Cybersecurity information flow

大家都说这个漏洞是上传漏洞，其实这个不是上传漏洞，是远程文件下载漏洞。

文章总结推荐了本周的热点资讯、安全事件、一周好文和省心工具，保证大家不错过本周的每一个重点！

Minio is a Multi-Cloud Object Storage framework. In a cluster deployment starting with RELEASE.2019-12-17T23-16-33Z and prior to RELEASE.2023-03-20T20-16-18Z, MinIO returns all environment variables, including `MINIO_SECRET_KEY` and `MINIO_ROOT_PASSWORD`, resulting in information disclosure. All users of distributed deployment are impacted. All users are advised to upgrade to RELEASE.2023-03-20T20-16-18Z.
[GitHub]minio敏感信息泄露

On March 29th 2023, CrowdStrike published a blog outlining a supply chain attack leveraging the 3CXDesktopApp - a softphone application from 3CX. The ThreatLabz Team immediately started hunting for IoCs on the Zscaler Cloud.
We observed infections dating back to February 2023 for both the Windows as well as the MacOS variant of the Trojanized 3CXDesktopApp installers.
Fig.1 - Infections dating back to February 2023 in Zscaler Cloud
In this case the Threat Actors targeted various industry verticals such as:
Technology Services Manufacturing and more
Further let’s analyze the Infection Chain for the 3CX Supply Chain Attack:
Infection Chain:
Fig.2 - Infection Chain
The Infection chain begins with the software update routine where the 3CXDesktopApp calls the “Update.exe --update <3cx_update_url>” from its bundle to fetch the updates. This then downloads the valid signed Malicious 3CX MSI installer and the Affected 3CX MAC Application as required in the form of an update package on the victim’s machine as shown in

Happy World Backup Day everyone!
What, you didn't know it was World Backup Day? Hmmm, perhaps that's not a surprise. If there was an award for "most overlooked really important thing in computing", backups would win. Every year.
So let's put that right this year and spend a minute or two of World Backup Day thinking about backups. Backups are great! Having backups is like having a do-over for your mistakes, and who hasn't wished for that? And they can keep you safe too. Good computer security means creating layers of protection that overlap and cover each others' backs. The final layer is your backups. They're a "get out of jail free" card you can play if any of your files are destroyed, deleted, or corrupted by malware.
To get you off on the right foot we've got three tips: A beginner tip, an intermediate tip, and an advanced tip.
1. Make backups
Yes, our first tip really is "make backups". Why? Because backups are the dental floss of cybersecurity—the thing that everyone knows they should do, that everyone 

Backups are an organization's last line of defense against ransomware, because comprehensive, offline, offsite backups give you a chance to restore or rebuild your computers without paying a criminal for a decryption key.
Unfortunately, many organizations don't realize how important it is to make backups until it's too late. And it's all-too-common for those that do take regular backups to discover too late that they aren't fit for purpose.
Why? Because backups are hard to get right.
In September 2021, Malwarebytes spoke with Matt Crape from VMWare to find out why backups are so hard, why they fail, and what to do about it. This World Backup Day, we thought we'd revisit his advice for creating a more consistent, stable, and resilient backup process. Here are three essential things every organization can ponder today.
1. Know what you're trying to achieve
Good backups start with a clear understanding of what your organization needs them to do. From that, you can determine what needs to be backed up, why, how f

C# obfuscator that bypass windows defender

HardBit 勒索软件会利用“双重勒索”加密受害者的文件来勒索赎金，如果不支付赎金就会威胁发布相关敏感信息与数据。

This week’s healthcare data breach roundup includes a massive vendor incident, a ransomware attack, and yet another provider reporting a pixel-related patient data exposure.
Article Link: Healthcare vendor reports breach from 2021, at least 9 providers impacted | SC Media
1 post - 1 participant
Read full topic

tui-rs revival project

Compile-time, Usermode + Kernelmode, safe and lightweight string crypter library for C++11+

Written by Ralph Losey with some help from ChatGPT-4. Illustrations by Losey using Midjourney or Dall-E. Chat GPT-4 now estimates, and I agree, that there is a 5-10% chance that The Singularity will occur in the next five years. Considering the profound implications, a possibility as high as 10% is motivating as hell. We need […]
Article Link: Start Preparing For “THE SINGULARITY.” There is a 5% to 10% chance it will be here in five years. Part 1 | e-Discovery Team ®
1 post - 1 participant
Read full topic

The hackers stole 4,822,580 customers' personal information, including their names, dates of birth, passport numbers, driver's license numbers, federal and state identification card numbers, tax identification numbers, social security numbers, and financial account information.
Article Link: High-cost lender TMX Finance data breach affects nearly 5 million customers | SC Media
1 post - 1 participant
Read full topic

Source code for Twitter's Recommendation Algorithm

中文版的ai地牢，直接使用的openai的ChatGPT api作为讲故事的模型。

If you ever looked at IDA ARM module’s processor-specific settings, you may have been puzzled by the option “Disable BL jumps detection”. What is it and when to use it? Background The ARM instruction set initially used fixed-width 32-bit instructions. The relative branch instruction, B, allocated 24 bits for the offset, giving it a range of ±32MB. Some [...]

影响厂商:GitHub Security Lab 奖励:5500.0USD 危险等级:high

影响厂商:GitHub Security Lab 奖励:2300.0USD 危险等级:medium

Article Link: [Control systems] ABB security advisory (AV23-180) - Canadian Centre for Cyber Security
1 post - 1 participant
Read full topic

Technical glitch during a scheduled upgrade affected all automated immigration clearance systems and led to rare delays at Singapore’s Changi Airport, which recently was again named the world’s best airport.
Article Link: Glitch in system upgrade identified as cause of delays at Singapore immigration | ZDNET
1 post - 1 participant
Read full topic

Orca Security details a vulnerability dubbed “Super FabriXss” – a bug researchers said teams should patch immediately if they don’t apply automatic updates.
Article Link: Azure bug, patched this month, could have allowed access to critical systems | SC Media
1 post - 1 participant
Read full topic

On March 29, 2023, security researchers documented a malicious campaign targeting 3CX Desktop App customers. 3CX Desktop App is a software application developed by 3CX, a Voice over Internet Protocol (VoIP) solutions provider with 12M+ daily users. This application is available for Windows, macOS, Linux, and mobile.
Article Link: Technical Advisory: Software Supply Chain Attack Against 3CX Desktop App
1 post - 1 participant
Read full topic

Article Link: Apple security advisory (AV23-179) - Canadian Centre for Cyber Security
1 post - 1 participant
Read full topic

Article Link: CyberChef Recipe to Loop Over Values to Modify and Decode - YouTube
1 post - 1 participant
Read full topic

Article Link: Post-Conference Tech Spec: Why Building Your Ship (Application) with Raw Materials is a Bad Idea
1 post - 1 participant
Read full topic

If you ever looked at IDA ARM module’s processor-specific settings, you may have been puzzled by the option “Disable BL jumps detection”.
What is it and when to use it?
Background
The ARM instruction set initially used fixed-width 32-bit instructions. The relative branch instruction, B, allocated 24 bits for the offset, giving it a range of ±32MB.
Some time later, ARM introduced a a compact 16-bit encoding for a subset of instructions, called Thumb. Because most relative branches occur in the same function, the ±2KB range available for 16-bit B instructions was usually enough. In case longer distance was needed, a longer instruction sequence would have to be generated.
Some compiler writers realized, that the BL instruction, normally used for function calls, can be used for simple branches as well. On ARM, the function calls do not use the stack, so the only side effect of BL as opposed to simple branch is that it sets the LR register to the address following the BL instruction. If the LR is saved at the star

Like most employees, respect is a critical factor for many women, one that helps determine whether they feel welcome or valued in their workplace or a given field. A WiCyS survey suggests one of the primary reasons women don’t stay or advance through the cybersecurity field is the widespread feeling that they’re not given the respect their backgrounds and accomplishments deserve.
Article Link: Lack of respect, career opportunities lead to exclusion for women in cybersecurity  | SC Media
1 post - 1 participant
Read full topic

The Cybereason Defense Platform detects and prevents the ongoing 3CXDesktopApp supply chain attack targeting millions of users of the popular 3CX Voice Over Internet Protocol (VOIP) desktop client.
Article Link: Cybereason Detects and Prevents 3CXDesktopApp Supply Chain Attack
1 post - 1 participant
Read full topic

The Senate Homeland Security and Governmental Affairs Committee voted 11-1 to advance the Improving Digital Identity Act.
Article Link: Lawmakers want to know if the government should validate digital identities | SC Media
1 post - 1 participant
Read full topic