Dissecting REMCOS RAT: An in- depth analysis of a widespread 2024 malware
Introduction about the REMCOS threat and dive into the first half of its execution flow, from loading its configuration to cleaning the infected machine web browsers:
https://www.elastic.co/security-labs/dissecting-remcos-rat-part-two
Introduction about the REMCOS threat and dive into the first half of its execution flow, from loading its configuration to cleaning the infected machine web browsers:
https://www.elastic.co/security-labs/dissecting-remcos-rat-part-two
www.elastic.co
Dissecting REMCOS RAT: An in-depth analysis of a widespread 2024 malware, Part Two — Elastic Security Labs
In the previous article in this series on the REMCOS implant, we shared information about execution, persistence, and defense evasion mechanisms. Continuing this series we’ll cover the second half of its execution flow and you’ll learn more about REMCOS recording…
/ DNS traffic can leak outside the VPN tunnel on Android
https://mullvad.net/en/blog/dns-traffic-can-leak-outside-the-vpn-tunnel-on-android
https://mullvad.net/en/blog/dns-traffic-can-leak-outside-the-vpn-tunnel-on-android
Mullvad VPN
DNS traffic can leak outside the VPN tunnel on Android | Mullvad VPN
We were recently made aware of multiple potential DNS leaks on Android. They stem from bugs in Android itself, and only affect certain apps.
/ Android.Click.414.origin
Среди инфицированных приложений в магазине Google Play встречаются Love Spouse (для управления товарами для взрослых) и QRunning (трекер физической активности). Суммарное количество устройств, на которые установлены приложения, составляет 1,5 миллиона.:
https://vms.drweb.ru/virus/?i=28241868
Среди инфицированных приложений в магазине Google Play встречаются Love Spouse (для управления товарами для взрослых) и QRunning (трекер физической активности). Суммарное количество устройств, на которые установлены приложения, составляет 1,5 миллиона.:
https://vms.drweb.ru/virus/?i=28241868
Dr.Web
Android.Click.414.origin — Как быстро найти вирус в вирусной базе антивируса Dr.Web
Данный троян-кликер является модификацией Android.Click.410.origin, который был выявлен вирусными аналитиками «Доктор Веб» 28 апреля 2023 года. Описываемый троян встраивается в ...
Malware: Cuckoo Behaves Like Cross Between Infostealer and Spyware
..that can run on Intel or ARM-based Mac computers.
Technical analysys:
https://blog.kandji.io/malware-cuckoo-infostealer-spyware
..that can run on Intel or ARM-based Mac computers.
Technical analysys:
https://blog.kandji.io/malware-cuckoo-infostealer-spyware
The-Sequence
Malware: Cuckoo Behaves Like Cross Between Infostealer and Spyware
Kandji's threat research team has discovered a piece of malware that combines aspects of an infostealer and spyware. Here's how it works.
Detecting_Brute_Force_Attacks_1715178386.pdf
1.6 MB
Detecting Brute Force
Attacks
Attacks
CCTV - Close-Circuit Telegram Vision revolutionizes location tracking with its open-source design and Telegram API integration.
https://github.com/IvanGlinkin/CCTV?tab=readme-ov-file
https://github.com/IvanGlinkin/CCTV?tab=readme-ov-file
GitHub
GitHub - IvanGlinkin/CCTV: Close-Circuit Telegram Vision revolutionizes location tracking with its open-source design and Telegram…
Close-Circuit Telegram Vision revolutionizes location tracking with its open-source design and Telegram API integration. Offering precise tracking within 50-100 meters, users can monitor others in ...
VULNERABILITIES IN NEXT-GEN BIG-IP
https://eclypsium.com/blog/big-vulnerabilities-in-next-gen-big-ip/
https://eclypsium.com/blog/big-vulnerabilities-in-next-gen-big-ip/
Eclypsium | Supply Chain Security for the Modern Enterprise
Big Vulnerabilities in Next-Gen BIG-IP
Eclypsium Research discovered and reported severe remotely exploitable vulnerabilities in F5’s Next Central Manager that could grant attackers full administrative control, allowing them to create hidden accounts on any F5 assets it manages.
Using MITM to bypass FIDO2 phishing-resistant protection
What is FIDO2 - is a modern authentication group term for passwordless authentication. The Fast Identity Online (FIDO) Alliance developed it to replace the use of legacy known passwords and provide a secure method to authenticate using a physical or embedded key...
https://www.silverfort.com/blog/using-mitm-to-bypass-fido2/
What is FIDO2 - is a modern authentication group term for passwordless authentication. The Fast Identity Online (FIDO) Alliance developed it to replace the use of legacy known passwords and provide a secure method to authenticate using a physical or embedded key...
https://www.silverfort.com/blog/using-mitm-to-bypass-fido2/
Silverfort
Using MITM to bypass FIDO2 phishing-resistant protection
In this article, Senior Security Researcher Dor Segal will take you through his research uncovering how to use MITM attacks to bypass FIDO2.
Unmasking Tycoon 2FA: A Stealthy Phishing Kit Used to Bypass Microsoft 365 and Google MFA
Tycoon 2FA is a phishing-as-a-service (PhaaS) platform that was first seen in August 2023. Like many phish kits, it bypasses multifactor authentication (MFA) protections and poses a significant threat to users. Lately, Tycoon 2FA has been grabbing headlines because of its role in ongoing campaigns designed to target Microsoft 365 and Gmail accounts.
This blog post is a rundown of how these attacks work, how they’re evolving, what they look like in the real world..:
https://www.proofpoint.com/us/blog/email-and-cloud-threats/tycoon-2fa-phishing-kit-mfa-bypass
Tycoon 2FA is a phishing-as-a-service (PhaaS) platform that was first seen in August 2023. Like many phish kits, it bypasses multifactor authentication (MFA) protections and poses a significant threat to users. Lately, Tycoon 2FA has been grabbing headlines because of its role in ongoing campaigns designed to target Microsoft 365 and Gmail accounts.
This blog post is a rundown of how these attacks work, how they’re evolving, what they look like in the real world..:
https://www.proofpoint.com/us/blog/email-and-cloud-threats/tycoon-2fa-phishing-kit-mfa-bypass
Proofpoint
Tycoon 2FA: Phishing Kit Being Used to Bypass MFA | Proofpoint US
Explore Tycoon 2FA, a sophisticated phishing kit used to bypass MFA. Learn how it works, what an attack looks like, detection techniques and more.
Mastering S.O.L.I.D Principles: Easy Examples (on React) and Best Practices
https://dev.to/drruvari/mastering-solid-principles-in-react-easy-examples-and-best-practices-142b
https://dev.to/drruvari/mastering-solid-principles-in-react-easy-examples-and-best-practices-142b
DEV Community
Mastering S.O.L.I.D Principles in React: Easy Examples and Best Practices
Single Responsibility Principle (SRP) A component should have only one reason to change,...
1. Be vigilant:
* Don't trust public Wi-Fi networks.
* Verify the network name.
* Disable automatic network connection.
* Avoid using public Wi-Fi for sensitive matters.
2. Use additional security measures:
* Turn on a VPN (if exists).
* Update your software.
* Use two-factor authentication.
3. Be careful what you do:
* Do not download files from unknown websites.
* Do not open suspicious links.
* Do not use cracked software
4. Use mobile internet:
* If possible, use mobile internet instead of Wi-Fi.
5. Additional tips:
* Use HTTPS websites.
* Use secure DoH services, like Cloudflare, OpenBLD.net etc.
Remember:
- Following these simple tips will help you protect your data and devices when using public Wi-Fi.
Do you use public WiFi away from home?)
Please open Telegram to view this post
VIEW IN TELEGRAM
Gemini will get even better at understanding context to assist you in getting things done
Legitimate spying in Android:
https://blog.google/products/android/google-ai-android-update-io-2024/
Legitimate spying in Android:
https://blog.google/products/android/google-ai-android-update-io-2024/
Google
Experience Google AI in even more ways on Android
Here’s more ways you can experience Google AI on Android. Learn how on-device AI is changing what your phone can do.
GitCaught: Threat Actor Leverages GitHub Repository for Malicious Infrastructure
https://go.recordedfuture.com/hubfs/reports/cta-2024-0514.pdf
https://go.recordedfuture.com/hubfs/reports/cta-2024-0514.pdf
HTTP/2 Continuation Flood (and POC)
The
https://blog.kybervandals.com/http-2-continuation-flood-and-poc/
The
CONTINUATION Flood is a class of vulnerabilities within numerous HTTP/2 protocol implementations. In many cases, it poses a more severe threat compared to the Rapid Reset: a single machine (and in certain instances, a mere single TCP connection or a handful of frames) has the potential to disrupt server availability, with consequences ranging from server crashes to substantial performance degradation. Remarkably, requests that constitute an attack are not visible in HTTP access logs.https://blog.kybervandals.com/http-2-continuation-flood-and-poc/
Startup-Playbook-from-Sam-Altman.pdf
1.2 MB
Startup Playbook from Sam Altman
This is meant for people new to the world of startups. Most of this will not be new to people who have read a lot of what YC partners have written—the goal is to get it into one place:
https://playbook.samaltman.com/
This is meant for people new to the world of startups. Most of this will not be new to people who have read a lot of what YC partners have written—the goal is to get it into one place:
https://playbook.samaltman.com/
Ransomware incident response plan.pdf
787.7 KB
The incident response cycle, applied to ransomware
Git CVE-2024-32002 - This allows writing a hook that will be executed while the clone operation is still running, giving the user no opportunity to inspect the code that is being executed
Got vesrsions: 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, 2.39.4
git config --global core.symlinks false can be disable this attack vector
https://nvd.nist.gov/vuln/detail/CVE-2024-32002
PoC: https://github.com/szybnev/git_rce/blob/main/create_poc.sh
P.S. Thx Tatyana for the reporting ✌️
Got vesrsions: 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, 2.39.4
git config --global core.symlinks false can be disable this attack vector
https://nvd.nist.gov/vuln/detail/CVE-2024-32002
PoC: https://github.com/szybnev/git_rce/blob/main/create_poc.sh
P.S. Thx Tatyana for the reporting ✌️
GitHub
git_rce/create_poc.sh at main · szybnev/git_rce
Exploit PoC for CVE-2024-32002. Contribute to szybnev/git_rce development by creating an account on GitHub.
Как чувство осознанности может повлиять на безопасность жизни?
Мое интервью на тему кибербезопасности, как можно обезопасить себя, свое окружение, следить за собой - быть осторожным.
Отдельное спасибо хочу выразить авторам проекта Commutator Казахстан - Узлу связи между государством, бизнесом, обществом и масс-медиа и в частности Татьяне Бендзь за интересно поднятую тему.
Как вести себя с умными колонками, что делать нашим бабушкам и дедушкам в эпоху цифровизации, что такое OpenBLD.net и зачем существует этот проект.
Приятного и полезного просмотра (титры на Казахском, Русском языках присутствуют):
- https://youtu.be/MxWD1N0Bmv8?si=nSmTxUH_AAzsng-5
Детали проекта Commutator о чем он, множество других интересных интервью можно посмотреть на официальном сайте проекта:
- https://commutator.tilda.ws/
Мое интервью на тему кибербезопасности, как можно обезопасить себя, свое окружение, следить за собой - быть осторожным.
Отдельное спасибо хочу выразить авторам проекта Commutator Казахстан - Узлу связи между государством, бизнесом, обществом и масс-медиа и в частности Татьяне Бендзь за интересно поднятую тему.
Как вести себя с умными колонками, что делать нашим бабушкам и дедушкам в эпоху цифровизации, что такое OpenBLD.net и зачем существует этот проект.
Приятного и полезного просмотра (титры на Казахском, Русском языках присутствуют):
- https://youtu.be/MxWD1N0Bmv8?si=nSmTxUH_AAzsng-5
Детали проекта Commutator о чем он, множество других интересных интервью можно посмотреть на официальном сайте проекта:
- https://commutator.tilda.ws/
YouTube
Как защитить себя в интернете: кибербезопасность и искусственный интеллект (қазақша субтитрлер)
Почти 15 тысяч кибератак было зарегистрировано в казнете за первые три месяца 2024-го. За аналогичный период прошлого года их было всего 4,3 тысячи. То есть, за год количество кибератак выросло втрое. Такой статистикой недавно поделился ресурс factcheck.kz…
A technical look at a threat
actor’s ever-evolving tools and
tactics
https://blogapp.bitdefender.com/labs/content/files/2024/05/Bitdefender-Report-DeepDive-creat7721-en_EN.pdf
actor’s ever-evolving tools and
tactics
https://blogapp.bitdefender.com/labs/content/files/2024/05/Bitdefender-Report-DeepDive-creat7721-en_EN.pdf
Terraform Beginners Guide and Demos to Practice
https://github.com/venkateshk111/terraform-beginners-guide
https://github.com/venkateshk111/terraform-beginners-guide
GitHub
GitHub - venkateshk111/terraform-beginners-guide: Terraform Beginners Guide and Demos to Practice
Terraform Beginners Guide and Demos to Practice. Contribute to venkateshk111/terraform-beginners-guide development by creating an account on GitHub.