A flaw was found in the libreswan client plugin for NetworkManager (NetkworkManager-libreswan), where it fails to properly sanitize the VPN configuration from the local unprivileged user.
https://access.redhat.com/security/cve/CVE-2024-9050
https://access.redhat.com/security/cve/CVE-2024-9050
identity-security-threat-landscape-2024-report.pdf
11.5 MB
Threat Landscape Report 2024
qBittorrent fixes flaw exposing users to MitM attacks for 14 years
https://www.bleepingcomputer.com/news/security/qbittorrent-fixes-flaw-exposing-users-to-mitm-attacks-for-14-years/
https://www.bleepingcomputer.com/news/security/qbittorrent-fixes-flaw-exposing-users-to-mitm-attacks-for-14-years/
BleepingComputer
qBittorrent fixes flaw exposing users to MitM attacks for 14 years
qBittorrent has addressed a remote code execution flaw caused by the failure to validate SSL/TLS certificates in the application's DownloadManager, a component that manages downloads throughout the app.
Forwarded from Constantine Maltsev
Microsoft News
Midnight Blizzard conducts large-scale spear-phishing campaign using RDP files
Since October 22, 2024, Microsoft Threat Intelligence has observed Russian threat actor Midnight Blizzard sending a series of highly targeted spear-phishing emails to individuals in government, academia, defense, non-governmental organizations, and other…
Выбирай не хочу:
— Курс
— Сертификат
Конкурс от core247.kz вполне может помочь в этом, ваучер применим к:
— онлайн-курсу
— сертификационному экзамену
— или пакету (курс + сертификация)
🚩 14 ноября - итоги и выбор 7 победителей. Активировать ваучер нужно до
31.10.2025. После этого будет 1 год и 2 попытки, чтобы завершить обучение и/или сдать экзамен.Детали здесь: https://core247.io/cncf
Please open Telegram to view this post
VIEW IN TELEGRAM
Details about of Storm-0940 spray attack
https://www.microsoft.com/en-us/security/blog/2024/10/31/chinese-threat-actor-storm-0940-uses-credentials-from-password-spray-attacks-from-a-covert-network/
Previous post:
https://news.1rj.ru/str/sysadm_in_channel/5254
https://www.microsoft.com/en-us/security/blog/2024/10/31/chinese-threat-actor-storm-0940-uses-credentials-from-password-spray-attacks-from-a-covert-network/
Previous post:
https://news.1rj.ru/str/sysadm_in_channel/5254
Microsoft News
Chinese threat actor Storm-0940 uses credentials from password spray attacks from a covert network
Since August 2023, Microsoft has observed intrusion activity targeting and successfully stealing credentials from multiple Microsoft customers that is enabled by highly evasive password spray attacks. Microsoft has linked the source of these password spray…
ToxicPanda: a new banking trojan from Asia hit Europe and LATAM
https://www.cleafy.com/cleafy-labs/toxicpanda-a-new-banking-trojan-from-asia-hit-europe-and-latam
https://www.cleafy.com/cleafy-labs/toxicpanda-a-new-banking-trojan-from-asia-hit-europe-and-latam
Cleafy
ToxicPanda: a new banking trojan from Asia hit Europe and LATAM | Cleafy Labs
Discover Cleafy's in-depth analysis of a new Android banking Trojan campaign, ToxicPanda, initially linked to TgToxic. Our findings reveal a sophisticated fraud operation targeting European and LATAM banks, using On-Device Fraud (ODF) tactics to execute account…
Typosquat Campaign Targeting npm Developers
https://blog.phylum.io/supply-chain-security-typosquat-campaign-targeting-puppeteer-users/
https://blog.phylum.io/supply-chain-security-typosquat-campaign-targeting-puppeteer-users/
Phylum Research | Software Supply Chain Security
Fake Puppeteer Packages Contain Malware
Ongoing supply chain attack targets Puppeteer users with malicious npm packages.
Threat Campaign Spreads Winos4.0 Through Game Application
https://www.fortinet.com/blog/threat-research/threat-campaign-spreads-winos4-through-game-application
https://www.fortinet.com/blog/threat-research/threat-campaign-spreads-winos4-through-game-application
Fortinet Blog
Threat Campaign Spreads Winos4.0 Through Game Application
FortiGuard Labs reveals a threat actor spreads Winos4.0, infiltrating gaming apps and targeting the education sector. Learn more.…
Palo Alto Expedition Missing Authentication Vulnerability: Palo Alto Expedition contains a missing authentication vulnerability that allows an attacker with network access to takeover an Expedition admin account and potentially access configuration secrets, credentials, and other data
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-5910&field_date_added_wrapper=all&field_cve=&sort_by=field_date_added&items_per_page=20&url=
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-5910&field_date_added_wrapper=all&field_cve=&sort_by=field_date_added&items_per_page=20&url=
Cybersecurity and Infrastructure Security Agency CISA
Known Exploited Vulnerabilities Catalog | CISA
For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the…
Вредоносные приложения в Google Play: как злоумышленники используют DNS-протокол для скрытой связи троянов с управляющими серверами
https://news.drweb.ru/show/?i=14935&lng=ru
https://news.drweb.ru/show/?i=14935&lng=ru
Dr.Web
Вредоносные приложения в Google Play: как злоумышленники используют DNS-протокол для скрытой связи троянов с управляющими серверами
Задачей многих троянов Android.FakeApp является переход по ссылкам на различные сайты, и с технической точки зрения такие вредоносные программы довольно примитивны. При запуске они получают команду на открытие заданного веб-адреса, в результате чего установившие…
Offset-free DSE bypass across Windows 11 & 10: utilising ntkrnlmp.pdb
https://blog.cryptoplague.net/main/research/windows-research/offset-free-dse-bypass-across-windows-11-and-10-utilising-ntkrnlmp.pdb
https://blog.cryptoplague.net/main/research/windows-research/offset-free-dse-bypass-across-windows-11-and-10-utilising-ntkrnlmp.pdb
blog.cryptoplague.net
Offset-free DSE bypass across Windows 11 & 10: utilising ntkrnlmp.pdb | cryptoplague blog
Parsing ntkrnlmp.pdb on the target to eliminate the need for static offsetting and thus safely and dynamically bypassing driver signature enforcement across multiple Windows 10 & 11 versions.
Linux kernel test robot noticed a 3888.9% improvement of will-it-scale.per_process_opshttps://lore.kernel.org/lkml/202411072132.a8d2cf0f-oliver.sang@intel.com/
Commit:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d4148aeab412432bf928f311eca8a2ba52bb05df
Управление памятью и сборщиком мусора в Go (Memory Management and Garbage Collection in Go)
https://www.youtube.com/live/UVqpl4PExkM?si=HbRHSYTQdQcOFswt
https://www.youtube.com/live/UVqpl4PExkM?si=HbRHSYTQdQcOFswt
YouTube
Управление памятью и сборщиком мусора в Go
22 мая Нина сделала новый доклад на Go-митапе в Москве: https://www.youtube.com/live/5BTrGM5ElAA
Слайды: https://github.com/progmsk/progmsk.github.io/files/14963281/go-garbage-collection.pdf
Репозиторий: https://github.com/PakshNina/gc
Канал Нины на ютубе:…
Слайды: https://github.com/progmsk/progmsk.github.io/files/14963281/go-garbage-collection.pdf
Репозиторий: https://github.com/PakshNina/gc
Канал Нины на ютубе:…
Glove Stealer: Leveraging IElevator to Bypass App-Bound Encryption & Steal Sensitive Data
https://www.gendigital.com/blog/insights/research/glove-stealer
https://www.gendigital.com/blog/insights/research/glove-stealer
Gendigital
Glove Stealer: Leveraging IElevator to Bypass App-Bound Encryption & Steal Sensitive Data
A .NET malware, bypasses Chrome's App-Bound Encryption, stealing data from browsers, crypto wallets, 2FA authenticators
Subject Linux 6.12
Linus commented: No strange surprises this last week, so we're sticking to the regular release schedule, and that obviously means that the merge window opens tomorrow. I already have two dozen+ pull requests in my mailbox, kudos to all the early birds..:
https://lkml.org/lkml/2024/11/17/326
Linus commented: No strange surprises this last week, so we're sticking to the regular release schedule, and that obviously means that the merge window opens tomorrow. I already have two dozen+ pull requests in my mailbox, kudos to all the early birds..:
https://lkml.org/lkml/2024/11/17/326