GitCaught: Threat Actor Leverages GitHub Repository for Malicious Infrastructure

https://go.recordedfuture.com/hubfs/reports/cta-2024-0514.pdf

HTTP/2 Continuation Flood (and POC)

The CONTINUATION Flood is a class of vulnerabilities within numerous HTTP/2 protocol implementations. In many cases, it poses a more severe threat compared to the Rapid Reset: a single machine (and in certain instances, a mere single TCP connection or a handful of frames) has the potential to disrupt server availability, with consequences ranging from server crashes to substantial performance degradation. Remarkably, requests that constitute an attack are not visible in HTTP access logs.

https://blog.kybervandals.com/http-2-continuation-flood-and-poc/

Startup Playbook from Sam Altman

This is meant for people new to the world of startups. Most of this will not be new to people who have read a lot of what YC partners have written—the goal is to get it into one place:

https://playbook.samaltman.com/

The incident response cycle, applied to ransomware

OWASP dep-scan

https://github.com/owasp-dep-scan/dep-scan

Git CVE-2024-32002 - This allows writing a hook that will be executed while the clone operation is still running, giving the user no opportunity to inspect the code that is being executed

Got vesrsions: 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, 2.39.4

git config --global core.symlinks false can be disable this attack vector

https://nvd.nist.gov/vuln/detail/CVE-2024-32002

PoC: https://github.com/szybnev/git_rce/blob/main/create_poc.sh

P.S. Thx Tatyana for the reporting ✌️

Как чувство осознанности может повлиять на безопасность жизни?

Мое интервью на тему кибербезопасности, как можно обезопасить себя, свое окружение, следить за собой - быть осторожным.

Отдельное спасибо хочу выразить авторам проекта Commutator Казахстан - Узлу связи между государством, бизнесом, обществом и масс-медиа и в частности Татьяне Бендзь за интересно поднятую тему.

Как вести себя с умными колонками, что делать нашим бабушкам и дедушкам в эпоху цифровизации, что такое OpenBLD.net и зачем существует этот проект.

Приятного и полезного просмотра (титры на Казахском, Русском языках присутствуют):

- https://youtu.be/MxWD1N0Bmv8?si=nSmTxUH_AAzsng-5

Детали проекта Commutator о чем он, множество других интересных интервью можно посмотреть на официальном сайте проекта:

- https://commutator.tilda.ws/

A technical look at a threat
actor’s ever-evolving tools and
tactics

https://blogapp.bitdefender.com/labs/content/files/2024/05/Bitdefender-Report-DeepDive-creat7721-en_EN.pdf

Terraform Beginners Guide and Demos to Practice

https://github.com/venkateshk111/terraform-beginners-guide

Freeway is a Python scapy-based tool for WiFi penetration that aim to help ethical hackers and pentesters develop their skills and knowledge in auditing and securing home or enterprise networks.

https://github.com/FLOCK4H/Freeway

Disrupting FlyingYeti's campaign

FlyingYeti is the cryptonym given by Cloudforce One to the threat group behind this phishing campaign, which overlaps with UAC-0149 activity tracked by CERT-UA in February and April 2024.

https://blog.cloudflare.com/disrupting-flyingyeti-campaign-targeting-ukraine

Chrome Manifest v2 RIP coming soon . Google has set the first date for getting rid of the manifest for this version.

Starting on June 3 on the Chrome Beta, Dev and Canary channels, if users still have Manifest V2 extensions installed, some will start to see a warning banner when visiting their extension management page..:

https://blog.chromium.org/2024/05/manifest-v2-phase-out-begins.html

Confluence Data Center and Server Remote Code Execution Vulnerability

Technical Overview:

https://blog.sonicwall.com/en-us/2024/05/confluence-data-center-and-server-remote-code-execution-vulnerability/

Hacking Millions of Modems (and Investigating Who Hacked My Modem)

Big story with step by step examples..:

https://samcurry.net/hacking-millions-of-modems

Bypass Windows Defender 2024 - Windows Cyber Security

Video. The video provides a step-by-step demonstration on modifying the source code of the FilelessPELoader project, resulting in the loader being undetected by Windows Defender:

- https://youtu.be/NmB2MPAafTo?si=yEotdtVzYUmFYdC7

What’s Going on With Check Point (CVE-2024-24919)?

https://www.greynoise.io/blog/whats-going-on-with-checkpoint-cve-2024-24919

Bypassing Veeam Authentication CVE-2024-29849

https://summoning.team/blog/veeam-enterprise-manager-cve-2024-29849-auth-bypass/

Noodle RAT: Reviewing the Backdoor

https://www.trendmicro.com/en_us/research/24/f/noodle-rat-reviewing-the-new-backdoor-used-by-chinese-speaking-g.html

/ Dipping into Danger: The WARMCOOKIE backdoor

https://www.elastic.co/security-labs/dipping-into-danger

Windows Wi-Fi Driver Remote Code Execution Vulnerability

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-30078

Modern Approaches To Network Access Security from CISA (Publication: June 18, 2024)