Git CVE-2024-32002 - This allows writing a hook that will be executed while the clone operation is still running, giving the user no opportunity to inspect the code that is being executed
Got vesrsions: 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, 2.39.4
git config --global core.symlinks false can be disable this attack vector
https://nvd.nist.gov/vuln/detail/CVE-2024-32002
PoC: https://github.com/szybnev/git_rce/blob/main/create_poc.sh
P.S. Thx Tatyana for the reporting ✌️
Got vesrsions: 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, 2.39.4
git config --global core.symlinks false can be disable this attack vector
https://nvd.nist.gov/vuln/detail/CVE-2024-32002
PoC: https://github.com/szybnev/git_rce/blob/main/create_poc.sh
P.S. Thx Tatyana for the reporting ✌️
GitHub
git_rce/create_poc.sh at main · szybnev/git_rce
Exploit PoC for CVE-2024-32002. Contribute to szybnev/git_rce development by creating an account on GitHub.
Как чувство осознанности может повлиять на безопасность жизни?
Мое интервью на тему кибербезопасности, как можно обезопасить себя, свое окружение, следить за собой - быть осторожным.
Отдельное спасибо хочу выразить авторам проекта Commutator Казахстан - Узлу связи между государством, бизнесом, обществом и масс-медиа и в частности Татьяне Бендзь за интересно поднятую тему.
Как вести себя с умными колонками, что делать нашим бабушкам и дедушкам в эпоху цифровизации, что такое OpenBLD.net и зачем существует этот проект.
Приятного и полезного просмотра (титры на Казахском, Русском языках присутствуют):
- https://youtu.be/MxWD1N0Bmv8?si=nSmTxUH_AAzsng-5
Детали проекта Commutator о чем он, множество других интересных интервью можно посмотреть на официальном сайте проекта:
- https://commutator.tilda.ws/
Мое интервью на тему кибербезопасности, как можно обезопасить себя, свое окружение, следить за собой - быть осторожным.
Отдельное спасибо хочу выразить авторам проекта Commutator Казахстан - Узлу связи между государством, бизнесом, обществом и масс-медиа и в частности Татьяне Бендзь за интересно поднятую тему.
Как вести себя с умными колонками, что делать нашим бабушкам и дедушкам в эпоху цифровизации, что такое OpenBLD.net и зачем существует этот проект.
Приятного и полезного просмотра (титры на Казахском, Русском языках присутствуют):
- https://youtu.be/MxWD1N0Bmv8?si=nSmTxUH_AAzsng-5
Детали проекта Commutator о чем он, множество других интересных интервью можно посмотреть на официальном сайте проекта:
- https://commutator.tilda.ws/
YouTube
Как защитить себя в интернете: кибербезопасность и искусственный интеллект (қазақша субтитрлер)
Почти 15 тысяч кибератак было зарегистрировано в казнете за первые три месяца 2024-го. За аналогичный период прошлого года их было всего 4,3 тысячи. То есть, за год количество кибератак выросло втрое. Такой статистикой недавно поделился ресурс factcheck.kz…
A technical look at a threat
actor’s ever-evolving tools and
tactics
https://blogapp.bitdefender.com/labs/content/files/2024/05/Bitdefender-Report-DeepDive-creat7721-en_EN.pdf
actor’s ever-evolving tools and
tactics
https://blogapp.bitdefender.com/labs/content/files/2024/05/Bitdefender-Report-DeepDive-creat7721-en_EN.pdf
Terraform Beginners Guide and Demos to Practice
https://github.com/venkateshk111/terraform-beginners-guide
https://github.com/venkateshk111/terraform-beginners-guide
GitHub
GitHub - venkateshk111/terraform-beginners-guide: Terraform Beginners Guide and Demos to Practice
Terraform Beginners Guide and Demos to Practice. Contribute to venkateshk111/terraform-beginners-guide development by creating an account on GitHub.
Freeway is a Python scapy-based tool for WiFi penetration that aim to help ethical hackers and pentesters develop their skills and knowledge in auditing and securing home or enterprise networks.
https://github.com/FLOCK4H/Freeway
https://github.com/FLOCK4H/Freeway
Disrupting FlyingYeti's campaign
FlyingYeti is the cryptonym given by Cloudforce One to the threat group behind this phishing campaign, which overlaps with UAC-0149 activity tracked by CERT-UA in February and April 2024.
https://blog.cloudflare.com/disrupting-flyingyeti-campaign-targeting-ukraine
FlyingYeti is the cryptonym given by Cloudforce One to the threat group behind this phishing campaign, which overlaps with UAC-0149 activity tracked by CERT-UA in February and April 2024.
https://blog.cloudflare.com/disrupting-flyingyeti-campaign-targeting-ukraine
The Cloudflare Blog
Disrupting FlyingYeti's campaign targeting Ukraine
In April and May 2024, Cloudforce One employed proactive defense measures to successfully prevent Russia-aligned threat actor FlyingYeti from launching their latest phishing campaign targeting Ukraine.
Chrome Manifest v2 RIP coming soon . Google has set the first date for getting rid of the manifest for this version.
Starting on June 3 on the Chrome Beta, Dev and Canary channels, if users still have Manifest V2 extensions installed, some will start to see a warning banner when visiting their extension management page..:
https://blog.chromium.org/2024/05/manifest-v2-phase-out-begins.html
Starting on June 3 on the Chrome Beta, Dev and Canary channels, if users still have Manifest V2 extensions installed, some will start to see a warning banner when visiting their extension management page..:
https://blog.chromium.org/2024/05/manifest-v2-phase-out-begins.html
Chromium Blog
Manifest V2 phase-out begins
Update (10/10/2024): We’ve started disabling extensions still using Manifest V2 in Chrome stable. Read more details in the MV2 support ...
Confluence Data Center and Server Remote Code Execution Vulnerability
Technical Overview:
https://blog.sonicwall.com/en-us/2024/05/confluence-data-center-and-server-remote-code-execution-vulnerability/
Technical Overview:
https://blog.sonicwall.com/en-us/2024/05/confluence-data-center-and-server-remote-code-execution-vulnerability/
Hacking Millions of Modems (and Investigating Who Hacked My Modem)
Big story with step by step examples..:
https://samcurry.net/hacking-millions-of-modems
Big story with step by step examples..:
https://samcurry.net/hacking-millions-of-modems
samcurry.net
Hacking Millions of Modems (and Investigating Who Hacked My Modem)
Two years ago, something very strange happened to me while working from my home network. I was exploiting a blind XXE vulnerability that required an external HTTP server to smuggle out files, so I spun up an AWS box and ran a simple Python webserver to receive…
Bypass Windows Defender 2024 - Windows Cyber Security
Video. The video provides a step-by-step demonstration on modifying the source code of the FilelessPELoader project, resulting in the loader being undetected by Windows Defender:
- https://youtu.be/NmB2MPAafTo?si=yEotdtVzYUmFYdC7
Video. The video provides a step-by-step demonstration on modifying the source code of the FilelessPELoader project, resulting in the loader being undetected by Windows Defender:
- https://youtu.be/NmB2MPAafTo?si=yEotdtVzYUmFYdC7
YouTube
Bypass Windows Defender 2024 - Windows Cyber Security
Be better than yesterday
In this video, we will be demonstrating how we can bypass the latest Windows Defender on a fully updated Windows 11 machine.
The video provides a step-by-step demonstration on modifying the source code of the FilelessPELoader project…
In this video, we will be demonstrating how we can bypass the latest Windows Defender on a fully updated Windows 11 machine.
The video provides a step-by-step demonstration on modifying the source code of the FilelessPELoader project…
What’s Going on With Check Point (CVE-2024-24919)?
https://www.greynoise.io/blog/whats-going-on-with-checkpoint-cve-2024-24919
https://www.greynoise.io/blog/whats-going-on-with-checkpoint-cve-2024-24919
www.greynoise.io
What’s Going on With Check Point (CVE-2024-24919)? | GreyNoise Blog
Find out more about CVE-2024-24919, a zero-day vulnerability in Check Point's Network Security gateway products that threat actors are exploiting in the wild.
Noodle RAT: Reviewing the Backdoor
https://www.trendmicro.com/en_us/research/24/f/noodle-rat-reviewing-the-new-backdoor-used-by-chinese-speaking-g.html
https://www.trendmicro.com/en_us/research/24/f/noodle-rat-reviewing-the-new-backdoor-used-by-chinese-speaking-g.html
Trend Micro
Noodle RAT Reviewing the Backdoor Used by Chinese-Speaking Groups
This blog entry provides an analysis of the Noodle RAT backdoor, which is likely being used by multiple Chinese-speaking groups engaged in espionage and other types of cybercrime.
/ Dipping into Danger: The WARMCOOKIE backdoor
https://www.elastic.co/security-labs/dipping-into-danger
https://www.elastic.co/security-labs/dipping-into-danger
www.elastic.co
Dipping into Danger: The WARMCOOKIE backdoor — Elastic Security Labs
Elastic Security Labs observed threat actors masquerading as recruiting firms to deploy a new malware backdoor called WARMCOOKIE. This malware has standard backdoor capabilities, including capturing screenshots, executing additional malware, and reading/writing…
Windows Wi-Fi Driver Remote Code Execution Vulnerability
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-30078
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-30078
Modern Approaches to Network Access Security-508c.pdf
503.1 KB
Modern Approaches To Network Access Security from CISA (Publication: June 18, 2024)
DejaVU - Open Source Deception Platform
Deception to detect common adversary tactics and techniques during various stages of attack lifecycle..:
https://github.com/bhdresh/Dejavu
Deception to detect common adversary tactics and techniques during various stages of attack lifecycle..:
https://github.com/bhdresh/Dejavu
GitHub
GitHub - bhdresh/Dejavu: DejaVU - Open Source Deception Framework
DejaVU - Open Source Deception Framework. Contribute to bhdresh/Dejavu development by creating an account on GitHub.
Fickle Stealer Distributed via Multiple Attack Chain
https://www.fortinet.com/blog/threat-research/fickle-stealer-distributed-via-multiple-attack-chain
https://www.fortinet.com/blog/threat-research/fickle-stealer-distributed-via-multiple-attack-chain
Fortinet Blog
Fickle Stealer Distributed via Multiple Attack Chain
FortiGuard Labs has uncovered a fresh threat, Fickle stealer, which is distributed via various strategies. Read more.…
/ Ueficanhazbufferoverflow: Widespread Impact From Vulnerability In Popular Pc And Server Firmware
https://eclypsium.com/blog/ueficanhazbufferoverflow-widespread-impact-from-vulnerability-in-popular-pc-and-server-firmware/
https://eclypsium.com/blog/ueficanhazbufferoverflow-widespread-impact-from-vulnerability-in-popular-pc-and-server-firmware/
Eclypsium | Supply Chain Security for the Modern Enterprise
UEFIcanhazbufferoverflow: Widespread Impact from Vulnerability in Popular PC and Server Firmware
Summary Eclypsium Automata, our automated binary analysis system, has identified a high impact vulnerability (CVE-2024-0762 with a reported CVSS of 7.5) in the Phoenix SecureCore UEFI firmware that runs on multiple families of Intel Core desktop and mobile…
Remote Network Latency Measurements Leak User Activity
https://snailload.com/
Paper:
https://snailload.com/snailload.pdf
https://snailload.com/
Paper:
https://snailload.com/snailload.pdf