Vulnerabilities in VPN

- Paper presented at the Privacy Enhancing Technologies Symposium 2024
- PoC

/ SEG vs. SEG: How Threat Actors are Pitting Email Security Products Against Each Other With Encoded URLs

https://cofense.com/blog/seg-vs-seg-how-threat-actors-are-pitting-email-security-products-against-each-other/

/ New Recovery Tool to help with CrowdStrike issue impacting Windows endpoints

https://techcommunity.microsoft.com/t5/intune-customer-success/new-recovery-tool-to-help-with-crowdstrike-issue-impacting/ba-p/4196959

/ EvilVideo: Telegram app for Android targeted by zero-day exploit sending malicious videos

https://www.eset.com/uk/about/newsroom/press-releases/set-research-discovers-evilvideo-telegram-app-for-android-targeted-by-zero-day-exploit-sending-malicious-videos/

🦄 Йоу! Хорош спать. Поднимай взор на темы докладов Open SysConf'24

Во первых. Теперь каждый может внести лепту в создание сайта, исправлении ошибок на нем и так далее.
Во вторых. Мы имеем место и дату - 12 Октяря, 2024 года.

В третьихх. Мы имеем четрые крутых заявленых доклада:

1. Три системы, которые ты захочешь развернуть и настроить
2. Внедрение вредоносного кода в андроид приложения.
3. Open(Secure)Source
4. Синтез молекулярных единиц в микросервисах

Иди на сайт и регистрируйся, пока есть места.

Дев. сайт: https://sysconf-io.pages.dev/2024

/ Anyone can Access Deleted and Private Repository Data on GitHub

You can access data from deleted forks, deleted repositories and even private repositories on GitHub. And it is available forever. This is known by GitHub, and intentionally designed that way.

This is such an enormous attack vector for all organizations that use GitHub that we’re introducing a new term: Cross Fork Object Reference (CFOR)...:

https://trufflesecurity.com/blog/anyone-can-access-deleted-and-private-repo-data-github

Happy Sys-Adm.in Day))!

Specula - Turning Outlook Into a C2 With One Registry Change

https://trustedsec.com/blog/specula-turning-outlook-into-a-c2-with-one-registry-change

Microsoft Outlook Security Feature Bypass Vulnerability

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2017-11774

How did Facebook intercept their competitor's encrypted mobile app traffic?

A technical investigation into information uncovered in a class action lawsuit that Facebook had intercepted encrypted traffic from user's devices running the Onavo Protect app in order to gain competitive insights...:

https://doubleagent.net/onavo-facebook-ssl-mitm-technical-analysis/

P.S. Thx for the link, dear subscriber ✌️

/ OneDrive Pastejacking: The crafty phishing and downloader campaign

https://www.trellix.com/blogs/research/onedrive-pastejacking/

/ 'Error' in Microsoft's DDoS defenses amplified 8-hour Azure outage

https://www.theregister.com/AMP/2024/07/31/microsoft_ddos_azure/

Делаешь, не сомневайся Open SysConf близится

Время идет и мы движемся и меняемся вместе с ним. Технологии не стоят на месте, кто-то пользуется тем, что есть, кто-то создает свои технологии, главное во всем этом - не стоять на месте.

Готов порадовать и порадоваться двумя новыми заявками на доклады. Детали чуть позже, но предварительно сообщаю, что и докладчики и их доклады несут экстра-экспертный опыт из областей знаний:

- InfoSec Engineering
- Malware Researching

Получаемый опыт ценен, не только, как сам опыт, но и как платформа для новых рассуждений и исследований.

Хочешь прийти и послушать - Welcome
Хочешь выступить - Welcome в двойне

Цени настоящее, делись опытом и будет тебе счастье) Peace ✌️

Powerful attack vector in the domain name system (DNS) is being widely exploited across many DNS providers

https://blogs.infoblox.com/threat-intelligence/who-knew-domain-hijacking-is-so-easy/

/ AVTECH IP Camera - Exploitable remotely/low attack

RISK EVALUATION

Successful exploitation of this vulnerability could allow an attacker to inject and execute commands as the owner of the running process.

CISA Warns:

- https://www.cisa.gov/news-events/ics-advisories/icsa-24-214-07

/ StormBamboo Compromises ISP to Abuse Insecure Software Update Mechanisms

https://www.volexity.com/blog/2024/08/02/stormbamboo-compromises-isp-to-abuse-insecure-software-update-mechanisms/

/ Dismantling Smart App Control

Windows Smart App Control and SmartScreen have several design weaknesses that allow attackers to gain initial access with no security warnings or popups. A bug in the handling of LNK files can also bypass these security controls..:

https://www.elastic.co/security-labs/dismantling-smart-app-control

/ 0.0.0.0 Day: Exploiting Localhost APIs From the Browser

This vulnerability allows malicious websites to bypass browser security and interact with services running on an organization’s local network, potentially leading to unauthorized access and remote code execution on local services by attackers outside the network..:

https://www.oligo.security/blog/0-0-0-0-day-exploiting-localhost-apis-from-the-browser

/ Bypass Anti-Phishing in Microsoft 365 with CSS

In this post we will explore some of the anti-phishing measures employed by Microsoft 365 (formally Office 365) as well as their weaknesses. Certitude was able to identify an issue in that allows malicious actors to bypass anti-phishing measures..:

https://certitude.consulting/blog/en/o365-anti-phishing-measures/