/ Void Banshee Targets Windows Users Through Zombie Internet Explorer in Zero-Day Attacks
https://www.trendmicro.com/en_id/research/24/g/CVE-2024-38112-void-banshee.html
https://www.trendmicro.com/en_id/research/24/g/CVE-2024-38112-void-banshee.html
Trend Micro
CVE-2024-38112: Void Banshee Targets Windows Users Through Zombie Internet Explorer in Zero-Day Attacks
Forwarded from Sys-Admin Up (Yevgeniy Goncharov)
/ SEG vs. SEG: How Threat Actors are Pitting Email Security Products Against Each Other With Encoded URLs
https://cofense.com/blog/seg-vs-seg-how-threat-actors-are-pitting-email-security-products-against-each-other/
https://cofense.com/blog/seg-vs-seg-how-threat-actors-are-pitting-email-security-products-against-each-other/
Cofense
SEG vs. SEG: How Threat Actors are Pitting Email Security
Discover how threat actors are increasingly exploiting SEG-encoded URLs to bypass email security measures. Learn how these tactics lead to malicious emails evading proper scanning, putting recipients
/ New Recovery Tool to help with CrowdStrike issue impacting Windows endpoints
https://techcommunity.microsoft.com/t5/intune-customer-success/new-recovery-tool-to-help-with-crowdstrike-issue-impacting/ba-p/4196959
https://techcommunity.microsoft.com/t5/intune-customer-success/new-recovery-tool-to-help-with-crowdstrike-issue-impacting/ba-p/4196959
TECHCOMMUNITY.MICROSOFT.COM
New Recovery Tool to help with CrowdStrike issue impacting Windows endpoints | Microsoft Community Hub
Steps for how to access and use the new recovery tool Microsoft created - updated on July 31, July 23, July 22, and July 21. The tool provides two recovery...
/ EvilVideo: Telegram app for Android targeted by zero-day exploit sending malicious videos
https://www.eset.com/uk/about/newsroom/press-releases/set-research-discovers-evilvideo-telegram-app-for-android-targeted-by-zero-day-exploit-sending-malicious-videos/
https://www.eset.com/uk/about/newsroom/press-releases/set-research-discovers-evilvideo-telegram-app-for-android-targeted-by-zero-day-exploit-sending-malicious-videos/
Forwarded from Yevgeniy Goncharov
🦄 Йоу! Хорош спать. Поднимай взор на темы докладов Open SysConf'24
Во первых. Теперь каждый может внести лепту в создание сайта, исправлении ошибок на нем и так далее.
Во вторых. Мы имеем место и дату - 12 Октяря, 2024 года.
В третьихх. Мы имеем четрые крутых заявленых доклада:
1. Три системы, которые ты захочешь развернуть и настроить
2. Внедрение вредоносного кода в андроид приложения.
3. Open(Secure)Source
4. Синтез молекулярных единиц в микросервисах
Иди на сайт и регистрируйся, пока есть места.
Дев. сайт: https://sysconf-io.pages.dev/2024
Во первых. Теперь каждый может внести лепту в создание сайта, исправлении ошибок на нем и так далее.
Во вторых. Мы имеем место и дату - 12 Октяря, 2024 года.
В третьихх. Мы имеем четрые крутых заявленых доклада:
1. Три системы, которые ты захочешь развернуть и настроить
2. Внедрение вредоносного кода в андроид приложения.
3. Open(Secure)Source
4. Синтез молекулярных единиц в микросервисах
Иди на сайт и регистрируйся, пока есть места.
Дев. сайт: https://sysconf-io.pages.dev/2024
/ Anyone can Access Deleted and Private Repository Data on GitHub
You can access data from deleted forks, deleted repositories and even private repositories on GitHub. And it is available forever. This is known by GitHub, and intentionally designed that way.
This is such an enormous attack vector for all organizations that use GitHub that we’re introducing a new term: Cross Fork Object Reference (CFOR)...:
https://trufflesecurity.com/blog/anyone-can-access-deleted-and-private-repo-data-github
You can access data from deleted forks, deleted repositories and even private repositories on GitHub. And it is available forever. This is known by GitHub, and intentionally designed that way.
This is such an enormous attack vector for all organizations that use GitHub that we’re introducing a new term: Cross Fork Object Reference (CFOR)...:
https://trufflesecurity.com/blog/anyone-can-access-deleted-and-private-repo-data-github
Specula - Turning Outlook Into a C2 With One Registry Change
https://trustedsec.com/blog/specula-turning-outlook-into-a-c2-with-one-registry-change
Microsoft Outlook Security Feature Bypass Vulnerability
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2017-11774
https://trustedsec.com/blog/specula-turning-outlook-into-a-c2-with-one-registry-change
Microsoft Outlook Security Feature Bypass Vulnerability
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2017-11774
TrustedSec
Specula - Turning Outlook Into a C2 With One Registry Change
Наступает пора конференций, KazHackStan уже в Сентябре
KHS - самая масштабная конфа в РК. Несколько дней общения, кибер-эстафет, докладов и полезных знакомств.
Помимо всего прочего, KHS прекрасная площадка для того, что бы представить свои ресерчи, изыскания, наработки в виде доклада, как минимум)
В общем, не знаю как ты, а я уже подал заявку на доклад прямо вот здесь - https://kazhackstan.com/ru#speakers
Уверен, моя тема будет интересна не только организаторам, но и тебе уважаемый <username>.
Запасаееммся хорошим настроем. Ждем-с решения😎
KHS - самая масштабная конфа в РК. Несколько дней общения, кибер-эстафет, докладов и полезных знакомств.
Помимо всего прочего, KHS прекрасная площадка для того, что бы представить свои ресерчи, изыскания, наработки в виде доклада, как минимум)
В общем, не знаю как ты, а я уже подал заявку на доклад прямо вот здесь - https://kazhackstan.com/ru#speakers
Уверен, моя тема будет интересна не только организаторам, но и тебе уважаемый <username>.
Запасаееммся хорошим настроем. Ждем-с решения
Please open Telegram to view this post
VIEW IN TELEGRAM
Forwarded from Sys-Admin Up (Yevgeniy Goncharov)
How did Facebook intercept their competitor's encrypted mobile app traffic?
A technical investigation into information uncovered in a class action lawsuit that Facebook had intercepted encrypted traffic from user's devices running the Onavo Protect app in order to gain competitive insights...:
https://doubleagent.net/onavo-facebook-ssl-mitm-technical-analysis/
P.S. Thx for the link, dear subscriber ✌️
A technical investigation into information uncovered in a class action lawsuit that Facebook had intercepted encrypted traffic from user's devices running the Onavo Protect app in order to gain competitive insights...:
https://doubleagent.net/onavo-facebook-ssl-mitm-technical-analysis/
P.S. Thx for the link, dear subscriber ✌️
haxrob
How did Facebook intercept their competitor's encrypted mobile app traffic?
A technical investigation into information uncovered in a class action lawsuit that Facebook had intercepted encrypted traffic from user's devices running the Onavo Protect app in order to gain competitive insights.
/ OneDrive Pastejacking: The crafty phishing and downloader campaign
https://www.trellix.com/blogs/research/onedrive-pastejacking/
https://www.trellix.com/blogs/research/onedrive-pastejacking/
Trellix
OneDrive Pastejacking
Phishing campaign exploits Microsoft OneDrive users with sophisticated social engineering, manipulating them into executing a malicious PowerShell noscript.
/ 'Error' in Microsoft's DDoS defenses amplified 8-hour Azure outage
https://www.theregister.com/AMP/2024/07/31/microsoft_ddos_azure/
https://www.theregister.com/AMP/2024/07/31/microsoft_ddos_azure/
The Register
'Error' in Microsoft's DDoS defenses amplified 8-hour Azure outage
A playbook full of strategies and someone fumbles the implementation
Forwarded from Yevgeniy Goncharov
Делаешь, не сомневайся Open SysConf близится
Время идет и мы движемся и меняемся вместе с ним. Технологии не стоят на месте, кто-то пользуется тем, что есть, кто-то создает свои технологии, главное во всем этом - не стоять на месте.
Готов порадовать и порадоваться двумя новыми заявками на доклады. Детали чуть позже, но предварительно сообщаю, что и докладчики и их доклады несут экстра-экспертный опыт из областей знаний:
- InfoSec Engineering
- Malware Researching
Получаемый опыт ценен, не только, как сам опыт, но и как платформа для новых рассуждений и исследований.
Хочешь прийти и послушать - Welcome
Хочешь выступить - Welcome в двойне
Цени настоящее, делись опытом и будет тебе счастье) Peace ✌️
Время идет и мы движемся и меняемся вместе с ним. Технологии не стоят на месте, кто-то пользуется тем, что есть, кто-то создает свои технологии, главное во всем этом - не стоять на месте.
Готов порадовать и порадоваться двумя новыми заявками на доклады. Детали чуть позже, но предварительно сообщаю, что и докладчики и их доклады несут экстра-экспертный опыт из областей знаний:
- InfoSec Engineering
- Malware Researching
Получаемый опыт ценен, не только, как сам опыт, но и как платформа для новых рассуждений и исследований.
Хочешь прийти и послушать - Welcome
Хочешь выступить - Welcome в двойне
Цени настоящее, делись опытом и будет тебе счастье) Peace ✌️
Forwarded from Sys-Admin Up (Yevgeniy Goncharov)
Powerful attack vector in the domain name system (DNS) is being widely exploited across many DNS providers
https://blogs.infoblox.com/threat-intelligence/who-knew-domain-hijacking-is-so-easy/
https://blogs.infoblox.com/threat-intelligence/who-knew-domain-hijacking-is-so-easy/
Infoblox Blog
Who Knew? Domain Hijacking is So Easy | Infoblox
Learn about the insidious DNS attack vector that threat actors are using to hijack domains from major brands, government institutions, and other organizations, large and small. Find out how to determine whether your domain name is at risk.
/ AVTECH IP Camera - Exploitable remotely/low attack
RISK EVALUATION
Successful exploitation of this vulnerability could allow an attacker to inject and execute commands as the owner of the running process.
CISA Warns:
- https://www.cisa.gov/news-events/ics-advisories/icsa-24-214-07
RISK EVALUATION
Successful exploitation of this vulnerability could allow an attacker to inject and execute commands as the owner of the running process.
CISA Warns:
- https://www.cisa.gov/news-events/ics-advisories/icsa-24-214-07
/ StormBamboo Compromises ISP to Abuse Insecure Software Update Mechanisms
https://www.volexity.com/blog/2024/08/02/stormbamboo-compromises-isp-to-abuse-insecure-software-update-mechanisms/
https://www.volexity.com/blog/2024/08/02/stormbamboo-compromises-isp-to-abuse-insecure-software-update-mechanisms/
Volexity
StormBamboo Compromises ISP to Abuse Insecure Software Update Mechanisms
In mid-2023, Volexity detected and responded to multiple incidents involving systems becoming infected with malware linked to StormBamboo (aka Evasive Panda, and previously tracked by Volexity under “StormCloud”). In those incidents, multiple malware families…
/ Dismantling Smart App Control
Windows Smart App Control and SmartScreen have several design weaknesses that allow attackers to gain initial access with no security warnings or popups. A bug in the handling of LNK files can also bypass these security controls..:
https://www.elastic.co/security-labs/dismantling-smart-app-control
Windows Smart App Control and SmartScreen have several design weaknesses that allow attackers to gain initial access with no security warnings or popups. A bug in the handling of LNK files can also bypass these security controls..:
https://www.elastic.co/security-labs/dismantling-smart-app-control
www.elastic.co
Dismantling Smart App Control — Elastic Security Labs
This article will explore Windows Smart App Control and SmartScreen as a case study for researching bypasses to reputation-based systems, then demonstrate detections to cover those weaknesses.
Forwarded from OpenBLD.net (Yevgeniy Goncharov)
Слышу много хороших отзывов от людей о новом Yandex облаке в Казахстане
С сегодняшнего дня на территории Караганды повился новый сервер, который войдет общую экосистему OpenBLD.net ближайшие сутки.
Очень надеюсь, что этот шаг поможет улучшить работу сервиса, ускорить работу DoH и DoT клиентов столицы Казахстансокго региона и Центрального Казахстана в целом.
Едем дальше с хорошим настроением и верой в успех
Как подключиться к сервису, можно найти на сайте проекта https://openbld.net
Please open Telegram to view this post
VIEW IN TELEGRAM
/
This vulnerability allows malicious websites to bypass browser security and interact with services running on an organization’s local network, potentially leading to unauthorized access and remote code execution on local services by attackers outside the network..:
https://www.oligo.security/blog/0-0-0-0-day-exploiting-localhost-apis-from-the-browser
0.0.0.0 Day: Exploiting Localhost APIs From the BrowserThis vulnerability allows malicious websites to bypass browser security and interact with services running on an organization’s local network, potentially leading to unauthorized access and remote code execution on local services by attackers outside the network..:
https://www.oligo.security/blog/0-0-0-0-day-exploiting-localhost-apis-from-the-browser
www.oligo.security
0.0.0.0 Day: Exploiting Localhost APIs From the Browser | Oligo Security
Oligo Security's research team recently disclosed the “0.0.0.0 Day” vulnerability. This vulnerability allows malicious websites to bypass browser security and interact with services running on an organization’s local network
/ Bypass Anti-Phishing in Microsoft 365 with CSS
In this post we will explore some of the anti-phishing measures employed by Microsoft 365 (formally Office 365) as well as their weaknesses. Certitude was able to identify an issue in that allows malicious actors to bypass anti-phishing measures..:
https://certitude.consulting/blog/en/o365-anti-phishing-measures/
In this post we will explore some of the anti-phishing measures employed by Microsoft 365 (formally Office 365) as well as their weaknesses. Certitude was able to identify an issue in that allows malicious actors to bypass anti-phishing measures..:
https://certitude.consulting/blog/en/o365-anti-phishing-measures/