/ RAR SFX with LNK Infection Vector
https://www.deepinstinct.com/blog/threat-actor-uac-0099-continues-to-target-ukraine
https://www.deepinstinct.com/blog/threat-actor-uac-0099-continues-to-target-ukraine
Deep Instinct
Threat Actor 'UAC-0099' Continues to Target Ukraine
Deep Instinct’s Threat Research team explores recent activities by threat actor "UAC-0099," including recent attacks on Ukrainian targets. It also examines common tactics, techniques, and procedures (TTPs), including the use of fabricated court summons to…
Let’s Get Ready to Rumble!!
Let the leap year🎄 bring only high profits and high success!)) Peace ✌️
Let the leap year
Please open Telegram to view this post
VIEW IN TELEGRAM
/ Compromising Google Accounts: Malwares Exploiting Undocumented OAuth2 Functionality for session hijacking
https://cloudsek.com/blog/compromising-google-accounts-malwares-exploiting-undocumented-oauth2-functionality-for-session-hijacking
https://cloudsek.com/blog/compromising-google-accounts-malwares-exploiting-undocumented-oauth2-functionality-for-session-hijacking
Cloudsek
Compromising Google Accounts: Malwares Exploiting Undocumented OAuth2 Functionality for session hijacking | CloudSEK
A detailed blog on Analysis of the Global Malware Trend: Exploiting Undocumented OAuth2 Functionality to Regenerate Google Service Cookies Regardless of IP or Password Reset.
Forwarded from OpenBLD.net (Yevgeniy Goncharov)
Open Thank You Message.
First of all, thanks to all users of the OpenBLD.net service. Thank you for trusting, service using, contributing and providing feedback.
Some companies, like the people in them, also trust the service and support it with system resources and OSS licenses, which allows the service to grow, be faster, and expand points of presence around the world.
Thanks everyone. I also wrote an Open Tnak You Letter in my blog post to everyone who supported.
Everyone who wants to support, add their logo or name to the project website, support the OpenBLD.net project and receive this benefits.
Peace to all ✌️
First of all, thanks to all users of the OpenBLD.net service. Thank you for trusting, service using, contributing and providing feedback.
Some companies, like the people in them, also trust the service and support it with system resources and OSS licenses, which allows the service to grow, be faster, and expand points of presence around the world.
Thanks everyone. I also wrote an Open Tnak You Letter in my blog post to everyone who supported.
Everyone who wants to support, add their logo or name to the project website, support the OpenBLD.net project and receive this benefits.
Peace to all ✌️
Forwarded from Sys-Admin Up (Yevgeniy Goncharov)
How Does PCI DSS 4.0 Affect Web Application Firewalls?
https://www.tripwire.com/state-of-security/how-does-pci-dss-40-affect-web-application-firewalls
https://www.tripwire.com/state-of-security/how-does-pci-dss-40-affect-web-application-firewalls
Tripwire
How Does PCI DSS 4.0 Affect Web Application Firewalls?
The payment industry is bracing for the transition to Payment Card Industry Data Security Standard (PCI DSS) 4.0, heralding significant changes in cybersecurity practices.
/ Deceptive Cracked Software Spreads Lumma Variant on YouTube
https://www.fortinet.com/blog/threat-research/lumma-variant-on-youtube
https://www.fortinet.com/blog/threat-research/lumma-variant-on-youtube
Fortinet Blog
Deceptive Cracked Software Spreads Lumma Variant on YouTube
FortiGuard Labs uncovered a threat group using YouTube channels to spread Private .NET loader for Lumma Stealer 4.0. Learn more.…
/ Hyper-V RCE and Kerberos Bypass
MS released two fixes for..:
Windows Kerberos Security Feature Bypass Vulnerability
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20674
Windows Hyper-V Remote Code Execution Vulnerability
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20700
MS released two fixes for..:
Windows Kerberos Security Feature Bypass Vulnerability
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20674
Windows Hyper-V Remote Code Execution Vulnerability
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20700
📢 Открытый практикум DevOps by Rebrain: Запуск Nginx и Angie в Docker
↘ Регистрация
Время:
16 Января (Вторник) 19:00 МСК
Программа:
• Основы контейнеризации веб-сервера
• Зачем использовать контейнер для Nginx
• Особенности веб-сервера Angie и сравнение с Nginx
• Запуск Nginx и Angie в Docker-контейнерах
• Настройка конфигурации
• Работа с логами
• Хранение данных веб-приложения
Ведёт:
• Николай Лавлинский – Технический директор. Веб-разработчик более 15 лет. Спикер конференций HighLoad++, РИТ++. Специализация: ускорение сайтов и веб-приложений
↘ Регистрация
Время:
16 Января (Вторник) 19:00 МСК
Программа:
• Основы контейнеризации веб-сервера
• Зачем использовать контейнер для Nginx
• Особенности веб-сервера Angie и сравнение с Nginx
• Запуск Nginx и Angie в Docker-контейнерах
• Настройка конфигурации
• Работа с логами
• Хранение данных веб-приложения
Ведёт:
• Николай Лавлинский – Технический директор. Веб-разработчик более 15 лет. Спикер конференций HighLoad++, РИТ++. Специализация: ускорение сайтов и веб-приложений
/ The malware is spread over SSH protocol using a custom Mirai botnet that was modified by the threat actors.
https://www.akamai.com/blog/security-research/mirai-based-noabot-crypto-mining
https://www.akamai.com/blog/security-research/mirai-based-noabot-crypto-mining
Akamai
You Had Me at Hi — Mirai-Based NoaBot Makes an Appearance | Akamai
Akamai security researchers uncovered a new cryptomining campaign — NoaBot — that uses a custom Mirai botnet modified by the threat actors.
/ Hundreds of Thousands of Dollars Worth of Solana Cryptocurrency Assets Stolen in Recent CLINKSINK Drainer Campaigns
- Overview of CLINKSINK Drainer Campaigns
- Initial Analysis of CLINKSINK
- Distribution of Stolen Solana Cryptocurrency Funds
- Multiple DaaS Offerings Use CLINKSINK
- Outlook and Implications
- YARA Rules
https://www.mandiant.com/resources/blog/solana-cryptocurrency-stolen-clinksink-drainer-campaigns
- Overview of CLINKSINK Drainer Campaigns
- Initial Analysis of CLINKSINK
- Distribution of Stolen Solana Cryptocurrency Funds
- Multiple DaaS Offerings Use CLINKSINK
- Outlook and Implications
- YARA Rules
https://www.mandiant.com/resources/blog/solana-cryptocurrency-stolen-clinksink-drainer-campaigns
/ CVE-2023-4001: a vulnerability in the (downstream) GRUB boot manager
https://dfir.ru/2024/01/15/cve-2023-4001-a-vulnerability-in-the-downstream-grub-boot-manager/
https://dfir.ru/2024/01/15/cve-2023-4001-a-vulnerability-in-the-downstream-grub-boot-manager/
My DFIR Blog
CVE-2023-4001: a vulnerability in the (downstream) GRUB boot manager
One can set a password to protect the boot menu entries and the command-line shell of the GRUB boot manager (see the official manual and the Red Hat manual). This is an additional security measure …
/ CVE-2023-36025 Exploited for Defense Evasion in Phemedrone Stealer Campaign
This blog delves into the Phemedrone Stealer campaign's exploitation of CVE-2023-36025, the Windows Defender SmartScreen Bypass vulnerability, for its defense evasion and investigates the malware's payload:
https://www.trendmicro.com/en_us/research/24/a/cve-2023-36025-exploited-for-defense-evasion-in-phemedrone-steal.html
This blog delves into the Phemedrone Stealer campaign's exploitation of CVE-2023-36025, the Windows Defender SmartScreen Bypass vulnerability, for its defense evasion and investigates the malware's payload:
https://www.trendmicro.com/en_us/research/24/a/cve-2023-36025-exploited-for-defense-evasion-in-phemedrone-steal.html
Trend Micro
CVE-2023-36025 Exploited for Defense Evasion in Phemedrone Stealer Campaign
This blog delves into the Phemedrone Stealer campaign's exploitation of CVE-2023-36025, the Windows Defender SmartScreen Bypass vulnerability, for its defense evasion and investigates the malware's payload.
Forwarded from OpenBLD.net (Yevgeniy Goncharov)
New OpenBLD points of presence have been added in the world thanks to AlphaVPS!
AlphaVPS.com - Fast & Cheap VPS, Cloud Servers and few servers from AlphaVPS stay which located in Bulgaria and Germany joined in to OpenBLD.net ecosystem.
As you know one of the our prioritites - fast DoH/DoT responses and 1GBit/s from AlphaVPS it is good base for this requirements.
One server already available for users (see status of Ada-h4), second server will be available in the next few days. Enjoy it 🚀
P.S. Few times ago I posted OpenBLD.net IPv6 Pre-Release notice, in few near weeks I'll plan implement DoH/DoT IPv6 for users in Europe, I'll tell about this later 😎...
Please open Telegram to view this post
VIEW IN TELEGRAM
/ Undetected macOS InfoStealers | KeySteal, Atomic & CherryPie Continue to Adapt
https://www.sentinelone.com/blog/the-many-faces-of-undetected-macos-infostealers-keysteal-atomic-cherrypie-continue-to-adapt/
https://www.sentinelone.com/blog/the-many-faces-of-undetected-macos-infostealers-keysteal-atomic-cherrypie-continue-to-adapt/
SentinelOne
The Many Faces of Undetected macOS InfoStealers | KeySteal, Atomic & CherryPie Continue to Adapt
Learn about the latest threats to macOS as Infostealers continue to rapidly adapt to evade static signatures.
/ A lightweight method to detect potential iOS malware
https://securelist.com/shutdown-log-lightweight-ios-malware-detection-method/111734/
https://securelist.com/shutdown-log-lightweight-ios-malware-detection-method/111734/
Securelist
Detecting iOS malware via Shutdown.log file
Analyzing Shutdown.log file as a lightweight method to detect indicators of infection with sophisticated iOS malware such as Pegasus, Reign and Predator.
📢 Открытый практикум: DWARF, ELF & ptrace или как работает ваш дебагер
↘ Регистрация
Время:
• 23 Января (Вторник) в 19:00 по МСК
Программа:
• Разберём устройство современного дебагера
• Научимся использовать системный вызов ptrace
• Рассмотрим форматы ELF и DWARF
• Напишем простой отладчик, используя полученные знания
Ведёт:
• Константин Деревцов – Rust разработчик.
↘ Регистрация
Время:
• 23 Января (Вторник) в 19:00 по МСК
Программа:
• Разберём устройство современного дебагера
• Научимся использовать системный вызов ptrace
• Рассмотрим форматы ELF и DWARF
• Напишем простой отладчик, используя полученные знания
Ведёт:
• Константин Деревцов – Rust разработчик.
/ Deserialization of Untrusted Data on Splunk Enterprise for Windows through Path Traversal from Separate Disk Partition
- Mitigations and WorkaroundsPermalink: N/A
- DetectionsPermalink: None
- SeverityPermalink: High
https://advisory.splunk.com/advisories/SVD-2024-0108
- Mitigations and WorkaroundsPermalink: N/A
- DetectionsPermalink: None
- SeverityPermalink: High
https://advisory.splunk.com/advisories/SVD-2024-0108
Splunk Vulnerability Disclosure
Deserialization of Untrusted Data on Splunk Enterprise for Windows through Path Traversal from Separate Disk Partition
In Splunk Enterprise for Windows versions below 9.0.8 and 9.1.3, Splunk Enterprise does not correctly sanitize path input data. This results in the unsafe deserialization of untrusted data from a separate disk partition on the machine. This vulnerability…
/ JAVA-Based Sophisticated Stealer Using Discord Bot as EventListener
https://www.trellix.com/about/newsroom/stories/research/java-based-sophisticated-stealer-using-discord-bot-as-eventlistener/
https://www.trellix.com/about/newsroom/stories/research/java-based-sophisticated-stealer-using-discord-bot-as-eventlistener/
Trellix
JAVA-based Sophisticated Stealer Using Discord Bot as EventListener
In mid-November 2023, Trellix Advanced Research Center team members observed a Java-based stealer being spread through cracked software zip files using JDABuilder Classes to create an instance of the EventListener to easily register. The Stealer uses Discord…
/ Malicious npm packages target developer SSH keys
warbeast2000, kodiak2k... Malicious actors looking to obtain SSH keys from developers is an alarming development. Detailed research:
https://www.reversinglabs.com/blog/gitgot-cybercriminals-using-github-to-store-stolen-data
warbeast2000, kodiak2k... Malicious actors looking to obtain SSH keys from developers is an alarming development. Detailed research:
https://www.reversinglabs.com/blog/gitgot-cybercriminals-using-github-to-store-stolen-data
ReversingLabs
GitGot: GitHub leveraged by cybercriminals to store stolen data | ReversingLabs
ReversingLabs researchers found two suspicious npm packages that demonstrate how GitHub is increasingly being used to easily deploy malware in novel ways.
Forwarded from OpenBLD.net (Yevgeniy Goncharov)
Few month ago I stared develop from scratch zDNS service, now it's can:
- Restrict DNS queries by type like as A, AAAA, HTTPS, CNAME, MX, PTR..
- Balancing DNS traffic between upstream servers
- Providing Prometheus metrics
- DNS responses caching by custom TTL
- Has few working modes - Zero Trust, Allow/Blocking
- Has separated "Permanent" mode with additional custom upstream DNS servers
- Can load allow/block lists from local and remote through HTTP(S)
- Create/Delete custom users with different configs and hosts files
- and more...
New opportunities, features, looking forward, and info about of new OpenBLD.net Personal Usage Testing pre-relase see here:
https://openbld.net/blog/zdns-big-updates-and-features/
Please open Telegram to view this post
VIEW IN TELEGRAM