/ GoFetch is a microarchitectural side-channel attack that can extract secret keys from constant-time cryptographic implementations via data memory-dependent prefetchers (DMPs).
https://gofetch.fail/
https://gofetch.fail/
gofetch.fail
GoFetch: Breaking Constant-Time Cryptographic Implementations Using Data Memory-Dependent Prefetchers
A new microarchitectural side-channel attack exploiting data memory-dependent prefetchers in Apple silicons.
/ ZenHammer: Rowhammer Attacks on AMD Zen-based Platforms
https://comsec.ethz.ch/research/dram/zenhammer/
https://comsec.ethz.ch/research/dram/zenhammer/
/ The latest emerging C2 was primarily focused on Asus devices, and grew to over 6,000 bots in a period of 72 hours.
ASUS routers under attack:
https://blog.lumen.com/the-darkside-of-themoon/
ASUS routers under attack:
https://blog.lumen.com/the-darkside-of-themoon/
Lumen Blog
The darkside of TheMoon
Learn how the Black Lotus Labs team rediscovered a botnet named TheMoon, which has eclipsed its old size and activity.
/ Alert: PROXYLIB and LumiApps Transform Mobile Devices into Proxy Nodes
Residential proxies are frequently used by threat actors to conceal malicious activity, including advertising fraud and the use of bots. Access to residential proxy networks is often purchased from other threat actors who create them through enrolling unwitting users’ devices as nodes in the network through malware embedded in mobile, CTV or desktop applications...
How VPN app can convert your device to malicious proxy node:
https://www.humansecurity.com/learn/blog/satori-threat-intelligence-alert-proxylib-and-lumiapps-transform-mobile-devices-into-proxy-nodes
Residential proxies are frequently used by threat actors to conceal malicious activity, including advertising fraud and the use of bots. Access to residential proxy networks is often purchased from other threat actors who create them through enrolling unwitting users’ devices as nodes in the network through malware embedded in mobile, CTV or desktop applications...
How VPN app can convert your device to malicious proxy node:
https://www.humansecurity.com/learn/blog/satori-threat-intelligence-alert-proxylib-and-lumiapps-transform-mobile-devices-into-proxy-nodes
📢 Открытый практикум: Кросс-командные взаимодействия - учимся жить дружно
Время:
• 2 Апреля (Вторник) 19:00 МСК
Программа:
• Предпосылки для построения или изменения процесса взаимодействия
• Построение процесса взаимодействия команд DEV, QA с DevOps командой, когда вы единая служба
• Построение процесса работы DevOps с OPS/support
↘ Детали
Ведёт:
Александр Крылов – Опыт работы в DevOps более 7 лет. Спикер конференций: DevOps conf, TeamLead conf, Highload conf. Автор курса по Haproxy на Rebrain.
Время:
• 2 Апреля (Вторник) 19:00 МСК
Программа:
• Предпосылки для построения или изменения процесса взаимодействия
• Построение процесса взаимодействия команд DEV, QA с DevOps командой, когда вы единая служба
• Построение процесса работы DevOps с OPS/support
↘ Детали
Ведёт:
Александр Крылов – Опыт работы в DevOps более 7 лет. Спикер конференций: DevOps conf, TeamLead conf, Highload conf. Автор курса по Haproxy на Rebrain.
/ Out of the shadows – ’darcula’ iMessage and RCS smishing attacks target USPS and global postal services
https://www.netcraft.com/blog/darcula-smishing-attacks-target-usps-and-global-postal-services/
https://www.netcraft.com/blog/darcula-smishing-attacks-target-usps-and-global-postal-services/
Netcraft
Out of the shadows - ’darcula’ iMessage and RCS smishing attacks target USPS and global postal services | Netcraft
Chinese-language Phishing-as-a-Service platform ‘darcula’ targets organizations in 100+ countries with sophisticated techniques using more than 20,000 phish ...
Forwarded from Sys-Admin Up (Yevgeniy Goncharov)
“CVE-2024-21388”- Microsoft Edge’s Marketing API Exploited for Covert Extension Installation
Microsoft Edge browser, designated CVE-2024–21388. This flaw could have allowed an attacker to exploit a private API, initially intended for marketing purposes, to covertly install additional browser extensions with broad permissions without the user’s knowledge.
https://labs.guard.io/cve-2024-21388-microsoft-edges-marketing-api-exploited-for-covert-extension-installation-879fe5ad35ca
Microsoft Edge browser, designated CVE-2024–21388. This flaw could have allowed an attacker to exploit a private API, initially intended for marketing purposes, to covertly install additional browser extensions with broad permissions without the user’s knowledge.
https://labs.guard.io/cve-2024-21388-microsoft-edges-marketing-api-exploited-for-covert-extension-installation-879fe5ad35ca
Medium
“CVE-2024-21388”- Microsoft Edge’s Marketing API Exploited for Covert Extension Installation
By Oleg Zaytsev (Guardio Labs)
/ PyPi Is Under Attack: Project Creation and User Registration Suspended
https://checkmarx.com/blog/pypi-is-under-attack-project-creation-and-user-registration-suspended/
https://checkmarx.com/blog/pypi-is-under-attack-project-creation-and-user-registration-suspended/
Checkmarx
PyPi Is Under Attack
A few hours ago, The Python Package Index (PyPi) suspended new project creation and new user registration to mitigate an ongoing malware upload campaign. The research team of Checkmarx simultaneously investigated a campaign of multiple malicious packages…
/ Password Spray Attacks Impacting Remote Access VPN Services
https://www.cisco.com/c/en/us/support/docs/security/secure-firewall-threat-defense/221806-password-spray-attacks-impacting-custome.html
https://www.cisco.com/c/en/us/support/docs/security/secure-firewall-threat-defense/221806-password-spray-attacks-impacting-custome.html
Cisco
Recommendations Against Password Spray Attacks Aimed at Remote Access VPN Services in Secure Firewall
This document describes recommendations to consider against password spray attacks aimed at Remote Access VPN (RAVPN) services configured on Cisco
Forwarded from Sys-Admin Up (Yevgeniy Goncharov)
DinodasRAT Linux implant targeting entities worldwide
https://securelist.com/dinodasrat-linux-implant/112284/
https://securelist.com/dinodasrat-linux-implant/112284/
Securelist
Analysis of DinodasRAT Linux implant
In this article, we share our analysis of a recent version of the DinodasRAT implant for Linux, which may have been active since 2022.
📢 Оптимизированный профиль для устройств Apple
После последних атак на одного из хостинг-провайдеров
Загрузите оптимизированный профиль с сайта проекта и просто установите его поверх существующего:
👉 openbld.net/docs/get-started/setup-mobile-devices/apple/
Если ваша система работает нормально, обновление не обязательно. Просто помните, что такая возможность существует. Мир ✌️
P.S. Будут вопросы по обновлению - Welcome😎
--- En ---
📢 Optimized Profile for Apple Devices
Following recent attacks on one of the hosting providers within
Download the optimized profile from the project website and simply install it over your existing one:
👉 openbld.net/docs/get-started/setup-mobile-devices/apple/
If your system is functioning normally, updating is not mandatory. Just remember that the option is available. Peace! ✌️
P.S. If you have any questions regarding the update - Welcome😎
После последних атак на одного из хостинг-провайдеров
OpenBLD.net, я обновил топологию серверов для оптимизации доставки контента, особенно для пользователей Apple.Загрузите оптимизированный профиль с сайта проекта и просто установите его поверх существующего:
👉 openbld.net/docs/get-started/setup-mobile-devices/apple/
Если ваша система работает нормально, обновление не обязательно. Просто помните, что такая возможность существует. Мир ✌️
P.S. Будут вопросы по обновлению - Welcome
--- En ---
📢 Optimized Profile for Apple Devices
Following recent attacks on one of the hosting providers within
OpenBLD.net, I have updated the server topology to optimize content delivery, especially for Apple users.Download the optimized profile from the project website and simply install it over your existing one:
👉 openbld.net/docs/get-started/setup-mobile-devices/apple/
If your system is functioning normally, updating is not mandatory. Just remember that the option is available. Peace! ✌️
P.S. If you have any questions regarding the update - Welcome
Please open Telegram to view this post
VIEW IN TELEGRAM
Forwarded from Sys-Admin Up (Yevgeniy Goncharov)
According official Kali twitter blog post - The xz package, starting from version 5.6.0 to 5.6.1, was found to contain a backdoor. The impact of this vulnerability affected Kali between March 26th to March 29th. If you updated your Kali installation on or after March 26th, it is crucial to apply the latest updates today
Hack via hacker distro?)
CVE - https://nvd.nist.gov/vuln/detail/CVE-2024-3094
🔹 FAQ on the xz-utils backdoor: https://gist.github.com/thesamesam/223949d5a074ebc3dce9ee78baad9e27
🔹 Checker vulnerability: https://github.com/FabioBaroni/CVE-2024-3094-checker/blob/main/CVE-2024-3094-checker.sh
🔹 Detection: https://github.com/byinarie/CVE-2024-3094-info
🔹 More details: https://www.wiz.io/blog/cve-2024-3094-critical-rce-vulnerability-found-in-xz-utils
Hack via hacker distro?)
CVE - https://nvd.nist.gov/vuln/detail/CVE-2024-3094
Please open Telegram to view this post
VIEW IN TELEGRAM
X (formerly Twitter)
Kali Linux (@kalilinux) on X
The xz package, starting from version 5.6.0 to 5.6.1, was found to contain a backdoor. The impact of this vulnerability affected Kali between March 26th to March 29th. If you updated your Kali installation on or after March 26th, it is crucial to apply the…
/ OWASP Data Breach
OWASP Foundation became aware of a misconfiguration of OWASP’s old Wiki web server, leading to a data breach involving decade+-old member resumes:
https://owasp.org/blog/2024/03/29/OWASP-data-breach-notification.html
OWASP Foundation became aware of a misconfiguration of OWASP’s old Wiki web server, leading to a data breach involving decade+-old member resumes:
https://owasp.org/blog/2024/03/29/OWASP-data-breach-notification.html
owasp.org
OWASP Data Leak Notification | OWASP Foundation
OWASP Data Leak Notification on the main website for The OWASP Foundation. OWASP is a nonprofit foundation that works to improve the security of software.
Расписание:
↘ Детали
P.S. Запись практикума “DevOps by Rebrain” в подарок за регистрацию
Please open Telegram to view this post
VIEW IN TELEGRAM
/ HTTP/2 CONTINUATION Flood: Technical Details
https://nowotarski.info/http2-continuation-flood-technical-details/
https://nowotarski.info/http2-continuation-flood-technical-details/
nowotarski.info
HTTP/2 `CONTINUATION` Flood: Technical Details
Preface In October 2023 I learned about HTTP/2 Rapid Reset attack, dubbed “the largest DDoS attack to date”. I didn’t have deep knowledge of HTTP/2 back then. I knew its basics like frames or HPACK but I was focusing more on HTTP/1.1 protocol and programming…
/ XZ Utils Supply Chain Puzzle: Binarly Ships Free Scanner for CVE-2024-3094 Backdoor
https://www.binarly.io/blog/xz-utils-supply-chain-puzzle-binarly-ships-free-scanner-for-cve-2024-3094-backdoor
https://www.binarly.io/blog/xz-utils-supply-chain-puzzle-binarly-ships-free-scanner-for-cve-2024-3094-backdoor
www.binarly.io
XZ Utils Supply Chain Puzzle: Binarly Ships Free Scanner for CVE-2024-3094 Backdoor
In March, we received notifications about the open-source project XZ Utils, which provides lossless data compression on all Unix-like operating systems.
🚀 Викторина на розыгрыш билетов на AppSecFest Almaty 2024
AppSecFest Almaty 2024 официально открыл продажу билетов, у тебя уважаемый username есть возможность попасть на конференцию бесплатно поучаствовав в розыгрыше от нашего Sys-Admin InfoSec канала.
Условия просты:
• Ответь правильно на вопросы из формы, далее путем рандома будет выбрано 5 победителей, которым организаторы разошлют билеты.
Конференция должна быть интересная в плане контента, нетворкинга и общения, будет возможность познакомиться со спикерами, например Михаилом Фленовым, мной, организаторами и многими другими интересными людьми.
Не пропустите возможность обогатить свои знания, узнать о последних трендах и лучших практиках AppSec и не только.
• Дата: 3 мая 2024 г.
• Место проведения: Атакент-экспо, 10 павильон, г. Алматы
• Остальные детали на: https://appsecfest.kz
Форма викторины - Здесь. Happy research!
AppSecFest Almaty 2024 официально открыл продажу билетов, у тебя уважаемый username есть возможность попасть на конференцию бесплатно поучаствовав в розыгрыше от нашего Sys-Admin InfoSec канала.
Условия просты:
• Ответь правильно на вопросы из формы, далее путем рандома будет выбрано 5 победителей, которым организаторы разошлют билеты.
Конференция должна быть интересная в плане контента, нетворкинга и общения, будет возможность познакомиться со спикерами, например Михаилом Фленовым, мной, организаторами и многими другими интересными людьми.
Не пропустите возможность обогатить свои знания, узнать о последних трендах и лучших практиках AppSec и не только.
• Дата: 3 мая 2024 г.
• Место проведения: Атакент-экспо, 10 павильон, г. Алматы
• Остальные детали на: https://appsecfest.kz
Форма викторины - Здесь. Happy research!
/ CVE-2023-3454: Critical Vulnerability in Brocade Fabric OS Exposes Networks to Remote Attacks
https://securityonline.info/cve-2023-3454-critical-vulnerability-in-brocade-fabric-os-exposes-networks-to-remote-attacks/
https://securityonline.info/cve-2023-3454-critical-vulnerability-in-brocade-fabric-os-exposes-networks-to-remote-attacks/
Daily CyberSecurity
CVE-2023-3454: Critical Vulnerability in Brocade Fabric OS Exposes Networks to Remote Attacks
This flaw, designated CVE-2023-3454 (CVSS 8.6), could allow malicious actors to remotely execute code on affected switches
📢 AWS Public Sector Day - 16 апреля пройдет в Алматы
- Глобальная инфраструктура AWS
- Свое облако и AWS Outposts
- Безопасность и шифрование данных
- Обзор Генеративного ИИ и примеры применения
Встреча оффлайн, участие бесплатное, но через регистрацию (количество мест ограниченно):
- https://qcloudy.io/aws-cloud-day-for-public-sector
- Глобальная инфраструктура AWS
- Свое облако и AWS Outposts
- Безопасность и шифрование данных
- Обзор Генеративного ИИ и примеры применения
Встреча оффлайн, участие бесплатное, но через регистрацию (количество мест ограниченно):
- https://qcloudy.io/aws-cloud-day-for-public-sector
/ Notepad++ Clone Parasite Website
Many users are using Notepad++ on own Windows systems...
Today I reviewed official Notepad++ help message about of harmful clone notepad[.]plus site.
Be careful, before downloading and using third-party software.
P.S. Of course this clone sent to OpenBLD.net ecosystem.
Many users are using Notepad++ on own Windows systems...
Today I reviewed official Notepad++ help message about of harmful clone notepad[.]plus site.
Be careful, before downloading and using third-party software.
P.S. Of course this clone sent to OpenBLD.net ecosystem.