Sys-Admin InfoSec

13 Jun 2024 13:02

/ AutoIt Delivering Vidar Stealer Via Drive-by Downloads

Dangerous KMSPico activator tool..:

https://www.esentire.com/blog/autoit-delivering-vidar-stealer-via-drive-by-downloads

Sys-Admin InfoSec

13 Jun 2024 05:11

/ FortiOS RCE

Multiple stack-based buffer overflow vulnerabilities [CWE-121] in the command line interpreter of FortiOS may allow an authenticated attacker to execute unauthorized code or commands via specially crafted command line arguments:

https://www.fortiguard.com/psirt/FG-IR-23-460

Sys-Admin InfoSec

11 Jun 2024 10:43

/ Bypassing 2FA with phishing and OTP bots

https://securelist.com/2fa-phishing/112805/

Sys-Admin InfoSec

07 Jun 2024 09:27

/ Muhstik Malware Targets Message Queuing Services Applications

https://www.aquasec.com/blog/muhstik-malware-targets-message-queuing-services-applications/

Sys-Admin InfoSec

05 Jun 2024 11:55

/ PikaBot: a Guide to its Deep Secrets and Operations

PikaBot is a malware loader... several sources reported that successful PikaBot compromises led to the deployment of the Black Basta ransomware...

This article provides an in-depth analysis of PikaBot, focusing on its anti-analysis techniques implemented in the different malware stages. Additionally, this report shares technical details on PikaBot C2 infrastructure:

https://blog.sekoia.io/pikabot-a-guide-to-its-deep-secrets-and-operations/

Sys-Admin InfoSec

31 May 2024 04:29

Chrome Manifest v2 RIP coming soon . Google has set the first date for getting rid of the manifest for this version.

Starting on June 3 on the Chrome Beta, Dev and Canary channels, if users still have Manifest V2 extensions installed, some will start to see a warning banner when visiting their extension management page..:

https://blog.chromium.org/2024/05/manifest-v2-phase-out-begins.html

Sys-Admin InfoSec

29 May 2024 08:36

/ Technical Analysis of Anatsa Campaigns: An Android Banking Malware Active in the Google Play Store

https://www.zscaler.com/blogs/security-research/technical-analysis-anatsa-campaigns-android-banking-malware-active-google

Sys-Admin InfoSec

27 May 2024 08:25

/ Threat actors ride the hype for newly released Arc browser

https://www.threatdown.com/blog/threat-actors-ride-the-hype-for-newly-released-arc-browser/

Sys-Admin InfoSec

23 May 2024 13:51

📢 Открытые практикумы DevOps, Linux, Networks, Golang: Расписание на неделю

• 27 мая Golang: Начало работы с gRPC в Golang (Сергей Парамошкин – Технический менеджер Яндекс.облако)
• 28 мая Security: Безопасность Docker (Алексей Федулаев – DevSecOps Lead Wildberries)
• 29 мая Linux: DHCP-сервер на Kea (Даниил Батурин – Основатель проекта VyOS)
• 30 мая DevOps: Фильтрация пакетов с помощью nftables (Николай Лавлинский – Технический директор)

Детали ↘ Здесь

Sys-Admin InfoSec

22 May 2024 10:12

Как чувство осознанности может повлиять на безопасность жизни?

Мое интервью на тему кибербезопасности, как можно обезопасить себя, свое окружение, следить за собой - быть осторожным.

Отдельное спасибо хочу выразить авторам проекта Commutator Казахстан - Узлу связи между государством, бизнесом, обществом и масс-медиа и в частности Татьяне Бендзь за интересно поднятую тему.

Как вести себя с умными колонками, что делать нашим бабушкам и дедушкам в эпоху цифровизации, что такое OpenBLD.net и зачем существует этот проект.

Приятного и полезного просмотра (титры на Казахском, Русском языках присутствуют):

- https://youtu.be/MxWD1N0Bmv8?si=nSmTxUH_AAzsng-5

Детали проекта Commutator о чем он, множество других интересных интервью можно посмотреть на официальном сайте проекта:

- https://commutator.tilda.ws/

Sys-Admin InfoSec

21 May 2024 10:05

Git CVE-2024-32002 - This allows writing a hook that will be executed while the clone operation is still running, giving the user no opportunity to inspect the code that is being executed

Got vesrsions: 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, 2.39.4

git config --global core.symlinks false can be disable this attack vector

https://nvd.nist.gov/vuln/detail/CVE-2024-32002

PoC: https://github.com/szybnev/git_rce/blob/main/create_poc.sh

P.S. Thx Tatyana for the reporting ✌️

Sys-Admin InfoSec

17 May 2024 11:35

/ Threat actors misusing Quick Assist in social engineering attacks leading to ransomware

https://www.microsoft.com/en-us/security/blog/2024/05/15/threat-actors-misusing-quick-assist-in-social-engineering-attacks-leading-to-ransomware/

Sys-Admin InfoSec

17 May 2024 04:55

/ New WiFi Vulnerability: The SSID Confusion Attack

This vulnerability exploits a design flaw in the WiFi standard, allowing attackers to trick WiFi clients on any operating system into connecting to a untrusted network:

https://www.top10vpn.com/research/wifi-vulnerability-ssid/

Sys-Admin InfoSec

16 May 2024 05:25

/ Detecting Compromise of CVE-2024-3400 on Palo Alto Networks GlobalProtect Devices

This blog post aims to provide details on methods for investigating potentially compromised Palo Alto Networks firewall devices and a general approach towards edge device threat detection.

- Detecting Compromise
- Memory Analysis

https://www.volexity.com/blog/2024/05/15/detecting-compromise-of-cve-2024-3400-on-palo-alto-networks-globalprotect-devices/

Sys-Admin InfoSec

14 May 2024 19:15

/ Trusted Brands and Sponsored Google Ads to Distribute MSIX Payloads

Researchers discovered some of the most dangerous threats – including the Kaseya MSP breach and the more_eggs malware...

https://www.esentire.com/blog/fin7-uses-trusted-brands-and-sponsored-google-ads-to-distribute-msix-payloads

Sys-Admin InfoSec

13 Jun 2024 05:13

Аутлук или Оутглюк? Ясно одно - открыв письмо из него можно словить два эффекта одновременно: Critical Microsoft Outlook Vulnerability Executes as Email is Opened:

https://blog.morphisec.com/cve-2024-30103-microsoft-outlook-vulnerability

Sys-Admin InfoSec

12 Jun 2024 04:20

/ Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30080

Sys-Admin InfoSec

10 Jun 2024 07:52

/ 1/6 | How We Hacked Multi-Billion Dollar Companies in 30 Minutes Using a Fake VSCode Extension

amitassaraf/the-story-of-extensiontotal-how-we-hacked-the-vscode-marketplace-5c6e66a0e9d7" rel="nofollow">https://medium.com/@amitassaraf/the-story-of-extensiontotal-how-we-hacked-the-vscode-marketplace-5c6e66a0e9d7

Sys-Admin InfoSec

06 Jun 2024 09:45

📢 Открытые практикумы DevOps, Linux, Networks, Golang: Расписание на неделю
⁠
• 10 июня Networks: Системы мониторинга VoIP
• 11 июня Linux: Низкоуровневые интерфейсы Linux
• 13 июня DevOps: Мониторинг и нагрузочное тестирование Angie

Детали ↘ Здесь

Sys-Admin InfoSec

31 May 2024 16:26

/ ShrinkLocker: Turning BitLocker into ransomware

https://securelist.com/ransomware-abuses-bitlocker/112643/

Sys-Admin InfoSec

30 May 2024 17:27

/ The Pumpkin Eclipse or “Chalubo” - remote access trojan (RAT)

Lumen Technologies’ Black Lotus Labs identified a destructive event, as over 600,000 small office/home office (SOHO) routers were taken offline belonging to a single internet service provider (ISP)..:

https://blog.lumen.com/the-pumpkin-eclipse/

Sys-Admin InfoSec

28 May 2024 12:55

/ Remote Command Execution on TP-Link Archer C5400X

https://onekey.com/blog/security-advisory-remote-command-execution-on-tp-link-archer-c5400x/

Sys-Admin InfoSec

23 May 2024 17:22

/ Infiltrating Defenses: Abusing VMware in MITRE’s Cyber Intrusion

Technical details of new behavior employed by the adversary, who aligns with Google Mandiant’s UNC5221, and how the BRICKSTORM backdoor and BEEFLUSH web shell abused VMs in VMware through a privileged user account, VPXUSER, to establish persistence within the impacted environment. Will also provide detection scripts, from MITRE and CrowdStrike, to find this activity in other environments and go over how Secure Boot serves as a barrier against the adversary technique..:

https://medium.com/mitre-engenuity/infiltrating-defenses-abusing-vmware-in-mitres-cyber-intrusion-4ea647b83f5b

Sys-Admin InfoSec

23 May 2024 10:24

/ Invisible miners: unveiling GHOSTENGINE’s crypto mining operations

https://www.elastic.co/security-labs/invisible-miners-unveiling-ghostengine

Sys-Admin InfoSec

21 May 2024 10:30

🟢OpenBLD.net Implemented OISD blocklist

OISD is a one of better projects aimed to reduce internet noise.

What is this oisd blocklist?

The blocklist prevents your devices from connecting to unwanted or harmful domains. It reduces ads, decreases the risk of malware, and enhances privacy.

You can use OISD without exclusions, without additional blocklist - just only OISD in OpenBLD.net as DoH link in RIC mode:

https://ric.openbld.net/dns-query/oisd

See details here:

- https://openbld.net/docs/get-started/third-party-filters/oisd/

Happy Internet surfing! ✌️

Sys-Admin InfoSec

20 May 2024 08:19

/ New Antidot Android Banking Trojan Masquerading as Fake Google Play Updates

https://cyble.com/blog/new-antidot-android-banking-trojan-masquerading-as-google-play-updates/

Sys-Admin InfoSec

17 May 2024 07:04

The incident response cycle, applied to ransomware

Sys-Admin InfoSec

16 May 2024 09:45

📢 DevOps, Linux, Networks и Golang by Rebrain: Расписание практикумов на неделю
⁠
• 21 мая Networks: Глубокое погружение в VoIP: Kamailio (Часть 2)
• 22 мая Linux: Определение нагрузки на сервер и поиск узких мест производительности
• 23 мая Networks: Фильтрация, блокировки и взаимодействие с провайдером
• 24 мая DevOps: Настройка firewall с помощью IPTables - 2

Детали: ↘ Здесь
⁠

Sys-Admin InfoSec

15 May 2024 04:13

/ Windows DWM Core Library Elevation of Privilege Vulnerability

CVE-2024-30051. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges..:

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30051

Sys-Admin InfoSec

14 May 2024 09:09

/ Apple Fixed Security Issues in iOS, iPadOS, macOS

- An app may be able to access user-sensitive data in iOS/iPadOS
- A malicious application may be able to access Find My data in macOS