Episodi
-
Compromise of old hostname .mobi whois server
https://labs.watchtowr.com/we-spent-20-to-achieve-rce-and-accidentally-became-the-admins-of-mobi/
Microsoft Reconsidering Security Tool API
https://blogs.windows.com/windowsexperience/2024/09/12/taking-steps-that-drive-resiliency-and-security-for-windows-customers/
Microsoft implents PQC in SymCrypt
https://techcommunity.microsoft.com/t5/security-compliance-and-identity/microsoft-s-quantum-resistant-cryptography-is-here/ba-p/4238780
GitLab Patch
https://about.gitlab.com/releases/2024/09/11/patch-release-gitlab-17-3-2-released/#execute-environment-stop-actions-as-the-owner-of-the-stop-action-job -
Episodi mancanti?
-
Critical Loadmaster Security Vulnerability
https://support.kemptechnologies.com/hc/en-us/articles/29196371689613-LoadMaster-Security-Vulnerability-CVE-2024-7591
HA Proxy Patch
https://www.mail-archive.com/haproxy%40formilux.org/msg45280.html
Akira Ransomware Campaign Targeting Sonicwall SSLVPN Accounts
https://arcticwolf.com/resources/blog/arctic-wolf-observes-akira-ransomware-campaign-targeting-sonicwall-sslvpn-accounts/
Kibana Deserializatio Vulnerability
https://discuss.elastic.co/t/kibana-8-15-1-security-update-esa-2024-27-esa-2024-28/366119
Stately Taurus Abuses VSCode
https://unit42.paloaltonetworks.com/stately-taurus-abuses-vscode-southeast-asian-espionage/ -
Password Cracking Energy: More Details
https://isc.sans.edu/diary/Password%20Cracking%20%26%20Energy%3A%20More%20Dedails/31242
Python Notpad ++
https://isc.sans.edu/diary/Python%20%26%20Notepad%2B%2B/31240
Fake LinkedIn Job Ads
https://cloud.google.com/blog/topics/threat-intelligence/examining-web3-heists/
Android Crypto Passphrase Stealer with OCR
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-android-spyagent-campaign-steals-crypto-credentials-via-image-recognition/
Sextortion Scam Now use Your Chating Spouses Name as a Lure
https://www.bleepingcomputer.com/news/security/sextortion-scam-now-use-your-cheating-spouses-name-as-a-lure/ -
Enrichment Data: Keeping it Fresh
https://isc.sans.edu/diary/Enrichment%20Data%3A%20Keeping%20it%20Fresh/31236
Veeam Update
https://www.veeam.com/kb4649
New OFBiz Vulnerabilities
https://www.rapid7.com/blog/post/2024/09/05/cve-2024-45195-apache-ofbiz-unauthenticated-remote-code-execution-fixed/
Cisco Smart License Manager Patches
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cslu-7gHMzWmw -
Scans for Moodle Learning Platform Following Recent Update
https://isc.sans.edu/diary/Scans+for+Moodle+Learning+Platform+Following+Recent+Update/31230
PyPi Rivival HiJack
https://jfrog.com/blog/revival-hijack-pypi-hijack-technique-exploited-22k-packages-at-risk/
Android Updates
https://source.android.com/docs/security/bulletin/2024-09-01
Mediatec WAPPD PoC Exploit
https://blog.coffinsec.com/0day/2024/08/30/exploiting-CVE-2024-20017-four-different-ways.html#wrapping-up -
Protected OOXML Text Documents
https://isc.sans.edu/diary/Protected%20OOXML%20Text%20Documents/31078
Sextortion E-Mails with Photos
https://krebsonsecurity.com/2024/09/sextortion-scams-now-include-photos-of-your-home/
Zyxel OS Command Injection Vulnerability
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-os-command-injection-vulnerability-in-aps-and-security-router-devices-09-03-2024
D-Link DIR-846W Unpatched RCE Vulnerabilities
https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10411
VMWare Priviledge Escalation Vulnerability CVe-2024-38811
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24939
YubiKey Sidechannel Attack
https://ninjalab.io/wp-content/uploads/2024/09/20240903_eucleak.pdf
https://www.yubico.com/support/security-advisories/ysa-2024-03/ -
Wireshark 4.4: Converting Display Filters to BPF Capture Filters
https://isc.sans.edu/diary/Wireshark+44+Converting+Display+Filters+to+BPF+Capture+Filters/31224
GitHub Comments Used to Spread Malware
https://www.reddit.com/r/Malware/comments/1f2n1h4/comment/lkbi5gi/
Voldemort Malware Curses Orgs Using Global Tax Authorities
https://www.darkreading.com/threat-intelligence/voldemort-malware-curses-orgs-global-tax-authorities
Analysis of CVE-2024-43044 From file read to RCE in Jenkins through agents
https://blog.convisoappsec.com/en/analysis-of-cve-2024-43044/ -
Live Patching DLLs with Python
https://isc.sans.edu/diary/Live%20Patching%20DLLs%20with%20Python/31218
Global Protect Phishing
https://www.trendmicro.com/en_us/research/24/h/threat-actors-target-middle-east-using-fake-tool.html
BlackByte Ransomware Update
https://blog.talosintelligence.com/blackbyte-blends-tried-and-true-tradecraft-with-newly-disclosed-vulnerabilities-to-support-ongoing-attacks/
The Risks Lurking in Publicly Exposed GenAI Development Services
https://www.legitsecurity.com/blog/the-risks-lurking-in-publicly-exposed-genai-development-services
Finding Lateral Movement of Adversaries Through the Noise of Systems Administration
https://www.sans.edu/cyber-research/finding-lateral-movement-adversaries-through-noise-systems-administration/
YouTube Channel: https://www.youtube.com/c/CyberAttackDefense -
Vega-Lite With Kibana To Parse and Display IP Activity Over Time
https://isc.sans.edu/diary/Vega-Lite%20with%20Kibana%20to%20Parse%20and%20Display%20IP%20Activity%20over%20Time/31210
Attack tool update impairs Windows computers
https://news.sophos.com/en-us/2024/08/27/burnt-cigar-2/
Iran-based Cyber Actors Enabling Ransomware Attacks on US Organizations
https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-241a
Confluence Vulnerabilty Exploited for Crypto Miners
https://www.trendmicro.com/en_us/research/24/h/cve-2023-22527-cryptomining.html
Fortra FileCatalyst Workflow Hard Coded HSQLDB Credentials
https://www.fortra.com/security/advisories/product-security/fi-2024-011 -
Why is Python so Popular to Infect Windows Hosts
https://isc.sans.edu/diary/Why%20Is%20Python%20so%20Popular%20to%20Infect%20Windows%20Hosts%3F/31208
OFBiz Vulnerability Update
https://www.cisa.gov/known-exploited-vulnerabilities-catalog
https://nvd.nist.gov/vuln/detail/CVE-2024-38856
Versa Directory Vulnerability Exploited
https://versa-networks.com/blog/versa-security-bulletin-update-on-cve-2024-39717-versa-director-dangerous-file-type-upload-vulnerability/
Google Chrome Vulnerability Exploited
https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop_21.html
SGX Key Leak
https://x.com/_markel___/status/1828112469010596347 -
From Highly Obfuscated Batch File to XWorm and Redline
https://isc.sans.edu/diary/From%20Highly%20Obfuscated%20Batch%20File%20to%20XWorm%20and%20Redline/31204
CVE-2024-38063 Windows IPv6 Issue PoC Exploit
https://github.com/ynwarcs/CVE-2024-38063
Not a vulnerability
https://github.com/juwenyi/CVE-2024-42992 -
Pandas Erros: What encoding are my logs in?
https://isc.sans.edu/diary/Pandas%20Errors%3A%20What%20encoding%20are%20my%20logs%20in%3F/31200
Crowdstrike Performance Issues
https://www.reddit.com/r/sysadmin/comments/1eyfex6/at_least_its_not_on_a_friday/
CopyBara Malware
https://www.zscaler.com/blogs/security-research/technical-analysis-copybara#conclusion
SonicWall Vulnerability
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0015 -
OpenAI Scans Honeypots
https://isc.sans.edu/diary/OpenAI%20Scans%20for%20Honeypots.%20Artificially%20Malicious%3F%20Action%20Abuse%3F/31196
Broken Linux Boot Partitions after August Microsoft Update
https://learn.microsoft.com/en-us/windows/release-health/status-windows-11-23H2#3377msgdesc
Google Fixes Chrome 0-day
https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop_21.html
Cisco Zero Day Exploited (now Patched)
https://www.sygnia.co/blog/china-threat-group-velvet-ant-cisco-zero-day/
Solar Winds Helpdesk Backdoor
https://support.solarwinds.com/SuccessCenter/s/article/SolarWinds-Web-Help-Desk-12-8-3-Hotfix-2
Securing the Future: How Memory-Safe Programming Languages Impact Industry Safety (Christopher Ross)
https://www.sans.edu/cyber-research/securing-future-how-memory-safe-programming-languages-impact-industry-safety/ -
Mapping Threats wiht DNSTwist and the Internet Storm Center
https://isc.sans.edu/diary/Mapping%20Threats%20with%20DNSTwist%20and%20the%20Internet%20Storm%20Center%20%5BGuest%20Diary%5D/31188
Slack AI Prompt Injection
https://promptarmor.substack.com/p/slack-ai-data-exfiltration-from-private
Phishing in PWA Applications
https://www.welivesecurity.com/en/eset-research/be-careful-what-you-pwish-for-phishing-in-pwa-applications/
QNAP Ransomware Security Center
https://www.qnap.com/en/news/2024/qnap-officially-releases-qts-5-2-introducing-security-center-for-active-file-activity-monitoring-elevated-security-and-data-protection -
Where are we with CVE-2024-38063: Microsoft IPv6 Vulnerability
https://isc.sans.edu/diary/Where+are+we+with+CVE202438063+Microsoft+IPv6+Vulnerability/31186
Microsoft August Update Prevents Linux from Booting
https://community.frame.work/t/sbat-verification-error-booting-linux-after-windows-update/56354
PHP CGI Vulnerability Exploited CVE-2024-4577
https://symantec-enterprise-blogs.security.com/threat-intelligence/taiwan-malware-dns
F5 Updates
https://my.f5.com/manage/s/article/K000140111
https://my.f5.com/manage/s/article/K000140108 -
Do you like donuts? Here is a donut Shellcode Delivered Through PowerShell Python
https://isc.sans.edu/diary/Do%20you%20Like%20Donuts%3F%20Here%20is%20a%20Donut%20Shellcode%20Delivered%20Through%20PowerShell%20Python/31182
How Vulnerabilities in Microsoft Apps for MacOS allow Stealing Permissions
https://blog.talosintelligence.com/how-multiple-vulnerabilities-in-microsoft-apps-for-macos-pave-the-way-to-stealing-permissions/
Digital Wallet Security Loophole
https://www.umass.edu/news/article/new-study-reveals-loophole-digital-wallet-security-even-if-rightful-cardholder-doesnt
Microsoft IPv6 Vulnerability CVE-2024-38063
https://x.com/f4rmpoet/status/1825472703223992323
YouTube Video (going live 10am ET)
https://www.youtube.com/watch?v=miBb1llFOYQ -
Summarizing Web Honeypot Logs
https://isc.sans.edu/diary/%5BGuest%20Diary%5D%207%20minutes%20and%204%20steps%20to%20a%20quick%20win%3A%20A%20write-up%20on%20custom%20tools/31170
Large Scale Cloud Extortion Operation
https://unit42.paloaltonetworks.com/large-scale-cloud-extortion-operation/
Chrome Redacting Credit Cards and Passwords when you share Android Screens
https://www.bleepingcomputer.com/news/google/chrome-will-redact-credit-cards-passwords-when-you-share-android-screen/
Google Products Targeted by Search Ad Scammers
https://www.malwarebytes.com/blog/scams/2024/08/dozens-of-google-products-targeted-by-scammers-via-malicious-search-ads
MakeShift: Security Analysis of Shimano Di2 Wireless Gear Shifting in Bicyles
https://www.usenix.org/system/files/woot24-motallebighomi.pdf -
Wireshark 4.4.0 rc 1 Custom Columns
https://isc.sans.edu/diary/Wireshark%204.4.0rc1%27s%20Custom%20Columns/31174
Github Repo Artifact Leak Tokens
https://unit42.paloaltonetworks.com/github-repo-artifacts-leak-tokens/
BitLocker Security Feature Bypass Vulnerability
https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2024-38058
Solarwindws Hotfix
https://support.solarwinds.com/SuccessCenter/s/article/WHD-12-8-3-Hotfix-1
Ed Skoudis, Paul Maurer: The Code of Honor
https://cybercodeofhonor.com/ -
MSI Malware
https://isc.sans.edu/diary/Multiple%20Malware%20Dropped%20Through%20MSI%20Package/31168
Microsoft IPv6 Vulnerablity CVE-2024-38063
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38063
https://x.com/XiaoWei___/status/1823532146679799993/photo/1
Critical Ivanti Virtual Traffic Manager Patch CVE-2024-7593
https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Virtual-Traffic-Manager-vTM-CVE-2024-7593?language=en_US
Adobe Patches
https://helpx.adobe.com/security/security-bulletin.html - Mostra di più