/ Malicious Packages Hidden in NPM
Affected platforms: All platforms where NPM packages can be installed..:
-- https://www.fortinet.com/blog/threat-research/malicious-packages-hiddin-in-npm
Affected platforms: All platforms where NPM packages can be installed..:
-- https://www.fortinet.com/blog/threat-research/malicious-packages-hiddin-in-npm
Fortinet Blog
Malicious Packages Hidden in NPM
FortiGuard Labs investigates several malicious packages hidden in NPM and provides an overview of these packages, grouping them on similar styles of code or functions. Learn more.…
/ Detecting human-operated ransomware attacks with Microsoft 365 Defender
-- https://learn.microsoft.com/en-us/microsoft-365/security/defender/playbook-detecting-ransomware-m365-defender?view=o365-worldwide
-- https://learn.microsoft.com/en-us/microsoft-365/security/defender/playbook-detecting-ransomware-m365-defender?view=o365-worldwide
Docs
Detecting human-operated ransomware attacks with Microsoft Defender XDR - Microsoft Defender XDR
This article describes proactive detection of new or ongoing human-operated ransomware attacks with the Microsoft Defender portal
/ Binarly REsearch Uncovers Major Vulnerabilities in Supermicro BMCs
..Vulnerabilities can be exploited by unauthenticated remote attackers and could result in obtaining the root of the BMC system:
https://binarly.io/posts/Binarly_REsearch_Uncovers_Major_Vulnerabilities_in_Supermicro_BMCs/
..Vulnerabilities can be exploited by unauthenticated remote attackers and could result in obtaining the root of the BMC system:
https://binarly.io/posts/Binarly_REsearch_Uncovers_Major_Vulnerabilities_in_Supermicro_BMCs/
www.binarly.io
Binarly REsearch Uncovers Major Vulnerabilities in Supermicro BMCs
Uncover Major Vulnerabilities in Supermicro BMCs. Dive into hidden attack surfaces and exploits found by BINARLY REsearch in Supermicro BMC IPMI firmware.
/ EvilProxy Phishing Attack Strikes Indeed
MS 365 Phishing..:
https//www.menlosecurity.com/blog/evilproxy-phishing-attack-strikes-indeed/
MS 365 Phishing..:
https//www.menlosecurity.com/blog/evilproxy-phishing-attack-strikes-indeed/
Menlosecurity
EvilProxy Phishing Attack Strikes Indeed - Blog | Menlo Security
Menlo Labs identified a phishing campaign exploiting an open redirection vulnerability on job search platform Indeed.
Открытый практикум Networks by Rebrain: Дебаг VoIP в сетях передачи данных
• 12 Октября (Четверг) 19:00 МСК. Детали
Программа:
• Как устанавливается сессия в SIP
• Как дебажить SIP сообщения с помощью CLI Asterisk/FreeSWITCH
• Работа диагностических утилит tcpdump, sngrep, wireshark и sip3
• Как дебажить RTP. Разбор рядовых проблем
Ведёт:
• Роман Сыртланов – VoIP инженер. Опыт работы с VoIP 7 лет. Работает с Asterisk/FreeSWITCH/Kamailio
• 12 Октября (Четверг) 19:00 МСК. Детали
Программа:
• Как устанавливается сессия в SIP
• Как дебажить SIP сообщения с помощью CLI Asterisk/FreeSWITCH
• Работа диагностических утилит tcpdump, sngrep, wireshark и sip3
• Как дебажить RTP. Разбор рядовых проблем
Ведёт:
• Роман Сыртланов – VoIP инженер. Опыт работы с VoIP 7 лет. Работает с Asterisk/FreeSWITCH/Kamailio
/ About the security content of iOS 17.0.3 and iPadOS 17.0.3
Impact: A local attacker may be able to elevate their privileges.
https://support.apple.com/en-us/HT213961
Impact: A local attacker may be able to elevate their privileges.
https://support.apple.com/en-us/HT213961
Apple Support
About the security content of iOS 17.0.3 and iPadOS 17.0.3
This document describes the security content of iOS 17.0.3 and iPadOS 17.0.3.
/ 1.1.1.1 lookup failures on October 4th, 2023
https//blog.cloudflare.com/1-1-1-1-lookup-failures-on-october-4th-2023/
https//blog.cloudflare.com/1-1-1-1-lookup-failures-on-october-4th-2023/
The Cloudflare Blog
1.1.1.1 lookup failures on October 4, 2023
On 4 October 2023, Cloudflare experienced DNS resolution problems. Some users may have received SERVFAIL DNS responses to valid queries. In this blog, we’re going to talk about what the failure was, why it occurred, and what we’re doing to make sure this…
/ NSA and CISA Advise on Top Ten Cybersecurity Misconfigurations
https://media.defense.gov/2023/Oct/05/2003314578/-1/-1/0/JOINT_CSA_TOP_TEN_MISCONFIGURATIONS_TLP-CLEAR.PDF
https://media.defense.gov/2023/Oct/05/2003314578/-1/-1/0/JOINT_CSA_TOP_TEN_MISCONFIGURATIONS_TLP-CLEAR.PDF
/ Severity HIGH security problem to be announced with curl 8.4.0 on Oct 11
-- https://github.com/curl/curl/discussions/12026
-- https://github.com/curl/curl/discussions/12026
GitHub
Severity HIGH security problem to be announced with curl 8.4.0 on Oct 11 · curl curl · Discussion #12026
We are cutting the release cycle short and will release curl 8.4.0 on October 11, including fixes for a severity HIGH CVE and one severity LOW. The one rated HIGH is probably the worst curl securit...
Forwarded from Sys-Admin Up (Yevgeniy Goncharov)
Home Grown Red Team: LNK Phishing Revisited In 2023
-- https://assume-breach.medium.com/home-grown-red-team-lnk-phishing-revisited-in-2023-364daf70a06a
-- https://assume-breach.medium.com/home-grown-red-team-lnk-phishing-revisited-in-2023-364daf70a06a
Medium
Home Grown Red Team: LNK Phishing Revisited In 2023
All right so macros are out, ISOs, zips and password protected zips are all getting flagged. What’s an APT to do? Well, LNK files are still…
/ HTTP/2 Zero-Day Vulnerability Results in Record-Breaking DDoS Attacks
https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/
https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/
The Cloudflare Blog
HTTP/2 Zero-Day vulnerability results in record-breaking DDoS attacks
The “HTTP/2 Rapid Reset” attack exploits a weakness in the HTTP/2 protocol to generate enormous, hyper-volumetric DDoS attacks. Cloudflare has mitigated a barrage of these attacks in recent months, including an attack three times larger than any previous…
Открытый практикум Golang by Rebrain: Go channels
Время:
17 Октября (Вторник) 19:00 МСК. Детали
Программа:
• Внутренности Go-каналов
• Разбор на исходного кода
• Рассмотр некоторых интересных деталей реализации
Ведет:
• Егор Гришечко – Software engineer в Uber. Пишет внутреннее облако Uber. Observability - 10 лет профессионального опыта. Докладчик на крупных конференциях (.NEXT, GolangConf)
Время:
17 Октября (Вторник) 19:00 МСК. Детали
Программа:
• Внутренности Go-каналов
• Разбор на исходного кода
• Рассмотр некоторых интересных деталей реализации
Ведет:
• Егор Гришечко – Software engineer в Uber. Пишет внутреннее облако Uber. Observability - 10 лет профессионального опыта. Докладчик на крупных конференциях (.NEXT, GolangConf)
Update your Chrome
With few (20) security fixes and one critical user after free vulnerability:
https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_10.html
With few (20) security fixes and one critical user after free vulnerability:
https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_10.html
Chrome Releases
Stable Channel Update for Desktop
The Stable channel has been updated to 118.0.5993.70 for Mac and Linux and 118.0.5993.70 /.71 for Windows , which will roll out over the c...
☁️ AWS Community Day в Алматы
Планируется два дня про AWS и все, что рядом - Terraform Best Practices, прохождение PCI DSS за три недели, Панелька, обещан Workshop и GameDay.
Ожидаются спикеры из Казахстана, Узбекистана, Кыргызстана, включая действующих сотрудников компании AWS
• 17-18 ноября, КБТУ, Алматы, Казахстан
Детали здесь - https://central-asia.awscommunity.day
Планируется два дня про AWS и все, что рядом - Terraform Best Practices, прохождение PCI DSS за три недели, Панелька, обещан Workshop и GameDay.
Ожидаются спикеры из Казахстана, Узбекистана, Кыргызстана, включая действующих сотрудников компании AWS
• 17-18 ноября, КБТУ, Алматы, Казахстан
Детали здесь - https://central-asia.awscommunity.day
Forwarded from Sys-Admin Up (Yevgeniy Goncharov)
AvosLocker Ransomware (Update)
updated report from FBI and CISO (mitigation, IoC, mitre):
https://www.cisa.gov/sites/default/files/2023-10/aa23-284a-joint-csa-stopransomware-avoslocker-ransomware-update.pdf
updated report from FBI and CISO (mitigation, IoC, mitre):
https://www.cisa.gov/sites/default/files/2023-10/aa23-284a-joint-csa-stopransomware-avoslocker-ransomware-update.pdf
/ A PowerShell Script to Mitigate Active Directory Security Risks
Basic mitigation steps with denoscriptions:
https://www.esecurityplanet.com/networks/a-powershell-noscript-to-mitigate-active-directory-security-risks/
Basic mitigation steps with denoscriptions:
https://www.esecurityplanet.com/networks/a-powershell-noscript-to-mitigate-active-directory-security-risks/
eSecurity Planet
Use this PowerShell Script to Mitigate Active Directory Security Risks
Leverage this important PowerShell noscript to ensure that all legacy protocols are disabled in Active Directory to mitigate security risks.
Forwarded from Sys-Admin Up (Yevgeniy Goncharov)
CVE-2023-5178: Linux NVMe-oF/TCP Driver - UAF in `nvmet_tcp_free_crypto`
Due to a logical bug in the NVMe-oF/TCP subsystem in the Linux kernel, a malicious actor, with the ability to send messages to the NVMe-oF/TCP server (either LAN or WAN), can cause a UAF and a double free, which may lead to remote kernel code execution:
- https://www.openwall.com/lists/oss-security/2023/10/15/1
Due to a logical bug in the NVMe-oF/TCP subsystem in the Linux kernel, a malicious actor, with the ability to send messages to the NVMe-oF/TCP server (either LAN or WAN), can cause a UAF and a double free, which may lead to remote kernel code execution:
- https://www.openwall.com/lists/oss-security/2023/10/15/1
/ Cisco IOS XE Software Web UI Privilege Escalation Vulnerability
Critical:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-webui-privesc-j22SaA4z
Critical:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-webui-privesc-j22SaA4z
Cisco
Cisco Security Advisory: Multiple Vulnerabilities in Cisco IOS XE Software Web UI Feature
Cisco is providing an update for the ongoing investigation into observed exploitation of the web UI feature in Cisco IOS XE Software. We are updating the list of fixed releases and adding the Software Checker.
Fix information can be found in the Fixed Software…
Fix information can be found in the Fixed Software…
/ DarkGate Opens Organizations for Attack via Skype, Teams
https://www.trendmicro.com/en_us/research/23/j/darkgate-opens-organizations-for-attack-via-skype-teams.html
https://www.trendmicro.com/en_us/research/23/j/darkgate-opens-organizations-for-attack-via-skype-teams.html
Trend Micro
DarkGate Opens Organizations for Attack via Skype, Teams
Forwarded from Sys-Admin Up (Yevgeniy Goncharov)
Открытый доклад "Безопасность и DNS" в этот четверг (19 октября) г.Алматы
В Алматы, в четверг 19 октября, в 19 часов в SmartPoint. Буду докладывать по данному сабжу.
Все мы знаем, что DNS это "наше все" без него не будет ничего толком работать, он везде, но мало кто уделяет роль этой службе с точки зрения киберсека.
Доку еще пишу, но думаю будет:
🔹 Зачем нужен ДНС и как работает
🔹 Как он может аффектить security
🔹 Как он может аффектить пользователей
🔹 DNS и Tread Intelligence
🔹 Откуда ноги у OpenBLD.net DNS 😡
Примерно так. Вход свободный. Линка к сожалению не моя и только в LinkrdIn, там же агенда встречи.
Кто будет - до встреч✌️ ))
В Алматы, в четверг 19 октября, в 19 часов в SmartPoint. Буду докладывать по данному сабжу.
Все мы знаем, что DNS это "наше все" без него не будет ничего толком работать, он везде, но мало кто уделяет роль этой службе с точки зрения киберсека.
Доку еще пишу, но думаю будет:
Примерно так. Вход свободный. Линка к сожалению не моя и только в LinkrdIn, там же агенда встречи.
Кто будет - до встреч
Please open Telegram to view this post
VIEW IN TELEGRAM
/ Take a note of SpyNote!
This spyware app spreads via smishing (i.e. malicious SMS messages) by urging the victims to install the app from provided links..:
https://blog.f-secure.com/take-a-note-of-spynote/
This spyware app spreads via smishing (i.e. malicious SMS messages) by urging the victims to install the app from provided links..:
https://blog.f-secure.com/take-a-note-of-spynote/
F-Secure
Take a note of SpyNote malware | F‑Secure
SpyNote malware is targeting Android users — learn how it works, the risks it poses, and how to keep your device secure.