Sys-Admin InfoSec – Telegram
Sys-Admin InfoSec
@sysadm_in_channel
12.7K subscribers
235 photos
2 videos
103 files
4.54K links
News of cybersecurity / information security, information technology, data leaks / breaches, cve, hacks, tools, trainings
* Multilingual (En, Ru).
* Forum - forum.sys-adm.in
* Chat - @sysadm_in
* Job - @sysadm_in_job
* ? - @sysadminkz
Download Telegram
About
Blog
Apps
Platform
Join
Sys-Admin InfoSec
12.7K subscribers
Sys-Admin InfoSec
/ Inception: how a simple XOR can cause a Microarchitectural Stack Overflow

..unprivileged attacker to leak arbitrary information on all modern AMD CPUs:

https://comsec.ethz.ch/research/microarch/inception/
2.43K views
Sys-Admin InfoSec
Открытый практикум Networks by Rebrain: Прозрачные LAN-сервисы на основе QinQ
 
• 17 Августа (Четверг), 20:00 МСК. Детали

Программа:
• Стандарт IEEE 802.1ad
• S-VID и C-VID
• UNI и NNI интерфейсы
• Port-Based и Selective QinQ

Ведет:
• Ольга Яновская – Руководитель направления Networks by Rebrain. Ph.D. in Information Technology. Cisco NetAcad Instructor / NetAcad Success Lead / Instructor-Trainer. Ведущий сетевой инженер.
2.62K views
Sys-Admin InfoSec
/ Cloud Account Takeover Campaign Leveraging EvilProxy Targets Top-Level Executives at over 100 Global Organizations

https://www.proofpoint.com/us/blog/email-and-cloud-threats/cloud-account-takeover-campaign-leveraging-evilproxy-targets-top-level
Proofpoint
EvilProxy Phishing Used for Cloud Account Takeover Campaign | Proofpoint US
Proofpoint observed a surge in cloud account takeover incidents using an EvilProxy phishing tool based on a reverse proxy. Learn more.
2.83K views
Sys-Admin InfoSec
🟩 Open SysConf'23 🐴 доклады на 16 Сентября

Часть докладов прошла ревью и это бомбический сабж хочу я тебе сказать:

Черный пояс по Linux
🔸 Фундаментальный step-by-step от Алексея из ps.kz на тему сертификации Red Hat
Мексиканская стена
🔸 Виктор Senior System Analyst расскажет где граница между бизнес и системным/software анализом
Вводная по Kubernetes
🔸 Что такое Kubernetes и зачем он нужен. Самат, DevOps со стажем 15+ лет

🟡 Регистрация ближайшее время будет закрыта, осталось буквально ~10 мест, если ты все проспал(а), то самое время проснуться и регнуться 🙂

Напоминаю - встречаемся мы в ламповом месте офиса Kolesa Group, где под чай и кофе мы будем глаголить и впитывать знания!

Некоторые доклады уже есть на https://sysconf.io
Please open Telegram to view this post
VIEW IN TELEGRAM
2.5K viewsedited  
Sys-Admin InfoSec
Approximately 2000 Citrix NetScalers backdoored in mass-exploitation campaign

🔹 Fox-IT (part of NCC Group) has uncovered a large-scale exploitation campaign of Citrix NetScalers in a joint effort with the Dutch Institute of Vulnerability Disclosure (DIVD). An adversary appears to have exploited CVE-2023-3519 in an automated fashion, placing webshells on vulnerable NetScalers to gain persistent access..:

🔹 https://research.nccgroup.com/2023/08/15/approximately-2000-citrix-netscalers-backdoored-in-mass-exploitation-campaign/
Please open Telegram to view this post
VIEW IN TELEGRAM
2.12K views
Sys-Admin InfoSec
/ The data of 760,000 Discord.io users was put up for sale on the darknet

https://stackdiary.com/the-data-of-760000-discord-io-users-was-put-up-for-sale-on-the-darknet/
Stack Diary
The data of 760,000 Discord.io users was put up for sale on the darknet
Note: I've gone ahead and updated the featured image, so it doesn't seem like this has something to do with Discord "directly". It was not my intention to
2.17K views
Sys-Admin InfoSec
/ The “Skeleton Squad” is now targeting NPM

https://socket.dev/blog/skeleton-squad-npm
Socket
The “Skeleton Squad” is now targeting NPM - Socket
Digging into the Skeleton Squad's recent expansion from PyPI to the npm ecosystem.
2.26K views
Sys-Admin InfoSec
/ Unauthenticated Stack Buffer Overflows in Ivanti Avalanche

https://www.tenable.com/security/research/tra-2023-27
Tenable®
Unauthenticated Stack Buffer Overflows in Ivanti Avalanche
A researcher at Tenable discovered multiple stack-based buffer overflows in Ivanti Avalanche WLAvanacheServer.exe v6.4.0.0 A message sent to WLAvalancheService.exe on TCP port 1777 has the following structure:
2.11K views
Sys-Admin InfoSec
/ LinkedIn Accounts Under Attack

https://cyberint.com/blog/research/linkedin-accounts-under-attack-how-to-protect-yourself/
Cyberint
LinkedIn Accounts Under Attack
Cyberint has observed an alarming emerging trend - an ongoing and successful hacking campaign is targeting LinkedIn accounts. Here's what you need to know.
2.22K views
Sys-Admin InfoSec
Открытый практикум Golang by Rebrain: Тесты в golang

24 Августа (Четверг), 20:00 МСК. Детали

Программа:

• Unit, benchmark, fuzzing
• Фреймворки, подходы и способы тестирования golang приложений

Ведёт:

Сергей Парамошкин - Технический менеджер Яндекс.Поиск. Работал в эксплуатации, аналитиком, архитектором, руководителем. Больше 10 лет опыта в IT, опыт в разработке на Go – 7 лет.
2.46K views
Sys-Admin InfoSec
Forwarded from Sys-Admin Up (Yevgeniy Goncharov)
Awareness about Awareness. Part 2

Several years ago I spoke on KHS 2018 about of Awareness with presentation named - Awareness about Awareness…

Now I see - classical awarenes model working not adequately… On KHS 2023 we will try to consider why it is so, what to do about it…

On this conference will many cooll speakers, cybersec/infosec subjects, people. Will meet on KHS 20223!

Details on official KHS site:
🔹. https://kazhackstan.com
Please open Telegram to view this post
VIEW IN TELEGRAM
2K views
Sys-Admin InfoSec
/ Fake Airplane Mode: A mobile tampering technique to maintain connectivity

https://www.jamf.com/blog/fake-airplane-mode-a-mobile-tampering-technique-to-maintain-connectivity/
2.31K views
Sys-Admin InfoSec
Forwarded from Sys-Admin Up (Yevgeniy Goncharov)
Unwanted Guests: Mitigating Remote Access Trojan Infection Risk

https://www.uptycs.com/blog/remote-access-trojan-qwixx-telegram
Uptycs
Remote Access Trojan: Mitigating Infection Risk of Unwanted Guests
Read about QwixxRAT, a new Remote Access Trojan infiltrating devices via Telegram & Discord: technical analysis & protective measures
2.01K views
Sys-Admin InfoSec
/ PowerHell: Active Flaws in PowerShell Gallery Expose Users to Attacks

https://blog.aquasec.com/powerhell-active-flaws-in-powershell-gallery-expose-users-to-attacks
Aqua
PowerHell: Active Flaws in PowerShell Gallery Expose Users to Attacks
We expose significant flaws in PowerShell Gallery's policy package names and owners, that open potential supply chain attacks on the registry's user base. 
2.29K views
Sys-Admin InfoSec
/ LABRAT: Stealthy Cryptojacking and Proxyjacking Campaign Targeting GitLab

https://sysdig.com/blog/labrat-cryptojacking-proxyjacking-campaign/
Sysdig
LABRAT: Stealthy Cryptojacking and Proxyjacking Campaign Targeting GitLab | Sysdig
The Sysdig Threat Research Team recently discovered a new operation, dubbed LABRAT, a stealthy cryptojacking and proxyjacking campaign.
2.38K views
Sys-Admin InfoSec
Forwarded from Sys-Admin Up (Yevgeniy Goncharov)
CFP-комитет OFFZONE 2023 завершил отбор

На сайте конференции организаторы готовы рассказать, какие доклады будут на OFFZONE 2023.

Программа будет пополняться, обновление можно отследить на сайте

https://offzone.moscow/program/
1.91K views
Sys-Admin InfoSec
/ DLL Hijacking in the Asian Gambling Sector

..The threat actors abuse Adobe Creative Cloud, Microsoft Edge, and McAfee VirusScan executables vulnerable to DLL hijacking to deploy Cobalt Strike beacons.:

https://www.sentinelone.com/labs/chinese-entanglement-dll-hijacking-in-the-asian-gambling-sector/
SentinelOne
Chinese Entanglement | DLL Hijacking in the Asian Gambling Sector
Threat actors abuse Adobe Creative Cloud, Edge, and other executables vulnerable to DLL hijacking in campaign targeting the Southeast Asian gambling sector.
2.26K views
Sys-Admin InfoSec
/ Unmasking – EVLF DEV-The Creator of CypherRAT and CraxsRAT

CYFIRMA research team obtained the CraxsRAT, which is one of the most dangerous purchasable Android RATs currently available to threat actors..:

https://www.cyfirma.com/outofband/unmasking-evlf-dev-the-creator-of-cypherrat-and-craxsrat/
CYFIRMA
Unmasking - EVLF DEV-The Creator of CypherRAT and CraxsRAT - CYFIRMA
EXECUTIVE SUMMARY The CYFIRMA research team has discovered a new Malware-as-a-service (MaaS) operator that goes by the moniker EVLF DEV....
2.13K viewsedited  
Sys-Admin InfoSec
Второй анонс докладов конференции Open SysConf'23 🐴

🔻 Стань онлайн участником эксклюзивного реалтайм кибер-контента

eBPF. Сниффер трафика веб сервера.
🔹 Ильяс, высококлассный специалист, продемонстрирует пример, как построить на основе eBPF сниффер трафика веб сервера. Пример будет показан на веб серверах, установленных как локально, так и в контейнерах (docker, k8s)

Как построить AppSec процессы и ничего не сломать
🔹 Обширная тема в рамках которой Амир расскажет про построение, внедрение процессов AppSec/DevSecOps в компании

Нагрузочное тестирование с помощью Jmeter
🔹 Есенай динозавр нашего сообщества, но это его первый доклад в котором он коснется такой интересной темы, как JMeter. Как он работает и какую пользу принес в детекте просадки производительности. Тема для автора новая, будем разбираться вместе.

📢 Планируется трансляция. Если ты не успеваешь на встречу в офис Kolesa Team, то готовь тряпочку для протирки экрана на 16 сентября :)

🔸 Детали: https://sysconf.io/ru
Please open Telegram to view this post
VIEW IN TELEGRAM
2.36K views
Sys-Admin InfoSec
Sys-Admin InfoSec pinned a photo
Sys-Admin InfoSec
Forwarded from Sys-Admin Up (Yevgeniy Goncharov)
XLoader’s Latest Trick | New macOS Variant Disguised as Signed OfficeNote App

https://www.sentinelone.com/blog/xloaders-latest-trick-new-macos-variant-disguised-as-signed-officenote-app/
SentinelOne
XLoader’s Latest Trick | New macOS Variant Disguised as Signed OfficeNote App
Notorious botnet and infostealer XLoader makes a return to macOS with a new dropper and malware payload.
1.88K views