16444
@cissp International channel 4 Transmission Knowledge In the Field of Cyber Security with a Focus on the Content of the CISSP-ISC2 Course - - - - - - - - - - +also group: https://t.me/cisspgroup ————————— @alirezaghahrood
Kali Purple: The Ultimate SOC in a Box!
Kali for cyber defense, blue team, and soc team! Here is a community-based project to work on kali and customized it to enable cyber defenders to:
• Practice Ops: Virtualization, firewalls, VLAN, WAF, SIEM, IDS/IPS, etc.
• Practice Red: Penetration testing of vulnerable machines while seeing what the blue team observes.
• Practice Blue: Firewall and IPS rules, SIEM analysis, dashboard development, etc
• Purple teaming: red and blue working together to develop the ultimate set of rules
• Protect: Deploy Kali-Purple to protect your network!
Kindly note that this is a community project and may not be at its best yet! Well, it may grow and become better over time! Wait, do not forget to validate it before using it.
https://gitlab.com/kalilinux/kali-purple/documentation
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.08.16
Infographics
DevOps Roadmap 2023
https://roadmap.sh/devops
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.08.15
https://www.linkedin.com/posts/alirezaghahrood_devops-roadmap-2023-activity-7127143855740588032-cOUB?utm_source=share&utm_medium=member_ios
https://osdfir.blogspot.com/2023/10/introducing-osdfir-infrastructure.html
exploit
1. CVE-2023-32707:
Splunk edit_user Capability Privilege Escalation
https://packetstormsecurity.com/files/175386/Splunk-edit_user-Capability-Privilege-Escalation.html
2. Exploit for Maltrail web service v0.53
Unauthenticated OS Command Injection (RCE)
https://github.com/spookier/Maltrail-v0.53-Exploit
3. CVE-2023-46517:
XAMPP 3.3.0 Buffer Overflow Exploit
https://github.com/ripp3rdoc/XAMPPv3.3.0-BOF
🚨 Cisco alerts about a critical UNPATCHED zero-day security vulnerability (CVE-2023-20198) in its IOS XE software that's under active exploitation.
Learn more:
https://thehackernews.com/2023/10/warning-unpatched-cisco-zero-day.html
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.08.14
#DiyakoSecureBow
————————————
Malware analysis
Updated MATA attacks industrial companies in Eastern Europe 2023
Attack detection
In September 2022, Sec experts monitoring the telemetry of security solutions using Security Network detected several dozen previously unknown malware samples
associated with the MATA cluster.
We detailed this malware platform in 2020, and have documented its use in APT attacks on multiple occasions over the past few years.
In particular, the malware samples that caught our attention contained strings indicating an organization that may have been the victim of the attack, which looked like an industrial entity in
Eastern Europe. We immediately contacted the organization that was likely to have been attacked
to communicate the risk of compromise and share information about the detected threat and the
Indicators of Compromise available at the time.
-Business Secure Continuity-
1402.08.14
——————————————————
#Attacks #cyberdefense #threatintelligence
#BusinessSecureContinuity
https://www.linkedin.com/posts/diyako-secure-bow_mata-attacks-ics-2023-activity-7126787717073362944-G1l7?utm_source=share&utm_medium=member_ios
The bug was rated a 9.4 out of 10 on the CVSS severity scale.
https://support.citrix.com/article/CTX579459/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20234966-and-cve20234967
A vulnerability in the web services interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute certain unauthorized configuration commands on a Firepower Threat Defense (FTD) device that is managed by the FMC Software.
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-cmd-inj-29MP49hN
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.08.12
exploit
1. Wyze Cam v3 RCE Exploit
https://github.com/blasty/unwyze
2. CVE-2023-5044:
Kubernetes ingress-nginx <1.9.0 - API command injection
https://raesene.github.io/blog/2023/10/29/exploiting-CVE-2023-5044
https://github.com/r0binak/CVE-2023-5044
3. CVE-2023-46747:
F5 BIG-IP unauthenticated RCE and authentication bypass
https://github.com/AliBrTab/CVE-2023-46747-POC
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.08.09
#DiyakoSecureBow
————————————
Defending Against Cyberthreats
Is More Important Than Ever
Cybercriminals continue to target dealerships with ever-evolving methods to steal user and client data, from simply stealing passwords to sophisticated
phishing schemes. Protecting your data to avoid IT-related business interruptions, ransom demands and reputation damage has never been more important. Now is the time to assess and reassess to improve your
security and be up to date on the latest cyberthreats.
For this e-book, we compiled data from dealership personnel and market research based on a recent survey conducted by CDK Global. Our goal is to provide dealerships with key insights to consider when evaluating their cybersecurity posture and ongoing strategy.
We’ve also scattered quotes from dealer participants throughout the book so you can read how other dealers are addressing cybersecurity.
“With all of the manufacturer, customer and our own
data stored, it’s extremely important to protect it all.”
Special Thanks
CDK Global
-Business Secure Continuity-
1402.08.07
——————————————————
#cyberattacks #cyberinsurance
#BusinessSecureContinuity
https://www.linkedin.com/posts/diyako-secure-bow_dealership-cyber-security-2023-activity-7124258556677120000-enB2?utm_source=share&utm_medium=member_ios
SCADA Security
Secure PLC Coding:
Top 20 Secure PLC Coding Practices
https://github.com/Fortiphyd/Secure_PLC_Coding
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.08.06
The OWASP MASVS (Mobile Application Security Verification Standard) is the industry standard for mobile app security. It can be used by mobile software architects and developers seeking to develop secure mobile applications, as well as security testers to ensure completeness and consistency of test results
https://lnkd.in/gAzKvnHM
Special Thanks
Zimperium
And
OWASP® Foundation
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.08.06
https://www.linkedin.com/posts/alirezaghahrood_state-of-mobile-app-security-2023-activity-7123873520664674304-TXEH?utm_source=share&utm_medium=member_ios
⚡ Urgent — F5 warns of a critical vulnerability (CVE-2023-46747) in BIG-IP, allowing unauthenticated remote code execution.
Learn more: https://thehackernews.com/2023/10/f5-issues-warning-big-ip-vulnerability.html
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.08.05
🚨 Urgent: Proof-of-concept (PoC) exploits have been publicly released for the recently discovered vulnerabilities in VMware Aria Operations, Citrix NetScaler ADC, and NetScaler Gateway.
Read: https://thehackernews.com/2023/10/alert-poc-exploits-released-for-citrix.html
Don't wait—apply fixes now and safeguard your systems.
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.08.03
#DiyakoSecureBow
————————————
Cybersecurity Playbook for SOC:
New vulnerability from Threat Intelligence
Undoubtedly the one you will execute most, a new vulnerability from threat intelligence.
Detection
• Threat intelligence indicates there is a new vulnerability impacting your assets.
• Here I assume the threat intelligence is already tuned to only include information relevant to your assets instead of a news broadcast of all vulnerabilities in the world. Again, this relies on an accurate and up-to-date inventory and signifies the importance of keeping the house in order.
Verification
• If there are IOC/TTP, check for attacks already happened. If attack already happened,
follow no 1.
• Use vulnerable version/configuration information to confirm the assets are
vulnerable or not.
• Check firewall rules and other security configurations to confirm possible attack vectors. This can be partially done using automated tools.
Communication
• Start triage using available vulnerability and asset criticality information. Perform escalation according to triage results and predefined escalation plan.
• Discuss mitigation strategy between SOC, risk management, and IT support teams.That can range from an immediate shutdown to wait till the next patching window, depending on many factors such as the triage result and the availability and impact of the patch/workaround.
• The mitigation strategy also needs to include preventive actions for new builds of assets in the future, such as updating patch level of system images or templates.
Action
• Execute agreed mitigation strategy.
• Track the mitigation actions to completion.
• Rescan the vulnerability to confirm closure
-Business Secure Continuity-
1402.08.02
——————————————————
#SOC #CSIRT #CERT #Splunk #SIEM
#BusinessSecureContinuity
https://www.linkedin.com/feed/update/activity:7122559686318379008
Messaging Layer Security: Secure and Usable End-to-End Encryption
The IETF has approved publication of Messaging Layer Security (MLS), a new standard for end-to-end security that will make it easy for apps to provide the highest level of security to their users. End-to-end encryption is an increasingly important security feature in Internet applications. It keeps users’ information safe even if the cloud service they’re using has been breached.
https://www.ietf.org/blog/mls-secure-and-usable-end-to-end-encryption/
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.08.02
Threat_Research
Understanding DNS Tunneling Traffic in the Wild
https://unit42.paloaltonetworks.com/dns-tunneling-in-the-wild
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.08.01
exploit
1. CVE-2023-34051:
VMware Aria Operations for Logs - authentication bypass
https://github.com/horizon3ai/CVE-2023-34051
2. CVE-2023-28432:
MinIO information disclosure
https://github.com/yTxZx/CVE-2023-28432
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.08.01
#DiyakoSecureBow
————————————
is our pleasure to provide you with Red Canary’s 2023 Threat Detection Report. Our fifth annual retrospective, this report is based on in-depth analysis of nearly 40,000 threats detected across our 800+ customers’ endpoints, networks, cloud workloads, identities, and SaaS applications over the past year. This report provides you with a comprehensive view of this threat landscape, including
new twists on existing adversary techniques, and the trends that our team has observed as adversaries continue to organize, commoditize, and ratchet up their cybercrime operations.
As the technology that we rely on to conduct business continues to evolve, so do the threats that we face. Here’s what’s new in this year’s report:
Cloud and identity attacks are becoming more prevalent across our customers’ environments and appear for the first time in this report.
Our unique visibility into email attacks, still the leading initial access vector used by adversaries, has put us in a position to detect even more attacks at earlier stages.
Mitigation guidance to limit adversaries’ effectiveness.
Adversary simulation and other authorized testing are excluded from our data set, leading to a more accurate representation of the threat landscape.
What’s old is new: Raspberry Robin, a USB-based threat first discovered by Red Canary, continues to evolve and we provide updated research.
HOW TO USE THIS REPORT
• Explore the most prevalent and impactful threats, techniques, and trends that we’ve observed.
• Note how adversaries are evolving their tradecraft as organizations continue their shift to cloud-based identity, infrastructure, and applications.
• Learn how to emulate, mitigate, and detect specific threats and techniques.
• Shape and inform your readiness, detection, and response to critical threats.
Acknowledgements
Thanks to the 100+ security experts, writers, editors, designers, developers, and project managers who invested countless hours to produce this report. And a huge thanks to the MITRE ATT&CK® team, whose framework has helped the community take a giant leap forward in understanding and tracking adversary behaviors. Also a huge thanks to all the Canaries—past and present—who have worked on past Threat Detection Reports over the last five years. The Threat Detection Report is iterative, and parts of the 2023 report are derived from previous years. This report wouldn’t be possible without all of you!
Special thanks to the following Canaries who contributed to this year’s report
Special Thanks❤️🙏✌🏼
MITRE MITRE ATT&CK
Red Canary
-Business Secure Continuity-
1402.08.16
——————————————————
#cyberattack #mitreattack #redcanary
#BusinessSecureContinuity
https://www.linkedin.com/posts/diyako-secure-bow_threat-detect-report-2023-activity-7127527592265420800-EBS9?utm_source=share&utm_medium=member_ios
#DiyakoSecureBow
————————————
Analytics
ENISA Threat Landscape 2023
the latter part of 2022 and the first half of 2023, the cybersecurity landscape witnessed a significant increase in both the variety and quantity of cyberattacks and their consequences. The ongoing war of aggression against Ukraine continued to influence the landscape.
Hacktivism has expanded with the emergence of new groups, while ransomware incidents surged in the first half of 2023 and showed no signs of slowing down. The prime threats identified and analysed include:
• Ransomware
• Malware
• Social engineering
• Threats against data
• Threats against availability: Denial of Service
• Threat against availability: Internet threats
• Information manipulation and interference
• Supply chain attacks
-Business Secure Continuity-
1402.08.15
——————————————————
#enisa #cyberattack #cybersecurity
#BusinessSecureContinuity
https://www.linkedin.com/posts/diyako-secure-bow_threat-landscape-2023-activity-7127142105214259200-2HMf?utm_source=share&utm_medium=member_ios
tools
Offensive security
Attack on the EventLog Process
https://nothingspecialforu.github.io/EvtPsstBlog
https://github.com/nothingspecialforu/EvtPsst
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.08.14
#DiyakoSecureBow
————————————
Red Team Tactics
Modern Initial Access and Evasion Tactics 2023.
Special Thanks
Mariusz Banach ❤️🙏✌🏼
-Business Secure Continuity-
1402.08.13
—————————————————
#offensivesecurity #redteaming
#BusinessSecureContinuity
https://www.linkedin.com/posts/diyako-secure-bow_red-team-tactics-2023-activity-7126434891113619456-iDpk?utm_source=share&utm_medium=member_ios
⚠️ Alert! Atlassian warns of critical flaw (CVE-2023-22518) in Confluence Data Center and Server. Disconnect publicly accessible instances until patched to avoid data loss.
Learn more:
https://thehackernews.com/2023/10/atlassian-warns-of-new-critical.html
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.08.09
Offensive security
Red Team Tactics
NoFilter: Abusing Windows Filtering Platform for privilege escalation 2023.
https://github.com/deepinstinct/NoFilter
Special Thanks
Ron Ben Yizhak
Deep Instinct
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.08.07
https://www.linkedin.com/posts/alirezaghahrood_no-filter-cyber-securtity-2023-activity-7124453825620402176-WBMP?utm_source=share&utm_medium=member_ios
https://x.com/alirezaghahrood/status/1718688774102667471?s=46&t=lFvs7vGDLtDfxDuLTS1UGw
Threat Research
5G Network Security
The Network Effect of Telecommunications Vulnerabilities for Location Disclosure
https://citizenlab.ca/2023/10/finding-you-teleco-vulnerabilities-for-location-disclosure
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.08.07
#DiyakoSecureBow
————————————
exploit
Red Team Tactics
ndays are also 0days:
Can hackers launch 0day RCE attack on popular software only with chromium ndays?", DEFCON 31.
-Business Secure Continuity-
1402.08.06
——————————————————
#vulnerability #rce #cyberdefense
#BusinessSecureContinuity
https://www.linkedin.com/posts/diyako-secure-bow_0day-rce-2023-activity-7123865964982476800-G79T?utm_source=share&utm_medium=member_ios
🤖 Google expands Vulnerability Rewards Program to address vulnerabilities and attack scenarios tailored to generative artificial intelligence (AI) systems, while also strengthening the supply chain.
Learn more:
https://thehackernews.com/2023/10/google-expands-its-bug-bounty-program.html
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.08.05
https://x.com/alirezaghahrood/status/1717962052101095492?s=46&t=lFvs7vGDLtDfxDuLTS1UGw
🚨 VMware releases crucial security updates to fix a new critical vulnerability (CVE-2023-34048) in vCenter Server.
Details in the article: https://thehackernews.com/2023/10/act-now-vmware-releases-patch-for.html
Protect your systems from remote code execution.
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.08.03
exploit
1. CVE-2023-4966:
Citrix NetScaler ADC/Gateway Bleed - Session Tokens Leak
https://github.com/assetnote/exploits/tree/main/citrix/CVE-2023-4966
2. CVE-2023-38140:
Windows Kernel Paged Pool Memory Disclosure
https://packetstormsecurity.com/files/cve/CVE-2023-38140
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.08.03
In your organization and business
How much is the management of technology, information and related security in accordance with the standards and BP?
Is technology risk and information security in the scope of ERM?!
Did you do a cyber maneuver?
How about technical inspections/Audit?
How well do you know the technical risks that affect your business?
The trend of the day is sustainability, not limited to slogans and magazines
To the extent of culturalization and appropriate measures
-Cyber Security awareness-
Up2date 4 Defense Today,
Secure Tomorrow
@CisoasaService
1402.08.02
Reversing
Attacking Cisco RG/OpenRG modem
https://reverse.put.as/2023/10/20/attacking-the-heart-of-an-openrg-modem
exploit
1. CVE-2023-21931:
Oracle Weblogic PreAuth RCE🥶
https://github.com/MMarch7/weblogic_CVE-2023-21931_POC-EXP
2. CVE-2023-36745:
MS Exchange Server Privilege Escalation🤓🥸
https://github.com/N1k0la-T/CVE-2023-36745
3. CVE-2023-4863:
Heap buffer overflow in Google WebP
https://paper.seebug.org/3056
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.08.02
Malware analysis
1. LummaStealer Malware
https://blogs.vmware.com/security/2023/10/an-ilummanation-on-lummastealer.html
2. Munchkin malware utility
https://unit42.paloaltonetworks.com/blackcat-ransomware-releases-new-utility-munchkin
3. Analysis of Hospitality Phishing Campaign
https://www.akamai.com/blog/security-research/2023/oct/hospitality-phishing-campaign-DNS-analysis-global-threat
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.08.01
signals to others that you’re who you say you are!
Verifications on your LinkedIn profile
At LinkedIn, we know that authenticity is key to creating meaningful interactions. The "Verifications" badge on your profile indicates that you were able to confirm specific information about your account. Having verified information helps provide authenticity signals to others that you’re who you say you are. Seeing verified information on others’ profiles helps foster a trusted community so you can make more informed decisions around connecting with other professionals.
https://lnkd.in/eXsP9GYe
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.07.30
https://www.linkedin.com/posts/alirezaghahrood_%D9%81%D8%B1%D9%87%D9%86%DA%AF-%D8%B3%D8%A7%D8%B2%DB%8C-%D9%88-%DA%86%D8%A7%D9%84%D8%B4-signals-to-others-that-activity-7121793863907700737-IYg_