Malicious Python Package Typosquats Popular 'fabric' SSH Library, Exfiltrates AWS Credentials
https://socket.dev/blog/malicious-python-package-typosquats-fabric-ssh-library
https://socket.dev/blog/malicious-python-package-typosquats-fabric-ssh-library
Socket
Malicious Python Package Typosquats Popular 'fabric' SSH Lib...
The Socket Research Team uncovered a malicious Python package typosquatting the popular 'fabric' SSH library, silently exfiltrating AWS credentials fr...
Linux Foundation курс/сертификацию есть возможность получить бесплатно (а ценники там норм), еще есть время до конца недели. На всякий случаю дублирую сюда.
https://news.1rj.ru/str/sysadm_in_up/2272
https://news.1rj.ru/str/sysadm_in_up/2272
Telegram
Sys-Admin Up
🗣Конкурс результатом которого может быть 100% скидка на курс или экзамен от Linux Foundation
Выбирай не хочу:
— Курс
— Сертификат
Конкурс от core247.kz вполне может помочь в этом, ваучер применим к:
— онлайн-курсу
— сертификационному экзамену
— или пакету…
Выбирай не хочу:
— Курс
— Сертификат
Конкурс от core247.kz вполне может помочь в этом, ваучер применим к:
— онлайн-курсу
— сертификационному экзамену
— или пакету…
SpyNote: Unmasking a Sophisticated Android Malware
This version of SpyNote is being distributed as a fake Avast antivirus (Avastavv.apk) for the Android platform on a phishing site..:
https://www.cyfirma.com/research/spynote-unmasking-a-sophisticated-android-malware/
This version of SpyNote is being distributed as a fake Avast antivirus (Avastavv.apk) for the Android platform on a phishing site..:
https://www.cyfirma.com/research/spynote-unmasking-a-sophisticated-android-malware/
CYFIRMA
SpyNote: Unmasking a Sophisticated Android Malware - CYFIRMA
Executive Summary At Cyfirma, we are dedicated to providing current insights into prevalent threats and the strategies employed by malicious...
Attackers Abuse DocuSign API to Send Authentic-Looking Invoices At Scale
https://lab.wallarm.com/attackers-abuse-docusign-api-to-send-authentic-looking-invoices-at-scale/
https://lab.wallarm.com/attackers-abuse-docusign-api-to-send-authentic-looking-invoices-at-scale/
Wallarm
Attackers Abuse DocuSign API to Send Authentic-Looking Invoices At Scale
Cybercriminals exploit DocuSign API to send mass fake invoices, bypassing defenses with authentic-looking phishing attacks. Discover how to stay protected.
Hacker Leaks Employee Data from Amazon, McDonald’s, HSBC, HP, and Potentially 1000+ Other Companies
https://www.infostealers.com/article/massive-moveit-vulnerability-breach-hacker-leaks-employee-data-from-amazon-mcdonalds-hsbc-hp-and-potentially-1000-other-companies/
https://www.infostealers.com/article/massive-moveit-vulnerability-breach-hacker-leaks-employee-data-from-amazon-mcdonalds-hsbc-hp-and-potentially-1000-other-companies/
InfoStealers
Massive MOVEit Vulnerability Breach: Hacker Leaks Employee Data from Amazon, McDonald's, HSBC, HP, and Potentially 1000+ Other…
Discover the significant vulnerability breach that exposed extensive employee data from major organizations worldwide.
APT Actors Embed Malware within macOS Flutter Applications
https://www.jamf.com/blog/jamf-threat-labs-apt-actors-embed-malware-within-macos-flutter-applications/
https://www.jamf.com/blog/jamf-threat-labs-apt-actors-embed-malware-within-macos-flutter-applications/
Jamf
Jamf Threat Labs discovers a new threat targeting macOS
With malicious code hidden within, the new malware with ties to DPRK, has evaded detection by notable malware checking systems that may signal a new way of attacking macOS devices.
Forwarded from OpenBLD.net (Yevgeniy Goncharov)
🏎 OpenBLD.net – Engine for a Faster Internet
Increased throughput with the newest Gears in the racing engine of OpenBLD.net. Some Gears have been rewritten or built from scratch:
• Synchronous processing of block lists
• Caching of blocking events
• Updated caching system — the log enricher now has its own cache
• Enhanced request processing system
• New health-checking system for upstream servers, with response time detection
• Improved load balancing, routing requests to servers with the lowest response time
• Optimized parallel DNS request handling, delivering the fastest response
I hope these features will help us save valuable time online while the OpenBLD.net system's gears run smoothly under the hood.
What's Gears?
Gears are the components of the OpenBLD.net system that help to customize online experiences.
If you notice any “engine misfires,” please let me know. I’m always open to constructive feedback.
Wishing everyone a safe journey across the internet! ✌️
Increased throughput with the newest Gears in the racing engine of OpenBLD.net. Some Gears have been rewritten or built from scratch:
• Synchronous processing of block lists
• Caching of blocking events
• Updated caching system — the log enricher now has its own cache
• Enhanced request processing system
• New health-checking system for upstream servers, with response time detection
• Improved load balancing, routing requests to servers with the lowest response time
• Optimized parallel DNS request handling, delivering the fastest response
I hope these features will help us save valuable time online while the OpenBLD.net system's gears run smoothly under the hood.
What's Gears?
Gears are the components of the OpenBLD.net system that help to customize online experiences.
If you notice any “engine misfires,” please let me know. I’m always open to constructive feedback.
Wishing everyone a safe journey across the internet! ✌️
Stealthy Attributes of APT Lazarus: Evading Detection with Extended Attributes
https://www.group-ib.com/blog/stealthy-attributes-of-apt-lazarus/
https://www.group-ib.com/blog/stealthy-attributes-of-apt-lazarus/
Group-IB
Stealthy Attributes of APT Lazarus | Group-IB Blog
In this blog, we examine a fresh take on techniques regarding concealing codes in Extended Attributes in order to evade detection in macOS systems. This is a new technique that has yet to be included in the MITRE ATT&CK framework.
BrazenBamboo Weaponizes FortiClient Vulnerability to Steal VPN Credentials via DEEPDATA
https://www.volexity.com/blog/2024/11/15/brazenbamboo-weaponizes-forticlient-vulnerability-to-steal-vpn-credentials-via-deepdata/
https://www.volexity.com/blog/2024/11/15/brazenbamboo-weaponizes-forticlient-vulnerability-to-steal-vpn-credentials-via-deepdata/
Volexity
BrazenBamboo Weaponizes FortiClient Vulnerability to Steal VPN Credentials via DEEPDATA
In July 2024, Volexity identified exploitation of a zero-day credential disclosure vulnerability in Fortinet’s Windows VPN client that allowed credentials to be stolen from the memory of the client’s process. This vulnerability was discovered while analyzing…
Forwarded from Sys-Admin Up (Yevgeniy Goncharov)
8 Free CyberSec & Networking Courses From Cisco
It may be useful to refresh your knowledge or learn something new:It may be useful to refresh your knowledge or learn something new:
1 Ethical Hacker
2 Junior Cybersecurity Analyst
3 Endpoint Security
4 Cyber Threat Management
5 Introduction to Cybersecurity
6 Network Defense
7 Network Addressing and Basic Troubleshooting
8 Networking Essentials
It may be useful to refresh your knowledge or learn something new:It may be useful to refresh your knowledge or learn something new:
1 Ethical Hacker
2 Junior Cybersecurity Analyst
3 Endpoint Security
4 Cyber Threat Management
5 Introduction to Cybersecurity
6 Network Defense
7 Network Addressing and Basic Troubleshooting
8 Networking Essentials
Netacad
Ethical Hacker
Become an ethical hacker and build your offensive security skills in this free online course - from Cisco Networking Academy. Sign up today!
Prompt Injecting Your Way To Shell: OpenAI's Containerized ChatGPT Environment
https://0din.ai/blog/prompt-injecting-your-way-to-shell-openai-s-containerized-chatgpt-environment
https://0din.ai/blog/prompt-injecting-your-way-to-shell-openai-s-containerized-chatgpt-environment
0din.ai
Prompt Injecting Your Way To Shell: OpenAI's Containerized ChatGPT Environment
Dive into OpenAI’s containerized ChatGPT environment, demonstrating how users can interact with its underlying structure through controlled prompt injections and file management techniques. By exploring ChatGPT's sandboxed Debian Bookworm environment, readers…
Malicious Facebook Ad Campaign Targeting Bitwarden Users
https://www.bitdefender.com/en-us/blog/labs/inside-bitdefender-labs-investigation-of-a-malicious-facebook-ad-campaign-targeting-bitwarden-users
https://www.bitdefender.com/en-us/blog/labs/inside-bitdefender-labs-investigation-of-a-malicious-facebook-ad-campaign-targeting-bitwarden-users
Bitdefender Labs
Inside Bitdefender Labs’ Investigation of a Malicious Facebook Ad Campaign Targeting Bitwarden Users
Throughout 2024, Bitdefender Labs has been closely monitoring a series of malvertising campaigns that exploit popular platforms to spread malware.
Forwarded from Sys-Admin Up (Yevgeniy Goncharov)
ModeLeak: Privilege Escalation to LLM Model Exfiltration in Vertex AI
https://unit42.paloaltonetworks.com/privilege-escalation-llm-model-exfil-vertex-ai/
https://unit42.paloaltonetworks.com/privilege-escalation-llm-model-exfil-vertex-ai/
Unit 42
ModeLeak: Privilege Escalation to LLM Model Exfiltration in Vertex AI
New research reveals two vulnerabilities in Google's Vertex AI that may lead to privilege escalation or data theft through custom jobs or malicious models. New research reveals two vulnerabilities in Google's Vertex AI that may lead to privilege escalation…
Ghost Tap: New cash-out tactic with NFC Relay
https://www.threatfabric.com/blogs/ghost-tap-new-cash-out-tactic-with-nfc-relay
https://www.threatfabric.com/blogs/ghost-tap-new-cash-out-tactic-with-nfc-relay
ThreatFabric
Ghost Tap: New cash-out tactic with NFC Relay
ThreatFabric analysts have discovered Ghost Tap: a new cash-out tactic involving relaying of NFC traffic that is actively abused by threat actors.
CWE Top 25 Most Dangerous Software Weaknesses from MITRE
https://cwe.mitre.org/top25/
list items:
- https://cwe.mitre.org/top25/archive/2024/2024_cwe_top25.html
https://cwe.mitre.org/top25/
list items:
- https://cwe.mitre.org/top25/archive/2024/2024_cwe_top25.html
cwe.mitre.org
CWE -
CWE Top 25 Most Dangerous Software Weaknesses
CWE Top 25 Most Dangerous Software Weaknesses
Common Weakness Enumeration (CWE) is a list of software and hardware weaknesses.
2000+ Palo Alto Firewalls Hacked Exploiting New Vulnerabilities
https://cybersecuritynews.com/2000-palo-alto-firewalls-hacked/
https://cybersecuritynews.com/2000-palo-alto-firewalls-hacked/
Cyber Security News
2000+ Palo Alto Firewalls Hacked Exploiting New Vulnerabilities
Over 2,000 Palo Alto Networks firewalls have been compromised in a widespread attack exploiting recently patched vulnerabilities.
When Guardians Become Predators: How Malware Corrupts the Protectors
https://www.trellix.com/blogs/research/when-guardians-become-predators-how-malware-corrupts-the-protectors/
https://www.trellix.com/blogs/research/when-guardians-become-predators-how-malware-corrupts-the-protectors/
Trellix
When Guardians Become Predators: How Malware Corrupts the Protectors
We often trust our security software to stand as an unbreakable wall against malware and attacks, but what happens when that very wall is weaponized against us?
IT workers masquerade as individuals from different countries to perform legitimate IT work and hack employers, focus areas are:
- Stealing money or cryptocurrency
- Stealing information pertaining to weapons systems, sanctions information, and policy-related decisions
- Performing IT work to generate revenue to help fund various activities
About of masquerading, social engeneering and not only:
https://www.microsoft.com/en-us/security/blog/2024/11/22/microsoft-shares-latest-intelligence-on-north-korean-and-chinese-threat-actors-at-cyberwarcon/
- Stealing money or cryptocurrency
- Stealing information pertaining to weapons systems, sanctions information, and policy-related decisions
- Performing IT work to generate revenue to help fund various activities
About of masquerading, social engeneering and not only:
https://www.microsoft.com/en-us/security/blog/2024/11/22/microsoft-shares-latest-intelligence-on-north-korean-and-chinese-threat-actors-at-cyberwarcon/
Microsoft News
Microsoft shares latest intelligence on North Korean and Chinese threat actors at CYBERWARCON
At CYBERWARCON 2024, Microsoft Threat Intelligence analysts will share research and insights on North Korean and Chinese threat actors representing years of threat actor tracking, infrastructure monitoring and disruption, and their attack tooling.
SpyLoan: A Global Threat Exploiting Social Engineering
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/spyloan-a-global-threat-exploiting-social-engineering/
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/spyloan-a-global-threat-exploiting-social-engineering/
McAfee Blog
SpyLoan: A Global Threat Exploiting Social Engineering | McAfee Blog
Authored by: Fernando Ruiz The McAfee mobile research team recently identified a significant global increase of SpyLoan, also known as predatory
Forwarded from Sys-Admin Up (Yevgeniy Goncharov)
LogoFAIL Exploited to Deploy Bootkitty, the first UEFI bootkit for Linux
https://www.binarly.io/blog/logofail-exploited-to-deploy-bootkitty-the-first-uefi-bootkit-for-linux
https://www.binarly.io/blog/logofail-exploited-to-deploy-bootkitty-the-first-uefi-bootkit-for-linux
www.binarly.io
LogoFAIL Exploited to Deploy Bootkitty, the first UEFI bootkit for Linux
Binarly researchers find a direct connection between the newly discovered Bootkitty Linux bootkit and exploitation of the LogoFAIL image parsing vulnerabilities reported more than a year ago
Meeten Malware: A Cross-Platform Threat to Crypto Wallets on macOS and Windows
https://www.cadosecurity.com/blog/meeten-malware-threat
https://www.cadosecurity.com/blog/meeten-malware-threat
Darktrace
Meeten Malware: A Cross-Platform Threat to Crypto Wallets on macOS and Windows
Cado Security Labs (now part of Darktrace) identified a campaign that uses AI to social engineer victims into downloading low detected malware.