FIN12: The Prolific Ransomware Intrusion Threat Actor That Has Aggressively Pursued Healthcare Targets | Mandiant
https://www.mandiant.com/resources/fin12-ransomware-intrusion-actor-pursuing-healthcare-targets
https://www.mandiant.com/resources/fin12-ransomware-intrusion-actor-pursuing-healthcare-targets
Google Cloud Blog
FIN12: The Prolific Ransomware Intrusion Threat Actor That Has Aggressively Pursued Healthcare Targets | Mandiant | Google Cloud…
From match fixing to data exfiltration – a story of Messaging as a Service (MaaS) – VB2021 localhost
https://vblocalhost.com/presentations/from-match-fixing-to-data-exfiltration-a-story-of-messaging-as-a-service-maas/
https://vblocalhost.com/presentations/from-match-fixing-to-data-exfiltration-a-story-of-messaging-as-a-service-maas/
eset_fontonlake.pdf
652.5 KB
FontOnLake is a malware family utilizing well-designed custom modules that are constantly under
development. It targets systems running Linux and provides remote access to those systems for its
operators, collects credentials, and serves as a proxy server. Its presence is always accompanied by a
rootkit, which conceals its existence.
development. It targets systems running Linux and provides remote access to those systems for its
operators, collects credentials, and serves as a proxy server. Its presence is always accompanied by a
rootkit, which conceals its existence.
Bindiff and POC for the IOMFB vulnerability, iOS 15.0.2
https://saaramar.github.io/IOMFB_integer_overflow_poc/
https://saaramar.github.io/IOMFB_integer_overflow_poc/
Business as usual for Azure customers despite 2.4 Tbps DDoS attack
Атакующий трафик поступал примерно из 70 000 источников, из нескольких стран Азиатско-Тихоокеанского региона, таких как Малайзия, Вьетнам, Тайвань, Япония и Китай, а также из Соединенных Штатов
Конечно же исходя из статьи атака была отражена, успешно и MS рекомендует всеи испробовать их инструменты… Но суть не в этом, в данном случае акцент хотелось бы сделать на том, какого масштаба была атака и на сколько эта атака превышает атаки предыдущих лет (со слов авторов превышает на 140%)
https://azure.microsoft.com/en-us/blog/business-as-usual-for-azure-customers-despite-24-tbps-ddos-attack/
P.S. Thanks for link @Thatskriptkid
Атакующий трафик поступал примерно из 70 000 источников, из нескольких стран Азиатско-Тихоокеанского региона, таких как Малайзия, Вьетнам, Тайвань, Япония и Китай, а также из Соединенных Штатов
Конечно же исходя из статьи атака была отражена, успешно и MS рекомендует всеи испробовать их инструменты… Но суть не в этом, в данном случае акцент хотелось бы сделать на том, какого масштаба была атака и на сколько эта атака превышает атаки предыдущих лет (со слов авторов превышает на 140%)
https://azure.microsoft.com/en-us/blog/business-as-usual-for-azure-customers-despite-24-tbps-ddos-attack/
P.S. Thanks for link @Thatskriptkid
Microsoft Azure Blog
Business as usual for Azure customers despite 2.4 Tbps DDoS attack | Microsoft Azure Blog
The pace of digital transformation has accelerated significantly during COVID-19 pandemic, alongside the adoption of cloud services. Bad actors, now more than ever, continuously look for ways to take applications offline. Azure DDoS Protection Standard provides…
Инструментарий: Bash скрипт для управления пользователями Linux
Понадобилось написать небольшой менеджер пользователей для используемых мною Linux дистров.
Скрипт проверен и работает в CentOS / Ubuntu, основные возможности:
• Создание пользователей
• Просмотр списка существующих пользователей
• Сброс пароля для существующих пользователей
• Блокировка / Разблокировка пользовтеля
• Просмотр всех заблокированных пользователей
• Создание резервной копии домашнего каталога пользователя
• Генерирование SSH ключей для пользователя
• Повышение пользователя до админа и обратно
• Удаление пользователя
• Базовое логирование действий по работе скрипта
Далее кратко, со кринами рассказанно о том, как скрипт работает, ссылка на репу приведена там же:
https://sys-adm.in/systadm/968-prostoj-bash-skript-dlya-upravleniya-polzovatelyami-linux.html
GitHub security update: revoking weakly-generated SSH keys
https://github.blog/2021-10-11-github-security-update-revoking-weakly-generated-ssh-keys/
https://github.blog/2021-10-11-github-security-update-revoking-weakly-generated-ssh-keys/
The GitHub Blog
GitHub security update: revoking weakly-generated SSH keys
On September 28, 2021, we received notice from Axosoft regarding a vulnerability in a dependency of their popular git GUI client GitKraken.
Iran-linked DEV-0343 targeting defense, GIS, and maritime sectors
https://www.microsoft.com/security/blog/2021/10/11/iran-linked-dev-0343-targeting-defense-gis-and-maritime-sectors/
https://www.microsoft.com/security/blog/2021/10/11/iran-linked-dev-0343-targeting-defense-gis-and-maritime-sectors/
Microsoft News
Iran-linked DEV-0343 targeting defense, GIS, and maritime sectors
MSTIC has observed DEV-0343 conducting extensive password spraying against more than 250 Office 365 tenants, with a focus on United States and Israeli defense technology companies, Persian Gulf ports of entry, or global maritime transportation companies with…
Working around expired Root Certificates
https://scotthelme.co.uk/should-clients-care-about-the-expiration-of-a-root-certificate/
https://scotthelme.co.uk/should-clients-care-about-the-expiration-of-a-root-certificate/
Scott Helme
Working around expired Root Certificates
Should clients care about when a Root Certificate expires? That's a bit of an
odd question, and the first time I asked myself this question, the answer was a
resounding 'yes, of course'! On further inspection though, it seems like there
could be a case to…
odd question, and the first time I asked myself this question, the answer was a
resounding 'yes, of course'! On further inspection though, it seems like there
could be a case to…
Ads are now able to bypass Google Play to install apps WITHOUT user consent. Digital Turbine DSP seems to be the one enabling it.
https://www.reddit.com/r/androiddev/comments/q4nltn/ads_are_now_able_to_bypass_google_play_to_install/
https://www.reddit.com/r/androiddev/comments/q4nltn/ads_are_now_able_to_bypass_google_play_to_install/
Reddit
From the androiddev community on Reddit: Ads are now able to bypass Google Play to install apps WITHOUT user consent. Digital Turbine…
Explore this post and more from the androiddev community
Интересно, кто и как поддерживает security patching продуктов Adobe в компаниях? Бюллетени, да еще критикал, для продукции Adobe (в данном случае Reader) выходят на столько часто, что трудно представить как это дело поддерживается в компаниях, где более 10+ машин)
Идеи и предложения можно писать в комментах (я же это дело в Windows средах поддерживал через Wsus), а Вы?)
https://helpx.adobe.com/security.html/security/security-bulletin.ug.html
Идеи и предложения можно писать в комментах (я же это дело в Windows средах поддерживал через Wsus), а Вы?)
https://helpx.adobe.com/security.html/security/security-bulletin.ug.html
Win32k Elevation of Privilege Vulnerability
CVE-2021-40449
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40449
up
https://securelist.com/mysterysnail-attacks-with-windows-zero-day/104509/
https://bazaar.abuse.ch/browse/tag/CVE-2021-40449/
CVE-2021-40449
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40449
up
https://securelist.com/mysterysnail-attacks-with-windows-zero-day/104509/
https://bazaar.abuse.ch/browse/tag/CVE-2021-40449/
Securelist
MysterySnail attacks with Windows zero-day
We detected attacks with the use of an elevation of privilege exploit on multiple Microsoft Windows servers. Variants of the malware payload used along with the zero-day exploit were detected in widespread espionage campaigns. We are calling this cluster…
Android_privacy_report.pdf
814.9 KB
Android Mobile OS Snooping By Samsung,
Xiaomi, Huawei and Realme Handsets
Report about of how mobile device vendors spying to us*
P S. Some "spying" traffic from Android (like as Xiaomi, Facebook (if possible), built-in Android tracking) preventing by free Sys-Admin BLD service (lab.sys-adm.in)
Xiaomi, Huawei and Realme Handsets
Report about of how mobile device vendors spying to us*
P S. Some "spying" traffic from Android (like as Xiaomi, Facebook (if possible), built-in Android tracking) preventing by free Sys-Admin BLD service (lab.sys-adm.in)
vt-ransomware-report-2021.pdf
1.2 MB
Report from Virus Total about pf ransomware activity
Automating the deployment of Sysmon for Linux 🐧 and Azure Sentinel in a lab environment 🧪 - Microsoft Tech Community
https://techcommunity.microsoft.com/t5/azure-sentinel/automating-the-deployment-of-sysmon-for-linux-and-azure-sentinel/ba-p/2847054
In a bunch:
SysinternalsEBPF
https://github.com/Sysinternals/SysinternalsEBPF
Sysmon for Linux on GitHub:
https://github.com/Sysinternals/SysmonForLinux
https://techcommunity.microsoft.com/t5/azure-sentinel/automating-the-deployment-of-sysmon-for-linux-and-azure-sentinel/ba-p/2847054
In a bunch:
SysinternalsEBPF
https://github.com/Sysinternals/SysinternalsEBPF
Sysmon for Linux on GitHub:
https://github.com/Sysinternals/SysmonForLinux
TECHCOMMUNITY.MICROSOFT.COM
Automating the deployment of Sysmon for Linux 🐧 and Azure Sentinel in a lab environment 🧪 | Microsoft Community Hub
Today, we celebrate 25 years of Sysinternals, a set of utilities to analyze, troubleshoot and optimize Windows systems and...
The ad blocker that injects ads
Browser add-on's can be dangerous:
https://www.imperva.com/blog/the-ad-blocker-that-injects-ads/
Browser add-on's can be dangerous:
https://www.imperva.com/blog/the-ad-blocker-that-injects-ads/
Blog
The ad blocker that injects ads | Imperva
Deceptive ad injection is a growing concern on the internet today, affecting many people browsing the web. And while the concept isn’t new (Google stated it was the most common complaint amongst Chrome users back in 2015), just like with other online threats…
Ключи от Королевства или The keys to the kingdom - securing your devices and accounts
Когда то были рекоммендации создавать сложные пароли и пассфразы:
https://support.microsoft.com/en-us/office/the-keys-to-the-kingdom-securing-your-devices-and-accounts-a925f8ad-af7e-40d8-9ce4-60ea1cac2ba4
Рекоммендации по паролям:
https://docs.microsoft.com/en-us/microsoft-365/admin/misc/password-policy-recommendations?view=o365-worldwide
Теперь же прогнозируется беспарольное будущее:
https://www.microsoft.com/security/blog/2021/09/15/the-passwordless-future-is-here-for-your-microsoft-account/
Как бы там ни было - Берегите ключи от своего Королевства, будучи внимательным и предупрежденным 🙂
Когда то были рекоммендации создавать сложные пароли и пассфразы:
https://support.microsoft.com/en-us/office/the-keys-to-the-kingdom-securing-your-devices-and-accounts-a925f8ad-af7e-40d8-9ce4-60ea1cac2ba4
Рекоммендации по паролям:
https://docs.microsoft.com/en-us/microsoft-365/admin/misc/password-policy-recommendations?view=o365-worldwide
Теперь же прогнозируется беспарольное будущее:
https://www.microsoft.com/security/blog/2021/09/15/the-passwordless-future-is-here-for-your-microsoft-account/
Как бы там ни было - Берегите ключи от своего Королевства, будучи внимательным и предупрежденным 🙂
Microsoft
The keys to the kingdom - securing your devices and accounts - Microsoft Support
Wondering how you can select better passwords, or use two-step verification to make your accounts more secure? Maybe you're curious about better ways to secure your device? We've got your answers!