Forwarded from Sys-Admin Up (Yevgeniy Goncharov)
Как чувство осознанности может повлиять на безопасность жизни?
Мое интервью на тему кибербезопасности, как можно обезопасить себя, свое окружение, следить за собой - быть осторожным.
Отдельное спасибо хочу выразить авторам проекта Commutator Казахстан - Узлу связи между государством, бизнесом, обществом и масс-медиа и в частности Татьяне Бендзь за интересно поднятую тему.
Как вести себя с умными колонками, что делать нашим бабушкам и дедушкам в эпоху цифровизации, что такое OpenBLD.net и зачем существует этот проект.
Приятного и полезного просмотра (титры на Казахском, Русском языках присутствуют):
- https://youtu.be/MxWD1N0Bmv8?si=nSmTxUH_AAzsng-5
Детали проекта Commutator о чем он, множество других интересных интервью можно посмотреть на официальном сайте проекта:
- https://commutator.tilda.ws/
Мое интервью на тему кибербезопасности, как можно обезопасить себя, свое окружение, следить за собой - быть осторожным.
Отдельное спасибо хочу выразить авторам проекта Commutator Казахстан - Узлу связи между государством, бизнесом, обществом и масс-медиа и в частности Татьяне Бендзь за интересно поднятую тему.
Как вести себя с умными колонками, что делать нашим бабушкам и дедушкам в эпоху цифровизации, что такое OpenBLD.net и зачем существует этот проект.
Приятного и полезного просмотра (титры на Казахском, Русском языках присутствуют):
- https://youtu.be/MxWD1N0Bmv8?si=nSmTxUH_AAzsng-5
Детали проекта Commutator о чем он, множество других интересных интервью можно посмотреть на официальном сайте проекта:
- https://commutator.tilda.ws/
YouTube
Как защитить себя в интернете: кибербезопасность и искусственный интеллект (қазақша субтитрлер)
Почти 15 тысяч кибератак было зарегистрировано в казнете за первые три месяца 2024-го. За аналогичный период прошлого года их было всего 4,3 тысячи. То есть, за год количество кибератак выросло втрое. Такой статистикой недавно поделился ресурс factcheck.kz…
/ Invisible miners: unveiling GHOSTENGINE’s crypto mining operations
https://www.elastic.co/security-labs/invisible-miners-unveiling-ghostengine
https://www.elastic.co/security-labs/invisible-miners-unveiling-ghostengine
www.elastic.co
Invisible miners: unveiling GHOSTENGINE’s crypto mining operations — Elastic Security Labs
Elastic Security Labs has identified REF4578, an intrusion set incorporating several malicious modules and leveraging vulnerable drivers to disable known security solutions (EDRs) for crypto mining.
📢 Открытые практикумы DevOps, Linux, Networks, Golang: Расписание на неделю
• 27 мая Golang: Начало работы с gRPC в Golang (Сергей Парамошкин – Технический менеджер Яндекс.облако)
• 28 мая Security: Безопасность Docker (Алексей Федулаев – DevSecOps Lead Wildberries)
• 29 мая Linux: DHCP-сервер на Kea (Даниил Батурин – Основатель проекта VyOS)
• 30 мая DevOps: Фильтрация пакетов с помощью nftables (Николай Лавлинский – Технический директор)
Детали ↘ Здесь
• 27 мая Golang: Начало работы с gRPC в Golang (Сергей Парамошкин – Технический менеджер Яндекс.облако)
• 28 мая Security: Безопасность Docker (Алексей Федулаев – DevSecOps Lead Wildberries)
• 29 мая Linux: DHCP-сервер на Kea (Даниил Батурин – Основатель проекта VyOS)
• 30 мая DevOps: Фильтрация пакетов с помощью nftables (Николай Лавлинский – Технический директор)
Детали ↘ Здесь
/ Infiltrating Defenses: Abusing VMware in MITRE’s Cyber Intrusion
Technical details of new behavior employed by the adversary, who aligns with Google Mandiant’s UNC5221, and how the BRICKSTORM backdoor and BEEFLUSH web shell abused VMs in VMware through a privileged user account, VPXUSER, to establish persistence within the impacted environment. Will also provide detection noscripts, from MITRE and CrowdStrike, to find this activity in other environments and go over how Secure Boot serves as a barrier against the adversary technique..:
https://medium.com/mitre-engenuity/infiltrating-defenses-abusing-vmware-in-mitres-cyber-intrusion-4ea647b83f5b
Technical details of new behavior employed by the adversary, who aligns with Google Mandiant’s UNC5221, and how the BRICKSTORM backdoor and BEEFLUSH web shell abused VMs in VMware through a privileged user account, VPXUSER, to establish persistence within the impacted environment. Will also provide detection noscripts, from MITRE and CrowdStrike, to find this activity in other environments and go over how Secure Boot serves as a barrier against the adversary technique..:
https://medium.com/mitre-engenuity/infiltrating-defenses-abusing-vmware-in-mitres-cyber-intrusion-4ea647b83f5b
Medium
Infiltrating Defenses: Abusing VMware in MITRE’s Cyber Intrusion
MITRE introduce the notion of a rogue VMs within the Ivanti breach
/ Threat actors ride the hype for newly released Arc browser
https://www.threatdown.com/blog/threat-actors-ride-the-hype-for-newly-released-arc-browser/
https://www.threatdown.com/blog/threat-actors-ride-the-hype-for-newly-released-arc-browser/
ThreatDown by Malwarebytes
Threat actors ride the hype for newly released Arc browser - ThreatDown by Malwarebytes
Google Chrome has been the dominant web browser for years now, which is why it may come as a surprise to hear of a startup, not even based in Silicon Valley, called The Browser Company offering a new…
/ Remote Command Execution on TP-Link Archer C5400X
https://onekey.com/blog/security-advisory-remote-command-execution-on-tp-link-archer-c5400x/
https://onekey.com/blog/security-advisory-remote-command-execution-on-tp-link-archer-c5400x/
Onekey
Security Advisory: Arbitrary Command Execution on TP-Link Archer C5400X | ONEKEY Research | Research | ONEKEY
Explore ONEKEY Research Lab's security advisory detailing a critical vulnerability in the TP-Link Archer C5400X router. Learn about the risks and recommended actions.
/ Technical Analysis of Anatsa Campaigns: An Android Banking Malware Active in the Google Play Store
https://www.zscaler.com/blogs/security-research/technical-analysis-anatsa-campaigns-android-banking-malware-active-google
https://www.zscaler.com/blogs/security-research/technical-analysis-anatsa-campaigns-android-banking-malware-active-google
Zscaler
Anatsa Campaign Technical Analysis | ThreatLabz
Explore how Anatsa distributes Android malware by using PDF and QR code reader decoys to lure victims through the Google Play store.
/ The Pumpkin Eclipse or “Chalubo” - remote access trojan (RAT)
Lumen Technologies’ Black Lotus Labs identified a destructive event, as over 600,000 small office/home office (SOHO) routers were taken offline belonging to a single internet service provider (ISP)..:
https://blog.lumen.com/the-pumpkin-eclipse/
Lumen Technologies’ Black Lotus Labs identified a destructive event, as over 600,000 small office/home office (SOHO) routers were taken offline belonging to a single internet service provider (ISP)..:
https://blog.lumen.com/the-pumpkin-eclipse/
Lumen Blog
The pumpkin eclipse
Dive into Black Lotus Labs’ comprehensive analysis of this unprecedented cyberattack and its implications for internet security.
Forwarded from Sys-Admin Up (Yevgeniy Goncharov)
Chrome Manifest v2 RIP coming soon . Google has set the first date for getting rid of the manifest for this version.
Starting on June 3 on the Chrome Beta, Dev and Canary channels, if users still have Manifest V2 extensions installed, some will start to see a warning banner when visiting their extension management page..:
https://blog.chromium.org/2024/05/manifest-v2-phase-out-begins.html
Starting on June 3 on the Chrome Beta, Dev and Canary channels, if users still have Manifest V2 extensions installed, some will start to see a warning banner when visiting their extension management page..:
https://blog.chromium.org/2024/05/manifest-v2-phase-out-begins.html
Chromium Blog
Manifest V2 phase-out begins
Update (10/10/2024): We’ve started disabling extensions still using Manifest V2 in Chrome stable. Read more details in the MV2 support ...
/ ShrinkLocker: Turning BitLocker into ransomware
https://securelist.com/ransomware-abuses-bitlocker/112643/
https://securelist.com/ransomware-abuses-bitlocker/112643/
Securelist
How ransomware abuses BitLocker
The Kaspersky GERT has detected a VBS noscript that has been abusing Microsoft Windows features by modifying the system to lower the defenses and using the local MS BitLocker utility to encrypt entire drives and demand a ransom.
/ PikaBot: a Guide to its Deep Secrets and Operations
PikaBot is a malware loader... several sources reported that successful PikaBot compromises led to the deployment of the Black Basta ransomware...
This article provides an in-depth analysis of PikaBot, focusing on its anti-analysis techniques implemented in the different malware stages. Additionally, this report shares technical details on PikaBot C2 infrastructure:
https://blog.sekoia.io/pikabot-a-guide-to-its-deep-secrets-and-operations/
PikaBot is a malware loader... several sources reported that successful PikaBot compromises led to the deployment of the Black Basta ransomware...
This article provides an in-depth analysis of PikaBot, focusing on its anti-analysis techniques implemented in the different malware stages. Additionally, this report shares technical details on PikaBot C2 infrastructure:
https://blog.sekoia.io/pikabot-a-guide-to-its-deep-secrets-and-operations/
Sekoia.io Blog
PikaBot: a Guide to its Deep Secrets and Operations
Uncover an in-depth analysis of PikaBot, a malware loader used by Initial Access Brokers for network compromise and ransomware deployment.
/ Muhstik Malware Targets Message Queuing Services Applications
https://www.aquasec.com/blog/muhstik-malware-targets-message-queuing-services-applications/
https://www.aquasec.com/blog/muhstik-malware-targets-message-queuing-services-applications/
Aqua
Muhstik Malware Targets Message Queuing Services Applications
Aqua Nautilus has uncovered a new Muhstik malware campaign targeting message queuing services by exploiting a vulnerability in RocketMQ.
/ 1/6 | How We Hacked Multi-Billion Dollar Companies in 30 Minutes Using a Fake VSCode Extension
https://medium.com/@amitassaraf/the-story-of-extensiontotal-how-we-hacked-the-vscode-marketplace-5c6e66a0e9d7
https://medium.com/@amitassaraf/the-story-of-extensiontotal-how-we-hacked-the-vscode-marketplace-5c6e66a0e9d7
www.koi.ai
1/6 | How We Hacked Multi-Billion Dollar Companies in 30 Minutes Using a Fake VSCode Extension | Koi Blog
/ Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30080
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30080
/ FortiOS RCE
Multiple stack-based buffer overflow vulnerabilities [CWE-121] in the command line interpreter of FortiOS may allow an authenticated attacker to execute unauthorized code or commands via specially crafted command line arguments:
https://www.fortiguard.com/psirt/FG-IR-23-460
Multiple stack-based buffer overflow vulnerabilities [CWE-121] in the command line interpreter of FortiOS may allow an authenticated attacker to execute unauthorized code or commands via specially crafted command line arguments:
https://www.fortiguard.com/psirt/FG-IR-23-460
FortiGuard Labs
PSIRT | FortiGuard Labs
None
Аутлук или Оутглюк? Ясно одно - открыв письмо из него можно словить два эффекта одновременно: Critical Microsoft Outlook Vulnerability Executes as Email is Opened (CVE-2024-30103)
The CVE-2024-30103 vulnerability is particularly concerning due to its high probability of exploitation. It is a zero click vulnerability which does not require the user to interact with the content of a malicious email, making it extremely simple to execute:
https://blog.morphisec.com/cve-2024-30103-microsoft-outlook-vulnerability
The CVE-2024-30103 vulnerability is particularly concerning due to its high probability of exploitation. It is a zero click vulnerability which does not require the user to interact with the content of a malicious email, making it extremely simple to execute:
https://blog.morphisec.com/cve-2024-30103-microsoft-outlook-vulnerability
Morphisec
You’ve Got Mail: Critical Microsoft Outlook Vulnerability CVE-2024-30103 Executes as Email is Opened
Morphisec researchers have identified a critical Microsoft Outlook vulnerability, CVE-2024-30103, and detail its technical impact and recommended actions.
/ AutoIt Delivering Vidar Stealer Via Drive-by Downloads
Dangerous KMSPico activator tool..:
https://www.esentire.com/blog/autoit-delivering-vidar-stealer-via-drive-by-downloads
Dangerous KMSPico activator tool..:
https://www.esentire.com/blog/autoit-delivering-vidar-stealer-via-drive-by-downloads
eSentire
AutoIt Delivering Vidar Stealer Via Drive-by Downloads
Learn more about Vidar Stealer malware being delivered through drive-by downloads and get security recommendations from our Threat Response Unit (TRU) to…
/ lnav – Awesome terminal log file viewer for Linux and Unix
https://www.cyberciti.biz/open-source/lnav-linux-unix-ncurses-terminal-log-file-viewer/
https://www.cyberciti.biz/open-source/lnav-linux-unix-ncurses-terminal-log-file-viewer/
nixCraft
lnav – Awesome terminal log file viewer for Linux and Unix
Learn how to install and use lnav a powerful terminal-based log file viewer for Linux/Unix to efficiently navigate, search, and analyze logs.
/ D-Link router - Hidden Backdoor
Certain models of D-Link wireless routers contain an undisclosed factory testing backdoor. Unauthenticated attackers on the local area network can force the device to enable Telnet service by accessing a specific URL and can log in by using the administrator credentials obtained from analyzing the firmware:
https://www.twcert.org.tw/en/cp-139-7880-629f5-2.html
Certain models of D-Link wireless routers contain an undisclosed factory testing backdoor. Unauthenticated attackers on the local area network can force the device to enable Telnet service by accessing a specific URL and can log in by using the administrator credentials obtained from analyzing the firmware:
https://www.twcert.org.tw/en/cp-139-7880-629f5-2.html