/ A PowerShell Script to Mitigate Active Directory Security Risks
Basic mitigation steps with denoscriptions:
https://www.esecurityplanet.com/networks/a-powershell-noscript-to-mitigate-active-directory-security-risks/
Basic mitigation steps with denoscriptions:
https://www.esecurityplanet.com/networks/a-powershell-noscript-to-mitigate-active-directory-security-risks/
eSecurity Planet
Use this PowerShell Script to Mitigate Active Directory Security Risks
Leverage this important PowerShell noscript to ensure that all legacy protocols are disabled in Active Directory to mitigate security risks.
Forwarded from Sys-Admin Up (Yevgeniy Goncharov)
CVE-2023-5178: Linux NVMe-oF/TCP Driver - UAF in `nvmet_tcp_free_crypto`
Due to a logical bug in the NVMe-oF/TCP subsystem in the Linux kernel, a malicious actor, with the ability to send messages to the NVMe-oF/TCP server (either LAN or WAN), can cause a UAF and a double free, which may lead to remote kernel code execution:
- https://www.openwall.com/lists/oss-security/2023/10/15/1
Due to a logical bug in the NVMe-oF/TCP subsystem in the Linux kernel, a malicious actor, with the ability to send messages to the NVMe-oF/TCP server (either LAN or WAN), can cause a UAF and a double free, which may lead to remote kernel code execution:
- https://www.openwall.com/lists/oss-security/2023/10/15/1
/ Cisco IOS XE Software Web UI Privilege Escalation Vulnerability
Critical:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-webui-privesc-j22SaA4z
Critical:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-webui-privesc-j22SaA4z
Cisco
Cisco Security Advisory: Multiple Vulnerabilities in Cisco IOS XE Software Web UI Feature
Cisco is providing an update for the ongoing investigation into observed exploitation of the web UI feature in Cisco IOS XE Software. We are updating the list of fixed releases and adding the Software Checker.
Fix information can be found in the Fixed Software…
Fix information can be found in the Fixed Software…
/ DarkGate Opens Organizations for Attack via Skype, Teams
https://www.trendmicro.com/en_us/research/23/j/darkgate-opens-organizations-for-attack-via-skype-teams.html
https://www.trendmicro.com/en_us/research/23/j/darkgate-opens-organizations-for-attack-via-skype-teams.html
Trend Micro
DarkGate Opens Organizations for Attack via Skype, Teams
Forwarded from Sys-Admin Up (Yevgeniy Goncharov)
Открытый доклад "Безопасность и DNS" в этот четверг (19 октября) г.Алматы
В Алматы, в четверг 19 октября, в 19 часов в SmartPoint. Буду докладывать по данному сабжу.
Все мы знаем, что DNS это "наше все" без него не будет ничего толком работать, он везде, но мало кто уделяет роль этой службе с точки зрения киберсека.
Доку еще пишу, но думаю будет:
🔹 Зачем нужен ДНС и как работает
🔹 Как он может аффектить security
🔹 Как он может аффектить пользователей
🔹 DNS и Tread Intelligence
🔹 Откуда ноги у OpenBLD.net DNS 😡
Примерно так. Вход свободный. Линка к сожалению не моя и только в LinkrdIn, там же агенда встречи.
Кто будет - до встреч✌️ ))
В Алматы, в четверг 19 октября, в 19 часов в SmartPoint. Буду докладывать по данному сабжу.
Все мы знаем, что DNS это "наше все" без него не будет ничего толком работать, он везде, но мало кто уделяет роль этой службе с точки зрения киберсека.
Доку еще пишу, но думаю будет:
Примерно так. Вход свободный. Линка к сожалению не моя и только в LinkrdIn, там же агенда встречи.
Кто будет - до встреч
Please open Telegram to view this post
VIEW IN TELEGRAM
/ Take a note of SpyNote!
This spyware app spreads via smishing (i.e. malicious SMS messages) by urging the victims to install the app from provided links..:
https://blog.f-secure.com/take-a-note-of-spynote/
This spyware app spreads via smishing (i.e. malicious SMS messages) by urging the victims to install the app from provided links..:
https://blog.f-secure.com/take-a-note-of-spynote/
F-Secure
Take a note of SpyNote malware | F‑Secure
SpyNote malware is targeting Android users — learn how it works, the risks it poses, and how to keep your device secure.
/ Qubitstrike - An Emerging Malware Campaign Targeting Jupyter Notebooks
https://www.cadosecurity.com/qubitstrike-an-emerging-malware-campaign-targeting-jupyter-notebooks/
https://www.cadosecurity.com/qubitstrike-an-emerging-malware-campaign-targeting-jupyter-notebooks/
Cadosecurity
Qubitstrike - An Emerging Malware Campaign Targeting Jupyter Notebooks
Cado Security Labs researchers have discovered a new cryptojacking campaign targeting exposed Jupyter Notebooks.
/ Synology NAS DSM Account Takeover: When Random is not Secure
https://claroty.com/team82/research/synology-nas-dsm-account-takeover-when-random-is-not-secure
https://claroty.com/team82/research/synology-nas-dsm-account-takeover-when-random-is-not-secure
Claroty
Synology NAS DSM Account Takeover: When Random is not Secure
Claroty discovers the use of a weak random number generator in Synology’s DiskStation Manager (DSM) Linux-based operating system. Learn more.
Открытый практикум DevOps by Rebrain: Оптимизация запросов в MySQL 2
Время:
• 24 Октября (Вторник) 19:00 МСК. Регистрация
Программа:
• Методы оптимизации сложных запросов в СУБД MySQL
• Как подходить к анализу сложных запросов, как находить возможности оптимизации
• Оптимизация нескольких реальных запросов в интерактивном формате
Ведет:
• Николай Лавлинский – Технический директор. Веб-разработчик более 15 лет. Спикер конференций HighLoad++, РИТ++. Специализация: ускорение сайтов и веб-приложений
Время:
• 24 Октября (Вторник) 19:00 МСК. Регистрация
Программа:
• Методы оптимизации сложных запросов в СУБД MySQL
• Как подходить к анализу сложных запросов, как находить возможности оптимизации
• Оптимизация нескольких реальных запросов в интерактивном формате
Ведет:
• Николай Лавлинский – Технический директор. Веб-разработчик более 15 лет. Спикер конференций HighLoad++, РИТ++. Специализация: ускорение сайтов и веб-приложений
Forwarded from Sys-Admin Up (Yevgeniy Goncharov)
iso-27001-audit-check-list.pdf
1.9 MB
ISO 271001:2022 Audit Checklist
Forwarded from OpenBLD.net
OpenBLD.net - Update HTTPS certificates will progress tonight
🔹 ADA - Issue and Update certsificates
🔹 RIC - Issue and Update certsificates
This action will not affect your connectivity. This message is to let you know that this is a legitimate, planned procedure.
This action will not affect your connectivity. This message is to let you know that this is a legitimate, planned procedure.
Please open Telegram to view this post
VIEW IN TELEGRAM
/ Casio Issues Apology and Notice Concerning Personal Information Leak
Due to Unauthorized Access to Server
https://world.casio.com/information/1018-incident/
Due to Unauthorized Access to Server
https://world.casio.com/information/1018-incident/
CASIO Official Website
Casio Issues Apology and Notice Concerning Personal Information Leak Due to Unauthorized Access to Server | CASIO
/ Allow Access to Bing.. ChatGPT — Release Notes
https://help.openai.com/en/articles/6825453-chatgpt-release-notes
https://help.openai.com/en/articles/6825453-chatgpt-release-notes
OpenAI Help Center
ChatGPT — Release Notes | OpenAI Help Center
A changelog of the latest updates for ChatGPT
/ Google-hosted malvertising leads to fake Keepass site that looks genuine
https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/amp/
https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/amp/
Ars Technica
Google-hosted malvertising leads to fake Keepass site that looks genuine
Google-verified advertiser + legit-looking URL + valid TLS cert = convincing lookalike.
Forwarded from Sys-Admin Up (Yevgeniy Goncharov)
План: Категоризации моделей угроз, Внедрения смягчающих мер и культуры ИБ для компании <Company name>
Создан на лету, за короткое время, в процессе одного интервью. Абстрактно, top-level план - Источники угроз, Уровни угроз, Уровень уязвимости систем, План внедрения, Основные этапы, Получаемые преимущества, Заключение.
Возможно кому-то может оказаться полезным. Пользуйтесь)
Google Doc - https://docs.google.com/document/d/1DQWxr6zde4ugHPaN7cCE7Hh70jxNbsAfT2ydH_nuMgY/edit?usp=sharing
Создан на лету, за короткое время, в процессе одного интервью. Абстрактно, top-level план - Источники угроз, Уровни угроз, Уровень уязвимости систем, План внедрения, Основные этапы, Получаемые преимущества, Заключение.
Возможно кому-то может оказаться полезным. Пользуйтесь)
Google Doc - https://docs.google.com/document/d/1DQWxr6zde4ugHPaN7cCE7Hh70jxNbsAfT2ydH_nuMgY/edit?usp=sharing
23rd October – Threat Intelligence Report from Checkpoint
- top attacks and breaches
- vulnerabilities and patches
- threat intelligence reports
- https://research.checkpoint.com/2023/23rd-october-threat-intelligence-report/
- top attacks and breaches
- vulnerabilities and patches
- threat intelligence reports
- https://research.checkpoint.com/2023/23rd-october-threat-intelligence-report/
Check Point Research
23rd October – Threat Intelligence Report - Check Point Research
For the latest discoveries in cyber research for the week of 23rd October, please download our Threat_Intelligence Bulletin. TOP ATTACKS AND BREACHES Attackers have gained access to parts of the network of the cloud identity authentication giant Okta. The…
/ Citrix Bleed: Leaking Session Tokens with CVE-2023-4966
https://www.assetnote.io/resources/research/citrix-bleed-leaking-session-tokens-with-cve-2023-4966
https://www.assetnote.io/resources/research/citrix-bleed-leaking-session-tokens-with-cve-2023-4966
www.assetnote.io
Citrix Bleed: Leaking Session Tokens with CVE-2023-4966
It's time for another round Citrix Patch Diffing! Earlier this month Citrix released a security bulletin which mentioned "unauthenticated buffer-related vulnerabilities" and two CVEs. These issues affected Citrix NetScaler ADC and NetScaler Gateway.
Открытый практикум DevOps by Rebrain: Управление временем команд цикла разработки
Время:
↘ 31 Октября (Вторник) 19:00 МСК. Регистрация
Программа:
• Самоорганизация команды
• Time-tools и методы управления временем
• Управление сквозным бэклогом
Ведёт:
Александр Крылов – Опыт работы в DevOps более 7 лет. Постоянный спикер конференций: DevOps conf, TeamLead conf, Highload conf. Автор курса по Haproxy на Rebrain.
Время:
↘ 31 Октября (Вторник) 19:00 МСК. Регистрация
Программа:
• Самоорганизация команды
• Time-tools и методы управления временем
• Управление сквозным бэклогом
Ведёт:
Александр Крылов – Опыт работы в DevOps более 7 лет. Постоянный спикер конференций: DevOps conf, TeamLead conf, Highload conf. Автор курса по Haproxy на Rebrain.
Forwarded from OpenBLD.net
How can you reduce the threat of spying on your iPhone?
iPhone owners can be hacked through iMessage with Operation Triangulation infection chain and you can reduce thich chain attack together with OpenBLD.net.
In short. Operation Triangulation infection chain: a device receives a malicious iMessage attachment that launches a chain of exploits, and their execution ultimately results in the launch of the TriangleDB implant. In more detail, the infection chain can be summarized with the following article - https://securelist.com/triangulation-validators-modules/110847/
Now all chained domains added to OpenBLD.net ecosystem, and of course - be careful about what and from whom you receive in your iMessage 😎
iPhone owners can be hacked through iMessage with Operation Triangulation infection chain and you can reduce thich chain attack together with OpenBLD.net.
In short. Operation Triangulation infection chain: a device receives a malicious iMessage attachment that launches a chain of exploits, and their execution ultimately results in the launch of the TriangleDB implant. In more detail, the infection chain can be summarized with the following article - https://securelist.com/triangulation-validators-modules/110847/
Now all chained domains added to OpenBLD.net ecosystem, and of course - be careful about what and from whom you receive in your iMessage 😎
StripedFly: Perennially flying under the radar
It’s just another cryptocurrency miner… Nobody would even suspect the mining malware was merely a mask, masquerading behind an intricate modular framework that supports both Linux and Windows.:
https://securelist.com/stripedfly-perennially-flying-under-the-radar/110903/
It’s just another cryptocurrency miner… Nobody would even suspect the mining malware was merely a mask, masquerading behind an intricate modular framework that supports both Linux and Windows.:
https://securelist.com/stripedfly-perennially-flying-under-the-radar/110903/
Securelist
StripedFly: Perennially flying under the radar
Nobody would even suspect the mining malware was merely a mask, masquerading behind an intricate modular framework that supports both Linux and Windows. The amount of effort that went into creating the framework is truly remarkable, and its disclosure was…
/ Winter Vivern exploits zero-day vulnerability in Roundcube Webmail servers
https://www.welivesecurity.com/en/eset-research/winter-vivern-exploits-zero-day-vulnerability-roundcube-webmail-servers/
https://www.welivesecurity.com/en/eset-research/winter-vivern-exploits-zero-day-vulnerability-roundcube-webmail-servers/
Welivesecurity
Winter Vivern exploits zero-day vulnerability in Roundcube Webmail servers
ESET Research discover campaigns by the Winter Vivern APT group that exploit a zero-day XSS vulnerability in the Roundcube Webmail server and target governmental entities and a think tank in Europe.