Zimbra - Remote Command Execution (CVE-2024-45519)
Technical analysis:
https://blog.projectdiscovery.io/zimbra-remote-code-execution/
Technical analysis:
https://blog.projectdiscovery.io/zimbra-remote-code-execution/
ProjectDiscovery
Zimbra - Remote Command Execution (CVE-2024-45519) — ProjectDiscovery Blog
Zimbra, a widely used email and collaboration platform, recently released a critical security update addressing a severe vulnerability in its postjournal service. This vulnerability, identified as CVE-2024-45519, allows unauthenticated attackers to execute…
Malware throught software. Faked SIEM Wazuh agent and faked uTorrent, Microsoft Office, Minecraft etc services promoted with Advertising or SEO.
https://securelist.ru/miner-campaign-misuses-open-source-siem-agent/110717/
https://securelist.ru/miner-campaign-misuses-open-source-siem-agent/110717/
Securelist
Агент SIEM используется в атаках SilentCryptoMiner
Злоумышленники распространяют майнер через поддельные сайты популярного ПО, Telegram-каналы и YouTube, устанавливают на устройства жертвы агент SIEM-системы Wazuh для закрепления.
LemonDuck Unleashes Cryptomining Attacks Through SMB Service Exploits
https://notes.netbytesec.com/2024/10/lemonduck-unleashes-cryptomining.html?m=1
https://notes.netbytesec.com/2024/10/lemonduck-unleashes-cryptomining.html?m=1
Netbytesec
LemonDuck Unleashes Cryptomining Attacks Through SMB Service Exploits
This post was authored by Aufa and NetbyteSEC Interns (Irham, Idham, Adnin, Nabiha, Haiqal, Amirul) This blog post is intended to give an ov...
CoreWarrior Spreader Malware Surge
This is a persistent trojan that attempts to spread rapidly by creating dozens of copies of itself and reaching out to multiple IP addresses, opening multiple sockets for backdoor access, and hooking Windows UI elements for monitoring:
https://blog.sonicwall.com/en-us/2024/10/corewarrior-spreader-malware-surge/
This is a persistent trojan that attempts to spread rapidly by creating dozens of copies of itself and reaching out to multiple IP addresses, opening multiple sockets for backdoor access, and hooking Windows UI elements for monitoring:
https://blog.sonicwall.com/en-us/2024/10/corewarrior-spreader-malware-surge/
Forwarded from Sys-Admin Up (Yevgeniy Goncharov)
Silent Threat: Red Team Tool EDRSilencer Disrupting Endpoint Security Solutions
..red team tool that threat actors are attempting to abuse for its ability to block EDR traffic and conceal malicious activity:
https://www.trendmicro.com/en_us/research/24/j/edrsilencer-disrupting-endpoint-security-solutions.html
EDRSilencer:
https://github.com/netero1010/EDRSilencer
..red team tool that threat actors are attempting to abuse for its ability to block EDR traffic and conceal malicious activity:
https://www.trendmicro.com/en_us/research/24/j/edrsilencer-disrupting-endpoint-security-solutions.html
EDRSilencer:
https://github.com/netero1010/EDRSilencer
Trend Micro
Silent Threat: Red Team Tool EDRSilencer Disrupting Endpoint Security Solutions
Expanding the Investigation: Deep Dive into Latest TrickMo Samples
...a new variant of the Banking Trojan called TrickMo.. features:
- OTP interception
- Screen recording
- Data exfiltration
- Remote control
- Automatic permission granting and auto-click on prompts
- Accessibility service abuse
- Overlay display and credential theft
Research:
https://www.zimperium.com/blog/expanding-the-investigation-deep-dive-into-latest-trickmo-samples/
...a new variant of the Banking Trojan called TrickMo.. features:
- OTP interception
- Screen recording
- Data exfiltration
- Remote control
- Automatic permission granting and auto-click on prompts
- Accessibility service abuse
- Overlay display and credential theft
Research:
https://www.zimperium.com/blog/expanding-the-investigation-deep-dive-into-latest-trickmo-samples/
Zimperium
Expanding the Investigation: Deep Dive into Latest TrickMo Samples - Zimperium
Our analysis of TrickMo suggests that many of these samples remain undetected by the broader security community.
HijackLoader evolution: abusing genuine signing certificates
https://harfanglab.io/insidethelab/hijackloader-abusing-genuine-certificates/
https://harfanglab.io/insidethelab/hijackloader-abusing-genuine-certificates/
HarfangLab | Your endpoints, our protection
HijackLoader evolution: abusing genuine signing certificates
Our telemetry has revealed a significant increase in Lumma Stealer malware deployments via the HijackLoader malicious loader.
New Bumblebee Loader Infection Chain Signals Possible Resurgence
https://www.netskope.com/blog/new-bumblebee-loader-infection-chain-signals-possible-resurgence
https://www.netskope.com/blog/new-bumblebee-loader-infection-chain-signals-possible-resurgence
Netskope
New Bumblebee Loader Infection Chain Signals Possible Resurgence
Summary Bumblebee is a highly sophisticated downloader malware cybercriminals use to gain access to corporate networks and deliver other payloads such as
Exposing the Danger Within: Hardcoded Cloud Credentials in Popular Mobile Apps
https://www.security.com/threat-intelligence/exposing-danger-within-hardcoded-cloud-credentials-popular-mobile-apps
https://www.security.com/threat-intelligence/exposing-danger-within-hardcoded-cloud-credentials-popular-mobile-apps
Security
Exposing the Danger Within: Hardcoded Cloud Credentials in Popular Mobile Apps
Examining the hidden risks posed to user privacy and security due to presence of hardcoded credentials within popular mobile apps.
Программа на стадии формирования, но призы уже анонсированы :)
Конференция об информационной безопасности в Казахстане, 1 Ноября пройдет в Алматы
Главные темы: ИИ, Безопасность IoT, TI, Фрод и многое другое.
Конференция будет полезна любым гос. и коммерческим организациям, для которых важна информационная безопасность.
Нетворкинг обеспечен
Детали здесь - https://profitday.kz/security
Please open Telegram to view this post
VIEW IN TELEGRAM
Forwarded from Sys-Admin Up (Yevgeniy Goncharov)
macOS NotLockBit | Evolving Ransomware Samples Suggest a Threat Actor Sharpening Its Tools
https://www.sentinelone.com/blog/macos-notlockbit-evolving-ransomware-samples-suggest-a-threat-actor-sharpening-its-tools/
https://www.sentinelone.com/blog/macos-notlockbit-evolving-ransomware-samples-suggest-a-threat-actor-sharpening-its-tools/
SentinelOne
macOS NotLockBit | Evolving Ransomware Samples Suggest a Threat Actor Sharpening Its Tools
An unknown threat actor is developing ransomware to lock files and steal data on macOS, and it's not LockBit.
Microsoft Update Warning—400 Million Windows PCs Now At Risk
https://www.forbes.com/sites/zakdoffman/2024/10/30/warning-for-14-billion-microsoft-windows-10-windows-11-users-get-free-upgrade/
https://www.forbes.com/sites/zakdoffman/2024/10/30/warning-for-14-billion-microsoft-windows-10-windows-11-users-get-free-upgrade/
Forbes
Microsoft Update Warning—400 Million Windows PCs Now At Risk
Are you one of the millions of Windows users at risk—here’s what you need to know.
Storm-0940 uses credentials from password spray attacks from a covert network
https://www.forbes.com/sites/zakdoffman/2024/10/30/warning-for-14-billion-microsoft-windows-10-windows-11-users-get-free-upgrade/
https://www.forbes.com/sites/zakdoffman/2024/10/30/warning-for-14-billion-microsoft-windows-10-windows-11-users-get-free-upgrade/
Forbes
Microsoft Update Warning—400 Million Windows PCs Now At Risk
Are you one of the millions of Windows users at risk—here’s what you need to know.
Forwarded from Sys-Admin Up (Yevgeniy Goncharov)
qBittorrent fixes flaw exposing users to MitM attacks for 14 years
https://www.bleepingcomputer.com/news/security/qbittorrent-fixes-flaw-exposing-users-to-mitm-attacks-for-14-years/
https://www.bleepingcomputer.com/news/security/qbittorrent-fixes-flaw-exposing-users-to-mitm-attacks-for-14-years/
BleepingComputer
qBittorrent fixes flaw exposing users to MitM attacks for 14 years
qBittorrent has addressed a remote code execution flaw caused by the failure to validate SSL/TLS certificates in the application's DownloadManager, a component that manages downloads throughout the app.
RISK:STATION, an unauthenticated zero-click vulnerability allowing attackers to obtain root-level code execution on the popular Synology DiskStation and BeeStation NAS devices, affecting millions of devices
https://www.midnightblue.nl/research/riskstation
https://www.midnightblue.nl/research/riskstation
www.midnightblue.nl
RISK:STATION
A zero-day vulnerability in the Synology® DiskStation and BeeStation product line, known as CVE-2024-10443, granting remote code execution as root.
Forwarded from Sys-Admin Up (Yevgeniy Goncharov)
Threat Campaign Spreads Winos4.0 Through Game Application
https://www.fortinet.com/blog/threat-research/threat-campaign-spreads-winos4-through-game-application
https://www.fortinet.com/blog/threat-research/threat-campaign-spreads-winos4-through-game-application
Fortinet Blog
Threat Campaign Spreads Winos4.0 Through Game Application
FortiGuard Labs reveals a threat actor spreads Winos4.0, infiltrating gaming apps and targeting the education sector. Learn more.…
Мистер Малой легенда хип-хопа, автор множества хитов, и мой знакомый. Известен топ-треком всех времен и народов Буду пАгибать мАлодым, создал новый топ-трек "Войти в АЙТИ", не могу пропустить это и с радостью и гордостью поздравляю и представляю трек всеобщему вниманию.
Как завести себе питона, и войти в АЙТИ можно узнать из официального трека представленного в канале Мистера Малого:
- Apple Music
- Spotify Track
- Vk Official
- Ya Music
Приятного всем! ✌️
P.S. Кто не знает. Все о Мистер Малом на оф. сайте mistermaloy.com
Как завести себе питона, и войти в АЙТИ можно узнать из официального трека представленного в канале Мистера Малого:
- Apple Music
- Spotify Track
- Vk Official
- Ya Music
Приятного всем! ✌️
P.S. Кто не знает. Все о Мистер Малом на оф. сайте mistermaloy.com
Malicious Python Package Typosquats Popular 'fabric' SSH Library, Exfiltrates AWS Credentials
https://socket.dev/blog/malicious-python-package-typosquats-fabric-ssh-library
https://socket.dev/blog/malicious-python-package-typosquats-fabric-ssh-library
Socket
Malicious Python Package Typosquats Popular 'fabric' SSH Lib...
The Socket Research Team uncovered a malicious Python package typosquatting the popular 'fabric' SSH library, silently exfiltrating AWS credentials fr...
Linux Foundation курс/сертификацию есть возможность получить бесплатно (а ценники там норм), еще есть время до конца недели. На всякий случаю дублирую сюда.
https://news.1rj.ru/str/sysadm_in_up/2272
https://news.1rj.ru/str/sysadm_in_up/2272
Telegram
Sys-Admin Up
🗣Конкурс результатом которого может быть 100% скидка на курс или экзамен от Linux Foundation
Выбирай не хочу:
— Курс
— Сертификат
Конкурс от core247.kz вполне может помочь в этом, ваучер применим к:
— онлайн-курсу
— сертификационному экзамену
— или пакету…
Выбирай не хочу:
— Курс
— Сертификат
Конкурс от core247.kz вполне может помочь в этом, ваучер применим к:
— онлайн-курсу
— сертификационному экзамену
— или пакету…
SpyNote: Unmasking a Sophisticated Android Malware
This version of SpyNote is being distributed as a fake Avast antivirus (Avastavv.apk) for the Android platform on a phishing site..:
https://www.cyfirma.com/research/spynote-unmasking-a-sophisticated-android-malware/
This version of SpyNote is being distributed as a fake Avast antivirus (Avastavv.apk) for the Android platform on a phishing site..:
https://www.cyfirma.com/research/spynote-unmasking-a-sophisticated-android-malware/
CYFIRMA
SpyNote: Unmasking a Sophisticated Android Malware - CYFIRMA
Executive Summary At Cyfirma, we are dedicated to providing current insights into prevalent threats and the strategies employed by malicious...
Attackers Abuse DocuSign API to Send Authentic-Looking Invoices At Scale
https://lab.wallarm.com/attackers-abuse-docusign-api-to-send-authentic-looking-invoices-at-scale/
https://lab.wallarm.com/attackers-abuse-docusign-api-to-send-authentic-looking-invoices-at-scale/
Wallarm
Attackers Abuse DocuSign API to Send Authentic-Looking Invoices At Scale
Cybercriminals exploit DocuSign API to send mass fake invoices, bypassing defenses with authentic-looking phishing attacks. Discover how to stay protected.