Cybersecurity information flow

Category: DDoS Attack Content: Proof of downtime: https://check-host.net/check-report/13b8243bk821 Source: telegram Source Link: https://t.me/executor_ddos_v2/3705 Threat Actor: EXECUTOR DDOS Victimology Country : India Industry : Social Media & Online Social Networking Organization : antvlovers

Category: Defacement Content: Group claims to defaced the website of NATIONAL SPORTS AUTHORITY Source: telegram Source Link: https://t.me/Cyb3r_Drag0nz/738 Threat Actor: Cyb3r Drag0nz Victimology Country : Sierra Leone Industry : Government Administration Organization : national sports authority sierra leone

Category: Defacement Content: Group claims to defaced the website of The Flying Cakes Source: telegram Source Link: https://t.me/duniamayateam/2827 Threat Actor: DUNIA MAYA TEAM Victimology Country : undefined Industry : Food & Beverages Organization : the flying cakes

影响厂商:curl 奖励: 危险等级:medium

影响厂商:LinkedIn 奖励: 危险等级:medium

影响厂商:LinkedIn 奖励: 危险等级:medium

影响厂商:LinkedIn 奖励: 危险等级:low

影响厂商:b'LinkedIn'(https://hackerone.com/linkedin) 

影响厂商:b'LinkedIn'(https://hackerone.com/linkedin) 

影响厂商:b'LinkedIn'(https://hackerone.com/linkedin) 

影响厂商:b'curl'(https://hackerone.com/curl) 

Versions of the package tough-cookie before 4.1.3 are vulnerable to Prototype Pollution due to improper handling of Cookies when using CookieJar in rejectPublicSuffixes=false mode. This issue arises from the manner in which the objects are initialized.
[GitHub]Researching on the vulnrability CVE-2023-26136

Python tool and library for decrypting MS Office files with passwords or other keys

Generate fully typed Python client for any GraphQL API from schema, queries and mutations

2023年黑灰产攻防最新趋势 https://mp.weixin.qq.com/s/jusqCymbMUSMtMqLntnuMQ
从ChatGPT代码执行逃逸到LLMs应用安全思考 https://mp.weixin.qq.com/s/XAH4y1F0ukyyqdQx_XYhYg
LLMs安全：针对业务模型应用场景下提示词的攻击手段与危害 https://mp.weixin.qq.com/s/2bm7nuXkORLZ20mfpOmwrA
IDA 插件大赛 2023 https://mp.weixin.qq.com/s/yuAz4plaJH1l-IV2Ftjt1Q

Our fourth installation in the Cyberattack Series examines a smishing and social engineering attack and outlines the steps organizations can take to help minimize the risk and prepare for the possibility.
The post Protecting credentials against social engineering: Cyberattack Series appeared first on Microsoft Security Blog.

Discover these three recent customer stories to better understand the full value of becoming cloud native.
The post 3 reasons why now is the time to go cloud native for device management appeared first on Microsoft Security Blog.

In real-world customer engagements, Microsoft Incident Response (Microsoft IR) sees combinations of issues and misconfigurations that could lead to attacker access to customers’ Microsoft Entra ID tenants. Effective protection of a customer’s Entra ID tenant is less challenging than protecting an Active Directory deployment but does require governance and monitoring. Reducing risk and exposure of your most privileged accounts plays a critical role in preventing or detecting attempts at tenant-wide compromise.
The post Microsoft Incident Response lessons on preventing cloud identity compromise appeared first on Microsoft Security Blog.

Category: Malware Content: GEOBOX software for Raspberry Pi 4, emphasizing easy setup via a Windows or Mac app, detailed instructions, and 24/7 tech support. It offers traffic routing, VPN protocol support, DNS flexibility, proxy management, LTE modem support, container setup, and features like Proxy Mimic for IP masking and GPS emulation. The latest release includes […]

最终结果:
代理验证
单目标-存活检测
命令执行（嫖来的）
JNI Windows 命令执行 （嫖来的）
内存马管理（嫖来的）
代理管理
diy_狗洞
Stowaway
Spp 多协议代理 （Quic算法实现的TCP代理）
正向代理
反向代理
代理情况记录：

Category: DDoS Attack Content: Proof of down time: https://check-host.net/check-report/13b7857dkafa Source: telegram Source Link: https://t.me/starsxteam2/403 Threat Actor: StarsX Team Victimology Country : India Industry : Information Technology (IT) Services Organization : porter

Category: Malware Content: Threat actor is offering to add a digital signature to malware, certifying it to evade detection by SmartScreen. They provide a private key certificate and code signature to encrypt the executable file, along with other features like a time-server stamp and SmartScreen bypass. They offer USB token devices, certificates valid for 1-2 […]

Category: Ransomware Content: Group claims to have access to the organizations data. Source: tor Source Link: http://alphvmmm27o3abo3r2mlmjrpdmzle3rykajqc5xsj7j7ejksbpsa36ad.onion/d1f4e251-3b9d-4a88-96d4-c118584657f8 Threat Actor: ALPHV Victimology Country : Germany Industry : Think Tanks Organization : german energy agency (dena)

Red Hat Security Advisory 2023-7602-03 - Red Hat OpenShift Container Platform release 4.13.25 is now available with updates to packages and images that fix several bugs.

Red Hat Security Advisory 2023-7604-03 - Red Hat OpenShift Container Platform release 4.13.25 is now available with updates to packages and images that fix several bugs and add enhancements.

Red Hat Security Advisory 2023-7606-03 - Red Hat OpenShift Container Platform release 4.13.25 is now available with updates to packages and images that fix several bugs and add enhancements.

Red Hat Security Advisory 2023-7653-03 - An update to the images for Red Hat Integration - Service Registry is now available from the Red Hat Container Catalog. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Issues addressed include bypass and denial of service vulnerabilities.

Red Hat Security Advisory 2023-7656-03 - An update for the postgresql:12 module is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include integer overflow and remote SQL injection vulnerabilities.

Red Hat Security Advisory 2023-7662-03 - An update for windows-machine-config-operator-bundle-container and windows-machine-config-operator-container is now available for Red Hat OpenShift Container Platform 4.11. Issues addressed include a privilege escalation vulnerability.

Red Hat Security Advisory 2023-7663-03 - Red Hat OpenShift distributed tracing 3.0.0. Issues addressed include a denial of service vulnerability.