/ CISA - StopRansomware: Black Basta

- technical details
- mitre tactics
- IoC
- mitigations

https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-131a

/ Apple Fixed Security Issues in iOS, iPadOS, macOS

- An app may be able to access user-sensitive data in iOS/iPadOS
- A malicious application may be able to access Find My data in macOS

/ Trusted Brands and Sponsored Google Ads to Distribute MSIX Payloads

Researchers discovered some of the most dangerous threats – including the Kaseya MSP breach and the more_eggs malware...

https://www.esentire.com/blog/fin7-uses-trusted-brands-and-sponsored-google-ads-to-distribute-msix-payloads

/ Windows DWM Core Library Elevation of Privilege Vulnerability

CVE-2024-30051. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges..:

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30051

/ Detecting Compromise of CVE-2024-3400 on Palo Alto Networks GlobalProtect Devices

This blog post aims to provide details on methods for investigating potentially compromised Palo Alto Networks firewall devices and a general approach towards edge device threat detection.

- Detecting Compromise
- Memory Analysis

https://www.volexity.com/blog/2024/05/15/detecting-compromise-of-cve-2024-3400-on-palo-alto-networks-globalprotect-devices/

📢 DevOps, Linux, Networks и Golang by Rebrain: Расписание практикумов на неделю
⁠
• 21 мая Networks: Глубокое погружение в VoIP: Kamailio (Часть 2)
• 22 мая Linux: Определение нагрузки на сервер и поиск узких мест производительности
• 23 мая Networks: Фильтрация, блокировки и взаимодействие с провайдером
• 24 мая DevOps: Настройка firewall с помощью IPTables - 2

Детали: ↘ Здесь
⁠

/ New WiFi Vulnerability: The SSID Confusion Attack

This vulnerability exploits a design flaw in the WiFi standard, allowing attackers to trick WiFi clients on any operating system into connecting to a untrusted network:

https://www.top10vpn.com/research/wifi-vulnerability-ssid/

The incident response cycle, applied to ransomware

/ Threat actors misusing Quick Assist in social engineering attacks leading to ransomware

https://www.microsoft.com/en-us/security/blog/2024/05/15/threat-actors-misusing-quick-assist-in-social-engineering-attacks-leading-to-ransomware/

/ New Antidot Android Banking Trojan Masquerading as Fake Google Play Updates

https://cyble.com/blog/new-antidot-android-banking-trojan-masquerading-as-google-play-updates/

Git CVE-2024-32002 - This allows writing a hook that will be executed while the clone operation is still running, giving the user no opportunity to inspect the code that is being executed

Got vesrsions: 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, 2.39.4

git config --global core.symlinks false can be disable this attack vector

https://nvd.nist.gov/vuln/detail/CVE-2024-32002

PoC: https://github.com/szybnev/git_rce/blob/main/create_poc.sh

P.S. Thx Tatyana for the reporting ✌️

Как чувство осознанности может повлиять на безопасность жизни?

Мое интервью на тему кибербезопасности, как можно обезопасить себя, свое окружение, следить за собой - быть осторожным.

Отдельное спасибо хочу выразить авторам проекта Commutator Казахстан - Узлу связи между государством, бизнесом, обществом и масс-медиа и в частности Татьяне Бендзь за интересно поднятую тему.

Как вести себя с умными колонками, что делать нашим бабушкам и дедушкам в эпоху цифровизации, что такое OpenBLD.net и зачем существует этот проект.

Приятного и полезного просмотра (титры на Казахском, Русском языках присутствуют):

- https://youtu.be/MxWD1N0Bmv8?si=nSmTxUH_AAzsng-5

Детали проекта Commutator о чем он, множество других интересных интервью можно посмотреть на официальном сайте проекта:

- https://commutator.tilda.ws/

/ Invisible miners: unveiling GHOSTENGINE’s crypto mining operations

https://www.elastic.co/security-labs/invisible-miners-unveiling-ghostengine

📢 Открытые практикумы DevOps, Linux, Networks, Golang: Расписание на неделю

• 27 мая Golang: Начало работы с gRPC в Golang (Сергей Парамошкин – Технический менеджер Яндекс.облако)
• 28 мая Security: Безопасность Docker (Алексей Федулаев – DevSecOps Lead Wildberries)
• 29 мая Linux: DHCP-сервер на Kea (Даниил Батурин – Основатель проекта VyOS)
• 30 мая DevOps: Фильтрация пакетов с помощью nftables (Николай Лавлинский – Технический директор)

Детали ↘ Здесь

/ Infiltrating Defenses: Abusing VMware in MITRE’s Cyber Intrusion

Technical details of new behavior employed by the adversary, who aligns with Google Mandiant’s UNC5221, and how the BRICKSTORM backdoor and BEEFLUSH web shell abused VMs in VMware through a privileged user account, VPXUSER, to establish persistence within the impacted environment. Will also provide detection noscripts, from MITRE and CrowdStrike, to find this activity in other environments and go over how Secure Boot serves as a barrier against the adversary technique..:

https://medium.com/mitre-engenuity/infiltrating-defenses-abusing-vmware-in-mitres-cyber-intrusion-4ea647b83f5b

/ Threat actors ride the hype for newly released Arc browser

https://www.threatdown.com/blog/threat-actors-ride-the-hype-for-newly-released-arc-browser/

/ Remote Command Execution on TP-Link Archer C5400X

https://onekey.com/blog/security-advisory-remote-command-execution-on-tp-link-archer-c5400x/

/ Technical Analysis of Anatsa Campaigns: An Android Banking Malware Active in the Google Play Store

https://www.zscaler.com/blogs/security-research/technical-analysis-anatsa-campaigns-android-banking-malware-active-google

/ The Pumpkin Eclipse or “Chalubo” - remote access trojan (RAT)

Lumen Technologies’ Black Lotus Labs identified a destructive event, as over 600,000 small office/home office (SOHO) routers were taken offline belonging to a single internet service provider (ISP)..:

https://blog.lumen.com/the-pumpkin-eclipse/

Chrome Manifest v2 RIP coming soon . Google has set the first date for getting rid of the manifest for this version.

Starting on June 3 on the Chrome Beta, Dev and Canary channels, if users still have Manifest V2 extensions installed, some will start to see a warning banner when visiting their extension management page..:

https://blog.chromium.org/2024/05/manifest-v2-phase-out-begins.html