Forwarded from Sys-Admin Up (Yevgeniy Goncharov)
План: Категоризации моделей угроз, Внедрения смягчающих мер и культуры ИБ для компании <Company name>
Создан на лету, за короткое время, в процессе одного интервью. Абстрактно, top-level план - Источники угроз, Уровни угроз, Уровень уязвимости систем, План внедрения, Основные этапы, Получаемые преимущества, Заключение.
Возможно кому-то может оказаться полезным. Пользуйтесь)
Google Doc - https://docs.google.com/document/d/1DQWxr6zde4ugHPaN7cCE7Hh70jxNbsAfT2ydH_nuMgY/edit?usp=sharing
Создан на лету, за короткое время, в процессе одного интервью. Абстрактно, top-level план - Источники угроз, Уровни угроз, Уровень уязвимости систем, План внедрения, Основные этапы, Получаемые преимущества, Заключение.
Возможно кому-то может оказаться полезным. Пользуйтесь)
Google Doc - https://docs.google.com/document/d/1DQWxr6zde4ugHPaN7cCE7Hh70jxNbsAfT2ydH_nuMgY/edit?usp=sharing
23rd October – Threat Intelligence Report from Checkpoint
- top attacks and breaches
- vulnerabilities and patches
- threat intelligence reports
- https://research.checkpoint.com/2023/23rd-october-threat-intelligence-report/
- top attacks and breaches
- vulnerabilities and patches
- threat intelligence reports
- https://research.checkpoint.com/2023/23rd-october-threat-intelligence-report/
Check Point Research
23rd October – Threat Intelligence Report - Check Point Research
For the latest discoveries in cyber research for the week of 23rd October, please download our Threat_Intelligence Bulletin. TOP ATTACKS AND BREACHES Attackers have gained access to parts of the network of the cloud identity authentication giant Okta. The…
/ Citrix Bleed: Leaking Session Tokens with CVE-2023-4966
https://www.assetnote.io/resources/research/citrix-bleed-leaking-session-tokens-with-cve-2023-4966
https://www.assetnote.io/resources/research/citrix-bleed-leaking-session-tokens-with-cve-2023-4966
www.assetnote.io
Citrix Bleed: Leaking Session Tokens with CVE-2023-4966
It's time for another round Citrix Patch Diffing! Earlier this month Citrix released a security bulletin which mentioned "unauthenticated buffer-related vulnerabilities" and two CVEs. These issues affected Citrix NetScaler ADC and NetScaler Gateway.
Открытый практикум DevOps by Rebrain: Управление временем команд цикла разработки
Время:
↘ 31 Октября (Вторник) 19:00 МСК. Регистрация
Программа:
• Самоорганизация команды
• Time-tools и методы управления временем
• Управление сквозным бэклогом
Ведёт:
Александр Крылов – Опыт работы в DevOps более 7 лет. Постоянный спикер конференций: DevOps conf, TeamLead conf, Highload conf. Автор курса по Haproxy на Rebrain.
Время:
↘ 31 Октября (Вторник) 19:00 МСК. Регистрация
Программа:
• Самоорганизация команды
• Time-tools и методы управления временем
• Управление сквозным бэклогом
Ведёт:
Александр Крылов – Опыт работы в DevOps более 7 лет. Постоянный спикер конференций: DevOps conf, TeamLead conf, Highload conf. Автор курса по Haproxy на Rebrain.
Forwarded from OpenBLD.net
How can you reduce the threat of spying on your iPhone?
iPhone owners can be hacked through iMessage with Operation Triangulation infection chain and you can reduce thich chain attack together with OpenBLD.net.
In short. Operation Triangulation infection chain: a device receives a malicious iMessage attachment that launches a chain of exploits, and their execution ultimately results in the launch of the TriangleDB implant. In more detail, the infection chain can be summarized with the following article - https://securelist.com/triangulation-validators-modules/110847/
Now all chained domains added to OpenBLD.net ecosystem, and of course - be careful about what and from whom you receive in your iMessage 😎
iPhone owners can be hacked through iMessage with Operation Triangulation infection chain and you can reduce thich chain attack together with OpenBLD.net.
In short. Operation Triangulation infection chain: a device receives a malicious iMessage attachment that launches a chain of exploits, and their execution ultimately results in the launch of the TriangleDB implant. In more detail, the infection chain can be summarized with the following article - https://securelist.com/triangulation-validators-modules/110847/
Now all chained domains added to OpenBLD.net ecosystem, and of course - be careful about what and from whom you receive in your iMessage 😎
StripedFly: Perennially flying under the radar
It’s just another cryptocurrency miner… Nobody would even suspect the mining malware was merely a mask, masquerading behind an intricate modular framework that supports both Linux and Windows.:
https://securelist.com/stripedfly-perennially-flying-under-the-radar/110903/
It’s just another cryptocurrency miner… Nobody would even suspect the mining malware was merely a mask, masquerading behind an intricate modular framework that supports both Linux and Windows.:
https://securelist.com/stripedfly-perennially-flying-under-the-radar/110903/
Securelist
StripedFly: Perennially flying under the radar
Nobody would even suspect the mining malware was merely a mask, masquerading behind an intricate modular framework that supports both Linux and Windows. The amount of effort that went into creating the framework is truly remarkable, and its disclosure was…
/ Winter Vivern exploits zero-day vulnerability in Roundcube Webmail servers
https://www.welivesecurity.com/en/eset-research/winter-vivern-exploits-zero-day-vulnerability-roundcube-webmail-servers/
https://www.welivesecurity.com/en/eset-research/winter-vivern-exploits-zero-day-vulnerability-roundcube-webmail-servers/
Welivesecurity
Winter Vivern exploits zero-day vulnerability in Roundcube Webmail servers
ESET Research discover campaigns by the Winter Vivern APT group that exploit a zero-day XSS vulnerability in the Roundcube Webmail server and target governmental entities and a think tank in Europe.
/ Kazakhstan-associated YoroTrooper disguises origin of attacks as Azerbaijan
https://blog.talosintelligence.com/attributing-yorotrooper/
https://blog.talosintelligence.com/attributing-yorotrooper/
Cisco Talos Blog
Kazakhstan-associated YoroTrooper disguises origin of attacks as Azerbaijan
Cisco Talos assesses with high confidence that YoroTrooper, an espionage-focused threat actor first active in June 2022, likely consists of individuals from Kazakhstan based on their use of Kazakh currency and fluency in Kazakh and Russian.
Forwarded from OpenBLD.net (Yevgeniy Goncharov)
🚀 Exciting October'23 Upgrades at OpenBLD.net!
We're thrilled to unveil the latest enhancements in our OpenBLD.net ecosystem. Here's what's new:
🔹 New Filtering Routine Server
Strengthening the core of OpenBLD.net with a brand new filtering routine server.
🔹 Enhanced Performance
Boosted RAM and CPU power on select servers for even smoother operation.
🔹 German Server Addition
Testing out a new server in Germany for ada.openbld.net frontend scoping.
🔹 Rule Tweaks
Updated blocking rules to better combat abused IPs and CIDRs.
🔹 Improved Resource Handling
Optimized performance for web resources like
🔹 New site: With GitHub collaboration opportunities: https://openbld.net
🚫 Reducing Threats: We've successfully blocked Kazakhstan-associated YoroTrooper attacks and the threat of spying on your iPhone. Plus, we've thwarted Keepass faked malware.
📢 Stay Connected:
- Join our official Telegram
- Follow us on LinkedIn
OpenBLD.net is your go-to service for a cleaner, distraction-free online experience.
Help us make the internet a better place for all! 💪
#OpenBLD #InternetSecurity #Upgrade2023
We're thrilled to unveil the latest enhancements in our OpenBLD.net ecosystem. Here's what's new:
Strengthening the core of OpenBLD.net with a brand new filtering routine server.
Boosted RAM and CPU power on select servers for even smoother operation.
Testing out a new server in Germany for ada.openbld.net frontend scoping.
Updated blocking rules to better combat abused IPs and CIDRs.
Optimized performance for web resources like
Krisha, IvI, and Yandex Maps.🚫 Reducing Threats: We've successfully blocked Kazakhstan-associated YoroTrooper attacks and the threat of spying on your iPhone. Plus, we've thwarted Keepass faked malware.
- Join our official Telegram
- Follow us on LinkedIn
OpenBLD.net is your go-to service for a cleaner, distraction-free online experience.
Help us make the internet a better place for all! 💪
#OpenBLD #InternetSecurity #Upgrade2023
Please open Telegram to view this post
VIEW IN TELEGRAM
openbld.net
OpenBLD.net - fast, free DNS that blocks ads, trackers, malware — with DoH, DoT, GeoDNS | OpenBLD.net DNS - Block advertising,…
OpenBLD.net — ultra-fast DNS with ad blocking and proactive cybersecurity. Be yourself, be focused.
/ SYSTEM MANAGEMENT MODE SPECULATIVE EXECUTION ATTACKS
https://eclypsium.com/blog/system-management-mode-speculative-execution-attacks/
https://eclypsium.com/blog/system-management-mode-speculative-execution-attacks/
Eclypsium | Supply Chain Security for the Modern Enterprise
System Management Mode Speculative Execution Attacks - Eclypsium
Eclypsium researchers have discovered a new application of speculative execution attacks, bypassing hardware-based memory protections.
/ Active Directory Advanced Threat Hunting - Identify vulnerabilities before others do
https://github.com/tomwechsler/Active_Directory_Advanced_Threat_Hunting
https://github.com/tomwechsler/Active_Directory_Advanced_Threat_Hunting
/ CloudKeys in the Air: Tracking Malicious Operations of Exposed IAM Keys
https://unit42.paloaltonetworks.com/malicious-operations-of-exposed-iam-keys-cryptojacking/
https://unit42.paloaltonetworks.com/malicious-operations-of-exposed-iam-keys-cryptojacking/
Unit 42
CloudKeys in the Air: Tracking Malicious Operations of Exposed IAM Keys
We analyze an attack path starting with GitHub IAM exposure and leading to creation of AWS Elastic Compute instances — which TAs used to perform cryptojacking.
/ Dealing with MITRE ATT&CK®’s different levels of detail
- https://www.lacework.com/blog/dealing-with-mitre/
- https://www.lacework.com/blog/dealing-with-mitre/
Fortinet
Cloud-Native Application Protection Platform (CNAPP)
Lacework FortiCNAPP is the most comprehensive cloud-native application protection platform available. AI-driven and organically developed, it empowers organizations to easily secure everything from code to cloud.
/ Affected Apache
Official announcement:
🔹 https://activemq.apache.org/security-advisories.data/CVE-2023-46604-announcement.txt
🔹 https://www.rapid7.com/blog/post/2023/11/01/etr-suspected-exploitation-of-apache-activemq-cve-2023-46604/
ActiveMQOfficial announcement:
Please open Telegram to view this post
VIEW IN TELEGRAM
Rapid7
Suspected Exploitation of Apache ActiveMQ CVE-2023-46604 | Rapid7 Blog
/ YouTube is getting serious about blocking ad blockers
https://www.theverge.com/2023/10/31/23940583/youtube-ad-blocker-crackdown-broadening
https://www.theverge.com/2023/10/31/23940583/youtube-ad-blocker-crackdown-broadening
The Verge
YouTube is getting serious about blocking ad blockers
YouTube wants users to allow ads or sign up for Premium.
New BiBi-Linux Wiper Malware
https://www.securityjoes.com/post/bibi-linux-a-new-wiper-dropped-by-pro-hamas-hacktivist-group
https://www.securityjoes.com/post/bibi-linux-a-new-wiper-dropped-by-pro-hamas-hacktivist-group
Security Joes
BiBi-Linux: A New Wiper Dropped By Pro-Hamas Hacktivist Group
Security Joes Incident Response team volunteered to assist Israeli companies during the times of war between the state of Israel and the terrorist organization Hamas. During the forensics investigation, we found what appears to be a new Linux Wiper malware…
CVE-2023-4911 and Looney Tunables Vulnerability
Utilizing a rudimentary yet typical PHPUnit vulnerability exploit attack:
https://blog.aquasec.com/loony-tunables-vulnerability-exploited-by-kinsing
P.S. IoC; Exploit download site sended to OpenBLD.net
Utilizing a rudimentary yet typical PHPUnit vulnerability exploit attack:
https://blog.aquasec.com/loony-tunables-vulnerability-exploited-by-kinsing
P.S. IoC; Exploit download site sended to OpenBLD.net
Aqua
Looney Tunables Vulnerability Exploited by Kinsing
We intercepted Kinsing's experimental incursions into cloud environments and have uncovered their efforts to manipulate the Looney Tunables vulnerability.
Forwarded from OpenBLD.net (Yevgeniy Goncharov)
Время идет, количество пользователей растет, мощности серверов растут, это требует большего количества серверов и денег, бюджет которых уже расписан и распределен.
Так как сервис еще является защитой от вредоносов, то и авторы вредоносов пытаются активно
В виду вышесказанного планируется внести некоторые изменения в архитектуру OpenBLD.net:
DNS 53DoT, DoHКто может внести вклад в проект OpenBLD.net не стесняйтесь. Как это можно сделать и какой бенефит Вас может ждать от этого. можно посмотреть здесь - https://openbld.net/docs/donation/
🤝 Спасибо всем кто помогал и помогает. Благ вам по жизни!
Всем Peace ✌️
Please open Telegram to view this post
VIEW IN TELEGRAM
openbld.net
Donation and Contribution | OpenBLD.net DNS - Block advertising, tracking, telemetry, malicious domains and more for free
You can support the OpenBLD DNS Project through various activities:
Veeam ONE allows an unauthenticated user to gain information about the SQL server connection Veeam ONE uses to access its configuration database.
This may lead to remote code execution on the SQL server hosting the Veeam ONE configuration database.
Ande next: CVE-2023-38548
A vulnerability in Veeam ONE allows an unprivileged user who has access to the Veeam ONE Web Client the ability to acquire the NTLM hash of the account used by the Veeam ONE Reporting Service..:
https://www.veeam.com/kb4508
This may lead to remote code execution on the SQL server hosting the Veeam ONE configuration database.
Ande next: CVE-2023-38548
A vulnerability in Veeam ONE allows an unprivileged user who has access to the Veeam ONE Web Client the ability to acquire the NTLM hash of the account used by the Veeam ONE Reporting Service..:
https://www.veeam.com/kb4508
Veeam Software
KB4508: CVE-2023-38547 | CVE-2023-38548 | CVE-2023-38549 | CVE-2023-41723
Security update regarding: CVE-2023-38547 | CVE-2023-38548 | CVE-2023-38549 | CVE-2023-41723
Открытый практикум Linux by Rebrain: Обнаружение и просмотр устройств в Linux
Время:
↘ 15 Ноября (Среда) 19:00 МСК. Детали
Программа:
• Утилиты для просмотра устройств: lspci, lsusb, dmidecode...
• Интерфейсы ядра в /proc и /sys
• Именование дисков и сетевых устройств
• Просмотр свойств сетевых устройств с ethtool
Ведёт:
• Даниил Батурин – Основатель проекта VyOS, системы для корпоративных и провайдерских маршрутизаторов с открытым исходным кодом.
Время:
↘ 15 Ноября (Среда) 19:00 МСК. Детали
Программа:
• Утилиты для просмотра устройств: lspci, lsusb, dmidecode...
• Интерфейсы ядра в /proc и /sys
• Именование дисков и сетевых устройств
• Просмотр свойств сетевых устройств с ethtool
Ведёт:
• Даниил Батурин – Основатель проекта VyOS, системы для корпоративных и провайдерских маршрутизаторов с открытым исходным кодом.