📢 Открытые практикумы by Rebrain: Расписание на неделю
🔹 2 мая Networks: Мастер-класс по собеседованиям для сетевых инженеров и не только
🔹 6 мая Golang: Prometheus метрики в Golang-приложении
🔹 7 мая DevOps: Повесть о том, как найм идёт в ИТ
🔹 8 мая Linux: С Windows на Linux
Детали: ↘ Здесь
Детали: ↘ Здесь
Please open Telegram to view this post
VIEW IN TELEGRAM
/ Autodesk hosting PDF files used in Microsoft phishing attacks
Autodesk is hosting malicious PDF files that lead phishing attack victims to have their Microsoft login credentials stolen...
https://www.netcraft.com/blog/autodesk-hosting-pdf-files-used-in-microsoft-phishing-attacks/
Autodesk is hosting malicious PDF files that lead phishing attack victims to have their Microsoft login credentials stolen...
https://www.netcraft.com/blog/autodesk-hosting-pdf-files-used-in-microsoft-phishing-attacks/
Netcraft
Autodesk hosting PDF files used in Microsoft phishing attacks | Netcraft
Autodesk is hosting malicious PDF files that lead phishing attack victims to have their Microsoft login credentials stolen. The elaborate phishing campaign ...
/ Brokewell: do not go broke from new banking malware
..fake browser update page designed to install an Android application.. Brokewell is a typical modern banking malware equipped with both data-stealing and remote-control capabilities built into the malware..:
https://www.threatfabric.com/blogs/brokewell-do-not-go-broke-by-new-banking-malware
..fake browser update page designed to install an Android application.. Brokewell is a typical modern banking malware equipped with both data-stealing and remote-control capabilities built into the malware..:
https://www.threatfabric.com/blogs/brokewell-do-not-go-broke-by-new-banking-malware
ThreatFabric
Brokewell: do not go broke from new banking malware!
Explore the new malware family, Brokewell, with Device Takeover capabilities. Understand the risks it poses to financial institutions and how to stay protected.
Организаторы AppSecFest.kz, предоставили OpenBLD.net, как открытому проекту на безвозмездной основе стенд 🔥
3 Мая, в Алматы, на стенде, у нас будет монитор, команда из трех человек, и мы научим, расскажем, покажем, как:
И самое главное оставаться собой и быть в фокусе!
Приходите, подходите. Будут олдскул-стайл стикерпаки, пару футболок, пушечный заряд и тонна мотивации.
Информация о конференции доступна Здесь
Please open Telegram to view this post
VIEW IN TELEGRAM
/ Analysis of DEV#POPPER: New Attack Campaign Targeting Software Developers
..new ongoing social engineering attack campaign (tracked by STR as DEV#POPPER) likely associated with North Korean threat actors who are targeting developers using fake interviews to deliver a Python-based RAT..:
https://www.securonix.com/blog/analysis-of-devpopper-new-attack-campaign-targeting-software-developers-likely-associated-with-north-korean-threat-actors/
..new ongoing social engineering attack campaign (tracked by STR as DEV#POPPER) likely associated with North Korean threat actors who are targeting developers using fake interviews to deliver a Python-based RAT..:
https://www.securonix.com/blog/analysis-of-devpopper-new-attack-campaign-targeting-software-developers-likely-associated-with-north-korean-threat-actors/
Securonix
Analysis of DEV#POPPER: New Attack Campaign Targeting Software Developers Likely Associated With North Korean Threat Actors
The Securonix Threat Research Team has been monitoring an ongoing social engineering attack campaign from North Korean threat actors who are targeting developers using fake interviews to deliver a Python-based RAT. Read more.
/ Coordinated attacks on Docker Hub that planted millions of malicious repositories
https://jfrog.com/blog/attacks-on-docker-with-millions-of-malicious-repositories-spread-malware-and-phishing-scams/
https://jfrog.com/blog/attacks-on-docker-with-millions-of-malicious-repositories-spread-malware-and-phishing-scams/
JFrog
JFrog Security research discovers coordinated attacks on Docker Hub that planted millions of malicious repositories
Attackers are using Docker Hub for malicious campaigns of various types, including spreading malware, phishing and scams. Read the analysis of 3 malware campaigns.
Forwarded from Sys-Admin Up (Yevgeniy Goncharov)
Common-System-Hacking.pdf
9.9 MB
System Hacking: Common Windows, Linux & Web Server Hacking Techniques
/ Detecting browser data theft using Windows Event Logs
This aerticle describes one set of signals for use by system administrators or endpoint detection agents that should reliably flag any access to the browser’s protected data from another application on the system..:
https://security.googleblog.com/2024/04/detecting-browser-data-theft-using.html
This aerticle describes one set of signals for use by system administrators or endpoint detection agents that should reliably flag any access to the browser’s protected data from another application on the system..:
https://security.googleblog.com/2024/04/detecting-browser-data-theft-using.html
Google Online Security Blog
Detecting browser data theft using Windows Event Logs
Posted by Will Harris, Chrome Security Team Chromium's sandboxed process model defends well from malicious web content, but...
📢 Открытый практикум Linux by Rebrain: С Windows на Linux
Время:
• 8 Мая (Среда) 20:00 МСК
Программа:
• Основные сложности
• Стоит ли переходить?
• Что нужно знать в самом начале?
• Пробуем работать в Linux
Детали ↘ Здесь
Ведет:
Андрей Буранов – Системный администратор в департаменте VK Play. 10+ лет опыта работы с ОС Linux.
Время:
• 8 Мая (Среда) 20:00 МСК
Программа:
• Основные сложности
• Стоит ли переходить?
• Что нужно знать в самом начале?
• Пробуем работать в Linux
Детали ↘ Здесь
Ведет:
Андрей Буранов – Системный администратор в департаменте VK Play. 10+ лет опыта работы с ОС Linux.
/ Hackers breached its Sign production environment and accessed customer email addresses and hashed Dropbox passwords
The actors compromised a service account that was part of Sign’s back-end, which is a type of non-human account used to execute applications and run automated services. As such, this account had privileges to take a variety of actions within Sign’s production environment. The threat actor then used this access to the production environment to access our customer database..:
https://sign.dropbox.com/blog/a-recent-security-incident-involving-dropbox-sign
The actors compromised a service account that was part of Sign’s back-end, which is a type of non-human account used to execute applications and run automated services. As such, this account had privileges to take a variety of actions within Sign’s production environment. The threat actor then used this access to the production environment to access our customer database..:
https://sign.dropbox.com/blog/a-recent-security-incident-involving-dropbox-sign
Dropbox
A recent security incident involving Dropbox Sign - Dropbox Sign
Information on a security incident involving Dropbox Sign.
/ Analysis of ArcaneDoor
The zero day vulnerabilities identified are tracked as CVE-2024-20353, CVE-2024-20359, and CVE-2024-20358 – of these, only CVE-2024-20353 and CVE-2024-20359 were exploited in the ArcaneDoor campaign.
The campaign, dubbed “ArcaneDoor,” targeted government-owned perimeter network devices from various vendors as part of a global effort..:
https://censys.com/analysis-of-arcanedoor-threat-infrastructure-suggests-potential-ties-to-chinese-based-actor/
The zero day vulnerabilities identified are tracked as CVE-2024-20353, CVE-2024-20359, and CVE-2024-20358 – of these, only CVE-2024-20353 and CVE-2024-20359 were exploited in the ArcaneDoor campaign.
The campaign, dubbed “ArcaneDoor,” targeted government-owned perimeter network devices from various vendors as part of a global effort..:
https://censys.com/analysis-of-arcanedoor-threat-infrastructure-suggests-potential-ties-to-chinese-based-actor/
Censys
Analysis of ArcaneDoor Threat Infrastructure Suggests Potential Ties to Chinese-based Actor
/ Eight Arms To Hold You: The Cuttlefish Malware
https://blog.lumen.com/eight-arms-to-hold-you-the-cuttlefish-malware/
https://blog.lumen.com/eight-arms-to-hold-you-the-cuttlefish-malware/
Lumen Blog
Eight arms to hold you: The Cuttlefish malware
Learn about the latest evolution in malware designed to infect SOHO routers, and Black Lotus Labs' discovery of a highly targeted campaign.
/ GitLab Vulnerability Allows Intercept Accounts Management
https://nvd.nist.gov/vuln/detail/CVE-2023-7028
https://nvd.nist.gov/vuln/detail/CVE-2023-7028
/ Graph: Growing number of threats leveraging Microsoft API
An increasing number of threats have begun to leverage the Microsoft Graph API, usually to facilitate communications with command-and-control (C&C) infrastructure hosted on Microsoft cloud.
BirdyClient or OneDriveBirdyClient malware revealed that its main functionality is to connect to the Microsoft Graph API and use Microsoft OneDrive as a C&C server mechanism to upload and download files from it
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/graph-api-threats
An increasing number of threats have begun to leverage the Microsoft Graph API, usually to facilitate communications with command-and-control (C&C) infrastructure hosted on Microsoft cloud.
BirdyClient or OneDriveBirdyClient malware revealed that its main functionality is to connect to the Microsoft Graph API and use Microsoft OneDrive as a C&C server mechanism to upload and download files from it
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/graph-api-threats
Security
Graph: Growing number of threats leveraging Microsoft API
Graph API is often used for inconspicuous communications to cloud-based command-and-control servers.
/ TunnelVision (CVE-2024-3661): How Attackers Can Decloak Routing-Based VPNs For a Total VPN Leak
https://www.leviathansecurity.com/blog/tunnelvision
PoC: https://github.com/leviathansecurity/TunnelVision
https://www.leviathansecurity.com/blog/tunnelvision
PoC: https://github.com/leviathansecurity/TunnelVision
Leviathan Security Group - Penetration Testing, Security Assessment, Risk Advisory
CVE-2024-3661: TunnelVision - How Attackers Can Decloak Routing-Based VPNs For a Total VPN Leak — Leviathan Security Group - Penetration…
We discovered a fundamental design problem in VPNs and we're calling it TunnelVision. This problem lets someone see what you're doing online, even if you think you're safely using a VPN.
Forwarded from Sys-Admin Up (Yevgeniy Goncharov)
Unmasking Tycoon 2FA: A Stealthy Phishing Kit Used to Bypass Microsoft 365 and Google MFA
Tycoon 2FA is a phishing-as-a-service (PhaaS) platform that was first seen in August 2023. Like many phish kits, it bypasses multifactor authentication (MFA) protections and poses a significant threat to users. Lately, Tycoon 2FA has been grabbing headlines because of its role in ongoing campaigns designed to target Microsoft 365 and Gmail accounts.
This blog post is a rundown of how these attacks work, how they’re evolving, what they look like in the real world..:
https://www.proofpoint.com/us/blog/email-and-cloud-threats/tycoon-2fa-phishing-kit-mfa-bypass
Tycoon 2FA is a phishing-as-a-service (PhaaS) platform that was first seen in August 2023. Like many phish kits, it bypasses multifactor authentication (MFA) protections and poses a significant threat to users. Lately, Tycoon 2FA has been grabbing headlines because of its role in ongoing campaigns designed to target Microsoft 365 and Gmail accounts.
This blog post is a rundown of how these attacks work, how they’re evolving, what they look like in the real world..:
https://www.proofpoint.com/us/blog/email-and-cloud-threats/tycoon-2fa-phishing-kit-mfa-bypass
Proofpoint
Tycoon 2FA: Phishing Kit Being Used to Bypass MFA | Proofpoint US
Explore Tycoon 2FA, a sophisticated phishing kit used to bypass MFA. Learn how it works, what an attack looks like, detection techniques and more.
/ CISA - StopRansomware: Black Basta
- technical details
- mitre tactics
- IoC
- mitigations
https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-131a
- technical details
- mitre tactics
- IoC
- mitigations
https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-131a
/ Apple Fixed Security Issues in iOS, iPadOS, macOS
- An app may be able to access user-sensitive data in iOS/iPadOS
- A malicious application may be able to access Find My data in macOS
- An app may be able to access user-sensitive data in iOS/iPadOS
- A malicious application may be able to access Find My data in macOS
Apple Support
About the security content of iOS 16.7.8 and iPadOS 16.7.8
This document describes the security content of iOS 16.7.8 and iPadOS 16.7.8.
/ Trusted Brands and Sponsored Google Ads to Distribute MSIX Payloads
Researchers discovered some of the most dangerous threats – including the Kaseya MSP breach and the more_eggs malware...
https://www.esentire.com/blog/fin7-uses-trusted-brands-and-sponsored-google-ads-to-distribute-msix-payloads
Researchers discovered some of the most dangerous threats – including the Kaseya MSP breach and the more_eggs malware...
https://www.esentire.com/blog/fin7-uses-trusted-brands-and-sponsored-google-ads-to-distribute-msix-payloads
eSentire
FIN7 Uses Trusted Brands and Sponsored Google Ads to Distribute MSIX…
Learn more about FIN7 using trusted brands and sponsored Google Ads to distribute MSIX payloads and get security recommendations from our Threat Response…
/ Windows DWM Core Library Elevation of Privilege Vulnerability
CVE-2024-30051. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges..:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30051
CVE-2024-30051. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges..:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30051
/ Detecting Compromise of CVE-2024-3400 on Palo Alto Networks GlobalProtect Devices
This blog post aims to provide details on methods for investigating potentially compromised Palo Alto Networks firewall devices and a general approach towards edge device threat detection.
- Detecting Compromise
- Memory Analysis
https://www.volexity.com/blog/2024/05/15/detecting-compromise-of-cve-2024-3400-on-palo-alto-networks-globalprotect-devices/
This blog post aims to provide details on methods for investigating potentially compromised Palo Alto Networks firewall devices and a general approach towards edge device threat detection.
- Detecting Compromise
- Memory Analysis
https://www.volexity.com/blog/2024/05/15/detecting-compromise-of-cve-2024-3400-on-palo-alto-networks-globalprotect-devices/
Volexity
Detecting Compromise of CVE-2024-3400 on Palo Alto Networks GlobalProtect Devices
Last month, Volexity reported on its discovery of zero-day, in-the-wild exploitation of CVE-2024-3400 in the GlobalProtect feature of Palo Alto Networks PAN-OS by a threat actor Volexity tracks as UTA0218. Volexity has conducted several additional incident…