/ Diamond Sleet supply chain compromise distributes a modified CyberLink installer
research with hunting query example:
https://www.microsoft.com/en-us/security/blog/2023/11/22/diamond-sleet-supply-chain-compromise-distributes-a-modified-cyberlink-installer/
research with hunting query example:
https://www.microsoft.com/en-us/security/blog/2023/11/22/diamond-sleet-supply-chain-compromise-distributes-a-modified-cyberlink-installer/
Microsoft News
Diamond Sleet supply chain compromise distributes a modified CyberLink installer
Microsoft has uncovered a supply chain attack by Diamond Sleet involving a malicious variant of an application developed by CyberLink Corp.
Forwarded from Sys-Admin Up (Yevgeniy Goncharov)
Awesome SOC
A collection of sources of documentation, as well as field best practices, to build/run a SOC
https://github.com/cyb3rxp/awesome-soc
A collection of sources of documentation, as well as field best practices, to build/run a SOC
https://github.com/cyb3rxp/awesome-soc
GitHub
GitHub - cyb3rxp/awesome-soc: A collection of sources of documentation, as well as field best practices, to build/run a SOC
A collection of sources of documentation, as well as field best practices, to build/run a SOC - cyb3rxp/awesome-soc
Forwarded from OpenBLD.net (Yevgeniy Goncharov)
They (Blender project) also fought with massive DDoS.. Let me remind you that I fought and still fight with shit traffic flying to OpenBLD.net side ..)
https://www.blender.org/news/cyberattack-november-2023/
I think it was correlated with this included… because high traffic flew and continues to fly from BR..:
https://www.trendmicro.com/en_us/research/23/k/parasitesnatcher-how-malicious-chrome-extensions-target-brazil-.html
Hold on, my friends, peace to all✌️
https://www.blender.org/news/cyberattack-november-2023/
I think it was correlated with this included… because high traffic flew and continues to fly from BR..:
https://www.trendmicro.com/en_us/research/23/k/parasitesnatcher-how-malicious-chrome-extensions-target-brazil-.html
Hold on, my friends, peace to all✌️
blender.org
Cyberattack – November 2023 — blender.org
Updates on the ongoing DDoS attack.
/ Defending Azure Active Directory (Entra ID): Unveiling Threats Through Hunting Techniques
Reading this article will provide you with:
- Understanding of the logs that can be extracted from your Azure AD, and how.
- Knowledge about how to analyze these logs, and get the right information out of them.
- Learning about more than 10 Threat scenarios and corresponding hunting queries that you can run in your own environment to identify threats.
- Access to a tool Rezonate wrote to extract logs from AzureAD to any preferred analysis platform of your choice.
https://www.rezonate.io/blog/defending-azure-active-directory/
Reading this article will provide you with:
- Understanding of the logs that can be extracted from your Azure AD, and how.
- Knowledge about how to analyze these logs, and get the right information out of them.
- Learning about more than 10 Threat scenarios and corresponding hunting queries that you can run in your own environment to identify threats.
- Access to a tool Rezonate wrote to extract logs from AzureAD to any preferred analysis platform of your choice.
https://www.rezonate.io/blog/defending-azure-active-directory/
Rezonate - Protect Identities, Everywhere
Defending Azure Active Directory (Entra ID): Unveiling Threats through Hunting Techniques - Rezonate
Azure Active Directory (Entra ID) stands as one of the most popular and widely-used cloud-based identity and access management services provided by Microsoft. It serves as a comprehensive solution for managing user identities and controlling access to a diverse…
/ ved-ebpf: Kernel Exploit and Rootkit Detection using eBPF
https://securityonline.info/ved-ebpf-kernel-exploit-and-rootkit-detection-using-ebpf
https://securityonline.info/ved-ebpf-kernel-exploit-and-rootkit-detection-using-ebpf
/ Analysis of CVE-2023-46214 + PoC. Remote Code Execution (RCE) vulnerability in Splunk Enterprise
https://blog.hrncirik.net/cve-2023-46214-analysis
https://blog.hrncirik.net/cve-2023-46214-analysis
Hacker-Blog
Analysis of CVE-2023-46214 + PoC
CVE-2023-46214 is a Remote Code Execution (RCE) vulnerability found in Splunk Enterprise which was disclosed on November 16, 2023 in the Splunk security advisory SVD-2023-1104. The denoscription of the vulnerability essentially states that Splunk Enterprise…
Forwarded from OpenBLD.net (Yevgeniy Goncharov)
Лайтовый экстеншн, дополняет сервис, блокируя часть рекламы вшитую в URL'ы корневых доменов.
Чистит ресурсы которые используют рекламные сети без явных принадлежностей к тем или иным поддоменам.
Не имеет внешних, или иных подключений, не собирает данные, идеально дополняет DoH/DoT OpenBLD.net сервис.
Видео, как в принципе помогает жить OpenBLD.net приложено там-же на странице.
Пробуем. Наслаждаемся. Фидбечим:
https://chromewebstore.google.com/detail/openbldnet-blocker/jjpjcmckhkcefefgbgghomdhcbfmklea
Please open Telegram to view this post
VIEW IN TELEGRAM
DPRK Crypto Theft | macOS RustBucket Droppers Pivot to Deliver KandyKorn Payloads
https://www.sentinelone.com/blog/dprk-crypto-theft-macos-rustbucket-droppers-pivot-to-deliver-kandykorn-payloads/
https://www.sentinelone.com/blog/dprk-crypto-theft-macos-rustbucket-droppers-pivot-to-deliver-kandykorn-payloads/
SentinelOne
DPRK Crypto Theft | macOS RustBucket Droppers Pivot to Deliver KandyKorn Payloads
Two apparently separate North Korean crypto theft campaigns targeting macOS users appear to be linked as threat actors mix and match droppers and payloads.
/ BLUFFS: Bluetooth Forward and Future Secrecy Attacks and Defenses
https://francozappa.github.io/post/2023/bluffs-ccs23/
https://francozappa.github.io/post/2023/bluffs-ccs23/
Daniele Antonioli
BLUFFS: Bluetooth Forward and Future Secrecy Attacks and Defenses | Daniele Antonioli
Breaking and fixing the Bluetooth standard. One More Time.
Paper
Slides
Toolkit
CVE-2023-24023
BT SIG note
Paper
Slides
Toolkit
CVE-2023-24023
BT SIG note
📢 Открытый практикум Golang by Rebrain: Как работает map
Время:
↘ 5 Декабря (Вторник) 19:00 МСК. Детали
Программа:
• Теоретическая часть (hash, hashmap, виды адресации)
• Изучение исходников и небольшое сравнение с другими языками
• sync.Map
Ведёт:
• Егор Гришечко – Software engineer в Uber. Пишет внутреннее облако Uber. Observability - 10 лет профессионального опыта. Докладчик на крупных конференциях (.NEXT, GolangConf)
P.S. Запись практикума “DevOps by Rebrain” в подарок за регистрацию.
Время:
↘ 5 Декабря (Вторник) 19:00 МСК. Детали
Программа:
• Теоретическая часть (hash, hashmap, виды адресации)
• Изучение исходников и небольшое сравнение с другими языками
• sync.Map
Ведёт:
• Егор Гришечко – Software engineer в Uber. Пишет внутреннее облако Uber. Observability - 10 лет профессионального опыта. Докладчик на крупных конференциях (.NEXT, GolangConf)
P.S. Запись практикума “DevOps by Rebrain” в подарок за регистрацию.
/ Extracting Training Data from ChatGPT
Training data extraction attacks:
https://not-just-memorization.github.io/extracting-training-data-from-chatgpt.html
Training data extraction attacks:
https://not-just-memorization.github.io/extracting-training-data-from-chatgpt.html
/ Apple WebKit patches: Processing web content may disclose sensitive information
iOS - https://support.apple.com/en-gb/HT214031
macOS - https://support.apple.com/en-gb/HT214032
Safari - https://support.apple.com/en-gb/HT214033
iOS - https://support.apple.com/en-gb/HT214031
macOS - https://support.apple.com/en-gb/HT214032
Safari - https://support.apple.com/en-gb/HT214033
Apple Support
About the security content of iOS 17.1.2 and iPadOS 17.1.2
This document describes the security content of iOS 17.1.2 and iPadOS 17.1.2.
/ New macOS proxy-trojan spreads with warez
What’s interesting is that not a single version of the malware is marked as malicious on virustotal..:
https://securelist.ru/trojan-proxy-for-macos/108460/
P.S. URL sended to OpenBLD.net ecosystem
What’s interesting is that not a single version of the malware is marked as malicious on virustotal..:
https://securelist.ru/trojan-proxy-for-macos/108460/
P.S. URL sended to OpenBLD.net ecosystem
/ Guidance for investigating attacks using CVE-2023-23397
A successful exploit of this vulnerability can result in unauthorized access to an organization’s environment by triggering a Net-NTLMv2 hash leak.
Understanding the vulnerability and how it has been leveraged by threat actors can help guide the overall investigative process:
https://www.microsoft.com/en-us/security/blog/2023/03/24/guidance-for-investigating-attacks-using-cve-2023-23397/
A successful exploit of this vulnerability can result in unauthorized access to an organization’s environment by triggering a Net-NTLMv2 hash leak.
Understanding the vulnerability and how it has been leveraged by threat actors can help guide the overall investigative process:
https://www.microsoft.com/en-us/security/blog/2023/03/24/guidance-for-investigating-attacks-using-cve-2023-23397/
Microsoft News
Guidance for investigating attacks using CVE-2023-23397
This guide provides steps to assess whether users have been targeted or compromised by threat actors exploiting CVE-2023-23397.
Forwarded from OpenBLD.net (Yevgeniy Goncharov)
Обновление можно назвать экспериментальным, так как часть устоявшихся стабильных системных установок пришлось переработать, что в итоге дало прирост в скорости отклика на ~10ms
Что еще. В DoH RIC добавилась опция "all" т.е. можно пробовать использовать DoH DNS без фильтрации. Этот эксперимент, в случае успешности может привести к DoH RIC с опцией "children" где будет меньше "синего кита", "наркотиков", "сект".
Именно скорость, безопасность получаемого контента формируют наше внутреннее состояние. Стабильное удержание такого отклика с течением времени нужно наблюдать, так как часть изменений экспериментальны, успех зависит буквально от нас всех.
Как попробовать. Просто настрой браузер, используй какое-то время, если что-то не будет работать, приходи сразу ко мне @sysadminkz
Станешь ты лучшей частью того, что уже есть, все зависит конкретно от тебя, твоего фидбека. Задумайся об этом. Peace ✌️
Please open Telegram to view this post
VIEW IN TELEGRAM
/ Printer names and icons might be changed and HP Smart app automatically installs
Printers are renamed as HP printers regardless of their manufacturer. Most are being named as the HP LaserJet M101-M106 model. Printer icons might also be changed:
- Read details on Microsoft site
Printers are renamed as HP printers regardless of their manufacturer. Most are being named as the HP LaserJet M101-M106 model. Printer icons might also be changed:
- Read details on Microsoft site
Docs
Windows 11, version 22H2 known issues and notifications
View announcements and review known issues and fixes for Windows 11, version 22H2
/ 1C Bitrix under attack
Vulnerability of the landing module of a content management system (CMS). Exploitation of the vulnerability could allow a remote attacker to execute OS commands on a vulnerable host, gain control of resources and penetrate the internal network:
https://www.1c-bitrix.ru/vul/18645386/
Vulnerability of the landing module of a content management system (CMS). Exploitation of the vulnerability could allow a remote attacker to execute OS commands on a vulnerable host, gain control of resources and penetrate the internal network:
https://www.1c-bitrix.ru/vul/18645386/
www.1c-bitrix.ru
Уязвимость модуля landing системы управления содержимым сайтов (CMS)
Уязвимость модуля landing системы управления содержимым сайтов (CMS) 1С-Битрикс: Управление сайтом вызвана ошибками синхронизации при использовании общего ресурса. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, выполнить команды…
/ A Comprehensive Analysis Of Outlook Attack Vectors
..it is essential to examine the attack vectors on Outlook for typical enterprise environments, which Check Point Research will do in this paper. We assume the position of an average user – we click and double-click on things on Outlook – as our daily work requires, and we examine the security risks they may introduce from a security research perspective:
https://research.checkpoint.com/2023/the-obvious-the-normal-and-the-advanced-a-comprehensive-analysis-of-outlook-attack-vectors/
..it is essential to examine the attack vectors on Outlook for typical enterprise environments, which Check Point Research will do in this paper. We assume the position of an average user – we click and double-click on things on Outlook – as our daily work requires, and we examine the security risks they may introduce from a security research perspective:
https://research.checkpoint.com/2023/the-obvious-the-normal-and-the-advanced-a-comprehensive-analysis-of-outlook-attack-vectors/
Check Point Research
The Obvious, the Normal, and the Advanced: A Comprehensive Analysis of Outlook Attack Vectors - Check Point Research
Research by: Haifei Li, Check Point Research Introduction Outlook, the desktop app in the Microsoft Office suite, has become one of the world’s most popular apps for organizations worldwide for sending and receiving emails, scheduling conferences, and more.…
Forwarded from Sys-Admin Up (Yevgeniy Goncharov)
vusec
SLAM: Spectre based on Linear Address Masking - vusec
SLAM explores the residual attack surface of Spectre on modern (and even future) CPUs equipped with Intel LAM or similar features. Instead of targeting new transient execution techniques (like BHI or Inception), SLAM focuses on exploiting a common but previously…
📢 Открытый практикум DevOps: Паттерны и антипаттерны создания dockerfile
↘ Детали
Время:
• 12 Декабря (Вторник) 19:00 МСК
Программа:
• Что такое dockerfile
• Слои dockerfile
• Паттерны создания dockerfile
Ведёт:
• Александр Крылов – Опыт работы в DevOps более 7 лет. Спикер конференций: DevOps conf, TeamLead conf, Highload conf. Автор курса по Haproxy на Rebrain.
↘ Детали
Время:
• 12 Декабря (Вторник) 19:00 МСК
Программа:
• Что такое dockerfile
• Слои dockerfile
• Паттерны создания dockerfile
Ведёт:
• Александр Крылов – Опыт работы в DevOps более 7 лет. Спикер конференций: DevOps conf, TeamLead conf, Highload conf. Автор курса по Haproxy на Rebrain.
AutoSpill: Zero Effort Credential Stealing from Mobile Password Managers
https://www.blackhat.com/eu-23/briefings/schedule/#autospill-zero-effort-credential-stealing-from-mobile-password-managers-34420
https://www.blackhat.com/eu-23/briefings/schedule/#autospill-zero-effort-credential-stealing-from-mobile-password-managers-34420
Blackhat
Black Hat Europe 2023