Forwarded from Sys-Admin Up (Yevgeniy Goncharov)
AiTM/ MFA phishing attacks in combination with “new” Microsoft protections (2023 edition)
MFA is not the end all solution to identity security challenges. With only MFA there is still a risk for more modern attacks (MFA fatique, AiTM, PRT, OAuth Attacks and more). Adversary-in-the-middle phishing attacks are still more common in use. Since the removal of basic authentication from Exchange Online more and more attackers are using more modern attacks like adversary-in-the-middle phishing, cookie theft, and other used attacks. What is AiTM, automatic attack disruption and etc:
— https://jeffreyappel.nl/aitm-mfa-phishing-attacks-in-combination-with-new-microsoft-protections-2023-edt/
MFA is not the end all solution to identity security challenges. With only MFA there is still a risk for more modern attacks (MFA fatique, AiTM, PRT, OAuth Attacks and more). Adversary-in-the-middle phishing attacks are still more common in use. Since the removal of basic authentication from Exchange Online more and more attackers are using more modern attacks like adversary-in-the-middle phishing, cookie theft, and other used attacks. What is AiTM, automatic attack disruption and etc:
— https://jeffreyappel.nl/aitm-mfa-phishing-attacks-in-combination-with-new-microsoft-protections-2023-edt/
Jeffrey Appel - Microsoft Security blog
AiTM/ MFA phishing attacks in combination with "new" Microsoft protections (2025 edition)
Adversary-in-the-middle phishing attacks are still more common in use, in the last year and the start of 2025 there is still a more visible increase in AiTM/ MFA phishing. Since the removal of basic authentication from Exchange Online more and...
/ Spear Phishing: How it works and why you should care
— https://www.huntandhackett.com/blog/spear-phishing-how-and-why
— https://www.huntandhackett.com/blog/spear-phishing-how-and-why
Huntandhackett
Spear Phishing: How it works and why you should care
Everything you need to know about phishing! Learn who is behind phishing attacks, how you can spot an email, and what you should do about it.
/ The DPRK strikes using a new variant of RUSTBUCKET
https://www.elastic.co/security-labs/DPRK-strikes-using-a-new-variant-of-rustbucket
https://www.elastic.co/security-labs/DPRK-strikes-using-a-new-variant-of-rustbucket
www.elastic.co
The DPRK strikes using a new variant of RUSTBUCKET — Elastic Security Labs
Watch out! We’ve recently discovered a variant of RUSTBUCKET. Read this article to understand the new capabilities we’ve observed, as well as how to identify it in your own network.
/ Ghostnoscript bug could allow rogue documents to run system commands
Unfortunately, until the latest release of Ghostnoscript, now at version 10.01.2, the product had a bug, dubbed CVE-2023-36664, that could allow rogue documents not only to create pages of text and graphics, but also to send system commands into the Ghostnoscript rendering engine and trick the software into running them:
— https://nakedsecurity.sophos.com/2023/07/04/ghostnoscript-bug-could-allow-rogue-documents-to-run-system-commands/
Unfortunately, until the latest release of Ghostnoscript, now at version 10.01.2, the product had a bug, dubbed CVE-2023-36664, that could allow rogue documents not only to create pages of text and graphics, but also to send system commands into the Ghostnoscript rendering engine and trick the software into running them:
— https://nakedsecurity.sophos.com/2023/07/04/ghostnoscript-bug-could-allow-rogue-documents-to-run-system-commands/
Sophos News
Naked Security – Sophos News
Forwarded from Sys-Admin Up (Yevgeniy Goncharov)
TeamsPhisher
is a Python3 program that facilitates the delivery of phishing messages and attachments to Microsoft Teams users whose organizations allow external communications:
— https://github.com/Octoberfest7/TeamsPhisher
is a Python3 program that facilitates the delivery of phishing messages and attachments to Microsoft Teams users whose organizations allow external communications:
— https://github.com/Octoberfest7/TeamsPhisher
GitHub
GitHub - Octoberfest7/TeamsPhisher: Send phishing messages and attachments to Microsoft Teams users
Send phishing messages and attachments to Microsoft Teams users - Octoberfest7/TeamsPhisher
/ Hunting for Nginx Alias Traversals in the wild
— https://labs.hakaioffsec.com/nginx-alias-traversal/
— https://labs.hakaioffsec.com/nginx-alias-traversal/
Hakai
Vulnerability Research
Открытый практикум Networks by Rebrain: Погружение в VoIP: протокол sip, основы работы с Asterisk
• 13 Июля (Четверг), 19:00 по МСК. Детали
Программа:
• SIP протокол: как устанавливается вызов
• Установка Asterisk
• Рассмотрение диагностические команды
• Настройка учетных записей (транки, пиры)
• Настройка dialplan
Ведет:
• Роман Сыртланов – VoIP инженер. Опыт работы с VoIP 7 лет. Работает с Asterisk/FreeSWITCH/Kamailio
• 13 Июля (Четверг), 19:00 по МСК. Детали
Программа:
• SIP протокол: как устанавливается вызов
• Установка Asterisk
• Рассмотрение диагностические команды
• Настройка учетных записей (транки, пиры)
• Настройка dialplan
Ведет:
• Роман Сыртланов – VoIP инженер. Опыт работы с VoIP 7 лет. Работает с Asterisk/FreeSWITCH/Kamailio
/ Cisco ACI Multi-Site CloudSec Encryption Information Disclosure Vulnerability
!High: Cisco Nexus 9000 Series Fabric Switches in ACI mode could allow an unauthenticated, remote attacker to read or modify intersite encrypted traffic:
— https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-aci-cloudsec-enc-Vs5Wn2sX
!High: Cisco Nexus 9000 Series Fabric Switches in ACI mode could allow an unauthenticated, remote attacker to read or modify intersite encrypted traffic:
— https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-aci-cloudsec-enc-Vs5Wn2sX
Cisco
Cisco Security Advisory: Cisco ACI Multi-Site CloudSec Encryption Information Disclosure Vulnerability
A vulnerability in the Cisco ACI Multi-Site CloudSec encryption feature of Cisco Nexus 9000 Series Fabric Switches in ACI mode could allow an unauthenticated, remote attacker to read or modify intersite encrypted traffic.
This vulnerability is due to an…
This vulnerability is due to an…
/ EoP fix Android July update
High: fix elevation of privilege in Android:
https://source.android.com/docs/security/bulletin/aaos/2023-07-01
High: fix elevation of privilege in Android:
https://source.android.com/docs/security/bulletin/aaos/2023-07-01
Forwarded from Sys-Admin Up (Yevgeniy Goncharov)
Increased Truebot Activity Infects U.S. and Canada Based Networks
Deploy from phishing and exloitation some CVE..
IOC domains sended to OpenBLD.net DNS:
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-187a
Deploy from phishing and exloitation some CVE..
IOC domains sended to OpenBLD.net DNS:
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-187a
Forwarded from Sys-Admin Up (Yevgeniy Goncharov)
Today info about of OpenBLD.net DNS added to AdGuard Wiki KnowledgeBaseDNS repo 🎉
Tailing Big Head Ransomware’s Variants, Tactics, and Impact
https://www.trendmicro.com/en_us/research/23/g/tailing-big-head-ransomware-variants-tactics-and-impact.html
https://www.trendmicro.com/en_us/research/23/g/tailing-big-head-ransomware-variants-tactics-and-impact.html
Trend Micro
Tailing Big Head Ransomware’s Variants, Tactics, and Impact
Сентябрьский дайджест ИТ конференций в Алматы
Сентябрь насыщен ИТ-встречами, много друзей, много встреч, дети начинают учиться, а мы общаться:
• 8 Сентября. DevOps и все что рядом - DevOpsDays.kz
• 13-15 Сентября. Масштабная CyberSec конфа - KazHackStan.com
• 16 Сентября. Открытая IT/Cybersec/Ops Knowledge Sharing конфа Open SysConf.io
13 по 16 дни ИТ концентрата, живущим здесь энергетиков больше, едущим в Алматы на KHS - бери билеты на 4 дня 😉
Мира всем. Peace ✌️
Сентябрь насыщен ИТ-встречами, много друзей, много встреч, дети начинают учиться, а мы общаться:
• 8 Сентября. DevOps и все что рядом - DevOpsDays.kz
• 13-15 Сентября. Масштабная CyberSec конфа - KazHackStan.com
• 16 Сентября. Открытая IT/Cybersec/Ops Knowledge Sharing конфа Open SysConf.io
13 по 16 дни ИТ концентрата, живущим здесь энергетиков больше, едущим в Алматы на KHS - бери билеты на 4 дня 😉
Мира всем. Peace ✌️
/ FortiOS - Allow a remote attacker to execute arbitrary code or command
A stack-based overflow vulnerability [CWE-124] in FortiOS & FortiProxy may allow a remote attacker to execute arbitrary code or command via crafted packets reaching proxy policies or firewall policies with proxy mode alongside SSL deep packet inspection.
Denoscription and workaround:
— https://www.fortiguard.com/psirt/FG-IR-23-183
A stack-based overflow vulnerability [CWE-124] in FortiOS & FortiProxy may allow a remote attacker to execute arbitrary code or command via crafted packets reaching proxy policies or firewall policies with proxy mode alongside SSL deep packet inspection.
Denoscription and workaround:
— https://www.fortiguard.com/psirt/FG-IR-23-183
FortiGuard Labs
PSIRT | FortiGuard Labs
None
/ Storm-0978 attacks reveal financial and espionage motive
New phishing campaign:
https://www.microsoft.com/en-us/security/blog/2023/07/11/storm-0978-attacks-reveal-financial-and-espionage-motives/
And Office and Windows HTML Remote Code Execution Vulnerability:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36884
New phishing campaign:
https://www.microsoft.com/en-us/security/blog/2023/07/11/storm-0978-attacks-reveal-financial-and-espionage-motives/
And Office and Windows HTML Remote Code Execution Vulnerability:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36884
Microsoft News
Storm-0978 attacks reveal financial and espionage motives
A Storm-0978 phishing campaign targeting defense and government entities in Europe and North America involves the abuse of CVE-2023-36884.
/ Azure AD is Becoming Microsoft Entra ID
https://techcommunity.microsoft.com/t5/microsoft-entra-azure-ad-blog/azure-ad-is-becoming-microsoft-entra-id/ba-p/2520436
https://techcommunity.microsoft.com/t5/microsoft-entra-azure-ad-blog/azure-ad-is-becoming-microsoft-entra-id/ba-p/2520436
TECHCOMMUNITY.MICROSOFT.COM
Azure AD is Becoming Microsoft Entra ID | Microsoft Community Hub
Same capabilities, same licensing, new name for Azure Active Directory. Learn more!
/ Urgent Security Notice: SonicWall GMS/Analytics Impacted by suite of vulnerabilities
https://www.sonicwall.com/support/knowledge-base/urgent-security-notice-sonicwall-gms-analytics-impacted-by-suite-of-vulnerabilities/230710150218060/
https://www.sonicwall.com/support/knowledge-base/urgent-security-notice-sonicwall-gms-analytics-impacted-by-suite-of-vulnerabilities/230710150218060/
/ MIcrosoft confirms Chinese APT successful exploited Microsoft cloud email systems
Mitigation for China-Based Threat Actor Activity from MS:
https://blogs.microsoft.com/on-the-issues/2023/07/11/mitigation-china-based-threat-actor/
Mitigation for China-Based Threat Actor Activity from MS:
https://blogs.microsoft.com/on-the-issues/2023/07/11/mitigation-china-based-threat-actor/
Microsoft On the Issues
Mitigation for China-based threat actor activity
Microsoft and others in the industry have called for transparency when it comes to cyber incidents so that we can learn and get better. As we’ve stated previously, we cannot ignore the exponential rise and frequency of sophisticated attacks. The growing challenges…
Открытый практикум Golang by Rebrain: Реализация kubernetes оператора
• 18 Июля (Вторник) 19:00 по МСК. Детали
Программа:
• Рассмотрим паттерн оператор, концепцию ресурсов и k8s REST API
• Рассмотрим реализацию кеша в библиотеки client-go для работы с API k8s
• Поработаем с Operator Framework
• Рассмотрим некоторые практики, используемые при написании операторов
Ведет:
• Дмитрий Гордеев – Руководитель практикума Golang by REBRAIN. Занимается разработкой нового Claud'а в x5 Tech. Опыт разработки – 5 лет
• 18 Июля (Вторник) 19:00 по МСК. Детали
Программа:
• Рассмотрим паттерн оператор, концепцию ресурсов и k8s REST API
• Рассмотрим реализацию кеша в библиотеки client-go для работы с API k8s
• Поработаем с Operator Framework
• Рассмотрим некоторые практики, используемые при написании операторов
Ведет:
• Дмитрий Гордеев – Руководитель практикума Golang by REBRAIN. Занимается разработкой нового Claud'а в x5 Tech. Опыт разработки – 5 лет