/ StopRansomware: Royal Ransomware
Remort from CISA. According to third-party reporting, Royal actors most commonly (in 66.7% of incidents) gain initial access to victim networks via successful phishing emails:
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-061a
Remort from CISA. According to third-party reporting, Royal actors most commonly (in 66.7% of incidents) gain initial access to victim networks via successful phishing emails:
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-061a
/ Windows DWM Core Library Elevation of Privilege Vulnerability
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36033
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36036
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36033
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36036
/ Microsoft guidance regarding credentials leaked to GitHub Actions Logs through Azure CLI
Vulnerability where Azure Command-Line Interface (CLI) could expose sensitive information, including credentials, through GitHub Actions logs:
🔹 https://msrc.microsoft.com/blog/2023/11/microsoft-guidance-regarding-credentials-leaked-to-github-actions-logs-through-azure-cli/
Vulnerability where Azure Command-Line Interface (CLI) could expose sensitive information, including credentials, through GitHub Actions logs:
Please open Telegram to view this post
VIEW IN TELEGRAM
Открытый практикум DevOps by Rebrain: Практики разработки жизненного цикла ПО
Время:
↘ 21 Ноября (Вторник) 19:00 МСК. Детали
Программа:
• Жизненный цикл ПО
• Методологии разработки
• Kanban
• Scrum
• DevOps
• SRE
Ведёт:
• Александр Крылов – Опыт работы в DevOps более 7 лет. Постоянный спикер конференций: DevOps conf, TeamLead conf, Highload conf. Автор курса по Haproxy на Rebrain.
Время:
↘ 21 Ноября (Вторник) 19:00 МСК. Детали
Программа:
• Жизненный цикл ПО
• Методологии разработки
• Kanban
• Scrum
• DevOps
• SRE
Ведёт:
• Александр Крылов – Опыт работы в DevOps более 7 лет. Постоянный спикер конференций: DevOps conf, TeamLead conf, Highload conf. Автор курса по Haproxy на Rebrain.
/ Samsung says hackers accessed customer data during year-long breach
https://techcrunch.com/2023/11/16/samsung-hackers-customer-data-breach
https://techcrunch.com/2023/11/16/samsung-hackers-customer-data-breach
TechCrunch
Samsung says hackers accessed customer data during year-long breach
Samsung confirmed hackers accessed the personal data of U.K.-based customers during a historical year-long breach of its systems.
/ The Spelling Police: Searching for Malicious HTTP Servers by Identifying Typos in HTTP Responses
Fox-SRT Uncategorized
Sometimes cybercriminals that host malicious servers employ tactics that involve mimicking the responses of legitimate software to evade detection. However, a common pitfall of these malicious actors are typos, which we use as unique fingerprints to identify such servers..:
https://blog.fox-it.com/2023/11/15/the-spelling-police-searching-for-malicious-http-servers-by-identifying-typos-in-http-responses/
Fox-SRT Uncategorized
Sometimes cybercriminals that host malicious servers employ tactics that involve mimicking the responses of legitimate software to evade detection. However, a common pitfall of these malicious actors are typos, which we use as unique fingerprints to identify such servers..:
https://blog.fox-it.com/2023/11/15/the-spelling-police-searching-for-malicious-http-servers-by-identifying-typos-in-http-responses/
/ Unveiling LummaC2 stealer’s novel Anti-Sandbox technique: Leveraging trigonometry for human behavior detection
https://outpost24.com/blog/lummac2-anti-sandbox-technique-trigonometry-human-detection/
https://outpost24.com/blog/lummac2-anti-sandbox-technique-trigonometry-human-detection/
Outpost24
Analyzing LummaC2 stealer’s novel Anti-Sandbox technique: Leveraging trigonometry for human behavior detection
LummaC2 stealer’s new Anti-Sandbox technique that forces the malware to wait until “human” behavior is detected.
Forwarded from Sys-Admin Up (Yevgeniy Goncharov)
A deep dive into Phobos ransomware
https://blog.talosintelligence.com/deep-dive-into-phobos-ransomware/
https://blog.talosintelligence.com/deep-dive-into-phobos-ransomware/
/ Sophos Web Appliance vulnerability exploited in the wild (CVE-2023-1671)
https://www.helpnetsecurity.com/2023/11/20/cve-2023-1671/
https://www.helpnetsecurity.com/2023/11/20/cve-2023-1671/
Help Net Security
Sophos Web Appliance vulnerability exploited in the wild (CVE-2023-1671)
CISA has added three bugs to its Known Exploited Vulnerabilities catalog, among them a critical one (CVE-2023-1671) in Sophos Web Appliance.
/ CVE-2023–36025: An In-Depth Analysis of Circumventing Windows SmartScreen Security
https://infosecwriteups.com/cve-2023-36025-an-in-depth-analysis-of-circumventing-windows-smartscreen-security-6ff05c8b69d0
https://infosecwriteups.com/cve-2023-36025-an-in-depth-analysis-of-circumventing-windows-smartscreen-security-6ff05c8b69d0
Medium
CVE-2023–36025: An In-Depth Analysis of Circumventing Windows SmartScreen Security
In the world of cybersecurity, the discovery of a vulnerability like CVE-2023-36025 in Windows SmartScreen is a significant event. This…
Forwarded from OpenBLD.net (Yevgeniy Goncharov)
Автоматически попасть можно по нескольким причинам:
Иногда это может быть ошибочное срабатывание, не переживайте, если ADA или RIC сервера не пингуются, а сайты перестали загружаться. 90% случаев это бан, что можно сделать в этом случае?
99% аптайм - хороший показатель, но безопасность и скорость, тоже важные показатели, давайте учитывать это вместе.
Всем спасибо кто пользуется и остается в фокусе и за понимание, кто еще не пользуется - welcome, донаты приветствуются, контакты здесь. Всем Peace ✌️
Please open Telegram to view this post
VIEW IN TELEGRAM
/ The Ticking Supply Chain Attack Bomb of Exposed Kubernetes Secrets
...exposed Kubernetes secrets of hundreds of organizations and open-source projects allow access to sensitive environments in the Software Development Life Cycle (SDLC) and open a severe supply chain attack threat..:
https://blog.aquasec.com/the-ticking-supply-chain-attack-bomb-of-exposed-kubernetes-secrets
...exposed Kubernetes secrets of hundreds of organizations and open-source projects allow access to sensitive environments in the Software Development Life Cycle (SDLC) and open a severe supply chain attack threat..:
https://blog.aquasec.com/the-ticking-supply-chain-attack-bomb-of-exposed-kubernetes-secrets
Aqua
The Ticking Supply Chain Attack Bomb of Exposed Kubernetes Secrets
Aqua Nautilus researchers found exposed Kubernetes secrets that pose a critical threat of supply chain attack to hundreds of organizations and OSS.
📢 Открытый практикум Networks by Rebrain: vxlan, часть 1
Время:
↘ 28 Ноября (Вторник) 19:00 МСК. Детали
Программа:
— Необходимость vxlan
— Классический вариант с Flood and Learn подходом
— Появление BGP Control plane
Ведёт:
Дмитрий Радчук – Team Lead Вконтакте. CCIE x4. Опыт работы с сетями больше 12 лет. Опыт преподавания больше 4-х лет
Время:
↘ 28 Ноября (Вторник) 19:00 МСК. Детали
Программа:
— Необходимость vxlan
— Классический вариант с Flood and Learn подходом
— Появление BGP Control plane
Ведёт:
Дмитрий Радчук – Team Lead Вконтакте. CCIE x4. Опыт работы с сетями больше 12 лет. Опыт преподавания больше 4-х лет
/ InfectedSlurs Botnet Spreads Mirai via Zero-Days
https://www.akamai.com/blog/security-research/new-rce-botnet-spreads-mirai-via-zero-days
https://www.akamai.com/blog/security-research/new-rce-botnet-spreads-mirai-via-zero-days
Akamai
InfectedSlurs Botnet Spreads Mirai via Zero-Days | Akamai
Akamai has uncovered two zero-day vulnerabilities that are being actively exploited to spread a Mirai variant in the wild. Read on for details and mitigation.
Forwarded from Sys-Admin Up (Yevgeniy Goncharov)
Nala - deb Packed Manager with Parallel functions
https://christitus.com/stop-using-apt/
https://youtu.be/oroSkR4Nn_w?t=222
P.S. the for the links dear subscriber )) ✌️
https://christitus.com/stop-using-apt/
https://youtu.be/oroSkR4Nn_w?t=222
P.S. the for the links dear subscriber )) ✌️
Christitus
Stop Using APT
Having Fun with Technology
/ Diamond Sleet supply chain compromise distributes a modified CyberLink installer
research with hunting query example:
https://www.microsoft.com/en-us/security/blog/2023/11/22/diamond-sleet-supply-chain-compromise-distributes-a-modified-cyberlink-installer/
research with hunting query example:
https://www.microsoft.com/en-us/security/blog/2023/11/22/diamond-sleet-supply-chain-compromise-distributes-a-modified-cyberlink-installer/
Microsoft News
Diamond Sleet supply chain compromise distributes a modified CyberLink installer
Microsoft has uncovered a supply chain attack by Diamond Sleet involving a malicious variant of an application developed by CyberLink Corp.
Forwarded from Sys-Admin Up (Yevgeniy Goncharov)
Awesome SOC
A collection of sources of documentation, as well as field best practices, to build/run a SOC
https://github.com/cyb3rxp/awesome-soc
A collection of sources of documentation, as well as field best practices, to build/run a SOC
https://github.com/cyb3rxp/awesome-soc
GitHub
GitHub - cyb3rxp/awesome-soc: A collection of sources of documentation, as well as field best practices, to build/run a SOC
A collection of sources of documentation, as well as field best practices, to build/run a SOC - cyb3rxp/awesome-soc
Forwarded from OpenBLD.net (Yevgeniy Goncharov)
They (Blender project) also fought with massive DDoS.. Let me remind you that I fought and still fight with shit traffic flying to OpenBLD.net side ..)
https://www.blender.org/news/cyberattack-november-2023/
I think it was correlated with this included… because high traffic flew and continues to fly from BR..:
https://www.trendmicro.com/en_us/research/23/k/parasitesnatcher-how-malicious-chrome-extensions-target-brazil-.html
Hold on, my friends, peace to all✌️
https://www.blender.org/news/cyberattack-november-2023/
I think it was correlated with this included… because high traffic flew and continues to fly from BR..:
https://www.trendmicro.com/en_us/research/23/k/parasitesnatcher-how-malicious-chrome-extensions-target-brazil-.html
Hold on, my friends, peace to all✌️
blender.org
Cyberattack – November 2023 — blender.org
Updates on the ongoing DDoS attack.
/ Defending Azure Active Directory (Entra ID): Unveiling Threats Through Hunting Techniques
Reading this article will provide you with:
- Understanding of the logs that can be extracted from your Azure AD, and how.
- Knowledge about how to analyze these logs, and get the right information out of them.
- Learning about more than 10 Threat scenarios and corresponding hunting queries that you can run in your own environment to identify threats.
- Access to a tool Rezonate wrote to extract logs from AzureAD to any preferred analysis platform of your choice.
https://www.rezonate.io/blog/defending-azure-active-directory/
Reading this article will provide you with:
- Understanding of the logs that can be extracted from your Azure AD, and how.
- Knowledge about how to analyze these logs, and get the right information out of them.
- Learning about more than 10 Threat scenarios and corresponding hunting queries that you can run in your own environment to identify threats.
- Access to a tool Rezonate wrote to extract logs from AzureAD to any preferred analysis platform of your choice.
https://www.rezonate.io/blog/defending-azure-active-directory/
Rezonate - Protect Identities, Everywhere
Defending Azure Active Directory (Entra ID): Unveiling Threats through Hunting Techniques - Rezonate
Azure Active Directory (Entra ID) stands as one of the most popular and widely-used cloud-based identity and access management services provided by Microsoft. It serves as a comprehensive solution for managing user identities and controlling access to a diverse…