Открытый практикум DevOps by Rebrain: Практики разработки жизненного цикла ПО
Время:
↘ 21 Ноября (Вторник) 19:00 МСК. Детали
Программа:
• Жизненный цикл ПО
• Методологии разработки
• Kanban
• Scrum
• DevOps
• SRE
Ведёт:
• Александр Крылов – Опыт работы в DevOps более 7 лет. Постоянный спикер конференций: DevOps conf, TeamLead conf, Highload conf. Автор курса по Haproxy на Rebrain.
Время:
↘ 21 Ноября (Вторник) 19:00 МСК. Детали
Программа:
• Жизненный цикл ПО
• Методологии разработки
• Kanban
• Scrum
• DevOps
• SRE
Ведёт:
• Александр Крылов – Опыт работы в DevOps более 7 лет. Постоянный спикер конференций: DevOps conf, TeamLead conf, Highload conf. Автор курса по Haproxy на Rebrain.
/ Samsung says hackers accessed customer data during year-long breach
https://techcrunch.com/2023/11/16/samsung-hackers-customer-data-breach
https://techcrunch.com/2023/11/16/samsung-hackers-customer-data-breach
TechCrunch
Samsung says hackers accessed customer data during year-long breach
Samsung confirmed hackers accessed the personal data of U.K.-based customers during a historical year-long breach of its systems.
/ The Spelling Police: Searching for Malicious HTTP Servers by Identifying Typos in HTTP Responses
Fox-SRT Uncategorized
Sometimes cybercriminals that host malicious servers employ tactics that involve mimicking the responses of legitimate software to evade detection. However, a common pitfall of these malicious actors are typos, which we use as unique fingerprints to identify such servers..:
https://blog.fox-it.com/2023/11/15/the-spelling-police-searching-for-malicious-http-servers-by-identifying-typos-in-http-responses/
Fox-SRT Uncategorized
Sometimes cybercriminals that host malicious servers employ tactics that involve mimicking the responses of legitimate software to evade detection. However, a common pitfall of these malicious actors are typos, which we use as unique fingerprints to identify such servers..:
https://blog.fox-it.com/2023/11/15/the-spelling-police-searching-for-malicious-http-servers-by-identifying-typos-in-http-responses/
/ Unveiling LummaC2 stealer’s novel Anti-Sandbox technique: Leveraging trigonometry for human behavior detection
https://outpost24.com/blog/lummac2-anti-sandbox-technique-trigonometry-human-detection/
https://outpost24.com/blog/lummac2-anti-sandbox-technique-trigonometry-human-detection/
Outpost24
Analyzing LummaC2 stealer’s novel Anti-Sandbox technique: Leveraging trigonometry for human behavior detection
LummaC2 stealer’s new Anti-Sandbox technique that forces the malware to wait until “human” behavior is detected.
Forwarded from Sys-Admin Up (Yevgeniy Goncharov)
A deep dive into Phobos ransomware
https://blog.talosintelligence.com/deep-dive-into-phobos-ransomware/
https://blog.talosintelligence.com/deep-dive-into-phobos-ransomware/
/ Sophos Web Appliance vulnerability exploited in the wild (CVE-2023-1671)
https://www.helpnetsecurity.com/2023/11/20/cve-2023-1671/
https://www.helpnetsecurity.com/2023/11/20/cve-2023-1671/
Help Net Security
Sophos Web Appliance vulnerability exploited in the wild (CVE-2023-1671)
CISA has added three bugs to its Known Exploited Vulnerabilities catalog, among them a critical one (CVE-2023-1671) in Sophos Web Appliance.
/ CVE-2023–36025: An In-Depth Analysis of Circumventing Windows SmartScreen Security
https://infosecwriteups.com/cve-2023-36025-an-in-depth-analysis-of-circumventing-windows-smartscreen-security-6ff05c8b69d0
https://infosecwriteups.com/cve-2023-36025-an-in-depth-analysis-of-circumventing-windows-smartscreen-security-6ff05c8b69d0
Medium
CVE-2023–36025: An In-Depth Analysis of Circumventing Windows SmartScreen Security
In the world of cybersecurity, the discovery of a vulnerability like CVE-2023-36025 in Windows SmartScreen is a significant event. This…
Forwarded from OpenBLD.net (Yevgeniy Goncharov)
Автоматически попасть можно по нескольким причинам:
Иногда это может быть ошибочное срабатывание, не переживайте, если ADA или RIC сервера не пингуются, а сайты перестали загружаться. 90% случаев это бан, что можно сделать в этом случае?
99% аптайм - хороший показатель, но безопасность и скорость, тоже важные показатели, давайте учитывать это вместе.
Всем спасибо кто пользуется и остается в фокусе и за понимание, кто еще не пользуется - welcome, донаты приветствуются, контакты здесь. Всем Peace ✌️
Please open Telegram to view this post
VIEW IN TELEGRAM
/ The Ticking Supply Chain Attack Bomb of Exposed Kubernetes Secrets
...exposed Kubernetes secrets of hundreds of organizations and open-source projects allow access to sensitive environments in the Software Development Life Cycle (SDLC) and open a severe supply chain attack threat..:
https://blog.aquasec.com/the-ticking-supply-chain-attack-bomb-of-exposed-kubernetes-secrets
...exposed Kubernetes secrets of hundreds of organizations and open-source projects allow access to sensitive environments in the Software Development Life Cycle (SDLC) and open a severe supply chain attack threat..:
https://blog.aquasec.com/the-ticking-supply-chain-attack-bomb-of-exposed-kubernetes-secrets
Aqua
The Ticking Supply Chain Attack Bomb of Exposed Kubernetes Secrets
Aqua Nautilus researchers found exposed Kubernetes secrets that pose a critical threat of supply chain attack to hundreds of organizations and OSS.
📢 Открытый практикум Networks by Rebrain: vxlan, часть 1
Время:
↘ 28 Ноября (Вторник) 19:00 МСК. Детали
Программа:
— Необходимость vxlan
— Классический вариант с Flood and Learn подходом
— Появление BGP Control plane
Ведёт:
Дмитрий Радчук – Team Lead Вконтакте. CCIE x4. Опыт работы с сетями больше 12 лет. Опыт преподавания больше 4-х лет
Время:
↘ 28 Ноября (Вторник) 19:00 МСК. Детали
Программа:
— Необходимость vxlan
— Классический вариант с Flood and Learn подходом
— Появление BGP Control plane
Ведёт:
Дмитрий Радчук – Team Lead Вконтакте. CCIE x4. Опыт работы с сетями больше 12 лет. Опыт преподавания больше 4-х лет
/ InfectedSlurs Botnet Spreads Mirai via Zero-Days
https://www.akamai.com/blog/security-research/new-rce-botnet-spreads-mirai-via-zero-days
https://www.akamai.com/blog/security-research/new-rce-botnet-spreads-mirai-via-zero-days
Akamai
InfectedSlurs Botnet Spreads Mirai via Zero-Days | Akamai
Akamai has uncovered two zero-day vulnerabilities that are being actively exploited to spread a Mirai variant in the wild. Read on for details and mitigation.
Forwarded from Sys-Admin Up (Yevgeniy Goncharov)
Nala - deb Packed Manager with Parallel functions
https://christitus.com/stop-using-apt/
https://youtu.be/oroSkR4Nn_w?t=222
P.S. the for the links dear subscriber )) ✌️
https://christitus.com/stop-using-apt/
https://youtu.be/oroSkR4Nn_w?t=222
P.S. the for the links dear subscriber )) ✌️
Christitus
Stop Using APT
Having Fun with Technology
/ Diamond Sleet supply chain compromise distributes a modified CyberLink installer
research with hunting query example:
https://www.microsoft.com/en-us/security/blog/2023/11/22/diamond-sleet-supply-chain-compromise-distributes-a-modified-cyberlink-installer/
research with hunting query example:
https://www.microsoft.com/en-us/security/blog/2023/11/22/diamond-sleet-supply-chain-compromise-distributes-a-modified-cyberlink-installer/
Microsoft News
Diamond Sleet supply chain compromise distributes a modified CyberLink installer
Microsoft has uncovered a supply chain attack by Diamond Sleet involving a malicious variant of an application developed by CyberLink Corp.
Forwarded from Sys-Admin Up (Yevgeniy Goncharov)
Awesome SOC
A collection of sources of documentation, as well as field best practices, to build/run a SOC
https://github.com/cyb3rxp/awesome-soc
A collection of sources of documentation, as well as field best practices, to build/run a SOC
https://github.com/cyb3rxp/awesome-soc
GitHub
GitHub - cyb3rxp/awesome-soc: A collection of sources of documentation, as well as field best practices, to build/run a SOC
A collection of sources of documentation, as well as field best practices, to build/run a SOC - cyb3rxp/awesome-soc
Forwarded from OpenBLD.net (Yevgeniy Goncharov)
They (Blender project) also fought with massive DDoS.. Let me remind you that I fought and still fight with shit traffic flying to OpenBLD.net side ..)
https://www.blender.org/news/cyberattack-november-2023/
I think it was correlated with this included… because high traffic flew and continues to fly from BR..:
https://www.trendmicro.com/en_us/research/23/k/parasitesnatcher-how-malicious-chrome-extensions-target-brazil-.html
Hold on, my friends, peace to all✌️
https://www.blender.org/news/cyberattack-november-2023/
I think it was correlated with this included… because high traffic flew and continues to fly from BR..:
https://www.trendmicro.com/en_us/research/23/k/parasitesnatcher-how-malicious-chrome-extensions-target-brazil-.html
Hold on, my friends, peace to all✌️
blender.org
Cyberattack – November 2023 — blender.org
Updates on the ongoing DDoS attack.
/ Defending Azure Active Directory (Entra ID): Unveiling Threats Through Hunting Techniques
Reading this article will provide you with:
- Understanding of the logs that can be extracted from your Azure AD, and how.
- Knowledge about how to analyze these logs, and get the right information out of them.
- Learning about more than 10 Threat scenarios and corresponding hunting queries that you can run in your own environment to identify threats.
- Access to a tool Rezonate wrote to extract logs from AzureAD to any preferred analysis platform of your choice.
https://www.rezonate.io/blog/defending-azure-active-directory/
Reading this article will provide you with:
- Understanding of the logs that can be extracted from your Azure AD, and how.
- Knowledge about how to analyze these logs, and get the right information out of them.
- Learning about more than 10 Threat scenarios and corresponding hunting queries that you can run in your own environment to identify threats.
- Access to a tool Rezonate wrote to extract logs from AzureAD to any preferred analysis platform of your choice.
https://www.rezonate.io/blog/defending-azure-active-directory/
Rezonate - Protect Identities, Everywhere
Defending Azure Active Directory (Entra ID): Unveiling Threats through Hunting Techniques - Rezonate
Azure Active Directory (Entra ID) stands as one of the most popular and widely-used cloud-based identity and access management services provided by Microsoft. It serves as a comprehensive solution for managing user identities and controlling access to a diverse…
/ ved-ebpf: Kernel Exploit and Rootkit Detection using eBPF
https://securityonline.info/ved-ebpf-kernel-exploit-and-rootkit-detection-using-ebpf
https://securityonline.info/ved-ebpf-kernel-exploit-and-rootkit-detection-using-ebpf
/ Analysis of CVE-2023-46214 + PoC. Remote Code Execution (RCE) vulnerability in Splunk Enterprise
https://blog.hrncirik.net/cve-2023-46214-analysis
https://blog.hrncirik.net/cve-2023-46214-analysis
Hacker-Blog
Analysis of CVE-2023-46214 + PoC
CVE-2023-46214 is a Remote Code Execution (RCE) vulnerability found in Splunk Enterprise which was disclosed on November 16, 2023 in the Splunk security advisory SVD-2023-1104. The denoscription of the vulnerability essentially states that Splunk Enterprise…
Forwarded from OpenBLD.net (Yevgeniy Goncharov)
Лайтовый экстеншн, дополняет сервис, блокируя часть рекламы вшитую в URL'ы корневых доменов.
Чистит ресурсы которые используют рекламные сети без явных принадлежностей к тем или иным поддоменам.
Не имеет внешних, или иных подключений, не собирает данные, идеально дополняет DoH/DoT OpenBLD.net сервис.
Видео, как в принципе помогает жить OpenBLD.net приложено там-же на странице.
Пробуем. Наслаждаемся. Фидбечим:
https://chromewebstore.google.com/detail/openbldnet-blocker/jjpjcmckhkcefefgbgghomdhcbfmklea
Please open Telegram to view this post
VIEW IN TELEGRAM
DPRK Crypto Theft | macOS RustBucket Droppers Pivot to Deliver KandyKorn Payloads
https://www.sentinelone.com/blog/dprk-crypto-theft-macos-rustbucket-droppers-pivot-to-deliver-kandykorn-payloads/
https://www.sentinelone.com/blog/dprk-crypto-theft-macos-rustbucket-droppers-pivot-to-deliver-kandykorn-payloads/
SentinelOne
DPRK Crypto Theft | macOS RustBucket Droppers Pivot to Deliver KandyKorn Payloads
Two apparently separate North Korean crypto theft campaigns targeting macOS users appear to be linked as threat actors mix and match droppers and payloads.