Sys-Admin InfoSec pinned «Йоу 🤘. Open SysConf'23 16 Сентября точно быть! В этом году Open SysConf.io поддержала локацией и всем сопутствующим команда из Kolesa Group В итоге у нас есть: — Комфортное пространство на ~100 человек — Онлайн трансляция и хороший интернет — Возможность…»
/ APT Bahamut Targets Individuals with Android Malware Using Spear Messaging
In this specific attack, the threat actor conducted targeted spear messaging attacks on WhatsApp Messenger..:
https://www.cyfirma.com/outofband/apt-bahamut-targets-individuals-with-android-malware-using-spear-messaging/
In this specific attack, the threat actor conducted targeted spear messaging attacks on WhatsApp Messenger..:
https://www.cyfirma.com/outofband/apt-bahamut-targets-individuals-with-android-malware-using-spear-messaging/
CYFIRMA
APT Bahamut Targets Individuals with Android Malware Using Spear Messaging - CYFIRMA
EXECUTIVE SUMMARY The team at CYFIRMA recently obtained advanced Android malware targeting individuals in the South Asia region. The suspicious...
Forwarded from Sys-Admin Up (Yevgeniy Goncharov)
Top 10 Active Directory Attack Methods
https://www.lepide.com/blog/top-10-active-directory-attack-methods/
https://www.lepide.com/blog/top-10-active-directory-attack-methods/
Lepide Blog: A Guide to IT Security, Compliance and IT Operations
Top 10 Active Directory Attack Methods
It is imperative that organizations are aware of the most common ways that attackers can compromise Active Directory, which are explained here.
/ Canon Printers Disclosure Wi-Fi Sensitive information
Sensitive information on the Wi-Fi connection settings stored in the memories of inkjet printers (home and office/large format) may not be deleted by the usual initialization process.
CP2023-003 Vulnerability Mitigation/Remediation for Inkjet Printers:
— https://psirt.canon/advisory-information/cp2023-003/
Sensitive information on the Wi-Fi connection settings stored in the memories of inkjet printers (home and office/large format) may not be deleted by the usual initialization process.
CP2023-003 Vulnerability Mitigation/Remediation for Inkjet Printers:
— https://psirt.canon/advisory-information/cp2023-003/
Canon PSIRT
CP2023-003 Vulnerability Mitigation/Remediation for Inkjet Printers (Home and Office/Large Format)
Sensitive information on the Wi-Fi connection settings stored in the memories of inkjet printers
/ Google AMP – The Newest of Evasive Phishing Tactic
https://cofense.com/blog/google-amp-the-newest-of-evasive-phishing-tactic/
https://cofense.com/blog/google-amp-the-newest-of-evasive-phishing-tactic/
Cofense
Google AMP – The Newest of Evasive Phishing Tactic
Learn about a new phishing tactic utilizing Google Accelerated Mobile Pages (AMP) that is proving to be very successful at reaching intended targets.
/ The Massive macOS Threats Trending in the Dark Web
Insights into the macOS HVNC Tool:
— https://guardz.com/blog/the-massive-macos-threats-trending-in-the-dark-web/
Insights into the macOS HVNC Tool:
— https://guardz.com/blog/the-massive-macos-threats-trending-in-the-dark-web/
Guardz.com
The Massive macOS Threats Trending in the Dark Web. | Guardz.com
The recent reveal of ShadowVault malware in our blog post decidedly piqued the interest of the cybersecurity news community. Keeping up-to-date with the
/ Threat social engineering over Microsoft Teams
Microsoft Threat Intelligence has identified highly targeted social engineering attacks using credential theft phishing lures sent as Microsoft Teams chats by the threat actor that Microsoft tracks as Midnight Blizzard (previously tracked as NOBELIUM).. Read more on MS site.
Microsoft Threat Intelligence has identified highly targeted social engineering attacks using credential theft phishing lures sent as Microsoft Teams chats by the threat actor that Microsoft tracks as Midnight Blizzard (previously tracked as NOBELIUM).. Read more on MS site.
Microsoft News
Midnight Blizzard conducts targeted social engineering over Microsoft Teams
Microsoft has identified targeted social engineering attacks by Midnight Blizzard using credential theft phishing lures sent as Teams chats.
Открытый практикум Linux by Rebrain: Память в Linux
Программа:
• Эволюция адресации памяти
• Виртуальная память
• /proc/meminfo
• 9 Августа (Среда), 20:00 МСК. Детали
Ведет:
• Андрей Буранов – Специалист по UNIX-системам в компании VK. Опыт работы с ОС Linux более 7 лет.
Программа:
• Эволюция адресации памяти
• Виртуальная память
• /proc/meminfo
• 9 Августа (Среда), 20:00 МСК. Детали
Ведет:
• Андрей Буранов – Специалист по UNIX-системам в компании VK. Опыт работы с ОС Linux более 7 лет.
/ “PhishForce” — Vulnerability Uncovered in Salesforce’s Email Services Exploited for Phishing Facebook Accounts In-The-Wild
Guardio
Malicious Emails Sent by Trusted Email Gateways and more..:
— https://labs.guard.io/phishforce-vulnerability-uncovered-in-salesforces-email-services-exploited-for-phishing-32024ad4b5fa
Guardio
Malicious Emails Sent by Trusted Email Gateways and more..:
— https://labs.guard.io/phishforce-vulnerability-uncovered-in-salesforces-email-services-exploited-for-phishing-32024ad4b5fa
/ Unauthorized Access to Cross-Tenant Applications in Microsoft Power Platform
https://www.tenable.com/security/research/tra-2023-25
https://www.tenable.com/security/research/tra-2023-25
Tenable®
Unauthorized Access to Cross-Tenant Applications in Microsoft Power Platform
A researcher at Tenable has discovered an issue that enables limited, unauthorized access to cross-tenant applications and sensitive data (including but not limited to authentication secrets). Background The issue occurred as a result of insufficient access…
🚀 Open SysConf'23 Открыта регистрация на 16 Сентября
Помимо регистрации, предварительно обозначены keywords/тематики конференции:
— eBPF "сниффинг"
— "Старт" в Kubernetes
— RHCSA "путь сертификации"
— "кто есть" Software Analyst
— Тестинг "нагрузочный"
— Как построить AppSec и ничего не сломать
— Применение профессионального опыта в разработке и автоматизации анализа рынка недвижимости
— Как сделать открытый сервис, который поддержали world level компании и проекты на примере OpenBLD.net DNS
Напоминаю: в этом году Open SysConf.io поддержала локацией и всем сопутствующим команда из Kolesa Group где собственно вчера в видео-приглашении и засветили локацию 👀.
Количество мест строго ограничено. Успевайте зарегистрироваться — Стать участником
Помимо регистрации, предварительно обозначены keywords/тематики конференции:
— eBPF "сниффинг"
— "Старт" в Kubernetes
— RHCSA "путь сертификации"
— "кто есть" Software Analyst
— Тестинг "нагрузочный"
— Как построить AppSec и ничего не сломать
— Применение профессионального опыта в разработке и автоматизации анализа рынка недвижимости
— Как сделать открытый сервис, который поддержали world level компании и проекты на примере OpenBLD.net DNS
Напоминаю: в этом году Open SysConf.io поддержала локацией и всем сопутствующим команда из Kolesa Group где собственно вчера в видео-приглашении и засветили локацию 👀.
Количество мест строго ограничено. Успевайте зарегистрироваться — Стать участником
Sys-Admin InfoSec pinned «🚀 Open SysConf'23 Открыта регистрация на 16 Сентября Помимо регистрации, предварительно обозначены keywords/тематики конференции: — eBPF "сниффинг" — "Старт" в Kubernetes — RHCSA "путь сертификации" — "кто есть" Software Analyst — Тестинг "нагрузочный"…»
/ Visualizing Qakbot Infrastructure Part II: Uncharted Territory
https://www.team-cymru.com/post/visualizing-qakbot-infrastructure-part-ii-uncharted-territory
https://www.team-cymru.com/post/visualizing-qakbot-infrastructure-part-ii-uncharted-territory
Team-Cymru
Visualizing Qakbot Infrastructure: Network Telemetry | Team Cymru
Explore Qakbot’s evolving C2 infrastructure through NetFlow analysis, revealing new servers, port trends, and insights into upstream communication layers.
/ Downfall attacks targets a critical weakness found in billions of modern processors used in personal and cloud computers
https://downfall.page/
https://downfall.page/
Downfall Attacks
Downfall attacks targets a critical weakness found in billions of modern processors used in personal and cloud computers.
/ VS Code’s Token Security: Keeping Your Secrets… Not So Secretly
https://cycode.com/blog/exposing-vscode-secrets/
https://cycode.com/blog/exposing-vscode-secrets/
Cycode
VS Code's Token Security: Keeping Your Secrets... Not So Secretly - Cycode
Discover how a vulnerability in VS Code’s secure token storage enables high-risk ‘Token Stealing’ attacks, exposing third-party application tokens and organizational security.
/ Inception: how a simple XOR can cause a Microarchitectural Stack Overflow
..unprivileged attacker to leak arbitrary information on all modern AMD CPUs:
https://comsec.ethz.ch/research/microarch/inception/
..unprivileged attacker to leak arbitrary information on all modern AMD CPUs:
https://comsec.ethz.ch/research/microarch/inception/
Открытый практикум Networks by Rebrain: Прозрачные LAN-сервисы на основе QinQ
• 17 Августа (Четверг), 20:00 МСК. Детали
Программа:
• Стандарт IEEE 802.1ad
• S-VID и C-VID
• UNI и NNI интерфейсы
• Port-Based и Selective QinQ
Ведет:
• Ольга Яновская – Руководитель направления Networks by Rebrain. Ph.D. in Information Technology. Cisco NetAcad Instructor / NetAcad Success Lead / Instructor-Trainer. Ведущий сетевой инженер.
• 17 Августа (Четверг), 20:00 МСК. Детали
Программа:
• Стандарт IEEE 802.1ad
• S-VID и C-VID
• UNI и NNI интерфейсы
• Port-Based и Selective QinQ
Ведет:
• Ольга Яновская – Руководитель направления Networks by Rebrain. Ph.D. in Information Technology. Cisco NetAcad Instructor / NetAcad Success Lead / Instructor-Trainer. Ведущий сетевой инженер.
/ Cloud Account Takeover Campaign Leveraging EvilProxy Targets Top-Level Executives at over 100 Global Organizations
https://www.proofpoint.com/us/blog/email-and-cloud-threats/cloud-account-takeover-campaign-leveraging-evilproxy-targets-top-level
https://www.proofpoint.com/us/blog/email-and-cloud-threats/cloud-account-takeover-campaign-leveraging-evilproxy-targets-top-level
Proofpoint
EvilProxy Phishing Used for Cloud Account Takeover Campaign | Proofpoint US
Proofpoint observed a surge in cloud account takeover incidents using an EvilProxy phishing tool based on a reverse proxy. Learn more.
Часть докладов прошла ревью и это бомбический сабж хочу я тебе сказать:
Черный пояс по Linux
Мексиканская стена
Вводная по Kubernetes
Напоминаю - встречаемся мы в ламповом месте офиса Kolesa Group, где под чай и кофе мы будем глаголить и впитывать знания!
Некоторые доклады уже есть на https://sysconf.io
Please open Telegram to view this post
VIEW IN TELEGRAM
Approximately 2000 Citrix NetScalers backdoored in mass-exploitation campaign
🔹 Fox-IT (part of NCC Group) has uncovered a large-scale exploitation campaign of Citrix NetScalers in a joint effort with the Dutch Institute of Vulnerability Disclosure (DIVD). An adversary appears to have exploited CVE-2023-3519 in an automated fashion, placing webshells on vulnerable NetScalers to gain persistent access..:
🔹 https://research.nccgroup.com/2023/08/15/approximately-2000-citrix-netscalers-backdoored-in-mass-exploitation-campaign/
Please open Telegram to view this post
VIEW IN TELEGRAM
/ The data of 760,000 Discord.io users was put up for sale on the darknet
https://stackdiary.com/the-data-of-760000-discord-io-users-was-put-up-for-sale-on-the-darknet/
https://stackdiary.com/the-data-of-760000-discord-io-users-was-put-up-for-sale-on-the-darknet/
Stack Diary
The data of 760,000 Discord.io users was put up for sale on the darknet
Note: I've gone ahead and updated the featured image, so it doesn't seem like this has something to do with Discord "directly". It was not my intention to