Forwarded from Sys-Admin Up (Yevgeniy Goncharov)
XLoader’s Latest Trick | New macOS Variant Disguised as Signed OfficeNote App
https://www.sentinelone.com/blog/xloaders-latest-trick-new-macos-variant-disguised-as-signed-officenote-app/
https://www.sentinelone.com/blog/xloaders-latest-trick-new-macos-variant-disguised-as-signed-officenote-app/
SentinelOne
XLoader’s Latest Trick | New macOS Variant Disguised as Signed OfficeNote App
Notorious botnet and infostealer XLoader makes a return to macOS with a new dropper and malware payload.
/ No Rest For The Wicked: HiatusRAT Takes Little Time Off In A Return To Action
https://blog.lumen.com/hiatusrat-takes-little-time-off-in-a-return-to-action/
https://blog.lumen.com/hiatusrat-takes-little-time-off-in-a-return-to-action/
Lumen Blog
No rest for the wicked: HiatusRAT takes little time off in a return to action
After publishing our initial research, Black Lotus Labs continued to track the HiatusRAT cluster resulting in new malware samples.
/ BlackCat Ransomware Group Targets Japanese Watchmaker Seiko
FBI IoC, Seiko Data Breach Response links..:
https://www.bankinfosecurity.com/blackcat-ransomware-group-targets-japanese-watchmaker-seiko-a-22902
FBI IoC, Seiko Data Breach Response links..:
https://www.bankinfosecurity.com/blackcat-ransomware-group-targets-japanese-watchmaker-seiko-a-22902
Bank info security
BlackCat Ransomware Group Targets Japanese Watchmaker Seiko
The BlackCat group on Monday claimed responsibility for a ransomware attack on Japanese watchmaker Seiko, publishing samples of stolen data files as proof of its
What new we have in OpenBLD.net today:
What will updated:
bld.sys-adm.in will be converted to ada.openbld.net *.sys-adm.in to ada.openbld.netPlease open Telegram to view this post
VIEW IN TELEGRAM
openbld.net
OpenBLD.net - fast, free DNS that blocks ads, trackers, malware — with DoH, DoT, GeoDNS | OpenBLD.net DNS - Block advertising,…
OpenBLD.net — ultra-fast DNS with ad blocking and proactive cybersecurity. Be yourself, be focused.
/ Akira ransomware targets Cisco VPNs to breach organizations
https://www.bleepingcomputer.com/news/security/akira-ransomware-targets-cisco-vpns-to-breach-organizations/
https://www.bleepingcomputer.com/news/security/akira-ransomware-targets-cisco-vpns-to-breach-organizations/
BleepingComputer
Akira ransomware targets Cisco VPNs to breach organizations
There's mounting evidence that Akira ransomware targets Cisco VPN (virtual private network) products as an attack vector to breach corporate networks, steal, and eventually encrypt data.
Forwarded from Sys-Admin Up (Yevgeniy Goncharov)
FBI-CVE-2023-2868.pdf
1.1 MB
Suspected PRC Cyber ActorsContinue to Globally Exploit Barracuda ESG Zero-Day Vulnerability (CVE-2023-2868)
As a part of the FBI investigation into the exploitation of CVE-2023-2868, a zero-day
vulnerability in Barracuda Network’s Email Security Gateway (ESG) appliances
As a part of the FBI investigation into the exploitation of CVE-2023-2868, a zero-day
vulnerability in Barracuda Network’s Email Security Gateway (ESG) appliances
/ Time keeps on slippin’ slippin’ slippin’: The 2023 Active Adversary Report for Tech Leaders
A deep dive into incident-response cases from the first half of this year finds both attackers and defenders picking up the pace..
Key Takeaways
— Compromised credentials are a gift that keeps on giving (your stuff away)
— MFA is your mature, sensible friend
— Dwell time is sinking faster than RMS Titanic
— Criminals don’t take time off; neither can you*
— Active Directory servers: The ultimate attacker tool
— RDP: High time to decline the risk
— Missing telemetry just makes things harder
🔹 https://news.sophos.com/en-us/2023/08/23/active-adversary-for-tech-leaders/
A deep dive into incident-response cases from the first half of this year finds both attackers and defenders picking up the pace..
Key Takeaways
— Compromised credentials are a gift that keeps on giving (your stuff away)
— MFA is your mature, sensible friend
— Dwell time is sinking faster than RMS Titanic
— Criminals don’t take time off; neither can you*
— Active Directory servers: The ultimate attacker tool
— RDP: High time to decline the risk
— Missing telemetry just makes things harder
Please open Telegram to view this post
VIEW IN TELEGRAM
Sophos News
Time keeps on slippin’ slippin’ slippin’: The 2023 Active Adversary Report for Tech Leaders
A deep dive into incident-response cases from the first half of this year finds both attackers and defenders picking up the pace
Следующие три доклада не о том, как построить "дом из кирпича и цемента" изучив материалы создателя технологии, а о том, как нашедши песок и камни, придумать свою технологию "постройки Пирамиды Хеопса"..
Кто знает, возможно это уникальный шанс увидеть, познакомиться с теми, кто творит технологии в реальном времени прямо здесь и сейчас:
Делаем XDR из дефолтного линукса
Real Estate Investment Fundamentals
Be yourself - Be focused
Please open Telegram to view this post
VIEW IN TELEGRAM
Lazarus Group compromises internet backbone infrastructure company in Europe
..nd exploits ManageEngine vulnerability to deploy QuiteRAT:
🔹 https://blog.talosintelligence.com/lazarus-quiterat/
..nd exploits ManageEngine vulnerability to deploy QuiteRAT:
Please open Telegram to view this post
VIEW IN TELEGRAM
Cisco Talos Blog
Lazarus Group exploits ManageEngine vulnerability to deploy QuiteRAT
This is the third documented campaign attributed to this actor in less than a year, with the actor reusing the same infrastructure throughout these operations.
Qakbot Malware Disrupted in International Cyber Takedown
🔹 https://www.justice.gov/usao-cdca/pr/qakbot-malware-disrupted-international-cyber-takedown
Please open Telegram to view this post
VIEW IN TELEGRAM
www.justice.gov
Qakbot Malware Disrupted in International Cyber Takedown
The Justice Department today announced a multinational operation involving actions in the United States, France, Germany, the Netherlands, the United Kingdom, Romania, and Latvia to disrupt the botnet and malware known as Qakbot and take down its infrastructure.
/ Stealthy Android Malware MMRat Carries Out Bank Fraud Via Fake App Stores
https://www.trendmicro.com/en_us/research/23/h/mmrat-carries-out-bank-fraud-via-fake-app-stores.html
https://www.trendmicro.com/en_us/research/23/h/mmrat-carries-out-bank-fraud-via-fake-app-stores.html
Trend Micro
MMRat Carries Out Bank Fraud Via Fake App Stores
The Trend Micro Mobile Application Reputation Service (MARS) team discovered a new, fully undetected Android banking trojan, dubbed MMRat, that has been targeting mobile users in Southeast Asia since late June 2023.
/ Firefox and Chrome to address several high-severity vulnerabilities, including memory corruption issues
— Mozilla advisory
— Chrome Channel Update
— Mozilla advisory
— Chrome Channel Update
Mozilla
Security Vulnerabilities fixed in Firefox 117
/ Grave flaws in BGP Error handling
https://blog.benjojo.co.uk/post/bgp-path-attributes-grave-error-handling
https://blog.benjojo.co.uk/post/bgp-path-attributes-grave-error-handling
blog.benjojo.co.uk
Grave flaws in BGP Error handling
Открытый практикум Golang by Rebrain: Тесты в golang
• 5 Сентября (Вторник) 20:00 МСК. Детали
Программа:
• Unit, benchmark, fuzzing
• Фреймворки, подходы и способы тестирования golang приложений
Ведёт:
• Сергей Парамошкин - Технический менеджер Яндекс.Поиск. Работал в эксплуатации, аналитиком, архитектором, руководителем. Больше 10 лет опыта в IT, опыт в разработке на Go – 7 лет.
• 5 Сентября (Вторник) 20:00 МСК. Детали
Программа:
• Unit, benchmark, fuzzing
• Фреймворки, подходы и способы тестирования golang приложений
Ведёт:
• Сергей Парамошкин - Технический менеджер Яндекс.Поиск. Работал в эксплуатации, аналитиком, архитектором, руководителем. Больше 10 лет опыта в IT, опыт в разработке на Go – 7 лет.
/ CVE-2023-36844 And Friends: RCE In Juniper Devices
🟡 https://labs.watchtowr.com/cve-2023-36844-and-friends-rce-in-juniper-firewalls/
Please open Telegram to view this post
VIEW IN TELEGRAM
watchTowr Labs
CVE-2023-36844 And Friends: RCE In Juniper Devices
As part of our Continuous Automated Red Teaming and Attack Surface Management technology - the watchTowr Platform - we're incredibly proud of our ability to discover nested, exploitable vulnerabilities across huge attack surfaces.
Through our rapid PoC process…
Through our rapid PoC process…
bld.sys-adm.in successfully converted to ada.openbld.net 135.125.204.230 will be removed from OpenBLD.net DNS in the coming days, please change the settings on your devices to the current IP addresses.135.125.204.230 ближайшие дни будет выведен из OpenBLD.net DNS пожалуйста измените настройки на своих устройствах, на актуальные IP адреса.Previous notification:
Please open Telegram to view this post
VIEW IN TELEGRAM
Telegram
Sys-Admin InfoSec
📢 OpenBLD.net DNS 🤬 H1 2023 Updates & News
What new we have in OpenBLD.net today:
🔹 New optimized DNS Fronted / Backend engines
🔹 Updated Geo Localized ecosystem
🔹 New integrated centralize Cactusd service
🔹 Optimized works with free video services…
What new we have in OpenBLD.net today:
🔹 New optimized DNS Fronted / Backend engines
🔹 Updated Geo Localized ecosystem
🔹 New integrated centralize Cactusd service
🔹 Optimized works with free video services…
Threat Actors Target MSSQL Servers in DB#JAMMER to Deliver FreeWorld Ransomware
Threat actors working as part of DB#JAMMER attack campaigns are compromising exposed MSSQL databases using brute force attacks and appear to be well tooled and ready to deliver ransomware and Cobalt Strike payloads..:
— Read full article
Threat actors working as part of DB#JAMMER attack campaigns are compromising exposed MSSQL databases using brute force attacks and appear to be well tooled and ready to deliver ransomware and Cobalt Strike payloads..:
— Read full article
Securonix
Securonix Threat Labs Security Advisory: Threat Actors Target MSSQL Servers in DB#JAMMER to Deliver FreeWorld Ransomware