SharpRhino – New Hunters International RAT identified by Quorum Cyber
https://www.quorumcyber.com/insights/sharprhino-new-hunters-international-rat-identified-by-quorum-cyber/
https://www.quorumcyber.com/insights/sharprhino-new-hunters-international-rat-identified-by-quorum-cyber/
Quorum Cyber
New Hunters International RAT identified by Quorum Cyber
During a recent ransomware incident investigated by the Quorum Cyber Incident Response team, novel malware was identified previously unknown.
Cyber Incident Response Plan Guidance.pdf
1.9 MB
Cyber Incident Response Plan Guidance PDF
5GBaseChecker, a security analysis framework for the control plane protocols of 5G baseband.
https://github.com/SyNSec-den/5GBaseChecker
https://github.com/SyNSec-den/5GBaseChecker
GitHub
GitHub - SyNSec-den/5GBaseChecker
Contribute to SyNSec-den/5GBaseChecker development by creating an account on GitHub.
Microsoft Office Spoofing Vulnerability
Configuring the Network Security: Restrict NTLM: Outgoing NTLM traffic to remote servers policy setting provides the ability to allow, block, or audit outgoing NTLM traffic from a computer running Windows Server 2008, Windows Server 2008 R2, or later to any remote server running the Windows operating system..:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38200
Configuring the Network Security: Restrict NTLM: Outgoing NTLM traffic to remote servers policy setting provides the ability to allow, block, or audit outgoing NTLM traffic from a computer running Windows Server 2008, Windows Server 2008 R2, or later to any remote server running the Windows operating system..:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38200
NIST_Incident_Response_Recommendations_and_Considerations_for_Cybersecurity.pdf
968.5 KB
Incident Response Recommendations for
Risk Management from NIST
Risk Management from NIST
/ Xeon Sender | SMS Spam Shipping Multi-Tool Targeting SaaS Credentials
https://www.sentinelone.com/labs/xeon-sender-sms-spam-shipping-multi-tool-targeting-saas-credentials/
https://www.sentinelone.com/labs/xeon-sender-sms-spam-shipping-multi-tool-targeting-saas-credentials/
SentinelOne
Xeon Sender | SMS Spam Shipping Multi-Tool Targeting SaaS Credentials
Cloud attack tool has been repurposed by multiple threat actors to push SMS spam and smishing campaigns through major SaaS providers.
/ SSRFing the Web with the help of Copilot Studio
https://www.tenable.com/blog/ssrfing-the-web-with-the-help-of-copilot-studio
https://www.tenable.com/blog/ssrfing-the-web-with-the-help-of-copilot-studio
Tenable®
SSRFing the Web with the Help of Copilot Studio
Tenable Research discovered a critical information-disclosure vulnerability in Microsoft’s Copilot Studio via a server-side request forgery (SSRF), which allowed researchers access to potentially sensitive information regarding service internals with potential…
Unveiling "sedexp": A Stealthy Linux Malware Exploiting udev Rules
https://www.aon.com/en/insights/cyber-labs/unveiling-sedexp
https://www.aon.com/en/insights/cyber-labs/unveiling-sedexp
LevelBlue
Unveiling
Stroz Friedberg identified a stealthy malware, dubbed “sedexp,” utilizing Linux udev rules to achieve persistence and evade detection. This advanced threat, active since 2022, hides in plain sight while providing attackers with reverse shell capabilities…
Qilin ransomware caught stealing credentials stored in Google Chrome
Once the attacker reached the domain controller in question, they edited the default domain policy to introduce a logon-based Group Policy Object (GPO) containing two items. The first, a PowerShell noscript named IPScanner.ps1, was written to a temporary directory within the SYSVOL (SYStem VOLume) share (the shared NTFS directory located on each domain controller inside an Active Directory domain) on the specific domain controller involved. It contained a 19-line noscript that attempted to harvest credential data stored within the Chrome browser...:
https://news.sophos.com/en-us/2024/08/22/qilin-ransomware-caught-stealing-credentials-stored-in-google-chrome/
Once the attacker reached the domain controller in question, they edited the default domain policy to introduce a logon-based Group Policy Object (GPO) containing two items. The first, a PowerShell noscript named IPScanner.ps1, was written to a temporary directory within the SYSVOL (SYStem VOLume) share (the shared NTFS directory located on each domain controller inside an Active Directory domain) on the specific domain controller involved. It contained a 19-line noscript that attempted to harvest credential data stored within the Chrome browser...:
https://news.sophos.com/en-us/2024/08/22/qilin-ransomware-caught-stealing-credentials-stored-in-google-chrome/
Sophos News
Qilin ransomware caught stealing credentials stored in Google Chrome
Familiar ransomware develops an appetite for passwords to third-party sites
Microsoft Copilot: From Prompt Injection to Exfiltration of Personal Information
https://embracethered.com/blog/posts/2024/m365-copilot-prompt-injection-tool-invocation-and-data-exfil-using-ascii-smuggling/
https://embracethered.com/blog/posts/2024/m365-copilot-prompt-injection-tool-invocation-and-data-exfil-using-ascii-smuggling/
Embrace The Red
Microsoft Copilot: From Prompt Injection to Data Exfiltration of Your Emails
DIR-846W : All H/W Revs. & All F/W Vers. : End-of-Life (EOL) / End-of-Service (EOS) : CVE-2024-41622/44340/44341/44342 Vulnerability Reports
RCE
https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10411
RCE
https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10411
Revival Hijack – PyPI hijack technique exploited in the wild, puts 22K packages at risk
https://jfrog.com/blog/revival-hijack-pypi-hijack-technique-exploited-22k-packages-at-risk/
https://jfrog.com/blog/revival-hijack-pypi-hijack-technique-exploited-22k-packages-at-risk/
JFrog
Revival Hijack - PyPI hijack technique exploited in the wild, puts 22K packages at risk
JFrog’s security research team continuously monitors open-source software registries, proactively identifying and addressing potential malware and vulnerability threats to foster a secure and reliable ecosystem for open-source software development and deployment.…
Novel RAMBO Side-Channel Attack Leaks Data Through RAM Radio Waves
https://cyberinsider.com/new-rambo-side-channel-attack-leaks-data-through-ram-radio-waves/
https://cyberinsider.com/new-rambo-side-channel-attack-leaks-data-through-ram-radio-waves/
CyberInsider
Novel RAMBO Side-Channel Attack Leaks Data Through RAM Radio Waves
Researchers have uncovered a method to leak sensitive data from air-gapped systems, introducing a novel attack technique known as RAMBO
EUCLEAK (Side-Channel Attack on the YubiKey 5 Series)
https://ninjalab.io/wp-content/uploads/2024/09/20240903_eucleak.pdf
https://ninjalab.io/wp-content/uploads/2024/09/20240903_eucleak.pdf
How Mallox ransomware has changed: a detailed analysis
- [ru] https://securelist.ru/mallox-ransomware/110314/
- [ru] https://securelist.ru/mallox-ransomware/110314/
securelist.ru
Эволюция Mallox: от частного шифровальщика до RaaS
В этом отчете приведен подробный анализ шифровальщика Mallox, описывающий его развитие, стратегию выкупа, схему шифрования и прочее.
CompTIA Security+ Notes.pdf
1.5 MB
CompTIA Security+ SY0-601
- Attacks, Threats, and Vulnerabilities
- Architecture and Design
- Implementation
- Operations and Incident Response
- Governance, Risk, and Compliance
- Attacks, Threats, and Vulnerabilities
- Architecture and Design
- Implementation
- Operations and Incident Response
- Governance, Risk, and Compliance