/ “PhishForce” — Vulnerability Uncovered in Salesforce’s Email Services Exploited for Phishing Facebook Accounts In-The-Wild
Guardio
Malicious Emails Sent by Trusted Email Gateways and more..:
— https://labs.guard.io/phishforce-vulnerability-uncovered-in-salesforces-email-services-exploited-for-phishing-32024ad4b5fa
Guardio
Malicious Emails Sent by Trusted Email Gateways and more..:
— https://labs.guard.io/phishforce-vulnerability-uncovered-in-salesforces-email-services-exploited-for-phishing-32024ad4b5fa
/ Unauthorized Access to Cross-Tenant Applications in Microsoft Power Platform
https://www.tenable.com/security/research/tra-2023-25
https://www.tenable.com/security/research/tra-2023-25
Tenable®
Unauthorized Access to Cross-Tenant Applications in Microsoft Power Platform
A researcher at Tenable has discovered an issue that enables limited, unauthorized access to cross-tenant applications and sensitive data (including but not limited to authentication secrets). Background The issue occurred as a result of insufficient access…
🚀 Open SysConf'23 Открыта регистрация на 16 Сентября
Помимо регистрации, предварительно обозначены keywords/тематики конференции:
— eBPF "сниффинг"
— "Старт" в Kubernetes
— RHCSA "путь сертификации"
— "кто есть" Software Analyst
— Тестинг "нагрузочный"
— Как построить AppSec и ничего не сломать
— Применение профессионального опыта в разработке и автоматизации анализа рынка недвижимости
— Как сделать открытый сервис, который поддержали world level компании и проекты на примере OpenBLD.net DNS
Напоминаю: в этом году Open SysConf.io поддержала локацией и всем сопутствующим команда из Kolesa Group где собственно вчера в видео-приглашении и засветили локацию 👀.
Количество мест строго ограничено. Успевайте зарегистрироваться — Стать участником
Помимо регистрации, предварительно обозначены keywords/тематики конференции:
— eBPF "сниффинг"
— "Старт" в Kubernetes
— RHCSA "путь сертификации"
— "кто есть" Software Analyst
— Тестинг "нагрузочный"
— Как построить AppSec и ничего не сломать
— Применение профессионального опыта в разработке и автоматизации анализа рынка недвижимости
— Как сделать открытый сервис, который поддержали world level компании и проекты на примере OpenBLD.net DNS
Напоминаю: в этом году Open SysConf.io поддержала локацией и всем сопутствующим команда из Kolesa Group где собственно вчера в видео-приглашении и засветили локацию 👀.
Количество мест строго ограничено. Успевайте зарегистрироваться — Стать участником
Sys-Admin InfoSec pinned «🚀 Open SysConf'23 Открыта регистрация на 16 Сентября Помимо регистрации, предварительно обозначены keywords/тематики конференции: — eBPF "сниффинг" — "Старт" в Kubernetes — RHCSA "путь сертификации" — "кто есть" Software Analyst — Тестинг "нагрузочный"…»
/ Visualizing Qakbot Infrastructure Part II: Uncharted Territory
https://www.team-cymru.com/post/visualizing-qakbot-infrastructure-part-ii-uncharted-territory
https://www.team-cymru.com/post/visualizing-qakbot-infrastructure-part-ii-uncharted-territory
Team-Cymru
Visualizing Qakbot Infrastructure: Network Telemetry | Team Cymru
Explore Qakbot’s evolving C2 infrastructure through NetFlow analysis, revealing new servers, port trends, and insights into upstream communication layers.
/ Downfall attacks targets a critical weakness found in billions of modern processors used in personal and cloud computers
https://downfall.page/
https://downfall.page/
Downfall Attacks
Downfall attacks targets a critical weakness found in billions of modern processors used in personal and cloud computers.
/ VS Code’s Token Security: Keeping Your Secrets… Not So Secretly
https://cycode.com/blog/exposing-vscode-secrets/
https://cycode.com/blog/exposing-vscode-secrets/
Cycode
VS Code's Token Security: Keeping Your Secrets... Not So Secretly - Cycode
Discover how a vulnerability in VS Code’s secure token storage enables high-risk ‘Token Stealing’ attacks, exposing third-party application tokens and organizational security.
/ Inception: how a simple XOR can cause a Microarchitectural Stack Overflow
..unprivileged attacker to leak arbitrary information on all modern AMD CPUs:
https://comsec.ethz.ch/research/microarch/inception/
..unprivileged attacker to leak arbitrary information on all modern AMD CPUs:
https://comsec.ethz.ch/research/microarch/inception/
Открытый практикум Networks by Rebrain: Прозрачные LAN-сервисы на основе QinQ
• 17 Августа (Четверг), 20:00 МСК. Детали
Программа:
• Стандарт IEEE 802.1ad
• S-VID и C-VID
• UNI и NNI интерфейсы
• Port-Based и Selective QinQ
Ведет:
• Ольга Яновская – Руководитель направления Networks by Rebrain. Ph.D. in Information Technology. Cisco NetAcad Instructor / NetAcad Success Lead / Instructor-Trainer. Ведущий сетевой инженер.
• 17 Августа (Четверг), 20:00 МСК. Детали
Программа:
• Стандарт IEEE 802.1ad
• S-VID и C-VID
• UNI и NNI интерфейсы
• Port-Based и Selective QinQ
Ведет:
• Ольга Яновская – Руководитель направления Networks by Rebrain. Ph.D. in Information Technology. Cisco NetAcad Instructor / NetAcad Success Lead / Instructor-Trainer. Ведущий сетевой инженер.
/ Cloud Account Takeover Campaign Leveraging EvilProxy Targets Top-Level Executives at over 100 Global Organizations
https://www.proofpoint.com/us/blog/email-and-cloud-threats/cloud-account-takeover-campaign-leveraging-evilproxy-targets-top-level
https://www.proofpoint.com/us/blog/email-and-cloud-threats/cloud-account-takeover-campaign-leveraging-evilproxy-targets-top-level
Proofpoint
EvilProxy Phishing Used for Cloud Account Takeover Campaign | Proofpoint US
Proofpoint observed a surge in cloud account takeover incidents using an EvilProxy phishing tool based on a reverse proxy. Learn more.
Часть докладов прошла ревью и это бомбический сабж хочу я тебе сказать:
Черный пояс по Linux
Мексиканская стена
Вводная по Kubernetes
Напоминаю - встречаемся мы в ламповом месте офиса Kolesa Group, где под чай и кофе мы будем глаголить и впитывать знания!
Некоторые доклады уже есть на https://sysconf.io
Please open Telegram to view this post
VIEW IN TELEGRAM
Approximately 2000 Citrix NetScalers backdoored in mass-exploitation campaign
🔹 Fox-IT (part of NCC Group) has uncovered a large-scale exploitation campaign of Citrix NetScalers in a joint effort with the Dutch Institute of Vulnerability Disclosure (DIVD). An adversary appears to have exploited CVE-2023-3519 in an automated fashion, placing webshells on vulnerable NetScalers to gain persistent access..:
🔹 https://research.nccgroup.com/2023/08/15/approximately-2000-citrix-netscalers-backdoored-in-mass-exploitation-campaign/
Please open Telegram to view this post
VIEW IN TELEGRAM
/ The data of 760,000 Discord.io users was put up for sale on the darknet
https://stackdiary.com/the-data-of-760000-discord-io-users-was-put-up-for-sale-on-the-darknet/
https://stackdiary.com/the-data-of-760000-discord-io-users-was-put-up-for-sale-on-the-darknet/
Stack Diary
The data of 760,000 Discord.io users was put up for sale on the darknet
Note: I've gone ahead and updated the featured image, so it doesn't seem like this has something to do with Discord "directly". It was not my intention to
/ Unauthenticated Stack Buffer Overflows in Ivanti Avalanche
https://www.tenable.com/security/research/tra-2023-27
https://www.tenable.com/security/research/tra-2023-27
Tenable®
Unauthenticated Stack Buffer Overflows in Ivanti Avalanche
A researcher at Tenable discovered multiple stack-based buffer overflows in Ivanti Avalanche WLAvanacheServer.exe v6.4.0.0 A message sent to WLAvalancheService.exe on TCP port 1777 has the following structure:
/ LinkedIn Accounts Under Attack
https://cyberint.com/blog/research/linkedin-accounts-under-attack-how-to-protect-yourself/
https://cyberint.com/blog/research/linkedin-accounts-under-attack-how-to-protect-yourself/
Cyberint
LinkedIn Accounts Under Attack
Cyberint has observed an alarming emerging trend - an ongoing and successful hacking campaign is targeting LinkedIn accounts. Here's what you need to know.
Открытый практикум Golang by Rebrain: Тесты в golang
24 Августа (Четверг), 20:00 МСК. Детали
Программа:
• Unit, benchmark, fuzzing
• Фреймворки, подходы и способы тестирования golang приложений
Ведёт:
Сергей Парамошкин - Технический менеджер Яндекс.Поиск. Работал в эксплуатации, аналитиком, архитектором, руководителем. Больше 10 лет опыта в IT, опыт в разработке на Go – 7 лет.
24 Августа (Четверг), 20:00 МСК. Детали
Программа:
• Unit, benchmark, fuzzing
• Фреймворки, подходы и способы тестирования golang приложений
Ведёт:
Сергей Парамошкин - Технический менеджер Яндекс.Поиск. Работал в эксплуатации, аналитиком, архитектором, руководителем. Больше 10 лет опыта в IT, опыт в разработке на Go – 7 лет.
Forwarded from Sys-Admin Up (Yevgeniy Goncharov)
Awareness about Awareness. Part 2
Several years ago I spoke on KHS 2018 about of Awareness with presentation named - Awareness about Awareness…
Now I see - classical awarenes model working not adequately… On KHS 2023 we will try to consider why it is so, what to do about it…
On this conference will many cooll speakers, cybersec/infosec subjects, people. Will meet on KHS 20223! ✊
Details on official KHS site:
🔹 . https://kazhackstan.com
Several years ago I spoke on KHS 2018 about of Awareness with presentation named - Awareness about Awareness…
Now I see - classical awarenes model working not adequately… On KHS 2023 we will try to consider why it is so, what to do about it…
On this conference will many cooll speakers, cybersec/infosec subjects, people. Will meet on KHS 20223! ✊
Details on official KHS site:
Please open Telegram to view this post
VIEW IN TELEGRAM
/ Fake Airplane Mode: A mobile tampering technique to maintain connectivity
https://www.jamf.com/blog/fake-airplane-mode-a-mobile-tampering-technique-to-maintain-connectivity/
https://www.jamf.com/blog/fake-airplane-mode-a-mobile-tampering-technique-to-maintain-connectivity/
Forwarded from Sys-Admin Up (Yevgeniy Goncharov)
Unwanted Guests: Mitigating Remote Access Trojan Infection Risk
https://www.uptycs.com/blog/remote-access-trojan-qwixx-telegram
https://www.uptycs.com/blog/remote-access-trojan-qwixx-telegram
Uptycs
Remote Access Trojan: Mitigating Infection Risk of Unwanted Guests
Read about QwixxRAT, a new Remote Access Trojan infiltrating devices via Telegram & Discord: technical analysis & protective measures
/ PowerHell: Active Flaws in PowerShell Gallery Expose Users to Attacks
https://blog.aquasec.com/powerhell-active-flaws-in-powershell-gallery-expose-users-to-attacks
https://blog.aquasec.com/powerhell-active-flaws-in-powershell-gallery-expose-users-to-attacks
Aqua
PowerHell: Active Flaws in PowerShell Gallery Expose Users to Attacks
We expose significant flaws in PowerShell Gallery's policy package names and owners, that open potential supply chain attacks on the registry's user base.