16255
@cissp International channel 4 Transmission Knowledge In the Field of Cyber Security with a Focus on the Content of the CISSP-ISC2 Course - - - - - - - - - - +also group: https://t.me/cisspgroup ————————— @alirezaghahrood
#DiyakoSecureBow
———————————
Q2 2023
Global Market Insights Report:
Catastrophic weather events led to extraordinary losses and market conservatism
The first half of 2023 proved monumental for natural catastrophe risk — especially, climate-related events
— as economic losses stemming from natural disasters globally reached $194 billion — well above the first half average of $128 billion for the 21st century. Key events contributing to the record-breaking total include
https://publications.aon.com/q2-2023-global-market-insights/
Special Thanks
Aon
-Business Secure Continuity-
1402.09.04
——————————————————
#cybersecurity #globalbranding #reporting
#BusinessSecureContinuity
https://www.linkedin.com/posts/diyako-secure-bow_cover-q2-2023-global-market-insights-activity-7134043026187808768--4Kx?utm_source=share&utm_medium=member_ios
National Security Agency (NSA) Military Cryptanalytics
Part III by Lambros D. Callimahos, O
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.08.29
🚨 Federal agencies and organizations, listen up!
CISA has set a critical ⏰ deadline of November 17, 2023. Secure your systems against 🛡️ security flaws in Juniper Junos OS discovered in August.
Read: https://thehackernews.com/2023/11/cisa-sets-deadline-patch-juniper-junos.html
Audit Db:
https://github.com/CompassSecurity/mssqlrelay
🛡️ Microsoft's November 2023 Security Update:
🔐 63 vulnerabilities addressed
🚨 5 zero-days
💥 3 actively exploited in-the-wild
📊 Severity ratings: 3 Critical, 56 Important, 4 Moderate
Get the scoop on the latest vulnerabilities: https://thehackernews.com/2023/11/alert-microsoft-releases-patch-updates.html
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.08.24
#DiyakoSecureBow
————————————
Analytics
Threat Research
Microsoft 2023 Digital Defense Report
Special Thanks
Microsoft
-Business Secure Continuity-
1402.08.24
——————————————————
#cyberattack #microsoft #threatintelligence
#BusinessSecureContinuity
https://www.linkedin.com/posts/diyako-secure-bow_mddr-cybersec-report-2023-activity-7130411596127862786-fE3I?utm_source=share&utm_medium=member_ios
Mexploit
Threat Research
1. Cisco IOS XE system WebUI unauthorized command execution vulnerability analysis
https://paper.seebug.org/3072
2. CVE-2023-44275/CVE-2023-44276:
Vulnerabilities in OPNsense
(FreeBSD-based firewall routing OS)
https://x41-dsec.de/lab/advisories/x41-2023-001-opnsense
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.08.22
#DiyakoSecureBow
————————————
tools
WebApp Security
ELECTRONizing macOS privacy:
A New Weapon in Your Red Teaming Armory 2023.
Special Thanks
Wojciech Reguła
https://github.com/r3ggi/electroniz3r
-Business Secure Continuity-
1402.08.21
——————————————————
#ios #redteaming #cybersecurity
#BusinessSecureContinuity
https://www.linkedin.com/posts/diyako-secure-bow_mobile-cyber-security-2023-activity-7129315515008704512-gX44?utm_source=share&utm_medium=member_ios
Analytics
Multi-Source Analysis of Top MITRE ATT&CK Techniques 2023.
“HOW WILL ADVERSARIES ATTACK US AND WHAT DEFENSES SHOULD WE PRIORITIZE?”
If you work in cybersecurity, chances are good you’ve asked—or been asked—a question like this one. The good news is that there’s more information available than ever before to help answer that question. But that doesn’t mean answering it is easy.
MITRE ATT&CK® is a knowledge base of adversary tactics and techniques based on real-world observations. Its purpose is to serve as a foundation for threat models and methodologies leading to more effective cybersecurity.
More and more cybersecurity industry reports include statistics on observed ATT&CK techniques. That’s great in terms of having more data available for defenders and decision-makers, but a challenge arises to establish consensus among them regarding the most common techniques. Sources differ greatly in their visibility of ATT&CK, what they measure, how they report information, etc.
This study analyzes 22 public sources of ATT&CK statistics to find common trends among them. Our goal is to aid organizations in building a more threat-informed defens
Ten Most Reported Techniques
1. Execution: Command & Scripting Interpreter (T1059)
2. Privilege Escalation: Process Injection (T1055)
3. Defense Evasion: Process Injection (T1055)
4. Initial Access: Valid Accounts (T1078)
5. Persistence: Valid Accounts (T1078)
6. Privilege Escalation: Valid Accounts (T1078)
7. Defense Evasion: Masquerading (T1036)
8. Defense Evasion: Valid Accounts (T1078)
9. Initial Access: Exploit Public-Facing Application (T1190)
10. Execution: Windows Management Instrumentation (T1047)
Special Thanks
Cyentia Institute
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.08.20
https://www.linkedin.com/posts/alirezaghahrood_cyenti-attack-2023-activity-7128943170016403456-voZ-?utm_source=share&utm_medium=member_ios
Kali Purple: The Ultimate SOC in a Box!
Kali for cyber defense, blue team, and soc team! Here is a community-based project to work on kali and customized it to enable cyber defenders to:
• Practice Ops: Virtualization, firewalls, VLAN, WAF, SIEM, IDS/IPS, etc.
• Practice Red: Penetration testing of vulnerable machines while seeing what the blue team observes.
• Practice Blue: Firewall and IPS rules, SIEM analysis, dashboard development, etc
• Purple teaming: red and blue working together to develop the ultimate set of rules
• Protect: Deploy Kali-Purple to protect your network!
Kindly note that this is a community project and may not be at its best yet! Well, it may grow and become better over time! Wait, do not forget to validate it before using it.
https://gitlab.com/kalilinux/kali-purple/documentation
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.08.16
Infographics
DevOps Roadmap 2023
https://roadmap.sh/devops
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.08.15
https://www.linkedin.com/posts/alirezaghahrood_devops-roadmap-2023-activity-7127143855740588032-cOUB?utm_source=share&utm_medium=member_ios
https://osdfir.blogspot.com/2023/10/introducing-osdfir-infrastructure.html
exploit
1. CVE-2023-32707:
Splunk edit_user Capability Privilege Escalation
https://packetstormsecurity.com/files/175386/Splunk-edit_user-Capability-Privilege-Escalation.html
2. Exploit for Maltrail web service v0.53
Unauthenticated OS Command Injection (RCE)
https://github.com/spookier/Maltrail-v0.53-Exploit
3. CVE-2023-46517:
XAMPP 3.3.0 Buffer Overflow Exploit
https://github.com/ripp3rdoc/XAMPPv3.3.0-BOF
🚨 Cisco alerts about a critical UNPATCHED zero-day security vulnerability (CVE-2023-20198) in its IOS XE software that's under active exploitation.
Learn more:
https://thehackernews.com/2023/10/warning-unpatched-cisco-zero-day.html
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.08.14
#DiyakoSecureBow
————————————
Malware analysis
Updated MATA attacks industrial companies in Eastern Europe 2023
Attack detection
In September 2022, Sec experts monitoring the telemetry of security solutions using Security Network detected several dozen previously unknown malware samples
associated with the MATA cluster.
We detailed this malware platform in 2020, and have documented its use in APT attacks on multiple occasions over the past few years.
In particular, the malware samples that caught our attention contained strings indicating an organization that may have been the victim of the attack, which looked like an industrial entity in
Eastern Europe. We immediately contacted the organization that was likely to have been attacked
to communicate the risk of compromise and share information about the detected threat and the
Indicators of Compromise available at the time.
-Business Secure Continuity-
1402.08.14
——————————————————
#Attacks #cyberdefense #threatintelligence
#BusinessSecureContinuity
https://www.linkedin.com/posts/diyako-secure-bow_mata-attacks-ics-2023-activity-7126787717073362944-G1l7?utm_source=share&utm_medium=member_ios
The bug was rated a 9.4 out of 10 on the CVSS severity scale.
https://support.citrix.com/article/CTX579459/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20234966-and-cve20234967
A vulnerability in the web services interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute certain unauthorized configuration commands on a Firepower Threat Defense (FTD) device that is managed by the FMC Software.
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-cmd-inj-29MP49hN
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.08.12
exploit
1. Wyze Cam v3 RCE Exploit
https://github.com/blasty/unwyze
2. CVE-2023-5044:
Kubernetes ingress-nginx <1.9.0 - API command injection
https://raesene.github.io/blog/2023/10/29/exploiting-CVE-2023-5044
https://github.com/r0binak/CVE-2023-5044
3. CVE-2023-46747:
F5 BIG-IP unauthenticated RCE and authentication bypass
https://github.com/AliBrTab/CVE-2023-46747-POC
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.08.09
#DiyakoSecureBow
————————————
Defending Against Cyberthreats
Is More Important Than Ever
Cybercriminals continue to target dealerships with ever-evolving methods to steal user and client data, from simply stealing passwords to sophisticated
phishing schemes. Protecting your data to avoid IT-related business interruptions, ransom demands and reputation damage has never been more important. Now is the time to assess and reassess to improve your
security and be up to date on the latest cyberthreats.
For this e-book, we compiled data from dealership personnel and market research based on a recent survey conducted by CDK Global. Our goal is to provide dealerships with key insights to consider when evaluating their cybersecurity posture and ongoing strategy.
We’ve also scattered quotes from dealer participants throughout the book so you can read how other dealers are addressing cybersecurity.
“With all of the manufacturer, customer and our own
data stored, it’s extremely important to protect it all.”
Special Thanks
CDK Global
-Business Secure Continuity-
1402.08.07
——————————————————
#cyberattacks #cyberinsurance
#BusinessSecureContinuity
https://www.linkedin.com/posts/diyako-secure-bow_dealership-cyber-security-2023-activity-7124258556677120000-enB2?utm_source=share&utm_medium=member_ios
SCADA Security
Secure PLC Coding:
Top 20 Secure PLC Coding Practices
https://github.com/Fortiphyd/Secure_PLC_Coding
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.08.06
🔒 Critical Security Alert: Threat actors, including LockBit ransomware affiliates, exploit the Citrix NetScaler flaw ("Citrix Bleed") to hijack user sessions and gain unauthorized access.
Learn more in this article:
https://thehackernews.com/2023/11/lockbit-ransomware-exploiting-critical.html
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.09.02
#DiyakoSecureBow
———————————
Attractive cyber security magazine
Special Thanks
tahawul tech
-Business Secure Continuity-
1402.08.29
——————————————————
#cybersecurity #cryptography
#BusinessSecureContinuity
https://www.linkedin.com/posts/diyako-secure-bow_mag-cyber-security-2023-activity-7132215219241545728-QPPP?utm_source=share&utm_medium=member_ios
Infographics
WiFi Hacking MindMap ver.1 2023.
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.08.24
https://www.linkedin.com/posts/alirezaghahrood_wfi-hack-mindmap-2023-activity-7130413713991368704-rnWF?utm_source=share&utm_medium=member_ios
Analytics
DFIR
Trends in Cybersecurity Breach Disclosures A12-Year Review 2023.
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.08.23
https://www.linkedin.com/posts/alirezaghahrood_12-y-review-cyber-security-2023-activity-7130045611394899969-U72B?utm_source=share&utm_medium=member_ios
#DiyakoSecureBow
————————————
Analytics
Ransomware and Extortion Report 2023:
Threat actors are increasingly employing extortion techniques to gain leverage over targeted organizations and accomplish their goals. While much attention has been paid to ransomware in recent years, modern threat actors increasingly use additional extortion techniques
to coerce targets into paying—or dispense with ransomware altogether and practice extortion on
its own.
While in many cases the motivation is financial, Unit 42 also sees indications that extortion can
happen in service of a group’s larger goals—sometimes simply to fund other activities, but other times to distract from them.
Special thanks
Palo Alto Networks
Palo Alto Networks Education Services
-Business Secure Continuity-
1402.08.22
——————————————————
#malware #cyberattack #unit42
#BusinessSecureContinuity
#DiyakoSecureBow
————————————
exploit
1. CVE-2023-32031:
MS Exchange PowerShell backend RCE
https://github.com/Avento/CVE-2023-32031
2. CVE-2021-43609:
The full exploit chain is SQLi > RCE
https://github.com/d5sec/CVE-2021-43609-POC
-Business Secure Continuity-
1402.08.20
——————————————————
#cyberattack #exploit #rce #exchange
#BusinessSecureContinuity
https://www.linkedin.com/posts/diyako-secure-bow_github-aventocve-2023-32031-cve-2023-activity-7129082639319207936-eU3A?utm_source=share&utm_medium=member_ios
⚠️ Alert: Critical vulnerabilities discovered in Veeam's IT monitoring platform. Protect your system with the latest fix.
Details here:
https://thehackernews.com/2023/11/critical-flaws-discovered-in-veeam-one.html
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.08.16
#DiyakoSecureBow
————————————
is our pleasure to provide you with Red Canary’s 2023 Threat Detection Report. Our fifth annual retrospective, this report is based on in-depth analysis of nearly 40,000 threats detected across our 800+ customers’ endpoints, networks, cloud workloads, identities, and SaaS applications over the past year. This report provides you with a comprehensive view of this threat landscape, including
new twists on existing adversary techniques, and the trends that our team has observed as adversaries continue to organize, commoditize, and ratchet up their cybercrime operations.
As the technology that we rely on to conduct business continues to evolve, so do the threats that we face. Here’s what’s new in this year’s report:
Cloud and identity attacks are becoming more prevalent across our customers’ environments and appear for the first time in this report.
Our unique visibility into email attacks, still the leading initial access vector used by adversaries, has put us in a position to detect even more attacks at earlier stages.
Mitigation guidance to limit adversaries’ effectiveness.
Adversary simulation and other authorized testing are excluded from our data set, leading to a more accurate representation of the threat landscape.
What’s old is new: Raspberry Robin, a USB-based threat first discovered by Red Canary, continues to evolve and we provide updated research.
HOW TO USE THIS REPORT
• Explore the most prevalent and impactful threats, techniques, and trends that we’ve observed.
• Note how adversaries are evolving their tradecraft as organizations continue their shift to cloud-based identity, infrastructure, and applications.
• Learn how to emulate, mitigate, and detect specific threats and techniques.
• Shape and inform your readiness, detection, and response to critical threats.
Acknowledgements
Thanks to the 100+ security experts, writers, editors, designers, developers, and project managers who invested countless hours to produce this report. And a huge thanks to the MITRE ATT&CK® team, whose framework has helped the community take a giant leap forward in understanding and tracking adversary behaviors. Also a huge thanks to all the Canaries—past and present—who have worked on past Threat Detection Reports over the last five years. The Threat Detection Report is iterative, and parts of the 2023 report are derived from previous years. This report wouldn’t be possible without all of you!
Special thanks to the following Canaries who contributed to this year’s report
Special Thanks❤️🙏✌🏼
MITRE MITRE ATT&CK
Red Canary
-Business Secure Continuity-
1402.08.16
——————————————————
#cyberattack #mitreattack #redcanary
#BusinessSecureContinuity
https://www.linkedin.com/posts/diyako-secure-bow_threat-detect-report-2023-activity-7127527592265420800-EBS9?utm_source=share&utm_medium=member_ios
#DiyakoSecureBow
————————————
Analytics
ENISA Threat Landscape 2023
the latter part of 2022 and the first half of 2023, the cybersecurity landscape witnessed a significant increase in both the variety and quantity of cyberattacks and their consequences. The ongoing war of aggression against Ukraine continued to influence the landscape.
Hacktivism has expanded with the emergence of new groups, while ransomware incidents surged in the first half of 2023 and showed no signs of slowing down. The prime threats identified and analysed include:
• Ransomware
• Malware
• Social engineering
• Threats against data
• Threats against availability: Denial of Service
• Threat against availability: Internet threats
• Information manipulation and interference
• Supply chain attacks
-Business Secure Continuity-
1402.08.15
——————————————————
#enisa #cyberattack #cybersecurity
#BusinessSecureContinuity
https://www.linkedin.com/posts/diyako-secure-bow_threat-landscape-2023-activity-7127142105214259200-2HMf?utm_source=share&utm_medium=member_ios
tools
Offensive security
Attack on the EventLog Process
https://nothingspecialforu.github.io/EvtPsstBlog
https://github.com/nothingspecialforu/EvtPsst
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.08.14
#DiyakoSecureBow
————————————
Red Team Tactics
Modern Initial Access and Evasion Tactics 2023.
Special Thanks
Mariusz Banach ❤️🙏✌🏼
-Business Secure Continuity-
1402.08.13
—————————————————
#offensivesecurity #redteaming
#BusinessSecureContinuity
https://www.linkedin.com/posts/diyako-secure-bow_red-team-tactics-2023-activity-7126434891113619456-iDpk?utm_source=share&utm_medium=member_ios
⚠️ Alert! Atlassian warns of critical flaw (CVE-2023-22518) in Confluence Data Center and Server. Disconnect publicly accessible instances until patched to avoid data loss.
Learn more:
https://thehackernews.com/2023/10/atlassian-warns-of-new-critical.html
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.08.09
Offensive security
Red Team Tactics
NoFilter: Abusing Windows Filtering Platform for privilege escalation 2023.
https://github.com/deepinstinct/NoFilter
Special Thanks
Ron Ben Yizhak
Deep Instinct
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.08.07
https://www.linkedin.com/posts/alirezaghahrood_no-filter-cyber-securtity-2023-activity-7124453825620402176-WBMP?utm_source=share&utm_medium=member_ios
https://x.com/alirezaghahrood/status/1718688774102667471?s=46&t=lFvs7vGDLtDfxDuLTS1UGw
Threat Research
5G Network Security
The Network Effect of Telecommunications Vulnerabilities for Location Disclosure
https://citizenlab.ca/2023/10/finding-you-teleco-vulnerabilities-for-location-disclosure
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.08.07
#DiyakoSecureBow
————————————
exploit
Red Team Tactics
ndays are also 0days:
Can hackers launch 0day RCE attack on popular software only with chromium ndays?", DEFCON 31.
-Business Secure Continuity-
1402.08.06
——————————————————
#vulnerability #rce #cyberdefense
#BusinessSecureContinuity
https://www.linkedin.com/posts/diyako-secure-bow_0day-rce-2023-activity-7123865964982476800-G79T?utm_source=share&utm_medium=member_ios