The incident response cycle, applied to ransomware

OWASP dep-scan

https://github.com/owasp-dep-scan/dep-scan

Git CVE-2024-32002 - This allows writing a hook that will be executed while the clone operation is still running, giving the user no opportunity to inspect the code that is being executed

Got vesrsions: 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, 2.39.4

git config --global core.symlinks false can be disable this attack vector

https://nvd.nist.gov/vuln/detail/CVE-2024-32002

PoC: https://github.com/szybnev/git_rce/blob/main/create_poc.sh

P.S. Thx Tatyana for the reporting ✌️

Как чувство осознанности может повлиять на безопасность жизни?

Мое интервью на тему кибербезопасности, как можно обезопасить себя, свое окружение, следить за собой - быть осторожным.

Отдельное спасибо хочу выразить авторам проекта Commutator Казахстан - Узлу связи между государством, бизнесом, обществом и масс-медиа и в частности Татьяне Бендзь за интересно поднятую тему.

Как вести себя с умными колонками, что делать нашим бабушкам и дедушкам в эпоху цифровизации, что такое OpenBLD.net и зачем существует этот проект.

Приятного и полезного просмотра (титры на Казахском, Русском языках присутствуют):

- https://youtu.be/MxWD1N0Bmv8?si=nSmTxUH_AAzsng-5

Детали проекта Commutator о чем он, множество других интересных интервью можно посмотреть на официальном сайте проекта:

- https://commutator.tilda.ws/

A technical look at a threat
actor’s ever-evolving tools and
tactics

https://blogapp.bitdefender.com/labs/content/files/2024/05/Bitdefender-Report-DeepDive-creat7721-en_EN.pdf

Terraform Beginners Guide and Demos to Practice

https://github.com/venkateshk111/terraform-beginners-guide

Freeway is a Python scapy-based tool for WiFi penetration that aim to help ethical hackers and pentesters develop their skills and knowledge in auditing and securing home or enterprise networks.

https://github.com/FLOCK4H/Freeway

Disrupting FlyingYeti's campaign

FlyingYeti is the cryptonym given by Cloudforce One to the threat group behind this phishing campaign, which overlaps with UAC-0149 activity tracked by CERT-UA in February and April 2024.

https://blog.cloudflare.com/disrupting-flyingyeti-campaign-targeting-ukraine

Chrome Manifest v2 RIP coming soon . Google has set the first date for getting rid of the manifest for this version.

Starting on June 3 on the Chrome Beta, Dev and Canary channels, if users still have Manifest V2 extensions installed, some will start to see a warning banner when visiting their extension management page..:

https://blog.chromium.org/2024/05/manifest-v2-phase-out-begins.html

Confluence Data Center and Server Remote Code Execution Vulnerability

Technical Overview:

https://blog.sonicwall.com/en-us/2024/05/confluence-data-center-and-server-remote-code-execution-vulnerability/

Hacking Millions of Modems (and Investigating Who Hacked My Modem)

Big story with step by step examples..:

https://samcurry.net/hacking-millions-of-modems

Bypass Windows Defender 2024 - Windows Cyber Security

Video. The video provides a step-by-step demonstration on modifying the source code of the FilelessPELoader project, resulting in the loader being undetected by Windows Defender:

- https://youtu.be/NmB2MPAafTo?si=yEotdtVzYUmFYdC7

What’s Going on With Check Point (CVE-2024-24919)?

https://www.greynoise.io/blog/whats-going-on-with-checkpoint-cve-2024-24919

Bypassing Veeam Authentication CVE-2024-29849

https://summoning.team/blog/veeam-enterprise-manager-cve-2024-29849-auth-bypass/

Noodle RAT: Reviewing the Backdoor

https://www.trendmicro.com/en_us/research/24/f/noodle-rat-reviewing-the-new-backdoor-used-by-chinese-speaking-g.html

/ Dipping into Danger: The WARMCOOKIE backdoor

https://www.elastic.co/security-labs/dipping-into-danger

Windows Wi-Fi Driver Remote Code Execution Vulnerability

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-30078

Modern Approaches To Network Access Security from CISA (Publication: June 18, 2024)

DejaVU - Open Source Deception Platform

Deception to detect common adversary tactics and techniques during various stages of attack lifecycle..:

https://github.com/bhdresh/Dejavu

Fickle Stealer Distributed via Multiple Attack Chain

https://www.fortinet.com/blog/threat-research/fickle-stealer-distributed-via-multiple-attack-chain

/ Ueficanhazbufferoverflow: Widespread Impact From Vulnerability In Popular Pc And Server Firmware

https://eclypsium.com/blog/ueficanhazbufferoverflow-widespread-impact-from-vulnerability-in-popular-pc-and-server-firmware/