Sys-Admin InfoSec

22 Nov 2024 10:32

2000+ Palo Alto Firewalls Hacked Exploiting New Vulnerabilities

https://cybersecuritynews.com/2000-palo-alto-firewalls-hacked/

Sys-Admin InfoSec

21 Nov 2024 09:25

Ghost Tap: New cash-out tactic with NFC Relay

https://www.threatfabric.com/blogs/ghost-tap-new-cash-out-tactic-with-nfc-relay

Sys-Admin InfoSec

19 Nov 2024 03:23

Malicious Facebook Ad Campaign Targeting Bitwarden Users

https://www.bitdefender.com/en-us/blog/labs/inside-bitdefender-labs-investigation-of-a-malicious-facebook-ad-campaign-targeting-bitwarden-users

Sys-Admin InfoSec

18 Nov 2024 12:21

8 Free CyberSec & Networking Courses From Cisco

It may be useful to refresh your knowledge or learn something new:It may be useful to refresh your knowledge or learn something new:

1 Ethical Hacker
2 Junior Cybersecurity Analyst
3 Endpoint Security
4 Cyber Threat Management
5 Introduction to Cybersecurity
6 Network Defense
7 Network Addressing and Basic Troubleshooting
8 Networking Essentials

Sys-Admin InfoSec

15 Nov 2024 13:03

Stealthy Attributes of APT Lazarus: Evading Detection with Extended Attributes

https://www.group-ib.com/blog/stealthy-attributes-of-apt-lazarus/

Sys-Admin InfoSec

13 Nov 2024 03:27

APT Actors Embed Malware within macOS Flutter Applications

https://www.jamf.com/blog/jamf-threat-labs-apt-actors-embed-malware-within-macos-flutter-applications/

Sys-Admin InfoSec

11 Nov 2024 17:42

Attackers Abuse DocuSign API to Send Authentic-Looking Invoices At Scale

https://lab.wallarm.com/attackers-abuse-docusign-api-to-send-authentic-looking-invoices-at-scale/

Sys-Admin InfoSec

11 Nov 2024 10:15

Linux Foundation курс/сертификацию есть возможность получить бесплатно (а ценники там норм), еще есть время до конца недели. На всякий случаю дублирую сюда.

/channel/sysadm_in_up/2272

Sys-Admin InfoSec

08 Nov 2024 12:11

Мистер Малой легенда хип-хопа, автор множества хитов, и мой знакомый. Известен топ-треком всех времен и народов Буду пАгибать мАлодым, создал новый топ-трек "Войти в АЙТИ", не могу пропустить это и с радостью и гордостью поздравляю и представляю трек всеобщему вниманию.

Как завести себе питона, и войти в АЙТИ можно узнать из официального трека представленного в канале Мистера Малого:

- https://vk.com/wall19030619_10826

Приятного всем! ✌️

P.S. Кто не знает. Все о Мистер Малом на оф. сайте mistermaloy.com

Sys-Admin InfoSec

06 Nov 2024 03:41

RISK:STATION, an unauthenticated zero-click vulnerability allowing attackers to obtain root-level code execution on the popular Synology DiskStation and BeeStation NAS devices, affecting millions of devices

https://www.midnightblue.nl/research/riskstation

Sys-Admin InfoSec

02 Nov 2024 20:07

Storm-0940 uses credentials from password spray attacks from a covert network

https://www.forbes.com/sites/zakdoffman/2024/10/30/warning-for-14-billion-microsoft-windows-10-windows-11-users-get-free-upgrade/

Sys-Admin InfoSec

24 Oct 2024 16:17

macOS NotLockBit | Evolving Ransomware Samples Suggest a Threat Actor Sharpening Its Tools

https://www.sentinelone.com/blog/macos-notlockbit-evolving-ransomware-samples-suggest-a-threat-actor-sharpening-its-tools/

Sys-Admin InfoSec

23 Oct 2024 19:51

Exposing the Danger Within: Hardcoded Cloud Credentials in Popular Mobile Apps

https://www.security.com/threat-intelligence/exposing-danger-within-hardcoded-cloud-credentials-popular-mobile-apps

Sys-Admin InfoSec

17 Oct 2024 20:03

HijackLoader evolution: abusing genuine signing certificates

https://harfanglab.io/insidethelab/hijackloader-abusing-genuine-certificates/

Sys-Admin InfoSec

16 Oct 2024 08:00

Silent Threat: Red Team Tool EDRSilencer Disrupting Endpoint Security Solutions

..red team tool that threat actors are attempting to abuse for its ability to block EDR traffic and conceal malicious activity:

https://www.trendmicro.com/en_us/research/24/j/edrsilencer-disrupting-endpoint-security-solutions.html

EDRSilencer:

https://github.com/netero1010/EDRSilencer

Sys-Admin InfoSec

22 Nov 2024 03:57

CWE Top 25 Most Dangerous Software Weaknesses from MITRE

https://cwe.mitre.org/top25/

list items:
- https://cwe.mitre.org/top25/archive/2024/2024_cwe_top25.html

Sys-Admin InfoSec

20 Nov 2024 13:09

ModeLeak: Privilege Escalation to LLM Model Exfiltration in Vertex AI

https://unit42.paloaltonetworks.com/privilege-escalation-llm-model-exfil-vertex-ai/

Sys-Admin InfoSec

18 Nov 2024 14:22

Prompt Injecting Your Way To Shell: OpenAI's Containerized ChatGPT Environment

https://0din.ai/blog/prompt-injecting-your-way-to-shell-openai-s-containerized-chatgpt-environment

Sys-Admin InfoSec

18 Nov 2024 08:51

BrazenBamboo Weaponizes FortiClient Vulnerability to Steal VPN Credentials via DEEPDATA

https://www.volexity.com/blog/2024/11/15/brazenbamboo-weaponizes-forticlient-vulnerability-to-steal-vpn-credentials-via-deepdata/

Sys-Admin InfoSec

14 Nov 2024 06:34

🏎 OpenBLD.net – Engine for a Faster Internet

Increased throughput with the newest Gears in the racing engine of OpenBLD.net. Some Gears have been rewritten or built from scratch:

• Synchronous processing of block lists
• Caching of blocking events
• Updated caching system — the log enricher now has its own cache
• Enhanced request processing system
• New health-checking system for upstream servers, with response time detection
• Improved load balancing, routing requests to servers with the lowest response time
• Optimized parallel DNS request handling, delivering the fastest response

I hope these features will help us save valuable time online while the OpenBLD.net system's gears run smoothly under the hood.

What's Gears?

Gears are the components of the OpenBLD.net system that help to customize online experiences.

If you notice any “engine misfires,” please let me know. I’m always open to constructive feedback.

Wishing everyone a safe journey across the internet! ✌️

Sys-Admin InfoSec

12 Nov 2024 10:05

Hacker Leaks Employee Data from Amazon, McDonald’s, HSBC, HP, and Potentially 1000+ Other Companies

https://www.infostealers.com/article/massive-moveit-vulnerability-breach-hacker-leaks-employee-data-from-amazon-mcdonalds-hsbc-hp-and-potentially-1000-other-companies/

Sys-Admin InfoSec

11 Nov 2024 14:59

SpyNote: Unmasking a Sophisticated Android Malware

This version of SpyNote is being distributed as a fake Avast antivirus (Avastavv.apk) for the Android platform on a phishing site..:

https://www.cyfirma.com/research/spynote-unmasking-a-sophisticated-android-malware/

Sys-Admin InfoSec

08 Nov 2024 13:35

Malicious Python Package Typosquats Popular 'fabric' SSH Library, Exfiltrates AWS Credentials

https://socket.dev/blog/malicious-python-package-typosquats-fabric-ssh-library

Sys-Admin InfoSec

07 Nov 2024 07:37

Threat Campaign Spreads Winos4.0 Through Game Application

https://www.fortinet.com/blog/threat-research/threat-campaign-spreads-winos4-through-game-application

Sys-Admin InfoSec

04 Nov 2024 04:09

qBittorrent fixes flaw exposing users to MitM attacks for 14 years

https://www.bleepingcomputer.com/news/security/qbittorrent-fixes-flaw-exposing-users-to-mitm-attacks-for-14-years/

Sys-Admin InfoSec

31 Oct 2024 08:50

Microsoft Update Warning—400 Million Windows PCs Now At Risk

https://www.forbes.com/sites/zakdoffman/2024/10/30/warning-for-14-billion-microsoft-windows-10-windows-11-users-get-free-upgrade/

Sys-Admin InfoSec

24 Oct 2024 10:48

📢 PROFIT Security Day - 1 Ноября

Программа на стадии формирования, но призы уже анонсированы :)

Конференция об информационной безопасности в Казахстане, 1 Ноября пройдет в Алматы

Главные темы: ИИ, Безопасность IoT, TI, Фрод и многое другое.

Конференция будет полезна любым гос. и коммерческим организациям, для которых важна информационная безопасность.

Нетворкинг обеспечен 🤝

Детали здесь - https://profitday.kz/security

Sys-Admin InfoSec

21 Oct 2024 21:54

New Bumblebee Loader Infection Chain Signals Possible Resurgence

https://www.netskope.com/blog/new-bumblebee-loader-infection-chain-signals-possible-resurgence

Sys-Admin InfoSec

16 Oct 2024 10:27

Expanding the Investigation: Deep Dive into Latest TrickMo Samples

...a new variant of the Banking Trojan called TrickMo.. features:

- OTP interception
- Screen recording
- Data exfiltration
- Remote control
- Automatic permission granting and auto-click on prompts
- Accessibility service abuse
- Overlay display and credential theft

Research:

https://www.zimperium.com/blog/expanding-the-investigation-deep-dive-into-latest-trickmo-samples/

Sys-Admin InfoSec

14 Oct 2024 20:21

CoreWarrior Spreader Malware Surge

This is a persistent trojan that attempts to spread rapidly by creating dozens of copies of itself and reaching out to multiple IP addresses, opening multiple sockets for backdoor access, and hooking Windows UI elements for monitoring:

https://blog.sonicwall.com/en-us/2024/10/corewarrior-spreader-malware-surge/