Часть докладов прошла ревью и это бомбический сабж хочу я тебе сказать:
Черный пояс по Linux
Мексиканская стена
Вводная по Kubernetes
Напоминаю - встречаемся мы в ламповом месте офиса Kolesa Group, где под чай и кофе мы будем глаголить и впитывать знания!
Некоторые доклады уже есть на https://sysconf.io
Please open Telegram to view this post
VIEW IN TELEGRAM
Approximately 2000 Citrix NetScalers backdoored in mass-exploitation campaign
🔹 Fox-IT (part of NCC Group) has uncovered a large-scale exploitation campaign of Citrix NetScalers in a joint effort with the Dutch Institute of Vulnerability Disclosure (DIVD). An adversary appears to have exploited CVE-2023-3519 in an automated fashion, placing webshells on vulnerable NetScalers to gain persistent access..:
🔹 https://research.nccgroup.com/2023/08/15/approximately-2000-citrix-netscalers-backdoored-in-mass-exploitation-campaign/
Please open Telegram to view this post
VIEW IN TELEGRAM
/ The data of 760,000 Discord.io users was put up for sale on the darknet
https://stackdiary.com/the-data-of-760000-discord-io-users-was-put-up-for-sale-on-the-darknet/
https://stackdiary.com/the-data-of-760000-discord-io-users-was-put-up-for-sale-on-the-darknet/
Stack Diary
The data of 760,000 Discord.io users was put up for sale on the darknet
Note: I've gone ahead and updated the featured image, so it doesn't seem like this has something to do with Discord "directly". It was not my intention to
/ Unauthenticated Stack Buffer Overflows in Ivanti Avalanche
https://www.tenable.com/security/research/tra-2023-27
https://www.tenable.com/security/research/tra-2023-27
Tenable®
Unauthenticated Stack Buffer Overflows in Ivanti Avalanche
A researcher at Tenable discovered multiple stack-based buffer overflows in Ivanti Avalanche WLAvanacheServer.exe v6.4.0.0 A message sent to WLAvalancheService.exe on TCP port 1777 has the following structure:
/ LinkedIn Accounts Under Attack
https://cyberint.com/blog/research/linkedin-accounts-under-attack-how-to-protect-yourself/
https://cyberint.com/blog/research/linkedin-accounts-under-attack-how-to-protect-yourself/
Cyberint
LinkedIn Accounts Under Attack
Cyberint has observed an alarming emerging trend - an ongoing and successful hacking campaign is targeting LinkedIn accounts. Here's what you need to know.
Открытый практикум Golang by Rebrain: Тесты в golang
24 Августа (Четверг), 20:00 МСК. Детали
Программа:
• Unit, benchmark, fuzzing
• Фреймворки, подходы и способы тестирования golang приложений
Ведёт:
Сергей Парамошкин - Технический менеджер Яндекс.Поиск. Работал в эксплуатации, аналитиком, архитектором, руководителем. Больше 10 лет опыта в IT, опыт в разработке на Go – 7 лет.
24 Августа (Четверг), 20:00 МСК. Детали
Программа:
• Unit, benchmark, fuzzing
• Фреймворки, подходы и способы тестирования golang приложений
Ведёт:
Сергей Парамошкин - Технический менеджер Яндекс.Поиск. Работал в эксплуатации, аналитиком, архитектором, руководителем. Больше 10 лет опыта в IT, опыт в разработке на Go – 7 лет.
Forwarded from Sys-Admin Up (Yevgeniy Goncharov)
Awareness about Awareness. Part 2
Several years ago I spoke on KHS 2018 about of Awareness with presentation named - Awareness about Awareness…
Now I see - classical awarenes model working not adequately… On KHS 2023 we will try to consider why it is so, what to do about it…
On this conference will many cooll speakers, cybersec/infosec subjects, people. Will meet on KHS 20223! ✊
Details on official KHS site:
🔹 . https://kazhackstan.com
Several years ago I spoke on KHS 2018 about of Awareness with presentation named - Awareness about Awareness…
Now I see - classical awarenes model working not adequately… On KHS 2023 we will try to consider why it is so, what to do about it…
On this conference will many cooll speakers, cybersec/infosec subjects, people. Will meet on KHS 20223! ✊
Details on official KHS site:
Please open Telegram to view this post
VIEW IN TELEGRAM
/ Fake Airplane Mode: A mobile tampering technique to maintain connectivity
https://www.jamf.com/blog/fake-airplane-mode-a-mobile-tampering-technique-to-maintain-connectivity/
https://www.jamf.com/blog/fake-airplane-mode-a-mobile-tampering-technique-to-maintain-connectivity/
Forwarded from Sys-Admin Up (Yevgeniy Goncharov)
Unwanted Guests: Mitigating Remote Access Trojan Infection Risk
https://www.uptycs.com/blog/remote-access-trojan-qwixx-telegram
https://www.uptycs.com/blog/remote-access-trojan-qwixx-telegram
Uptycs
Remote Access Trojan: Mitigating Infection Risk of Unwanted Guests
Read about QwixxRAT, a new Remote Access Trojan infiltrating devices via Telegram & Discord: technical analysis & protective measures
/ PowerHell: Active Flaws in PowerShell Gallery Expose Users to Attacks
https://blog.aquasec.com/powerhell-active-flaws-in-powershell-gallery-expose-users-to-attacks
https://blog.aquasec.com/powerhell-active-flaws-in-powershell-gallery-expose-users-to-attacks
Aqua
PowerHell: Active Flaws in PowerShell Gallery Expose Users to Attacks
We expose significant flaws in PowerShell Gallery's policy package names and owners, that open potential supply chain attacks on the registry's user base.
/ LABRAT: Stealthy Cryptojacking and Proxyjacking Campaign Targeting GitLab
https://sysdig.com/blog/labrat-cryptojacking-proxyjacking-campaign/
https://sysdig.com/blog/labrat-cryptojacking-proxyjacking-campaign/
Sysdig
LABRAT: Stealthy Cryptojacking and Proxyjacking Campaign Targeting GitLab | Sysdig
The Sysdig Threat Research Team recently discovered a new operation, dubbed LABRAT, a stealthy cryptojacking and proxyjacking campaign.
Forwarded from Sys-Admin Up (Yevgeniy Goncharov)
CFP-комитет OFFZONE 2023 завершил отбор
На сайте конференции организаторы готовы рассказать, какие доклады будут на OFFZONE 2023.
Программа будет пополняться, обновление можно отследить на сайте
• https://offzone.moscow/program/
На сайте конференции организаторы готовы рассказать, какие доклады будут на OFFZONE 2023.
Программа будет пополняться, обновление можно отследить на сайте
• https://offzone.moscow/program/
/ DLL Hijacking in the Asian Gambling Sector
..The threat actors abuse Adobe Creative Cloud, Microsoft Edge, and McAfee VirusScan executables vulnerable to DLL hijacking to deploy Cobalt Strike beacons.:
https://www.sentinelone.com/labs/chinese-entanglement-dll-hijacking-in-the-asian-gambling-sector/
..The threat actors abuse Adobe Creative Cloud, Microsoft Edge, and McAfee VirusScan executables vulnerable to DLL hijacking to deploy Cobalt Strike beacons.:
https://www.sentinelone.com/labs/chinese-entanglement-dll-hijacking-in-the-asian-gambling-sector/
SentinelOne
Chinese Entanglement | DLL Hijacking in the Asian Gambling Sector
Threat actors abuse Adobe Creative Cloud, Edge, and other executables vulnerable to DLL hijacking in campaign targeting the Southeast Asian gambling sector.
/ Unmasking – EVLF DEV-The Creator of CypherRAT and CraxsRAT
CYFIRMA research team obtained the CraxsRAT, which is one of the most dangerous purchasable Android RATs currently available to threat actors..:
https://www.cyfirma.com/outofband/unmasking-evlf-dev-the-creator-of-cypherrat-and-craxsrat/
CYFIRMA research team obtained the CraxsRAT, which is one of the most dangerous purchasable Android RATs currently available to threat actors..:
https://www.cyfirma.com/outofband/unmasking-evlf-dev-the-creator-of-cypherrat-and-craxsrat/
CYFIRMA
Unmasking - EVLF DEV-The Creator of CypherRAT and CraxsRAT - CYFIRMA
EXECUTIVE SUMMARY The CYFIRMA research team has discovered a new Malware-as-a-service (MaaS) operator that goes by the moniker EVLF DEV....
eBPF. Сниффер трафика веб сервера.
Как построить AppSec процессы и ничего не сломать
Нагрузочное тестирование с помощью Jmeter
Please open Telegram to view this post
VIEW IN TELEGRAM
Forwarded from Sys-Admin Up (Yevgeniy Goncharov)
XLoader’s Latest Trick | New macOS Variant Disguised as Signed OfficeNote App
https://www.sentinelone.com/blog/xloaders-latest-trick-new-macos-variant-disguised-as-signed-officenote-app/
https://www.sentinelone.com/blog/xloaders-latest-trick-new-macos-variant-disguised-as-signed-officenote-app/
SentinelOne
XLoader’s Latest Trick | New macOS Variant Disguised as Signed OfficeNote App
Notorious botnet and infostealer XLoader makes a return to macOS with a new dropper and malware payload.
/ No Rest For The Wicked: HiatusRAT Takes Little Time Off In A Return To Action
https://blog.lumen.com/hiatusrat-takes-little-time-off-in-a-return-to-action/
https://blog.lumen.com/hiatusrat-takes-little-time-off-in-a-return-to-action/
Lumen Blog
No rest for the wicked: HiatusRAT takes little time off in a return to action
After publishing our initial research, Black Lotus Labs continued to track the HiatusRAT cluster resulting in new malware samples.
/ BlackCat Ransomware Group Targets Japanese Watchmaker Seiko
FBI IoC, Seiko Data Breach Response links..:
https://www.bankinfosecurity.com/blackcat-ransomware-group-targets-japanese-watchmaker-seiko-a-22902
FBI IoC, Seiko Data Breach Response links..:
https://www.bankinfosecurity.com/blackcat-ransomware-group-targets-japanese-watchmaker-seiko-a-22902
Bank info security
BlackCat Ransomware Group Targets Japanese Watchmaker Seiko
The BlackCat group on Monday claimed responsibility for a ransomware attack on Japanese watchmaker Seiko, publishing samples of stolen data files as proof of its
What new we have in OpenBLD.net today:
What will updated:
bld.sys-adm.in will be converted to ada.openbld.net *.sys-adm.in to ada.openbld.netPlease open Telegram to view this post
VIEW IN TELEGRAM
openbld.net
OpenBLD.net - fast, free DNS that blocks ads, trackers, malware — with DoH, DoT, GeoDNS | OpenBLD.net DNS - Block advertising,…
OpenBLD.net — ultra-fast DNS with ad blocking and proactive cybersecurity. Be yourself, be focused.