/ State-sponsored campaigns target global network infrastructure

..While infrastructure of all types has been observed under attack, attackers have been particularly successful in compromising infrastructure with out-of-date software..:

https://blog.talosintelligence.com/state-sponsored-campaigns-target-global-network-infrastructure/

/ Microsoft shifts to a new threat actor naming taxonomy

MS is excited to announce that we are shifting to a new threat actor naming taxonomy aligned to the theme of weather:

— https://www.microsoft.com/en-us/security/blog/2023/04/18/microsoft-shifts-to-a-new-threat-actor-naming-taxonomy/

AppSecFest - Уже в эту пятницу (21 апреля)
 
• Мобильное приложение как средство компрометации персональных данных или зачем нам Mobile Application Security?
• Концепции Incident Management в процессах DevSecOps
• Анализ кода фишингового ресурса
• Безопасность в Kubernetes: как устранить векторы атак на Kubernetes

Будут доклады про создание апсек-направления с нуля, пайплайн проверки, DAST, IAST и OAST...

Планируется онлайн трансляция, ссылка уже есть на сайте. Все детали здесь:
• appsecfest.kz
 

Get started using Attack simulation training

If your organization has Microsoft 365 E5 or Microsoft Defender for Office 365 Plan 2, which includes Threat Investigation and Response capabilities, you can use Attack simulation training in the Microsoft 365:

— More details…

/ Discarded, not destroyed: Old routers reveal corporate secrets

https://www.welivesecurity.com/2023/04/18/discarded-not-destroyed-old-routers-reveal-corporate-secrets/

/ ‘AuKill’ EDR killer malware abuses Process Explorer driver

Over the past several months, Sophos X-Ops has investigated multiple incidents where attackers attempted to disable EDR clients with a new defense evasion tool we’ve dubbed AuKill. The AuKill tool abuses an outdated version of the driver used by version 16.32 of the Microsoft utility, Process Explorer, to disable EDR processes before deploying either a backdoor or ransomware on the target system:

— https://news.sophos.com/en-us/2023/04/19/aukill-edr-killer-malware-abuses-process-explorer-driver/

Открытый практикум DevOps by Rebrain: Шифрование секретов в GitOps
 
• 25 Апреля (Вторник), 19:00 по МСК. Детали

Программа:
• Где хранить секреты - git, vault или облачный сервис?
• Разбираемся с dek, kek и kms
• Изучаем схему работы sops, sealed secrets
• Если успеем, то затронем варианты реализации kubernetes authentication в vault и external secrets

Ведет:
• Василий Озеров - Руководит международной командой в рамках своего агентства Fevlake. Co-Founder REBRAIN. Более 8 лет Devops практик.

/ Stop using Telnet to test ports

Make life simpler by automating network checks with tools like Expect, Bash, Netcat, and Nmap instead:

https://www.redhat.com/sysadmin/stop-using-telnet-test-port

/ Test TCP ports with Python and Scapy

https://www.redhat.com/sysadmin/test-tcp-python-scapy

/ 3CX Software Supply Chain Compromise Initiated by a Prior Software Supply Chain Compromise

https://www.mandiant.com/resources/blog/3cx-software-supply-chain-compromise

/ Medusa ransomware crew brags about spreading Bing, Cortana source code

https://www.theregister.com/2023/04/19/medusa_microsoft_data_dump/

/ Multiple vulnerabilities in VMware Aria Operations

Critical. An unauthenticated, malicious actor with network access to VMware Aria Operations for Logs may be able to execute arbitrary code as root. Advisory:

— https://www.vmware.com/security/advisories/VMSA-2023-0007.html

/ Debugging D-Link: Emulating firmware and hacking hardware

— https://www.greynoise.io/blog/debugging-d-link-emulating-firmware-and-hacking-hardware

/ Private vulnerability reporting now generally availablein GitHub

private vulnerability reporting, a private collaboration channel that makes it easier for researchers and maintainers to report and fix vulnerabilities on public repositories:

https://github.blog/2023-04-19-private-vulnerability-reporting-now-generally-available/

/ GhostToken – Exploiting GCP application infrastructure to create invisible, unremovable trojan app on Google accounts

https://astrix.security/ghosttoken-exploiting-gcp-application-infrastructure-to-create-invisible-unremovable-trojan-app-on-google-accounts/

/ RBAC Buster - First-Ever Attack Leveraging Kubernetes RBAC to Backdoor Clusters

This blog post is a part of a comprehensive study we conducted on misconfigured K8s clusters in the wild. Research findings are significant as they shed light on the risks of misconfigurations and how even large organizations can overlook the importance of securing their clusters, leaving them vulnerable to potential disasters with just one mistake:

— https://blog.aquasec.com/leveraging-kubernetes-rbac-to-backdoor-clusters

/ EvilExtractor – All-in-One Stealer

EvilExtractor (sometimes spelled Evil Extractor) is an attack tool designed to target Windows operating systems and extract data and files from endpoint devices. It includes several modules that all work via an FTP service. It was developed by a company named Kodex, which claims it is an educational tool. However, research conducted by FortiGuard Labs shows cybercriminals are actively using it as an info stealer:

— https://www.fortinet.com/blog/threat-research/evil-extractor-all-in-one-stealer

/ BlueNoroff APT group targets macOS with ‘RustBucket’ Malware

https://www.jamf.com/blog/bluenoroff-apt-targets-macos-rustbucket-malware/

/ Cisco patches high and critical flaws across several products

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ind-CAeLFk6V

/ Free Copilot analog from Amazon

https://aws.amazon.com/codewhisperer/

New side attack to Intel CPU report

Abstract—The transient execution attack is a type of attack
leveraging the vulnerability of modern CPU optimization tech-
nologies. New attacks surface rapidly. The side-channel is a key
part of transient execution attacks to leak data