16255
@cissp International channel 4 Transmission Knowledge In the Field of Cyber Security with a Focus on the Content of the CISSP-ISC2 Course - - - - - - - - - - +also group: https://t.me/cisspgroup ————————— @alirezaghahrood
Fast Detection , Fast Respond
PSIRT Advisories
FortiOS - Plain-text credentials in GET request via SSL VPN web portal
Summary
A use of GET request method with sensitive query strings vulnerability [CWE-598] in the FortiOS SSL VPN component may allow an attacker to view plaintext passwords of remote services such as RDP or VNC, if the attacker is able to read the GET requests to those services (found in logs, referers, caches, etc...)
Affected Products FortiOS version 7.4.0
FortiOS version 7.2.0 through 7.2.5
FortiOS version 7.0.0 through 7.0.12
Solutions
Please upgrade to FortiOS version 7.4.1 or above
Please upgrade to FortiOS version 7.2.6 or above
Please upgrade to upcoming FortiOS version 7.0.13 or above
Timeline
2023-09-29: Initial publication
https://www.fortiguard.com/psirt/FG-IR-23-120
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.07.24
https://www.linkedin.com/posts/alirezaghahrood_fast-detection-fast-respond-psirt-advisories-activity-7119431492211982336-USm7
DFIRCross-Tenant Impersonation:
Prevention and Detection
https://lnkd.in/eJfVX8yV
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.07.22
tools
WebApp Security
SocketSleuth - Burp Suite Extension for websocket testing
https://github.com/snyk/socketsleuth
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.07.21
IoT Security
IoT Secure Development Guide
https://www.pentestpartners.com/security-blog/iot-secure-development-guide
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.07.20
#DiyakoSecureBow
————————————
Cybersecurity Playbook for SOC
1. Attack utilizing a known vulnerability
An attacker utilizing a known vulnerability has been detected.
Detection:
• Network detection from IDS/IPS/network threat detection capability
• Endpoint detection from the targeted host
Verification;
• The event is validated with the asset list. If the known vulnerable software/hardware
is not present on the targeted asset this should be marked as false positive. If an accurate asset list is not available 😶 , this verification needs to be done manually by the support team of the targeted asset.
• The event is correlated with the end point security software (EDR/XDR) to confirm whether the attack is successful or not.
Communication:
• For successful attacks, start triage using attack and asset criticality information.
Perform escalation according to triage results and predefined escalation plan.
• For unsuccessful attacks and false positives, no immediate communication required.
Action:
• For successful attacks, perform containment on affected hosts. Run vulnerability scan on the same vulnerability across all IT assets.
• There can be different containment strategies according to the business criticality of the asset. It ranges from auto-containment and cutting it off completely from the network to a milder limited connectivity to selected IPs and ports.
The strategy to apply requires discussion between SOC, risk management, and business teams.
• For unsuccessful attacks, add to backlog to study why and what additional actions are required:
• For false positives, log as statistics
-Business Secure Continuity-
1402.07.20
——————————————————
#SOC #Splunk #CSIRT
#BusinessSecureContinuity
https://www.linkedin.com/feed/update/activity:7118206197354127360
🔑 Default password-free sign-ins for everyone. Google introduces passkeys for all users, simplifying your online security.
Learn all about it:
https://thehackernews.com/2023/10/google-adopts-passkeys-as-default-sign.html
🛑 A critical flaw (CVE-2023-22515) in Atlassian Confluence is being exploited by a nation-state actor, Storm-0062.
Read:
https://thehackernews.com/2023/10/microsoft-warns-of-nation-state-hackers.html
Upgrade to the latest versions ASAP to safeguard your data and systems.
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.07.19
Blue Team Techniques
1. Scanner for CVE-2023-22515 - Broken Access Control Vulnerability in Atlassian Confluence
https://github.com/ErikWynter/CVE-2023-22515-Scan
2. Scanner for CMS Joomla CVE-2023-23752
https://github.com/z3n70/CVE-2023-23752
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.07.19
#DiyakoSecureBow
————————————
This paper documented a way to detect suspicious NTLM connections in general and pass the hash in particular. A key recommendation to do
this detection is to get the logs from the source machine. By changing some filtering parameters such as time, accounts (only privileged) and
machines (only sensitive to the organization) the company wants to monitor, it is possible to reduce many false positives. All other detections
that turn out to be false positives should warrant a check and determination if it is possible to change the authentication method to a more
secure one.
We used an approach that requires to connect the machines directly, and while the mechanism to get the logs is out of scope for this research, it is worth noting that another approach could be by forwarding all the event logs to one place (like WEF server) which has its own advantages and disadvantages.
In the end, understanding the overall picture of NTLM connections, in particular privileged connections, in an organization can help be a catalyst
for change to a more secure connection strategy and prevention of future attacks.
References
https://lnkd.in/eYUT_T4J
https://lnkd.in/eZ43dJ6Z
https://lnkd.in/eanWFsbs
https://lnkd.in/evfKDa3x
https://lnkd.in/eFQpcwS7
TWC: Pass-the-Hash: How Attackers Spread and How to Stop Them
https://lnkd.in/eujkypEf
https://lnkd.in/e2ee8MFw
https://lnkd.in/e-nYxpSZ
-Business Secure Continuity-
1402.07.17
——————————————————
#Windows #Siem #Log #SOC #CSIRT
#BusinessSecureContinuity
https://www.linkedin.com/feed/update/activity:7116973045621108736
DNS
Incident Response
Root Cause Analysis with Detection Ideas
By Md. Abdullah Al Mamun 🇧🇩
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.07.16
https://www.linkedin.com/posts/alirezaghahrood_dns-incident-respond-2023-activity-7116731424790958080-wMGk
#DiyakoSecureBow
————————————
Splunk Commands:
abstract
Description: Modify field values using a pattern or replacement.
Example Input Query:
your_search_here
| abstract fieldname | table fieldname
Example Output:
| fieldname |
|---------------|
| value1 |
| value2 |
| value3 |
accum
Description: Accumulate values over time or events.
Example Input Query:
your_search_here | accum fieldname | table fieldname
Example Output:
| fieldname ---------------------------- value1
| value1, value2 |
|| value1, value2, value3 |
-Business Secure Continuity-
1402.07.16
——————————————————
#Splunk #Cisco #SIEM #Log
#BusinessSecureContinuity
https://www.linkedin.com/feed/update/activity:7116710023832952832
Analytics
Threat Research
Top 10 Cybersecurity Misconfigurations
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-278a
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.07.14
https://hacklido.com/blog/299-how-to-start-bug-bounty-hunting-in-2023
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.07.14
🆘 Urgent: Cisco releases patch for a critical vulnerability in Emergency Responder, allowing remote attackers to sign in using hard-coded credentials and execute commands as root.
Read: https://thehackernews.com/2023/10/cisco-releases-urgent-patch-to-fix.html
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.07.13
#DiyakoSecureBow
————————————
A list of free cloud native security learning labs. Includes CTF, self-hosted workshops, guided vulnerability labs, and research labs
Sorted by Technology and Category:
-Business Secure Continuity-
1402.07.13
——————————————————
#AWS #CloudSecurity #CyberSecurity #CTF
#BusinessSecureContinuity
https://www.linkedin.com/feed/update/activity:7115546149368786944
🔒Worried about AI-related threats? Join our panel discussion with cybersecurity experts:
- David Primor, Founder & CEO of Cynomi
- Elad Schulman, Founder & CEO of Lasso Security
... and learn practical security policies and practices to shield your clients.
https://thehacker.news/ai-llm-threats?source=social
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.07.11
#DiyakoSecureBow
————————————
Why incident response is so critical:
Ransomware is overtaking money theft and other impacts as a more
convenient monetization scheme with much broader industry coverage
(not just the Financial sector). We can confidently classify most incidents with
causes before impact (suspicious events, tool alerts, etc.) as ransomware.
Vulnerability Exploitation:
In all cases when exploiting vulnerabilities was used as the initial vector,
the main damage is data encryption.The most prevalent vulnerability in our data set is the list of vulnerabilities related to Microsoft Exchange Server ( CVE-2021-26855 , CVE-2021-34523 , CVE-2021-26855 ,CVE-2021-34523 )
Top initial compromise vectors and how long the attack went unnoticed:
In most cases where initial access wasn’t identified, the attack lasted for
more than a year before being detected by the organization, by which time
no artefacts were left to analyze due to log rotation policies. More than
half of all attacks that started with malicious e-mails, stolen credentials
or external application exploitation were detected in hours or days.
Legitimate tools in MITRE ATT&CK®
In most cases, security teams can mitigate the initial vector of attack with
prevention solutions. The most prevalent vectors of attack (exploitation
of public-facing applications, compromised accounts, malicious e-mail) could
have been mitigated - with timely patch management and implementation
of multifactor authentication, solutions with anti-phishing software to defend
against phishing attacks, and implementation of security awareness training
for employees.
-Business Secure Continuity-
1402.07.23
——————————————————
#MDR #NDR #EDR #Malware
#BusinessSecureContinuity
https://www.linkedin.com/feed/update/activity:7119244412445933568
tools
Cloud Security
KubeHound - Kubernetes attack graph tool allowing automated calculation of attack paths between assets in a cluster
https://github.com/DataDog/KubeHound
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.07.22
🛡️ Microsoft's October 2023 Patch Tuesday: 103 new vulnerabilities addressed, including 2 zero-days and 13 critical ones.
Find details for CVE-2023-36563 and CVE-2023-41763 and other flaws here — https://thehackernews.com/2023/10/microsoft-releases-october-2023-patches.html
Update now to protect your systems.
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.07.21
🔐 Protect your organization's data! Password security is crucial. Discover the risks of password reuse and how to mitigate them with Specops Password Policy.
Read:
https://thehackernews.com/2023/10/take-offensive-approach-to-password.html
⚠️ Adobe Acrobat Reader users, beware! CISA adds high-severity flaw in Adobe Acrobat Reader to its Known Exploited Vulnerabilities list.
Read:
https://thehackernews.com/2023/10/us-cybersecurity-agency-warns-of.html
Don't wait – update your software now.
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.07.20
tools
Blue Team Techniques
1. Basic vulnerability scanning to see if web servers may be vulnerable to CVE-2023-44487
https://github.com/bcdannyboy/CVE-2023-44487
2. An Algorithm to Detect Hosting Providers/IP Ranges
https://ipapi.is/blog/detecting-hosting-providers.html
3. Tool for MSSQL relay audit and abuse
https://github.com/CompassSecurity/mssqlrelay
https://blog.compass-security.com/2023/10/relaying-ntlm-to-mssql
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.07.20
tools
#Offensive_security
1. G3nius Tools Sploit - penetration testing tool
https://github.com/witblack/G3nius-Tools-Sploit
2. PEnetration TEsting Proxy - Java application for traffic analysis/modification using TCP/UDP proxies
https://github.com/Warxim/petep
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.07.19
🔒 Hackers are exploiting the CVE-2023-3519 vulnerability in Citrix NetScaler devices for credential harvesting attacks.
Patch your systems ASAP! Read more: https://thehackernews.com/2023/10/citrix-devices-under-attack-netscaler.html
🚨 Heads up, Linux users! A new critical vulnerability in the libcue library exposes GNOME Linux systems to remote code execution (RCE) attacks.
Read details of CVE-2023-43641 here: https://thehackernews.com/2023/10/libcue-library-flaw-opens-gnome-linux.html
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.07.18
⚡️ Gaza-based hacker group Storm-1133 targets Israeli energy, defense, and telecom. Microsoft's report exposes tactics, including employing LinkedIn fakes & dynamic C2 infra on Google Drive.
Read:
https://thehackernews.com/2023/10/gaza-linked-cyber-threat-actor-targets.html
🔐 Multiple high-severity vulnerabilities discovered in ConnectedIO's 3G/4G routers and cloud platform could let hackers execute malicious code and access sensitive data. Get the details:
https://thehackernews.com/2023/10/high-severity-flaws-in-connectedios.html
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.07.17
#DiyakoSecureBow
————————————
Guide to Operational Technology (OT) Security
Email Questions to: sp800-82rev3@nist.gov
Author(s)
Keith Stouffer (NIST), Michael Pease (NIST), CheeYee Tang (NIST), Timothy Zimmerman (NIST), Victoria Pillitteri (NIST), Suzanne Lightman (NIST)
Announcement
This initial public draft provides guidance on how to improve the security of Operational Technology (OT) systems while addressing their unique performance, reliability, and safety requirements.
OT encompasses a broad range of programmable systems or devices that interact with the physical environment (or manage devices that interact with the physical environment). These systems/devices detect or cause a direct change through the monitoring and/or control of devices, processes, and events. Examples include industrial control systems (ICS), building automation systems, transportation systems, physical access control systems, physical environment monitoring systems, and physical environment measurement systems.
This third revision of SP 800-82 provides an overview of OT and typical system topologies, identifies typical threats to organizational mission and business functions supported by OT, describes typical vulnerabilities in OT, and provides recommended security safeguards and countermeasures to manage the associated risks.
Updates in this revision also include:
Expansion in scope from ICS to OT
Updates to OT threats and vulnerabilities
Updates to OT risk management, recommended practices, and architectures
Updates to current activities in OT security
Updates to security capabilities and tools for OT
Additional alignment with other OT security standards and guidelines, including the Cybersecurity Framework (CSF)
New tailoring guidance for NIST SP 800-53, Rev. 5 security controls
An OT overlay for NIST SP 800-53, Rev. 5 security controls that provides tailored security control baselines for low-impact, moderate-impact, and high-impact OT systems.
https://lnkd.in/dbsB-t8u
-Business Secure Continuity-
1402.07.16
——————————————————
#OTSecurity #SCADASecurity #CyberSecurity
#BusinessSecureContinuity
https://www.linkedin.com/feed/update/activity:7116270923631976448
#DiyakoSecureBow
————————————
A Guide to Building a Secure SDLC
Which Scanning Tools Should I look at, and where do they go?
Introduction:
There is certainly no shortage of security scanning tools
when it comes to building a secure SDLC. The below
architecture is really well put together, but just look at the
sheer amount of different tools that can be selected (and
this isn’t close to all of the options out there!):
Figuring out which tool to pick for which purpose and where the tool should go in your SDLC is such a large part of the challenge of building a secure SDLC. When trying to navigate this space, it's really
easy to get lost really quickly and go down rabbit holes you can't dig yourself out of. In this guide, we're going to cover the following about the different tools offered in each stage of a secure SDLC:
What are the "typical" stages of a secure SDLC
What tool types are typically used in each stage, and what do they do (e.g. DAST vs. SAST vs.
CSPM vs. CWPP)
Examples of the vendors offering those tools, along with a quick blurb about them, and a direct link to the specific vendor’s product website
Some additional resources that can help you build a secure SDLC
Image Source: DevSecOps Reference Architecture - DJ Schleen
What’s aSecure SDLC?
A secure SDLC is a process that companies follow to ensure
that the software they develop and deploy is secure by
design, and minimizes vulnerabilities and misconfigurations.
The steps involved in a secure SDLC can vary depending on
the specific organization, but it typically involves identifying
and addressing security concerns at each stage of the
software development lifecycle - from design and code
(early in the SDLC) to deployment and monitoring (later
in the SDLC). By following a secure SDLC, companies can
reduce the risk of security & infrastructure breaches and
protect their software and data from potential threats
-Business Secure Continuity-
1402.07.14
——————————————————
#OWASP #CyberSecurity #SDLC #applicationSecurity
#BusinessSecureContinuity
https://www.linkedin.com/feed/update/activity:7115953888502927362
🚨 Multiple security flaws in Supermicro's BMC firmware pose severe risks. Know the risks from CVE-2023-40284 to CVE-2023-40290, allowing unauthenticated attackers to gain root access.
Read: https://thehackernews.com/2023/10/supermicros-bmc-firmware-found.html
Is your system one of the 70,000 exposed?
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.07.14
exploit
1. MSIFortune - LPE with MSI Installers
https://badoption.eu/blog/2023/10/03/MSIFortune.html
2. CVE-2023-38743:
ManageEngine ADManager Command Injection
https://github.com/PetrusViet/CVE-2023-38743
3. IOS 17 Crash Exploit
https://github.com/RapierXbox/ESP32-Sour-Apple
4. CVE-2023-4911:
LPE in the glibc's ld*so
https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.07.14
hardening
Windows 10/11 Exploit Protection Settings
https://github.com/neohiro/ExploitProtection
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.07.13
Atlassian releases patch for a new zero-day vulnerability (CVE-2023-22515) in Confluence, risking admin account breaches on Data Center and Server instances.
Find details here: https://thehackernews.com/2023/10/atlassian-confluence-hit-by-newly.html
Update to the latest versions 8.3.3+, 8.4.3+, or 8.5.2 for a shield against potential exploits.
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.07.13
Inside the Mind of a Hacker: 2023 Edition
Bugcrowd, one of the world's largest crowdsourced security platforms managing many bug bounty and vulnerability disclosure programs, analyzed 1000 survey responses from hackers on it's platform. These responses, combined with millions of proprietary data points on vulnerabilities collected across thousands of programs, were used to create this year's "Inside the Mind of a Hacker" report. Interesting stats include:
➡️ 5% of hackers are under 18, and only 10% over the age of 35
➡️ 93% of hackers are fluent in at least two languages
➡️ India and Bangladesh are the top 2 countries where hackers live
➡️ 96% are male
➡️ 77% of hackers report working in IT or cybersecurity
➡️ 75% of hackers identify non-financial factors as their main motivators
➡️ 91% of hackers expect AI to amplify the value of their work
➡️ 72% of hackers doubt AI will ever match their human creativity
Download report
https://www.bugcrowd.com/blog/inside-the-mind-of-a-hacker-2023-edition/
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.07.11
https://www.linkedin.com/posts/alirezaghahrood_inside-the-mind-of-a-hacker-2023-edition-activity-7114898377594556416-qWVs