Weaponizing WDAC: Killing the Dreams of EDR
Windows Defender Application Control (WDAC) is a technology introduced with and automatically enabled by default on Windows 10+ and Windows Server 2016+ that allows organizations fine grained control over the executable code that is permitted to run on their Windows machines...:
https://beierle.win/2024-12-20-Weaponizing-WDAC-Killing-the-Dreams-of-EDR/
Windows Defender Application Control (WDAC) is a technology introduced with and automatically enabled by default on Windows 10+ and Windows Server 2016+ that allows organizations fine grained control over the executable code that is permitted to run on their Windows machines...:
https://beierle.win/2024-12-20-Weaponizing-WDAC-Killing-the-Dreams-of-EDR/
Jonathan Beierle
Weaponizing WDAC: Killing the Dreams of EDR
Inside FireScam : An Information Stealer with Spyware Capabilities
This report explores the mechanics of FireScam, a sophisticated Android malware masquerading as a Telegram Premium app. Through in-depth analysis, authors aim to shed light on its distribution methods, operational features, and the broader implications of its malicious activities.
The findings highlight the malware’s capabilities and the critical need for robust security measures to counteract such threats..:
https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/
This report explores the mechanics of FireScam, a sophisticated Android malware masquerading as a Telegram Premium app. Through in-depth analysis, authors aim to shed light on its distribution methods, operational features, and the broader implications of its malicious activities.
The findings highlight the malware’s capabilities and the critical need for robust security measures to counteract such threats..:
https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/
CYFIRMA
Inside FireScam : An Information Stealer with Spyware Capabilities - CYFIRMA
This report has been revised to remove references to the obfuscation tool previously mentioned, as the obfuscation techniques in the...
99.999999% probability AI will end humanity.
Vitalik Buterin proposes a "global soft pause button" to cut AI computing power by 90-99% for 1-2 years — giving ample time to prepare for potential existential doom
Fully agree. Scynet coming:
https://www.windowscentral.com/software-apps/vitalik-buterin-proposes-a-global-soft-pause-button-to-cut-ai
Vitalik Buterin proposes a "global soft pause button" to cut AI computing power by 90-99% for 1-2 years — giving ample time to prepare for potential existential doom
Fully agree. Scynet coming:
https://www.windowscentral.com/software-apps/vitalik-buterin-proposes-a-global-soft-pause-button-to-cut-ai
Windows Central
Vitalik Buterin proposes a "global soft pause button" to cut AI computing power by 90-99% for 1-2 years — giving ample time to…
Ethereum's co-founder recommends a soft pause to establish control over the rapid advancement of AI and potential catastrophic harm.
Forwarded from Sys-Admin Up (Yevgeniy Goncharov)
Please open Telegram to view this post
VIEW IN TELEGRAM
Analyzing CVE-2024-44243, a macOS System Integrity Protection bypass through kernel extensions
https://www.microsoft.com/en-us/security/blog/2025/01/13/analyzing-cve-2024-44243-a-macos-system-integrity-protection-bypass-through-kernel-extensions/
https://www.microsoft.com/en-us/security/blog/2025/01/13/analyzing-cve-2024-44243-a-macos-system-integrity-protection-bypass-through-kernel-extensions/
Microsoft News
Analyzing CVE-2024-44243, a macOS System Integrity Protection bypass through kernel extensions
Microsoft discovered a macOS vulnerability allowing attackers to bypass System Integrity Protection (SIP) by loading third party kernel extensions, which could lead to serious consequences, such as allowing attackers to install rootkits, create persistent…
Console Chaos: A Campaign Targeting Publicly Exposed Management Interfaces on Fortinet FortiGate Firewalls
https://arcticwolf.com/resources/blog/console-chaos-targets-fortinet-fortigate-firewalls/
https://arcticwolf.com/resources/blog/console-chaos-targets-fortinet-fortigate-firewalls/
Arctic Wolf
Console Chaos: A Campaign Targeting Publicly Exposed Management Interfaces on Fortinet FortiGate Firewalls - Arctic Wolf
Arctic Wolf Labs identified a campaign targeting Fortinet FortiGate firewall devices with exposed management interfaces.
The great Google Ads heist: criminals ransack advertiser accounts via fake Google ads
https://www.malwarebytes.com/blog/news/2025/01/the-great-google-ads-heist-criminals-ransack-advertiser-accounts-via-fake-google-ads
https://www.malwarebytes.com/blog/news/2025/01/the-great-google-ads-heist-criminals-ransack-advertiser-accounts-via-fake-google-ads
Malwarebytes
The great Google Ads heist: criminals ransack advertiser accounts via fake Google ads
An ongoing malvertising campaign steals Google advertiser accounts via fraudulent ads for Google Ads itself.
One Mikro Typo: How a simple DNS misconfiguration enables malware delivery botnet
This botnet uses a global network of Mikrotik routers to send malicious emails that are designed to appear to come from legitimate domains..:
https://blogs.infoblox.com/threat-intelligence/one-mikro-typo-how-a-simple-dns-misconfiguration-enables-malware-delivery-by-a-russian-botnet/
This botnet uses a global network of Mikrotik routers to send malicious emails that are designed to appear to come from legitimate domains..:
https://blogs.infoblox.com/threat-intelligence/one-mikro-typo-how-a-simple-dns-misconfiguration-enables-malware-delivery-by-a-russian-botnet/
Infoblox Blog
How A Large-Scale Russian Botnet Operation Stays Under the Radar
Russian threat actors combine domain name vulnerabilities with hidden router proxy techniques to scale their attacks while remaining shielded from detection.
Forwarded from OpenBLD.net (Yevgeniy Goncharov)
Excited to introduce the next milestone in the evolution of the open DNS service OpenBLD.net! Here’s what’s new:
• Speed – UNIX sockets + Caching + Load Balancing
• Efficiency – Port reuse allows multiple instances to run on the same port
• Load Balancing – Zero logs (except for errors) for maximum performance
• Memory Optimization – The core binaries take up just 6MB, with the cache stored in binary form, totaling only 11MB
• Buffered Disk Writes – When necessary, writes go through dedicated buffers (tested at 10 million entries in 3.3 seconds)
🔐 Security – Supports Prometheus, SIEM, and Syslog exports for advanced monitoring (for business usage needs)
New mechanisms unlock new possibilities—helping you maintain cyber hygiene, save time, and protect your privacy.
Easy setup: https://openbld.net/docs/category/get-started/
Stay safe. Stay free. Peace to all! ✌️
Please open Telegram to view this post
VIEW IN TELEGRAM
ClamAV OLE2 File Format Decryption Denial of Service Vulnerability
A vulnerability in the Object Linking and Embedding 2 (OLE2) decryption routine of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-ole2-H549rphA
A vulnerability in the Object Linking and Embedding 2 (OLE2) decryption routine of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-ole2-H549rphA
Cisco
Cisco Security Advisory: ClamAV OLE2 File Format Decryption Denial of Service Vulnerability
A vulnerability in the Object Linking and Embedding 2 (OLE2) decryption routine of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
This vulnerability is due to an integer underflow…
This vulnerability is due to an integer underflow…
PlushDaemon compromises supply chain of Korean VPN service
supply-chain attack research:
https://www.welivesecurity.com/en/eset-research/plushdaemon-compromises-supply-chain-korean-vpn-service/
supply-chain attack research:
https://www.welivesecurity.com/en/eset-research/plushdaemon-compromises-supply-chain-korean-vpn-service/
Welivesecurity
PlushDaemon compromises supply chain of Korean VPN service
ESET researchers uncover a supply-chain attack against a VPN provider in South Korea by a new China-aligned APT group we have named PlushDaemon.
AWS re:Invent re:Cap в Алматы
AWS re:Invent — здесь Amazon Web Services показывает, каким будет IT завтра. Разбор ключевых анонсов, трендов и новинок, всё самое важное и практичное, можно узнать не летая в Лас-Вегас.
Что будет:
• Самые свежие технологии в облаках, данных, AI/ML и DevOps.
• Полезные инсайты и идеи для вашего бизнеса и проектов.
• Лайфхаки от практиков AWS, которые знают, как это работает в реальной жизни.
• 30 января, 19:00. Алматы, ул. Ходжанова 2/2, MOST IT Hub (8 этаж).
Вход бесплатный.
Спикеры
• Антон Коваленко — 20 лет в IT, Senior Solutions Architect в AWS.
• Александр Бернадский — 15+ лет опыта, Solutions Architect в AWS.
• Мест немного, регистрация здесь
AWS re:Invent — здесь Amazon Web Services показывает, каким будет IT завтра. Разбор ключевых анонсов, трендов и новинок, всё самое важное и практичное, можно узнать не летая в Лас-Вегас.
Что будет:
• Самые свежие технологии в облаках, данных, AI/ML и DevOps.
• Полезные инсайты и идеи для вашего бизнеса и проектов.
• Лайфхаки от практиков AWS, которые знают, как это работает в реальной жизни.
• 30 января, 19:00. Алматы, ул. Ходжанова 2/2, MOST IT Hub (8 этаж).
Вход бесплатный.
Спикеры
• Антон Коваленко — 20 лет в IT, Senior Solutions Architect в AWS.
• Александр Бернадский — 15+ лет опыта, Solutions Architect в AWS.
• Мест немного, регистрация здесь
RID Hijacking Technique
RID Hijacking is typically performed by manipulating the Security Account Manager (SAM) database. Threat actors can create an administrator account or escalate privileges to gain administrator access without knowing the password..:
https://asec.ahnlab.com/en/85942/
RID Hijacking is typically performed by manipulating the Security Account Manager (SAM) database. Threat actors can create an administrator account or escalate privileges to gain administrator access without knowing the password..:
https://asec.ahnlab.com/en/85942/
ASEC
RID Hijacking Technique Utilized by Andariel Attack Group - ASEC
RID Hijacking Technique Utilized by Andariel Attack Group ASEC
119 vulnerabilities in LTE/5G (some with RCE)
Cellular networks are considered critical infrastructure both for day-to-day communication and emergency services, to the extend that their availability and reliability is often highly regulated by government agencies... what happens if they suddenly become unavailable?
Research:
https://cellularsecurity.org/ransacked
Cellular networks are considered critical infrastructure both for day-to-day communication and emergency services, to the extend that their availability and reliability is often highly regulated by government agencies... what happens if they suddenly become unavailable?
Research:
https://cellularsecurity.org/ransacked
Browser Syncjacking: How Any Browser Extension can Be Used to Takeover Your Device
https://labs.sqrx.com/browser-syncjacking-cc602ea0cbd0
https://labs.sqrx.com/browser-syncjacking-cc602ea0cbd0
Medium
Browser Syncjacking: How Any Browser Extension can Be Used to Takeover Your Device
SquareX’s Research Team Discovers a Vulnerability that Puts Millions of Users At Risk
Unauthorized Data Upload in Alibaba Cloud Object Storage Service
https://medium.com/@muhammadwaseem29/unauthorized-data-upload-in-alibaba-cloud-object-storage-service-cefa6abcef7f
https://medium.com/@muhammadwaseem29/unauthorized-data-upload-in-alibaba-cloud-object-storage-service-cefa6abcef7f
Medium
Unauthorized Data Upload in Alibaba Cloud Object Storage Service
Assalam o Alaikum!
Forwarded from Sys-Admin Up (Yevgeniy Goncharov)
Active Directory Domain Services Elevation of Privilege Vulnerability (CVE-2025-21293)
https://birkep.github.io/posts/Windows-LPE/
https://birkep.github.io/posts/Windows-LPE/
A tale of mediocracy
Active Directory Domain Services Elevation of Privilege Vulnerability (CVE-2025-21293)
Introduction
Mobile Indian Cyber Heist: FatBoyPanel And His Massive Data Breach
https://www.zimperium.com/blog/mobile-indian-cyber-heist-fatboypanel-and-his-massive-data-breach/
https://www.zimperium.com/blog/mobile-indian-cyber-heist-fatboypanel-and-his-massive-data-breach/
Zimperium
Mobile Indian Cyber Heist: FatBoyPanel And His Massive Data Breach
true
Weaponizing Background Images for Information Disclosure && LPE: AnyDesk CVE-2024-12754, ZDI-24-1711
https://mansk1es.gitbook.io/AnyDesk_CVE-2024-12754
https://mansk1es.gitbook.io/AnyDesk_CVE-2024-12754
mansk1es.gitbook.io
Weaponizing Background Images for Information Disclosure && LPE: AnyDesk CVE-2024-12754, ZDI-24-1711 | AnyDesk CVE-2024-12754
AnyDesk is a popular personal and enterprise software for remote administration distributed by AnyDesk Software GmbH. This post will dive into the vulnerability I found on AnyDesk mid of the year.
Leaking the email of any YouTube user for $10,000
https://brutecat.com/articles/leaking-youtube-emails
https://brutecat.com/articles/leaking-youtube-emails
brutecat.com
Leaking the email of any YouTube user for $10,000
What could've been the largest data breach in the world - an attack chain on Google services to leak the email address of any YouTube channel
Forwarded from OpenBLD.net (Yevgeniy Goncharov)
This is undoubtedly an innovation. OpenBLD.net smart balancing service is now a separate project, introducing key features:
► Detects slow servers before they start lagging
► If an upstream server shows an increase in timeouts or errors → ML predicts potential failures and automatically prepares backup routes before the infrastructure starts "firing"
► Based on historical data, ML knows when servers experience peak loads (e.g., during lunch hours or at the end of the workday)
► Instead of reacting to downtime, it distributes traffic efficiently in advance
► Reduces latency and timeouts by proactively optimizing traffic distribution
► And much more, including environmental factors such as server energy consumption optimization
The balancer operates like a living organism, learning and adapting to conditions on its own)
How does this benefit users?
🚀 More autonomy and focus on your own development.
⚡ More speed.
📢 This week, the updated balancers will be seamlessly integrated into ADA’s infrastructure—the only thing you might notice is the increased speed.
✌️ Stay fast, stay optimized!
Please open Telegram to view this post
VIEW IN TELEGRAM