16255
@cissp International channel 4 Transmission Knowledge In the Field of Cyber Security with a Focus on the Content of the CISSP-ISC2 Course - - - - - - - - - - +also group: https://t.me/cisspgroup ————————— @alirezaghahrood
Analytics
DFIR
Trends in Cybersecurity Breach Disclosures A12-Year Review 2023.
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.08.23
https://www.linkedin.com/posts/alirezaghahrood_12-y-review-cyber-security-2023-activity-7130045611394899969-U72B?utm_source=share&utm_medium=member_ios
#DiyakoSecureBow
————————————
Analytics
Ransomware and Extortion Report 2023:
Threat actors are increasingly employing extortion techniques to gain leverage over targeted organizations and accomplish their goals. While much attention has been paid to ransomware in recent years, modern threat actors increasingly use additional extortion techniques
to coerce targets into paying—or dispense with ransomware altogether and practice extortion on
its own.
While in many cases the motivation is financial, Unit 42 also sees indications that extortion can
happen in service of a group’s larger goals—sometimes simply to fund other activities, but other times to distract from them.
Special thanks
Palo Alto Networks
Palo Alto Networks Education Services
-Business Secure Continuity-
1402.08.22
——————————————————
#malware #cyberattack #unit42
#BusinessSecureContinuity
#DiyakoSecureBow
————————————
exploit
1. CVE-2023-32031:
MS Exchange PowerShell backend RCE
https://github.com/Avento/CVE-2023-32031
2. CVE-2021-43609:
The full exploit chain is SQLi > RCE
https://github.com/d5sec/CVE-2021-43609-POC
-Business Secure Continuity-
1402.08.20
——————————————————
#cyberattack #exploit #rce #exchange
#BusinessSecureContinuity
https://www.linkedin.com/posts/diyako-secure-bow_github-aventocve-2023-32031-cve-2023-activity-7129082639319207936-eU3A?utm_source=share&utm_medium=member_ios
⚠️ Alert: Critical vulnerabilities discovered in Veeam's IT monitoring platform. Protect your system with the latest fix.
Details here:
https://thehackernews.com/2023/11/critical-flaws-discovered-in-veeam-one.html
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.08.16
#DiyakoSecureBow
————————————
is our pleasure to provide you with Red Canary’s 2023 Threat Detection Report. Our fifth annual retrospective, this report is based on in-depth analysis of nearly 40,000 threats detected across our 800+ customers’ endpoints, networks, cloud workloads, identities, and SaaS applications over the past year. This report provides you with a comprehensive view of this threat landscape, including
new twists on existing adversary techniques, and the trends that our team has observed as adversaries continue to organize, commoditize, and ratchet up their cybercrime operations.
As the technology that we rely on to conduct business continues to evolve, so do the threats that we face. Here’s what’s new in this year’s report:
Cloud and identity attacks are becoming more prevalent across our customers’ environments and appear for the first time in this report.
Our unique visibility into email attacks, still the leading initial access vector used by adversaries, has put us in a position to detect even more attacks at earlier stages.
Mitigation guidance to limit adversaries’ effectiveness.
Adversary simulation and other authorized testing are excluded from our data set, leading to a more accurate representation of the threat landscape.
What’s old is new: Raspberry Robin, a USB-based threat first discovered by Red Canary, continues to evolve and we provide updated research.
HOW TO USE THIS REPORT
• Explore the most prevalent and impactful threats, techniques, and trends that we’ve observed.
• Note how adversaries are evolving their tradecraft as organizations continue their shift to cloud-based identity, infrastructure, and applications.
• Learn how to emulate, mitigate, and detect specific threats and techniques.
• Shape and inform your readiness, detection, and response to critical threats.
Acknowledgements
Thanks to the 100+ security experts, writers, editors, designers, developers, and project managers who invested countless hours to produce this report. And a huge thanks to the MITRE ATT&CK® team, whose framework has helped the community take a giant leap forward in understanding and tracking adversary behaviors. Also a huge thanks to all the Canaries—past and present—who have worked on past Threat Detection Reports over the last five years. The Threat Detection Report is iterative, and parts of the 2023 report are derived from previous years. This report wouldn’t be possible without all of you!
Special thanks to the following Canaries who contributed to this year’s report
Special Thanks❤️🙏✌🏼
MITRE MITRE ATT&CK
Red Canary
-Business Secure Continuity-
1402.08.16
——————————————————
#cyberattack #mitreattack #redcanary
#BusinessSecureContinuity
https://www.linkedin.com/posts/diyako-secure-bow_threat-detect-report-2023-activity-7127527592265420800-EBS9?utm_source=share&utm_medium=member_ios
#DiyakoSecureBow
————————————
Analytics
ENISA Threat Landscape 2023
the latter part of 2022 and the first half of 2023, the cybersecurity landscape witnessed a significant increase in both the variety and quantity of cyberattacks and their consequences. The ongoing war of aggression against Ukraine continued to influence the landscape.
Hacktivism has expanded with the emergence of new groups, while ransomware incidents surged in the first half of 2023 and showed no signs of slowing down. The prime threats identified and analysed include:
• Ransomware
• Malware
• Social engineering
• Threats against data
• Threats against availability: Denial of Service
• Threat against availability: Internet threats
• Information manipulation and interference
• Supply chain attacks
-Business Secure Continuity-
1402.08.15
——————————————————
#enisa #cyberattack #cybersecurity
#BusinessSecureContinuity
https://www.linkedin.com/posts/diyako-secure-bow_threat-landscape-2023-activity-7127142105214259200-2HMf?utm_source=share&utm_medium=member_ios
tools
Offensive security
Attack on the EventLog Process
https://nothingspecialforu.github.io/EvtPsstBlog
https://github.com/nothingspecialforu/EvtPsst
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.08.14
#DiyakoSecureBow
————————————
Red Team Tactics
Modern Initial Access and Evasion Tactics 2023.
Special Thanks
Mariusz Banach ❤️🙏✌🏼
-Business Secure Continuity-
1402.08.13
—————————————————
#offensivesecurity #redteaming
#BusinessSecureContinuity
https://www.linkedin.com/posts/diyako-secure-bow_red-team-tactics-2023-activity-7126434891113619456-iDpk?utm_source=share&utm_medium=member_ios
⚠️ Alert! Atlassian warns of critical flaw (CVE-2023-22518) in Confluence Data Center and Server. Disconnect publicly accessible instances until patched to avoid data loss.
Learn more:
https://thehackernews.com/2023/10/atlassian-warns-of-new-critical.html
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.08.09
Offensive security
Red Team Tactics
NoFilter: Abusing Windows Filtering Platform for privilege escalation 2023.
https://github.com/deepinstinct/NoFilter
Special Thanks
Ron Ben Yizhak
Deep Instinct
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.08.07
https://www.linkedin.com/posts/alirezaghahrood_no-filter-cyber-securtity-2023-activity-7124453825620402176-WBMP?utm_source=share&utm_medium=member_ios
https://x.com/alirezaghahrood/status/1718688774102667471?s=46&t=lFvs7vGDLtDfxDuLTS1UGw
Threat Research
5G Network Security
The Network Effect of Telecommunications Vulnerabilities for Location Disclosure
https://citizenlab.ca/2023/10/finding-you-teleco-vulnerabilities-for-location-disclosure
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.08.07
#DiyakoSecureBow
————————————
exploit
Red Team Tactics
ndays are also 0days:
Can hackers launch 0day RCE attack on popular software only with chromium ndays?", DEFCON 31.
-Business Secure Continuity-
1402.08.06
——————————————————
#vulnerability #rce #cyberdefense
#BusinessSecureContinuity
https://www.linkedin.com/posts/diyako-secure-bow_0day-rce-2023-activity-7123865964982476800-G79T?utm_source=share&utm_medium=member_ios
🤖 Google expands Vulnerability Rewards Program to address vulnerabilities and attack scenarios tailored to generative artificial intelligence (AI) systems, while also strengthening the supply chain.
Learn more:
https://thehackernews.com/2023/10/google-expands-its-bug-bounty-program.html
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.08.05
https://x.com/alirezaghahrood/status/1717962052101095492?s=46&t=lFvs7vGDLtDfxDuLTS1UGw
🚨 VMware releases crucial security updates to fix a new critical vulnerability (CVE-2023-34048) in vCenter Server.
Details in the article: https://thehackernews.com/2023/10/act-now-vmware-releases-patch-for.html
Protect your systems from remote code execution.
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.08.03
exploit
1. CVE-2023-4966:
Citrix NetScaler ADC/Gateway Bleed - Session Tokens Leak
https://github.com/assetnote/exploits/tree/main/citrix/CVE-2023-4966
2. CVE-2023-38140:
Windows Kernel Paged Pool Memory Disclosure
https://packetstormsecurity.com/files/cve/CVE-2023-38140
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.08.03
Mexploit
Threat Research
1. Cisco IOS XE system WebUI unauthorized command execution vulnerability analysis
https://paper.seebug.org/3072
2. CVE-2023-44275/CVE-2023-44276:
Vulnerabilities in OPNsense
(FreeBSD-based firewall routing OS)
https://x41-dsec.de/lab/advisories/x41-2023-001-opnsense
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.08.22
#DiyakoSecureBow
————————————
tools
WebApp Security
ELECTRONizing macOS privacy:
A New Weapon in Your Red Teaming Armory 2023.
Special Thanks
Wojciech Reguła
https://github.com/r3ggi/electroniz3r
-Business Secure Continuity-
1402.08.21
——————————————————
#ios #redteaming #cybersecurity
#BusinessSecureContinuity
https://www.linkedin.com/posts/diyako-secure-bow_mobile-cyber-security-2023-activity-7129315515008704512-gX44?utm_source=share&utm_medium=member_ios
Analytics
Multi-Source Analysis of Top MITRE ATT&CK Techniques 2023.
“HOW WILL ADVERSARIES ATTACK US AND WHAT DEFENSES SHOULD WE PRIORITIZE?”
If you work in cybersecurity, chances are good you’ve asked—or been asked—a question like this one. The good news is that there’s more information available than ever before to help answer that question. But that doesn’t mean answering it is easy.
MITRE ATT&CK® is a knowledge base of adversary tactics and techniques based on real-world observations. Its purpose is to serve as a foundation for threat models and methodologies leading to more effective cybersecurity.
More and more cybersecurity industry reports include statistics on observed ATT&CK techniques. That’s great in terms of having more data available for defenders and decision-makers, but a challenge arises to establish consensus among them regarding the most common techniques. Sources differ greatly in their visibility of ATT&CK, what they measure, how they report information, etc.
This study analyzes 22 public sources of ATT&CK statistics to find common trends among them. Our goal is to aid organizations in building a more threat-informed defens
Ten Most Reported Techniques
1. Execution: Command & Scripting Interpreter (T1059)
2. Privilege Escalation: Process Injection (T1055)
3. Defense Evasion: Process Injection (T1055)
4. Initial Access: Valid Accounts (T1078)
5. Persistence: Valid Accounts (T1078)
6. Privilege Escalation: Valid Accounts (T1078)
7. Defense Evasion: Masquerading (T1036)
8. Defense Evasion: Valid Accounts (T1078)
9. Initial Access: Exploit Public-Facing Application (T1190)
10. Execution: Windows Management Instrumentation (T1047)
Special Thanks
Cyentia Institute
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.08.20
https://www.linkedin.com/posts/alirezaghahrood_cyenti-attack-2023-activity-7128943170016403456-voZ-?utm_source=share&utm_medium=member_ios
Kali Purple: The Ultimate SOC in a Box!
Kali for cyber defense, blue team, and soc team! Here is a community-based project to work on kali and customized it to enable cyber defenders to:
• Practice Ops: Virtualization, firewalls, VLAN, WAF, SIEM, IDS/IPS, etc.
• Practice Red: Penetration testing of vulnerable machines while seeing what the blue team observes.
• Practice Blue: Firewall and IPS rules, SIEM analysis, dashboard development, etc
• Purple teaming: red and blue working together to develop the ultimate set of rules
• Protect: Deploy Kali-Purple to protect your network!
Kindly note that this is a community project and may not be at its best yet! Well, it may grow and become better over time! Wait, do not forget to validate it before using it.
https://gitlab.com/kalilinux/kali-purple/documentation
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.08.16
Infographics
DevOps Roadmap 2023
https://roadmap.sh/devops
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.08.15
https://www.linkedin.com/posts/alirezaghahrood_devops-roadmap-2023-activity-7127143855740588032-cOUB?utm_source=share&utm_medium=member_ios
https://osdfir.blogspot.com/2023/10/introducing-osdfir-infrastructure.html
exploit
1. CVE-2023-32707:
Splunk edit_user Capability Privilege Escalation
https://packetstormsecurity.com/files/175386/Splunk-edit_user-Capability-Privilege-Escalation.html
2. Exploit for Maltrail web service v0.53
Unauthenticated OS Command Injection (RCE)
https://github.com/spookier/Maltrail-v0.53-Exploit
3. CVE-2023-46517:
XAMPP 3.3.0 Buffer Overflow Exploit
https://github.com/ripp3rdoc/XAMPPv3.3.0-BOF
🚨 Cisco alerts about a critical UNPATCHED zero-day security vulnerability (CVE-2023-20198) in its IOS XE software that's under active exploitation.
Learn more:
https://thehackernews.com/2023/10/warning-unpatched-cisco-zero-day.html
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.08.14
#DiyakoSecureBow
————————————
Malware analysis
Updated MATA attacks industrial companies in Eastern Europe 2023
Attack detection
In September 2022, Sec experts monitoring the telemetry of security solutions using Security Network detected several dozen previously unknown malware samples
associated with the MATA cluster.
We detailed this malware platform in 2020, and have documented its use in APT attacks on multiple occasions over the past few years.
In particular, the malware samples that caught our attention contained strings indicating an organization that may have been the victim of the attack, which looked like an industrial entity in
Eastern Europe. We immediately contacted the organization that was likely to have been attacked
to communicate the risk of compromise and share information about the detected threat and the
Indicators of Compromise available at the time.
-Business Secure Continuity-
1402.08.14
——————————————————
#Attacks #cyberdefense #threatintelligence
#BusinessSecureContinuity
https://www.linkedin.com/posts/diyako-secure-bow_mata-attacks-ics-2023-activity-7126787717073362944-G1l7?utm_source=share&utm_medium=member_ios
The bug was rated a 9.4 out of 10 on the CVSS severity scale.
https://support.citrix.com/article/CTX579459/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20234966-and-cve20234967
A vulnerability in the web services interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute certain unauthorized configuration commands on a Firepower Threat Defense (FTD) device that is managed by the FMC Software.
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-cmd-inj-29MP49hN
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.08.12
exploit
1. Wyze Cam v3 RCE Exploit
https://github.com/blasty/unwyze
2. CVE-2023-5044:
Kubernetes ingress-nginx <1.9.0 - API command injection
https://raesene.github.io/blog/2023/10/29/exploiting-CVE-2023-5044
https://github.com/r0binak/CVE-2023-5044
3. CVE-2023-46747:
F5 BIG-IP unauthenticated RCE and authentication bypass
https://github.com/AliBrTab/CVE-2023-46747-POC
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.08.09
#DiyakoSecureBow
————————————
Defending Against Cyberthreats
Is More Important Than Ever
Cybercriminals continue to target dealerships with ever-evolving methods to steal user and client data, from simply stealing passwords to sophisticated
phishing schemes. Protecting your data to avoid IT-related business interruptions, ransom demands and reputation damage has never been more important. Now is the time to assess and reassess to improve your
security and be up to date on the latest cyberthreats.
For this e-book, we compiled data from dealership personnel and market research based on a recent survey conducted by CDK Global. Our goal is to provide dealerships with key insights to consider when evaluating their cybersecurity posture and ongoing strategy.
We’ve also scattered quotes from dealer participants throughout the book so you can read how other dealers are addressing cybersecurity.
“With all of the manufacturer, customer and our own
data stored, it’s extremely important to protect it all.”
Special Thanks
CDK Global
-Business Secure Continuity-
1402.08.07
——————————————————
#cyberattacks #cyberinsurance
#BusinessSecureContinuity
https://www.linkedin.com/posts/diyako-secure-bow_dealership-cyber-security-2023-activity-7124258556677120000-enB2?utm_source=share&utm_medium=member_ios
SCADA Security
Secure PLC Coding:
Top 20 Secure PLC Coding Practices
https://github.com/Fortiphyd/Secure_PLC_Coding
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.08.06
The OWASP MASVS (Mobile Application Security Verification Standard) is the industry standard for mobile app security. It can be used by mobile software architects and developers seeking to develop secure mobile applications, as well as security testers to ensure completeness and consistency of test results
https://lnkd.in/gAzKvnHM
Special Thanks
Zimperium
And
OWASP® Foundation
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.08.06
https://www.linkedin.com/posts/alirezaghahrood_state-of-mobile-app-security-2023-activity-7123873520664674304-TXEH?utm_source=share&utm_medium=member_ios
⚡ Urgent — F5 warns of a critical vulnerability (CVE-2023-46747) in BIG-IP, allowing unauthenticated remote code execution.
Learn more: https://thehackernews.com/2023/10/f5-issues-warning-big-ip-vulnerability.html
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.08.05
🚨 Urgent: Proof-of-concept (PoC) exploits have been publicly released for the recently discovered vulnerabilities in VMware Aria Operations, Citrix NetScaler ADC, and NetScaler Gateway.
Read: https://thehackernews.com/2023/10/alert-poc-exploits-released-for-citrix.html
Don't wait—apply fixes now and safeguard your systems.
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.08.03
#DiyakoSecureBow
————————————
Cybersecurity Playbook for SOC:
New vulnerability from Threat Intelligence
Undoubtedly the one you will execute most, a new vulnerability from threat intelligence.
Detection
• Threat intelligence indicates there is a new vulnerability impacting your assets.
• Here I assume the threat intelligence is already tuned to only include information relevant to your assets instead of a news broadcast of all vulnerabilities in the world. Again, this relies on an accurate and up-to-date inventory and signifies the importance of keeping the house in order.
Verification
• If there are IOC/TTP, check for attacks already happened. If attack already happened,
follow no 1.
• Use vulnerable version/configuration information to confirm the assets are
vulnerable or not.
• Check firewall rules and other security configurations to confirm possible attack vectors. This can be partially done using automated tools.
Communication
• Start triage using available vulnerability and asset criticality information. Perform escalation according to triage results and predefined escalation plan.
• Discuss mitigation strategy between SOC, risk management, and IT support teams.That can range from an immediate shutdown to wait till the next patching window, depending on many factors such as the triage result and the availability and impact of the patch/workaround.
• The mitigation strategy also needs to include preventive actions for new builds of assets in the future, such as updating patch level of system images or templates.
Action
• Execute agreed mitigation strategy.
• Track the mitigation actions to completion.
• Rescan the vulnerability to confirm closure
-Business Secure Continuity-
1402.08.02
——————————————————
#SOC #CSIRT #CERT #Splunk #SIEM
#BusinessSecureContinuity
https://www.linkedin.com/feed/update/activity:7122559686318379008