Sys-Admin InfoSec

15 Jan 2025 17:14

Console Chaos: A Campaign Targeting Publicly Exposed Management Interfaces on Fortinet FortiGate Firewalls

https://arcticwolf.com/resources/blog/console-chaos-targets-fortinet-fortigate-firewalls/

Sys-Admin InfoSec

09 Jan 2025 14:55

Phishing vs Real - Red flags 🚩

Sys-Admin InfoSec

06 Jan 2025 17:02

Inside FireScam : An Information Stealer with Spyware Capabilities

This report explores the mechanics of FireScam, a sophisticated Android malware masquerading as a Telegram Premium app. Through in-depth analysis, authors aim to shed light on its distribution methods, operational features, and the broader implications of its malicious activities.

The findings highlight the malware’s capabilities and the critical need for robust security measures to counteract such threats..:

https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Sys-Admin InfoSec

23 Dec 2024 11:53

PentestGPT – A ChatGPT Powered Automated Penetration Testing Tool

https://gbhackers.com/pentestgpt/

Sys-Admin InfoSec

11 Dec 2024 17:38

Compromises Critical Digital Infrastructure via Visual Studio Code Tunnels

https://www.sentinelone.com/labs/operation-digital-eye-chinese-apt-compromises-critical-digital-infrastructure-via-visual-studio-code-tunnels/

Sys-Admin InfoSec

02 Dec 2024 15:44

LogoFAIL Exploited to Deploy Bootkitty, the first UEFI bootkit for Linux

https://www.binarly.io/blog/logofail-exploited-to-deploy-bootkitty-the-first-uefi-bootkit-for-linux

Sys-Admin InfoSec

26 Nov 2024 12:01

IT workers masquerade as individuals from different countries to perform legitimate IT work and hack employers, focus areas are:

- Stealing money or cryptocurrency
- Stealing information pertaining to weapons systems, sanctions information, and policy-related decisions
- Performing IT work to generate revenue to help fund various activities

About of masquerading, social engeneering and not only:

https://www.microsoft.com/en-us/security/blog/2024/11/22/microsoft-shares-latest-intelligence-on-north-korean-and-chinese-threat-actors-at-cyberwarcon/

Sys-Admin InfoSec

22 Nov 2024 10:32

2000+ Palo Alto Firewalls Hacked Exploiting New Vulnerabilities

https://cybersecuritynews.com/2000-palo-alto-firewalls-hacked/

Sys-Admin InfoSec

21 Nov 2024 09:25

Ghost Tap: New cash-out tactic with NFC Relay

https://www.threatfabric.com/blogs/ghost-tap-new-cash-out-tactic-with-nfc-relay

Sys-Admin InfoSec

19 Nov 2024 03:23

Malicious Facebook Ad Campaign Targeting Bitwarden Users

https://www.bitdefender.com/en-us/blog/labs/inside-bitdefender-labs-investigation-of-a-malicious-facebook-ad-campaign-targeting-bitwarden-users

Sys-Admin InfoSec

18 Nov 2024 12:21

8 Free CyberSec & Networking Courses From Cisco

It may be useful to refresh your knowledge or learn something new:It may be useful to refresh your knowledge or learn something new:

1 Ethical Hacker
2 Junior Cybersecurity Analyst
3 Endpoint Security
4 Cyber Threat Management
5 Introduction to Cybersecurity
6 Network Defense
7 Network Addressing and Basic Troubleshooting
8 Networking Essentials

Sys-Admin InfoSec

15 Nov 2024 13:03

Stealthy Attributes of APT Lazarus: Evading Detection with Extended Attributes

https://www.group-ib.com/blog/stealthy-attributes-of-apt-lazarus/

Sys-Admin InfoSec

13 Nov 2024 03:27

APT Actors Embed Malware within macOS Flutter Applications

https://www.jamf.com/blog/jamf-threat-labs-apt-actors-embed-malware-within-macos-flutter-applications/

Sys-Admin InfoSec

11 Nov 2024 17:42

Attackers Abuse DocuSign API to Send Authentic-Looking Invoices At Scale

https://lab.wallarm.com/attackers-abuse-docusign-api-to-send-authentic-looking-invoices-at-scale/

Sys-Admin InfoSec

11 Nov 2024 10:15

Linux Foundation курс/сертификацию есть возможность получить бесплатно (а ценники там норм), еще есть время до конца недели. На всякий случаю дублирую сюда.

/channel/sysadm_in_up/2272

Sys-Admin InfoSec

15 Jan 2025 03:30

Analyzing CVE-2024-44243, a macOS System Integrity Protection bypass through kernel extensions

https://www.microsoft.com/en-us/security/blog/2025/01/13/analyzing-cve-2024-44243-a-macos-system-integrity-protection-bypass-through-kernel-extensions/

Sys-Admin InfoSec

08 Jan 2025 06:26

99.999999% probability AI will end humanity.

Vitalik Buterin proposes a "global soft pause button" to cut AI computing power by 90-99% for 1-2 years — giving ample time to prepare for potential existential doom

Fully agree. Scynet coming:

https://www.windowscentral.com/software-apps/vitalik-buterin-proposes-a-global-soft-pause-button-to-cut-ai

Sys-Admin InfoSec

25 Dec 2024 14:32

Weaponizing WDAC: Killing the Dreams of EDR

Windows Defender Application Control (WDAC) is a technology introduced with and automatically enabled by default on Windows 10+ and Windows Server 2016+ that allows organizations fine grained control over the executable code that is permitted to run on their Windows machines...:

https://beierle.win/2024-12-20-Weaponizing-WDAC-Killing-the-Dreams-of-EDR/

Sys-Admin InfoSec

17 Dec 2024 11:54

DeceptionAds — Fake Captcha Driving Infostealer Infections and a Glimpse to the Dark Side of Internet Advertising

The Fake-Captcha Lumma Stealer Campaign

https://labs.guard.io/deceptionads-fake-captcha-driving-infostealer-infections-and-a-glimpse-to-the-dark-side-of-0c516f4dc0b6

Sys-Admin InfoSec

09 Dec 2024 11:06

Meeten Malware: A Cross-Platform Threat to Crypto Wallets on macOS and Windows

https://www.cadosecurity.com/blog/meeten-malware-threat

Sys-Admin InfoSec

02 Dec 2024 06:59

SpyLoan: A Global Threat Exploiting Social Engineering

https://www.mcafee.com/blogs/other-blogs/mcafee-labs/spyloan-a-global-threat-exploiting-social-engineering/

Sys-Admin InfoSec

25 Nov 2024 08:34

When Guardians Become Predators: How Malware Corrupts the Protectors

https://www.trellix.com/blogs/research/when-guardians-become-predators-how-malware-corrupts-the-protectors/

Sys-Admin InfoSec

22 Nov 2024 03:57

CWE Top 25 Most Dangerous Software Weaknesses from MITRE

https://cwe.mitre.org/top25/

list items:
- https://cwe.mitre.org/top25/archive/2024/2024_cwe_top25.html

Sys-Admin InfoSec

20 Nov 2024 13:09

ModeLeak: Privilege Escalation to LLM Model Exfiltration in Vertex AI

https://unit42.paloaltonetworks.com/privilege-escalation-llm-model-exfil-vertex-ai/

Sys-Admin InfoSec

18 Nov 2024 14:22

Prompt Injecting Your Way To Shell: OpenAI's Containerized ChatGPT Environment

https://0din.ai/blog/prompt-injecting-your-way-to-shell-openai-s-containerized-chatgpt-environment

Sys-Admin InfoSec

18 Nov 2024 08:51

BrazenBamboo Weaponizes FortiClient Vulnerability to Steal VPN Credentials via DEEPDATA

https://www.volexity.com/blog/2024/11/15/brazenbamboo-weaponizes-forticlient-vulnerability-to-steal-vpn-credentials-via-deepdata/

Sys-Admin InfoSec

14 Nov 2024 06:34

🏎 OpenBLD.net – Engine for a Faster Internet

Increased throughput with the newest Gears in the racing engine of OpenBLD.net. Some Gears have been rewritten or built from scratch:

• Synchronous processing of block lists
• Caching of blocking events
• Updated caching system — the log enricher now has its own cache
• Enhanced request processing system
• New health-checking system for upstream servers, with response time detection
• Improved load balancing, routing requests to servers with the lowest response time
• Optimized parallel DNS request handling, delivering the fastest response

I hope these features will help us save valuable time online while the OpenBLD.net system's gears run smoothly under the hood.

What's Gears?

Gears are the components of the OpenBLD.net system that help to customize online experiences.

If you notice any “engine misfires,” please let me know. I’m always open to constructive feedback.

Wishing everyone a safe journey across the internet! ✌️

Sys-Admin InfoSec

12 Nov 2024 10:05

Hacker Leaks Employee Data from Amazon, McDonald’s, HSBC, HP, and Potentially 1000+ Other Companies

https://www.infostealers.com/article/massive-moveit-vulnerability-breach-hacker-leaks-employee-data-from-amazon-mcdonalds-hsbc-hp-and-potentially-1000-other-companies/

Sys-Admin InfoSec

11 Nov 2024 14:59

SpyNote: Unmasking a Sophisticated Android Malware

This version of SpyNote is being distributed as a fake Avast antivirus (Avastavv.apk) for the Android platform on a phishing site..:

https://www.cyfirma.com/research/spynote-unmasking-a-sophisticated-android-malware/

Sys-Admin InfoSec

08 Nov 2024 13:35

Malicious Python Package Typosquats Popular 'fabric' SSH Library, Exfiltrates AWS Credentials

https://socket.dev/blog/malicious-python-package-typosquats-fabric-ssh-library