Video for - https://news.1rj.ru/str/sysadm_in_channel/5198
https://youtu.be/8mdW3MWoeFI?si=yqhrlwD3gcc12zwz
https://youtu.be/8mdW3MWoeFI?si=yqhrlwD3gcc12zwz
Telegram
Sys-Admin InfoSec
/ EvilVideo: Telegram app for Android targeted by zero-day exploit sending malicious videos
https://www.eset.com/uk/about/newsroom/press-releases/set-research-discovers-evilvideo-telegram-app-for-android-targeted-by-zero-day-exploit-sending-malicious-videos/
https://www.eset.com/uk/about/newsroom/press-releases/set-research-discovers-evilvideo-telegram-app-for-android-targeted-by-zero-day-exploit-sending-malicious-videos/
OWASP_Vulnerability_Management_Guide.pdf
1.4 MB
OWASP Vulnerability Management Guide (OVMG)
Forwarded from Yevgeniy Goncharov
🦄 Йоу! Хорош спать. Поднимай взор на темы докладов Open SysConf'24
Во первых. Теперь каждый может внести лепту в создание сайта, исправлении ошибок на нем и так далее.
Во вторых. Мы имеем место и дату - 12 Октяря, 2024 года.
В третьихх. Мы имеем четрые крутых заявленых доклада:
1. Три системы, которые ты захочешь развернуть и настроить
2. Внедрение вредоносного кода в андроид приложения.
3. Open(Secure)Source
4. Синтез молекулярных единиц в микросервисах
Иди на сайт и регистрируйся, пока есть места.
Дев. сайт: https://sysconf-io.pages.dev/2024
Во первых. Теперь каждый может внести лепту в создание сайта, исправлении ошибок на нем и так далее.
Во вторых. Мы имеем место и дату - 12 Октяря, 2024 года.
В третьихх. Мы имеем четрые крутых заявленых доклада:
1. Три системы, которые ты захочешь развернуть и настроить
2. Внедрение вредоносного кода в андроид приложения.
3. Open(Secure)Source
4. Синтез молекулярных единиц в микросервисах
Иди на сайт и регистрируйся, пока есть места.
Дев. сайт: https://sysconf-io.pages.dev/2024
IOT Cybersecurity Framework.pdf
3.8 MB
IOT Cyber Security Framework
PKfail: Untrusted Platform Keys Undermine Secure Boot on UEFI Ecosystem
https://www.binarly.io/blog/pkfail-untrusted-platform-keys-undermine-secure-boot-on-uefi-ecosystem
https://www.binarly.io/blog/pkfail-untrusted-platform-keys-undermine-secure-boot-on-uefi-ecosystem
www.binarly.io
PKfail: Untrusted Platform Keys Undermine Secure Boot on UEFI Ecosystem
PKfail is a zero day disclosure detected by the Binarly REsearch Team and responsibly disclosed.
RADIUS/UDP vulnerable to improved MD5 collision attack
https://blog.cloudflare.com/radius-udp-vulnerable-md5-attack
https://blog.cloudflare.com/radius-udp-vulnerable-md5-attack
The Cloudflare Blog
RADIUS/UDP vulnerable to improved MD5 collision attack
The RADIUS protocol is commonly used to control administrative access to networking gear. Despite its importance, RADIUS hasn’t changed much in decades. We discuss an attack on RADIUS as a case study for why it’s important for legacy protocols to keep up…
How did Facebook intercept their competitor's encrypted mobile app traffic?
A technical investigation into information uncovered in a class action lawsuit that Facebook had intercepted encrypted traffic from user's devices running the Onavo Protect app in order to gain competitive insights...:
https://doubleagent.net/onavo-facebook-ssl-mitm-technical-analysis/
P.S. Thx for the link, dear subscriber ✌️
A technical investigation into information uncovered in a class action lawsuit that Facebook had intercepted encrypted traffic from user's devices running the Onavo Protect app in order to gain competitive insights...:
https://doubleagent.net/onavo-facebook-ssl-mitm-technical-analysis/
P.S. Thx for the link, dear subscriber ✌️
haxrob
How did Facebook intercept their competitor's encrypted mobile app traffic?
A technical investigation into information uncovered in a class action lawsuit that Facebook had intercepted encrypted traffic from user's devices running the Onavo Protect app in order to gain competitive insights.
Unmasking the SMS Stealer: Targeting Several Countries with Deceptive Apps
One-time passwords (OTPs) are designed to add an extra layer of security to online accounts, and most enterprises have become very dependent upon them for controlling access to sensitive data and applications...
However, these passwords are just as valuable to attackers.
Mobile malware has become increasingly sophisticated, employing cunning tactics to steal these crucial codes and bypass their added protection to enable malicious infiltration to corporate networks and data...:
https://www.zimperium.com/blog/unmasking-the-sms-stealer-targeting-several-countries-with-deceptive-apps/
One-time passwords (OTPs) are designed to add an extra layer of security to online accounts, and most enterprises have become very dependent upon them for controlling access to sensitive data and applications...
However, these passwords are just as valuable to attackers.
Mobile malware has become increasingly sophisticated, employing cunning tactics to steal these crucial codes and bypass their added protection to enable malicious infiltration to corporate networks and data...:
https://www.zimperium.com/blog/unmasking-the-sms-stealer-targeting-several-countries-with-deceptive-apps/
Zimperium
Unmasking the SMS Stealer: Targeting Several Countries with Deceptive Apps - Zimperium
true
BingoMod: The new android RAT that steals money and wipes data
https://www.cleafy.com/cleafy-labs/bingomod-the-new-android-rat-that-steals-money-and-wipes-data
https://www.cleafy.com/cleafy-labs/bingomod-the-new-android-rat-that-steals-money-and-wipes-data
Cleafy
BingoMod: The new android RAT that steals money and wipes data | Cleafy Labs
Discover the new android RAT BingoMod, identified by the Cleafy TIR team in May 2024. BingoMod targets money transfers via Account Takeover and On-Device Fraud, bypassing bank security measures. It exploits permissions to steal credentials, conduct overlay…
Powerful attack vector in the domain name system (DNS) is being widely exploited across many DNS providers
https://blogs.infoblox.com/threat-intelligence/who-knew-domain-hijacking-is-so-easy/
https://blogs.infoblox.com/threat-intelligence/who-knew-domain-hijacking-is-so-easy/
Infoblox Blog
Who Knew? Domain Hijacking is So Easy | Infoblox
Learn about the insidious DNS attack vector that threat actors are using to hijack domains from major brands, government institutions, and other organizations, large and small. Find out how to determine whether your domain name is at risk.
BITS and Bytes: Analyzing BITSLOTH, a newly identified backdoor
https://www.elastic.co/security-labs/bits-and-bytes-analyzing-bitsloth
https://www.elastic.co/security-labs/bits-and-bytes-analyzing-bitsloth
www.elastic.co
BITS and Bytes: Analyzing BITSLOTH, a newly identified backdoor — Elastic Security Labs
Elastic Security Labs identified a novel Windows backdoor leveraging the Background Intelligent Transfer Service (BITS) for C2. This malware was found during a recent activity group tracked as REF8747.
SharpRhino – New Hunters International RAT identified by Quorum Cyber
https://www.quorumcyber.com/insights/sharprhino-new-hunters-international-rat-identified-by-quorum-cyber/
https://www.quorumcyber.com/insights/sharprhino-new-hunters-international-rat-identified-by-quorum-cyber/
Quorum Cyber
New Hunters International RAT identified by Quorum Cyber
During a recent ransomware incident investigated by the Quorum Cyber Incident Response team, novel malware was identified previously unknown.
Cyber Incident Response Plan Guidance.pdf
1.9 MB
Cyber Incident Response Plan Guidance PDF
5GBaseChecker, a security analysis framework for the control plane protocols of 5G baseband.
https://github.com/SyNSec-den/5GBaseChecker
https://github.com/SyNSec-den/5GBaseChecker
GitHub
GitHub - SyNSec-den/5GBaseChecker
Contribute to SyNSec-den/5GBaseChecker development by creating an account on GitHub.
Microsoft Office Spoofing Vulnerability
Configuring the Network Security: Restrict NTLM: Outgoing NTLM traffic to remote servers policy setting provides the ability to allow, block, or audit outgoing NTLM traffic from a computer running Windows Server 2008, Windows Server 2008 R2, or later to any remote server running the Windows operating system..:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38200
Configuring the Network Security: Restrict NTLM: Outgoing NTLM traffic to remote servers policy setting provides the ability to allow, block, or audit outgoing NTLM traffic from a computer running Windows Server 2008, Windows Server 2008 R2, or later to any remote server running the Windows operating system..:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38200
NIST_Incident_Response_Recommendations_and_Considerations_for_Cybersecurity.pdf
968.5 KB
Incident Response Recommendations for
Risk Management from NIST
Risk Management from NIST
/ Xeon Sender | SMS Spam Shipping Multi-Tool Targeting SaaS Credentials
https://www.sentinelone.com/labs/xeon-sender-sms-spam-shipping-multi-tool-targeting-saas-credentials/
https://www.sentinelone.com/labs/xeon-sender-sms-spam-shipping-multi-tool-targeting-saas-credentials/
SentinelOne
Xeon Sender | SMS Spam Shipping Multi-Tool Targeting SaaS Credentials
Cloud attack tool has been repurposed by multiple threat actors to push SMS spam and smishing campaigns through major SaaS providers.
/ SSRFing the Web with the help of Copilot Studio
https://www.tenable.com/blog/ssrfing-the-web-with-the-help-of-copilot-studio
https://www.tenable.com/blog/ssrfing-the-web-with-the-help-of-copilot-studio
Tenable®
SSRFing the Web with the Help of Copilot Studio
Tenable Research discovered a critical information-disclosure vulnerability in Microsoft’s Copilot Studio via a server-side request forgery (SSRF), which allowed researchers access to potentially sensitive information regarding service internals with potential…
Unveiling "sedexp": A Stealthy Linux Malware Exploiting udev Rules
https://www.aon.com/en/insights/cyber-labs/unveiling-sedexp
https://www.aon.com/en/insights/cyber-labs/unveiling-sedexp
LevelBlue
Unveiling
Stroz Friedberg identified a stealthy malware, dubbed “sedexp,” utilizing Linux udev rules to achieve persistence and evade detection. This advanced threat, active since 2022, hides in plain sight while providing attackers with reverse shell capabilities…