soon As Possible.