Эпизоды
-
Hurricane Helene Aftermath - Cyber Security Awareness Month
https://isc.sans.edu/diary/Hurricane%20Helene%20Aftermath%20-%20Cyber%20Security%20Awareness%20Month/31314
Zimbra - Remote Command Execution (CVE-2024-45519)
https://blog.projectdiscovery.io/zimbra-remote-code-execution/
Enhancing the security of Microsoft Edge extensions with the new Publish API
https://blogs.windows.com/msedgedev/2024/09/30/enhanced-security-for-extensions-with-new-publish-api/
CVE-2024-36435 Deep-Dive: The Year s Most Critical BMC Security Flaw
https://www.binarly.io/blog/cve-2024-36435-deep-dive-the-years-most-critical-bmc-security-flaw -
Tool Update: mac-robber.py, le-hex-to-ip.py
https://isc.sans.edu/diary/Tool%20update%3A%20mac-robber.py%20and%20le-hex-to-ip.py/31310
Ransomware Attacks Expanding to Hybrid Cloud Environments
https://www.microsoft.com/en-us/security/blog/2024/09/26/storm-0501-ransomware-attacks-expanding-to-hybrid-cloud-environments/
Update on Recall Security and Privacy Architecture
https://blogs.windows.com/windowsexperience/2024/09/27/update-on-recall-security-and-privacy-architecture/
Detecting Ransomware in Windows Event Logs
https://blogs.jpcert.or.jp/en/2024/09/windows.html
Progress WhatsUp Gold Update
https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-September-2024?popup=true&overview
Singapore Class
https://jbu.me/singapore -
Пропущенные эпизоды?
-
CUPS Vulnerability
https://isc.sans.edu/diary/Patch%20for%20Critical%20CUPS%20vulnerability%3A%20Don%27t%20Panic/31302
PHP Updates
https://www.php.net/ChangeLog-8.php#8.1.30
DNS And Big Chinese Firewall
https://www.assetnote.io/resources/research/insecurity-through-censorship-vulnerabilities-caused-by-the-great-firewall
https://isc.sans.edu/diary/Are+You+Piratebay+thepiratebayorg+Resolving+to+Various+Hosts/19175
HPE Aruba Networking Vulnerabilities
https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04712en_us&docLocale=en_US -
DNS Reflection Update and Corrupted DNS Requests
https://isc.sans.edu/diary/DNS%20Reflection%20Update%20and%20Odd%20Corrupted%20DNS%20Requests/31296
CVE-2024-28987 Solarwinds Web Help Desk Hardcoded Credentials Vulnerability
https://www.horizon3.ai/attack-research/cve-2024-28987-solarwinds-web-help-desk-hardcoded-credential-vulnerability-deep-dive/ cve-2024-28987
Watchguard Unauthenticated and Unencrypted SSO Protocol
https://www.redteam-pentesting.de/en/advisories/rt-sa-2024-006/
https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2024-00014
Infostealers Overcome Chrome's App Bound Encryption
https://securityonline.info/infostealers-overcome-chromes-app-bound-encryption-threatening-user-data-security/ -
Exploitation of RAISECOM Gateway Devices CVE-2024-7120
https://isc.sans.edu/diary/Exploitation%20of%20RAISECOM%20Gateway%20Devices%20Vulnerability%20CVE-2024-7120/31292
Cellopoint Vulnerability CVE-2024-9043
https://www.twcert.org.tw/en/cp-139-8103-b0568-2.html
Cisco Smart Licensing Vulnerability Details
https://starkeblog.com/cve-wednesday/cisco/2024/09/20/cve-wednesday-cve-2024-20439.html
Ivanti Virtual Traffic Manager Exploited
https://www.cisa.gov/known-exploited-vulnerabilities-catalog
GNU Linux Systems Possible Critical Vulnerability
https://securityonline.info/severe-unauthenticated-rce-flaw-cvss-9-9-in-gnu-linux-systems-awaiting-full-disclosure/ -
Phishing Links With @ Sign
https://isc.sans.edu/diary/Phishing%20links%20with%20%40%20sign%20and%20the%20need%20for%20effective%20security%20awareness%20building/31288
Kaspersky Deletes Itself Installs UltraAV Antivirus Without Warning
https://www.bleepingcomputer.com/news/security/kaspersky-deletes-itself-installs-ultraav-antivirus-without-warning/
Microchip ASF tinydhcp Vulnerability
https://kb.cert.org/vuls/id/138043 -
Windows Server Update Services Deprecation
https://techcommunity.microsoft.com/t5/windows-it-pro-blog/windows-server-update-services-wsus-deprecation/ba-p/4250436
Windows Server 2025 Hotpatches
https://techcommunity.microsoft.com/t5/windows-server-news-and-best/now-in-preview-hotpatch-for-windows-server-2025/ba-p/4248296
Google Suggests Not Using WHOIS for Certificate Validation
https://lists.cabforum.org/pipermail/servercert-wg/2024-September/004821.html
Versa Director Vulnerability
https://security-portal.versa-networks.com/emailbulletins/66e4a8ebda545d61ec2b1ab9
Apache Hugegraph Vulnerability Exploited
https://nvd.nist.gov/vuln/detail/CVE-2024-27348 -
Fake GitHub Site Targeting Developers
https://isc.sans.edu/diary/Fake%20GitHub%20Site%20Targeting%20Developers/31282
Ivanti CSA 4.6 Advisory
https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-CSA-4-6-Cloud-Services-Appliance-CVE-2024-8963?language=en_US
German Police Deanonymizes Tor User
https://blog.torproject.org/tor-is-still-safe/
Ever wonder how crooks get the credentials to unlock stolen phones?
https://arstechnica.com/security/2024/09/cops-bust-website-crooks-used-to-unlock-1-2-million-stolen-mobile-phones/ -
Python Infostealer Patching Windows Exodus App
https://isc.sans.edu/diary/Python%20Infostealer%20Patching%20Windows%20Exodus%20App/31276
Service Now Knoledge Bases Data Exposures
https://appomni.com/ao-labs/servicenow-knowledge-bases-data-exposures-uncovered/
Gitlab Patch
https://about.gitlab.com/releases/2024/09/17/patch-release-gitlab-17-3-3-released/
Aruba Patch
https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04709en_us&docLocale=en_US -
23:59, Time to Exfiltrate!
https://isc.sans.edu/diary/23%3A59%2C%20Time%20to%20Exfiltrate!/31272
Critical VMWare VCenter Vulnerability
https://blogs.vmware.com/cloud-foundation/2024/09/17/vmsa-2024-0019-questions-answers/
Zero-Click Calendar invite - Critical zero-click vulnerability chain in macOS
https://mikko-kenttala.medium.com/zero-click-calendar-invite-critical-zero-click-vulnerability-chain-in-macos-a7a434fc887b
Google Adds Latest Post Quantum Encryption Standard to Chrome
https://security.googleblog.com/2024/09/a-new-path-for-kyber-on-web.html -
Managing PE Files with Overlays
https://isc.sans.edu/forums/diary/Managing%20PE%20Files%20With%20Overlays/31268/
Apple Updates
https://support.apple.com/en-us/100100
Ivanti EOL Cloud Service Appliances
https://www.cisa.gov/news-events/alerts/2024/09/13/ivanti-releases-security-update-cloud-services-appliance
Microsoft Revises September Update
https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2024-43461
DLink Vulnerabilities
https://www.twcert.org.tw/en/cp-139-8081-3fb39-2.html
https://www.twcert.org.tw/en/cp-139-8091-bcd52-2.html
https://www.twcert.org.tw/en/cp-139-8089-32df6-2.html -
Finding Honeypot Clusters Using DBSCAN
https://isc.sans.edu/diary/Finding%20Honeypot%20Data%20Clusters%20Using%20DBSCAN%3A%20Part%202/31194
Auto IT Credential Flusher
https://research.openanalysis.net/credflusher/kiosk/stealer/stealc/amadey/autoit/2024/09/11/cred-flusher.html
Ivanti Patches
https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Cloud-Service-Appliance-CSA-CVE-2024-8190?language=en_US
https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29847-deep-dive-ivanti-endpoint-manager-agentportal-deserialization-of-untrusted-data-remote-code-execution-vulnerability/
File Sender Vulnerability
https://filesender.org/vulnerability-in-filesender-versions-below-2-49-and-3-x-beta/
Docker Patches
https://docs.docker.com/desktop/release-notes/#4342 -
Compromise of old hostname .mobi whois server
https://labs.watchtowr.com/we-spent-20-to-achieve-rce-and-accidentally-became-the-admins-of-mobi/
Microsoft Reconsidering Security Tool API
https://blogs.windows.com/windowsexperience/2024/09/12/taking-steps-that-drive-resiliency-and-security-for-windows-customers/
Microsoft implents PQC in SymCrypt
https://techcommunity.microsoft.com/t5/security-compliance-and-identity/microsoft-s-quantum-resistant-cryptography-is-here/ba-p/4238780
GitLab Patch
https://about.gitlab.com/releases/2024/09/11/patch-release-gitlab-17-3-2-released/#execute-environment-stop-actions-as-the-owner-of-the-stop-action-job -
Critical Loadmaster Security Vulnerability
https://support.kemptechnologies.com/hc/en-us/articles/29196371689613-LoadMaster-Security-Vulnerability-CVE-2024-7591
HA Proxy Patch
https://www.mail-archive.com/haproxy%40formilux.org/msg45280.html
Akira Ransomware Campaign Targeting Sonicwall SSLVPN Accounts
https://arcticwolf.com/resources/blog/arctic-wolf-observes-akira-ransomware-campaign-targeting-sonicwall-sslvpn-accounts/
Kibana Deserializatio Vulnerability
https://discuss.elastic.co/t/kibana-8-15-1-security-update-esa-2024-27-esa-2024-28/366119
Stately Taurus Abuses VSCode
https://unit42.paloaltonetworks.com/stately-taurus-abuses-vscode-southeast-asian-espionage/ -
Password Cracking Energy: More Details
https://isc.sans.edu/diary/Password%20Cracking%20%26%20Energy%3A%20More%20Dedails/31242
Python Notpad ++
https://isc.sans.edu/diary/Python%20%26%20Notepad%2B%2B/31240
Fake LinkedIn Job Ads
https://cloud.google.com/blog/topics/threat-intelligence/examining-web3-heists/
Android Crypto Passphrase Stealer with OCR
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-android-spyagent-campaign-steals-crypto-credentials-via-image-recognition/
Sextortion Scam Now use Your Chating Spouses Name as a Lure
https://www.bleepingcomputer.com/news/security/sextortion-scam-now-use-your-cheating-spouses-name-as-a-lure/ -
Enrichment Data: Keeping it Fresh
https://isc.sans.edu/diary/Enrichment%20Data%3A%20Keeping%20it%20Fresh/31236
Veeam Update
https://www.veeam.com/kb4649
New OFBiz Vulnerabilities
https://www.rapid7.com/blog/post/2024/09/05/cve-2024-45195-apache-ofbiz-unauthenticated-remote-code-execution-fixed/
Cisco Smart License Manager Patches
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cslu-7gHMzWmw -
Scans for Moodle Learning Platform Following Recent Update
https://isc.sans.edu/diary/Scans+for+Moodle+Learning+Platform+Following+Recent+Update/31230
PyPi Rivival HiJack
https://jfrog.com/blog/revival-hijack-pypi-hijack-technique-exploited-22k-packages-at-risk/
Android Updates
https://source.android.com/docs/security/bulletin/2024-09-01
Mediatec WAPPD PoC Exploit
https://blog.coffinsec.com/0day/2024/08/30/exploiting-CVE-2024-20017-four-different-ways.html#wrapping-up -
Protected OOXML Text Documents
https://isc.sans.edu/diary/Protected%20OOXML%20Text%20Documents/31078
Sextortion E-Mails with Photos
https://krebsonsecurity.com/2024/09/sextortion-scams-now-include-photos-of-your-home/
Zyxel OS Command Injection Vulnerability
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-os-command-injection-vulnerability-in-aps-and-security-router-devices-09-03-2024
D-Link DIR-846W Unpatched RCE Vulnerabilities
https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10411
VMWare Priviledge Escalation Vulnerability CVe-2024-38811
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24939
YubiKey Sidechannel Attack
https://ninjalab.io/wp-content/uploads/2024/09/20240903_eucleak.pdf
https://www.yubico.com/support/security-advisories/ysa-2024-03/ - Показать больше