当前节点:rss
时间节点
2022年6月22日 01:36Stories by SAFARAS K A on Medi
What are Supply Chains Attacks
Continue reading on InfoSec Write-ups »
什么是供应链攻击
继续阅读资讯安全网的文章”
2022年6月22日 01:36Stories by SAFARAS K A on Medi
Infosec Weekly #2 — Docker, Google Dorks, Bug Bounty and other interesting Infosec stuff.
Hey 👋
Welcome to the second edition of the Infosec Weekly — a brand new newsletter bringing to you the best and latest in Infosec straight to your inbox every Monday.
Hope you had a great weekend. We had a super fun time curating the most interesting Infosec-related content to help you learn something new and think out of the box.
Excited? Let’s dive in 👇
Here are some interesting articles and lessons for you hand-picked by our team:
#1 — Read about docker via Disabling privileged accounts, Creating Read-Only file system and Preventing Inter Container Communication.
#2 — Learn how to find sensitive information like credentials and webcams using google dorks.
#3 — Find out how to intercept Emulator Traffic using magisk.
#4 — Did you know there was a way to bypass the 2FA of Instagram using the reset password feature? This bounty hunter was awarded 3150$ for it! Read this to know the details.
#5 — Learn about how misconfig
2022年6月22日 01:35Microsoft Security Blog
To disrupt human-operated ransomware attacks as early as possible, we enhanced the AI-based protections in Microsoft Defender for Endpoint with a range of specialized machine learning techniques that swiftly identify and block malicious files, processes, or behavior observed during active attacks.
The post Improving AI-based defenses to disrupt human-operated ransomware appeared first on Microsoft Security Blog.
为了尽早破坏人工操作的勒索软件攻击,我们在 Microsoft Defender for Endpoint 中加强了基于 AI 的保护,采用了一系列专门的机器学习技术,可以快速识别和阻止在主动攻击期间观察到的恶意文件、进程或行为。
改进基于人工智能的防御系统以破坏人类操作的勒索软件最早出现在微软安全博客上。
2022年6月22日 01:31burp
Scores of security issues in industrial control systems unveiled
工业控制系统安全问题揭晓
2022年6月22日 01:10malware.news
A recording of a special Malicious Live Ask Us Anything event to celebrate the 5 year anniversary of the show: How did Malicious Life come to be? How do we choose the stories we tell? Who was Ran's most memorable guest? And why does Nate keep inserting weird names into the scripts? Check it out…
Article Link: Malicious Life Podcast: Celebrating Five Years of Malicious Life
1 post - 1 participant
Read full topic
一个特殊的恶意生活问我们任何事件的纪念节目5周年: 恶意生活是如何来的?我们如何选择我们要讲的故事?小兰最难忘的客人是谁?内特为什么一直往剧本里加奇怪的名字?看看这个。
文章链接: 恶意生活播客: 庆祝恶意生活五周年
1名1职参与者
阅读完整主题
2022年6月22日 00:40malware.news
Microsoft’s deep understanding of human-operated ransomware attacks, which are powered by a thriving cybercrime gig economy, continuously informs the solutions we deliver to protect customers. Our expert monitoring of threat actors, investigations into real-world ransomware attacks, and the intelligence we gather from the trillions of signals that the Microsoft cloud processes every day provide a unique insight into these threats. For example, we track human-operated ransomware attacks not only as distinct ransomware payloads, but more importantly, as a series of malicious activities that culminate in the deployment of ransomware. Detecting and stopping ransomware attacks as early as possible is critical for limiting the impact of these attacks on target organizations, including business interruption and extortion.
To disrupt human-operated ransomware attacks as early as possible, we enhanced the AI-based protections in Microsoft Defender for Endpoint with a range of specialized machine learning techniques th
2022年6月22日 00:40malware.news
The action day on 21 June 2022 led to: 9 arrests in the Netherlands 24 house searches in the Netherlands Seizures including firearms, ammunition, jewellery, electronic devices, cash and cryptocurrency The criminal group contacted victims by email, text message and through mobile messaging applications. These messages were sent by the members of the gang and contained a phishing link leading…
Article Link: Phishing gang behind several million euros worth of losses busted in Belgium and the Netherlands | Europol
1 post - 1 participant
Read full topic
2022年6月21日的行动日导致: 荷兰9人被捕,荷兰24次房屋搜查,包括枪支、弹药、珠宝、电子设备、现金和加密货币。这些信息是帮派成员发送的包含一个钓鱼链接,指向..。
文章链接: 在比利时和荷兰破获的价值数百万欧元损失背后的网络钓鱼团伙 | 欧洲刑警组织
1名1职参与者
阅读完整主题
2022年6月22日 00:10malware.news
A researcher has published a Proof-of-Concept (PoC) for an NTLM relay attack dubbed DFSCoerce. The method leverages the Distributed File System: Namespace Management Protocol (MS-DFSNM) to seize control of a Windows domain.
Active Directory
A directory service is a hierarchical arrangement of objects which is structured in a way that makes access easy. Windows Active Directory (AD) is a directory service provided by Microsoft and developed for Windows domains. Basically, it is a central database which gets contacted before a user is granted access to a resource or a service. Organizations primarily use AD to perform authentication and authorization.
Many large organizations depend on Windows Active Directory (AD) to maintain order in the mountain of work involved in managing users, computers, permissions, and file servers.
NTLM
NTLM is short for New Technology LAN Manager. NTLM is the successor to the authentication protocol in Microsoft LAN Manager (LANMAN). NTLM is a protocol that uses a challenge and respo
2022年6月22日 00:10malware.news
Overview
Defenders must constantly stay aware of the latest attacker trends to ensure their organizations’ assets are protected. In recent years, leveraging commonly found binaries on Windows/Linux systems has become more popular with offensive security professionals. The methodology of “living off the land,” and using a system’s native binaries is attractive to adversaries and red teamers alike. After all, why would one increase their forensic footprint by introducing a new tool when a comparable option is shipped by default on popular operating systems? This tradecraft methodology has spawned numerous blog posts, tweets, and notably two Github repositories([0][1]) tracking numerous ways to achieve various steps of the attacker’s kill chains without introducing new tools.
The previously mentioned Github repositories largely focus on traditional Windows/Linux binaries. With the growth of various DevOps tools around administrating Kubernetes, Lacework Labs has identified techniques that defenders need to be aw
2022年6月22日 00:10malware.news
Posted by Jan Keller, Technical Entertainment Manager, Bug Hunters






Are you ready to put your hacking skills to the test? It’s Google CTF time!

The competition kicks off on July 1 2022 6:00 PM UTC and runs through July 3 2022 6:00 PM UTC. Registration is now open at Google CTF.

In true old Google CTF fashion, the top 8 teams will qualify for our Hackceler8 speedrunning meets CTFs competition. The prize pool stands similar to previous years at more than $40,000.







We can’t wait to see whether PPP will be able to defend their crown. For those of you looking to satisfy your late-night hacking hunger: past year’s challenges, including Hackceler8 2021 matches, are open-sourced here. On top of that there are hours of Hackceler8 2020 videos to watch!

If you are just starting out in this space, last year’s Beginner’s Quest is a great resource to get started. For later in the year, we have something mysterious planned - stay tuned to find out more!

Whether you’re a seasoned CTF player or just curious abo
2022年6月21日 23:40Packet Storm
Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers. This is the source code release.
Wireshark 是一个基于 GTK + 的网络协议分析器,它允许您捕获和交互式浏览网络帧的内容。该项目的目标是为 Unix 和 Win32创建一个商业质量分析器,并为 Wireshark 提供闭源嗅探器所缺少的特性。这是源代码发布版。
2022年6月21日 23:40Packet Storm
Red Hat Security Advisory 2022-5132-01 - Updated images are now available for Red Hat Advanced Cluster Security for Kubernetes (RHACS). The updated image includes bug and security fixes.
红帽安全咨询2022-5132-01-更新的图像现在可用于红帽高级集群安全的 Kubernetes (RHACS)。更新后的映像包括 bug 和安全修复。
2022年6月21日 23:40Packet Storm
Ubuntu Security Notice 5487-1 - It was discovered that Apache HTTP Server mod_proxy_ajp incorrectly handled certain crafted request. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack. It was discovered that Apache HTTP Server incorrectly handled certain request. An attacker could possibly use this issue to cause a denial of service. It was discovered that Apache HTTP Server incorrectly handled certain request. An attacker could possibly use this issue to cause a crash or expose sensitive information.
Ubuntu 安全公告5487-1-发现 Apache HTTP Server mod _ xy _ ajp 错误地处理了某些精心设计的请求。远程攻击者可能会使用这个问题来执行 HTTP 请求走私攻击。我们发现 Apache HTTP Server 错误地处理了某些请求。攻击者可能会利用这个问题引发分布式拒绝服务攻击。我们发现 Apache HTTP Server 错误地处理了某些请求。攻击者可能使用这个问题导致崩溃或暴露敏感信息。
2022年6月21日 23:40Packet Storm
OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.
OpenSSL 是一个健壮的、功能齐全的开放源码工具包,在全球范围内使用全功能加密技术实现传输层安全(SSL v2/v3)和传输层安全(tLS v1)协议。
2022年6月21日 23:40Packet Storm
2022年6月21日 23:40Packet Storm
2022年6月21日 23:40Packet Storm
2022年6月21日 23:40Packet Storm
2022年6月21日 23:40Packet Storm
2022年6月21日 23:40malware.news
Delivery company says “technical issues” caused by a “cyber incident” is disrupting deliveries and is “working around the clock” to resolve it.
Article Link: Yodel blames "cyber incident" for disruption and parcel tracking problems | ZDNet
1 post - 1 participant
Read full topic
快递公司表示,由“网络事件”引发的“技术问题”正在扰乱快递,并正在“昼夜不停地工作”以解决这一问题。
文章链接: 约德尔指责“网络事件”扰乱和包裹跟踪问题 | ZDNet
1名1职参与者
阅读完整主题
2022年6月21日 23:40malware.news
One of our goals is to provide data to “color your logs” (or “Augment” them, as vendors may say). I have been experimenting with various ways to get simplified access to “domain age” data for a while now. This means not just data about new domains but how old a particular domain is. It may be an interesting parameter to add to when investigating.
Article Link: InfoSec Handlers Diary Blog - SANS Internet Storm Center
1 post - 1 participant
Read full topic
我们的目标之一是提供数据来“给日志上色”(或者像供应商可能说的那样“增加”日志)。我一直在尝试各种方法,以获得简化访问“域时代”的数据一段时间了。这不仅意味着关于新域的数据,还意味着特定域的年龄。这可能是一个有趣的参数添加时,调查。
文章链接: InfoSec 处理者日记博客-SANS 互联网风暴中心
1名1职参与者
阅读完整主题
2022年6月21日 23:40malware.news
In a recent campaign, APT28, an advanced persistent threat actor linked with Russian intelligence, set its sights on Ukraine, targeting users with malware that steals credentials stored in browsers.
APT28 (also known as Sofacy and Fancy Bear) is a notorious Russian threat actor that has been active since at least 2004 with its main activity being collecting intelligence for the Russian government. The group is known to have targeted US politicians, and US organizations, including US nuclear facilities.
On June 20 2022, Malwarebytes Threat Intelligence identified a document that had been weaponized with the Follina (CVE-2022-30190) exploit to download and execute a new .Net stealer first reported by Google. The discovery was also made independently by CERT-UA.
Follina is a recently-discovered zero-day exploit that uses the ms-msdt protocol to load malicious code from Word documents when they are opened. This is the first time we’ve observed APT28 using Follina in its operations.
The malicious document
The mald
2022年6月21日 23:36Stories by SAFARAS K A on Medi
This was an easy-difficulty Linux box that required basic scanning and enumeration to gain a foothold on the machine and get the user flag. The privilege escalation to root was also a relatively simple process and required using the Linux privilege escalation called CVE-2021–3560 (i.e. Polkit).
Enumeration
I started enumerating the target machine by performing a quick scan with NMAP to identify any open ports:
nmap -T5 --open -sS -vvv --min-rate=300 --max-retries=3 -p- -oN all-ports-nmap-report 10.10.11.143
PORT STATE SERVICE REASON
22/tcp open ssh syn-ack ttl 63
80/tcp open http syn-ack ttl 63
443/tcp open https syn-ack ttl 63
The scan identified three ports open (i.e. port 22, 80, and 443). I next used NMAP to identify the services running on each port and used the common NSE scripts to find any common vulnerabilities that I could exploit:
nmap -sV -sC -Pn -v -oN nmap-report -p 22,80,443 10.10.11.143
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 8.0 (protocol 2.0)
| ssh-hostkey:
| 2048 10:05:ea:50:56:a
2022年6月21日 23:36Stories by SAFARAS K A on Medi
Telangana, Andhra Pradesh, Karnataka, Himachal Pradesh & Kerala — All Government bus services were hacked
Hi Hackers! Welcome back to my new write-up. My name is Krishnadev P Melevila. I am a 20-Year-old Self-Learned Ethical Hacker.
To know more about me search my name on google.
Today The write-up is about a ticket booking software used by 5 state governments of India for its road transport corporation.
So without wasting time let’s start.
Vulnerability: IDOR And Sensitive Information Disclosure
Impact: CRITICAL
Risks: DATA LEAK and IMPROPER AUTHENTICATION
Priority: P0
SCOPE: Email, Phone, PNR, Booking ID etc.. leaking, Other user ticket cancellation, Fetch Other Users Tickets etc…
Steps to reproduce in attackers POV:
1. Register an account on KSRTC(https://online.keralartc.com/)
2. Then login with that newly created id and visit this link
https://online.keralartc.com/oprs-web/print/tickets.do?id=5545107
3. Without any authentication, You can see the ticket details. By changing the ‘Id’ Parameter on the URL,
2022年6月21日 23:36Stories by SAFARAS K A on Medi
What are Supply Chains Attacks
Continue reading on InfoSec Write-ups »
什么是供应链攻击
继续阅读资讯安全网的文章”
2022年6月21日 23:35Stories by SAFARAS K A on Medi
Telangana, Andhra Pradesh, Karnataka, Himachal Pradesh & Kerala — All Government bus services were hacked
Hi Hackers! Welcome back to my new write-up. My name is Krishnadev P Melevila. I am a 20-Year-old Self-Learned Ethical Hacker.
To know more about me search my name on google.
Today The write-up is about a ticket booking software used by 5 state governments of India for its road transport corporation.
So without wasting time let’s start.
Vulnerability: IDOR And Sensitive Information Disclosure
Impact: CRITICAL
Risks: DATA LEAK and IMPROPER AUTHENTICATION
Priority: P0
SCOPE: Email, Phone, PNR, Booking ID etc.. leaking, Other user ticket cancellation, Fetch Other Users Tickets etc…
Steps to reproduce in attackers POV:
1. Register an account on KSRTC(https://online.keralartc.com/)
2. Then login with that newly created id and visit this link
https://online.keralartc.com/oprs-web/print/tickets.do?id=5545107
3. Without any authentication, You can see the ticket details. By changing the ‘Id’ Parameter on the URL,
2022年6月21日 23:33Light Blue Touchpaper
I’m at the twenty-first Workshop on the Economics of Information Security, hosted by the University of Tulsa. I’ll be liveblogging the sessions in followups to this post. There’s a live stream for which you can register here.
我正在参加由塔尔萨大学主办的第二十一届信息安全经济学研讨会。我将会在这篇文章的后续部分中实时记录这些会话。你可以在这里注册一个直播流。
2022年6月21日 23:31burp
Iconic hot tub manufacturer addresses flaws that also apparently exposed numerous backend services
标志性的热水浴缸制造商解决的缺陷,显然也暴露了大量的后端服务
2022年6月21日 23:10malware.news
Attackers use container escape techniques when they manage to control a container so the impact they can cause is much greater. This’s why it is a recurring topic in infosec and why it is so important to have tools like Falco to detect it.
Container technologies rely on various features such as namespaces, cgroups, SecComp filters, and capabilities to isolate services running on the same host and apply the least privileges principle.
Capabilities provide a way to limit the level of access a container can have, splitting the power of the root user into more granular units. However, they are often misconfigured, granting excessive privileges to processes and threads.
CVEs published in recent years have shown that those features can be misconfigured and lead an attacker to escape and escalate the privilege inside the container and the host. Here, we indicate some container breakout vulnerabilities:
CVE-2022-0847: “Dirty Pipe” Linux Local Privilege Escalation.
CVE-2022-0492: Privilege escalation vulnerability cau
2022年6月21日 22:40blog.badsectorlabs.com每周安全新闻
ASP .NET audit (@frycos), iOS ROP ⛓️ (@inversecos), EnumDisplayMonitors to run 🐚code (@Marco_Ramilli), pcap for problem solving (@DebugPrivilege), RPC vuln (@s1ckb017), 🎣 for persistence (@matterpreter), Azure attack paths (@ZephrFish), and more!
ASP.NET 审计(@frycos) ,iOS ROP something (@versecos) ,EnumDisplayMonitor 运行代码(@Marco _ Ramilli) ,解决问题的 pcap (@DebugPrivilege) ,RPC vuln (@s1ckb017) ,持久性(@matterpreter) ,Azure 攻击路径(@ZephrFish) ,等等!
2022年6月21日 22:40malware.news
Popular United Kingdom package delivery service Yodel has been hit with a cyberattack disrupting service.
In a statement to The Record, a spokesperson for the company said it is dealing with a “cyber incident” that has impacted its package tracking services.
“As soon as we detected the incident, we launched an investigation, led by our internal IT division and supported by an external IT forensics group. We are working to restore tracking as quickly as we can and have engaged with all relevant authorities,” the spokesperson said.
“Yodel would like to sincerely apologize to their clients and their customers for any disruption this incident may have caused, and reassure them that the team are working around the clock to resolve this incident.”
Customers of the company have flooded social media to complain about delivery delays and a lack of responsiveness from Yodel about the issues.
Day number 4 of sitting in waiting for a parcel thats nowhere to be seen! No tracking info, nothing. Any idea as to what’s going 
2022年6月21日 22:10malware.news
The House version of the annual defense policy bill would create a new effort for federal agencies and private industry to share data on digital threats in order to potentially get ahead of hacks.
The proposal to create the “Cyber Threat Environment Collaboration Program” was included in the chairman’s mark of the House Armed Services Committee’s annual defense authorization bill that was publicly released on Monday.
Panel members are expected to spend all of Wednesday marking up the measure, which details $802.4 billion in defense spending next year. The full House could vote on the legislation as soon as next month.
The new program would direct the heads of the Homeland Security and Defense departments, along with the Director of National Intelligence and the director of the National Security Agency, to “develop an information collaboration environment that enables entities to identify, mitigate, and prevent malicious cyber activity.
“The collaboration environment would provide limited access to appropriate
2022年6月21日 22:10malware.news
Security researchers have discovered 56 new vulnerabilities – collectively known as “ICEFALL” – that affect several of the largest operational technology (OT) equipment manufacturers supplying critical infrastructure organizations.
The vulnerabilities affect Siemens, Motorola, Honeywell, Yokogawa, ProConOS, Emerson, Phoenix Contract, Bentley Nevada, Omron and JTEKT. Discovered by researchers with Forescout, the 56 vulnerabilities were disclosed in coordination with the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and other government agencies around the world.
The vulnerabilities are broken down into four general categories: Insecure engineering protocols, weak cryptography or broken authentication schemes, insecure firmware updates and remote code execution via native functionality.
Daniel dos Santos, head of security research at Forescout, told The Record that the most concerning CVEs were those related to insecure engineering protocols because they are “prime examples of lack of security co
2022年6月21日 22:10malware.news
No, you really don’t have a new voicemail.
Article Link: These fake voicemail phishing emails want to steal your passwords | ZDNet
1 post - 1 participant
Read full topic
不,你真的没有新的语音信箱。
文章链接: 这些虚假的语音邮件钓鱼电子邮件想窃取您的密码 | ZDNet
1名1职参与者
阅读完整主题
2022年6月21日 22:10malware.news
Want to make sure your code is safe? Slim.AI helps you secure your containerized programs with its “Four S Approach” – Software Bill of Materials (SBOM), signing, slimming, and sharing.
Article Link: Slim.AI introduces beta software supply chain container security as a service | ZDNet
1 post - 1 participant
Read full topic
要确保您的代码是安全的吗?AI 通过其“四个 S 方法”——软件材料清单(SBOM)、签名、瘦身和共享,帮助您保护您的容器化程序。
文章链接: Slim.AI 推出 Beta 软件供应链集装箱安全服务 | ZDNet
1名1职参与者
阅读完整主题
2022年6月21日 22:10malware.news
Summary
Our approach is looking to reveal the findings only based on the DOS executable that can be downloaded from https://www.dosgamesarchive.com/file/mario-and-luigi/marioandluigi/. The source code of the game is also available at https://www.dosgamesarchive.com/file/mario-and-luigi/mariosrc/. The game was written in Pascal, and we’ll explain the DOS interrupts and the relevant instructions/functions that could be identified.
Technical analysis
The executable can’t run on a Windows 10 machine, and it needs to be emulated using an emulator such as DOSBox:
Figure 1
We were surprised to find out that the game was packed using a well-known packer called UPX:
Figure 2
We’ve decompressed the file using old versions of UPX as well as newer versions. Unfortunately, after unpacking the executable, the new file couldn’t be emulated using DOSBox because it raises the “Runtime error 201” range check error in Pascal:
Figure 3
DOSBox has a basic debugger that can be used to debug the initial packed executable; however, 
2022年6月21日 21:40malware.news
Inadvertently Disclosed Warrant Application Against Apple in a Criminal Investigation Against Retired Marine General Reveals Latest DOJ Search Procedures, the Dangers of Pacer and Too Much Court Record Transparency, and Much More- Part One According to a June 7, 2022, New York Times report: Federal prosecutors have obtained records indicating that John R. Allen, the […]
Article Link: Examining a Leaked Criminal Warrant for Apple iCloud Data in a High Profile Case – Part One | e-Discovery Team ®
1 post - 1 participant
Read full topic
在针对退役海军陆战队将军的刑事调查中,无意中披露的针对苹果的逮捕令申请披露了司法部最新的搜查程序,步行的危险和法庭记录透明度过高,以及更多——第一部分据2022年6月7日《纽约时报》报道: 联邦检察官已经获得的记录显示,约翰 · R · 艾伦(John R. Allen)
文章链接: 在一个备受瞩目的案件中审查苹果 iCloud 数据泄露的刑事逮捕令-第一部分 | e-Discovery Team
1名1职参与者
阅读完整主题
2022年6月21日 21:10malware.news
Microsoft adds devices from Intel, Lenovo and Asus to its list of internet-connected devices certified as secure.
Article Link: Microsoft wants to improve IoT security with Edge Secured-core devices | ZDNet
1 post - 1 participant
Read full topic
微软(Microsoft)将英特尔(Intel)、联想(Lenovo)和华硕(Asus)的设备添加到其认证为安全的互联网连接设备名单中。
文章链接: 微软希望通过边缘安全核心设备来提高物联网的安全性
1名1职参与者
阅读完整主题
2022年6月21日 21:10malware.news
Security update addresses issues in Windows 10 and Windows 11 Arm devices since Patch Tuesday.
Article Link: Microsoft: This out-of-band Windows security update fixes Microsoft 365 sign-in issues for Arm devices | ZDNet
1 post - 1 participant
Read full topic
安全更新解决了自“周二修补程序”以来 Windows10和 Windows11Arm 设备中的问题。
文章链接: Microsoft: 这个带外 Windows 安全更新修复了 ARM 设备的 Microsoft 365登录问题 | ZDNet
1名1职参与者
阅读完整主题
2022年6月21日 21:10malware.news
They might not be the hottest topics in the cybersecurity realm anymore, but they are still a problem.
Article Link: Magecart attacks are still around. And they are becoming more stealthy | ZDNet
1 post - 1 participant
Read full topic
它们可能不再是网络安全领域最热门的话题,但它们仍然是一个问题。
文章链接: 魔术车攻击仍然存在。而且他们正在变得更加隐秘
1名1职参与者
阅读完整主题
2022年6月21日 20:40malware.news
By Flavio Costa, Chris Neal and Guilherme Venere.
In a recent customer engagement, we observed a month-long AvosLocker campaign. The attackers utilized several different tools, including Cobalt Strike, Sliver and multiple commercial network scanners. The initial ingress point in this incident was…



[[ This is only the beginning! Please visit the blog for the complete entry ]]
Article Link: Cisco Talos Intelligence Group - Comprehensive Threat Intelligence: Avos ransomware group expands with new attack arsenal
1 post - 1 participant
Read full topic
By Flavio Costa,Chris Neal and Guilherme Venere 作者: Flavio Costa,Chris Neal and Guilherme Venere。
在最近的一次客户接触中,我们观察到了为期一个月的 AvosLocker 活动。攻击者使用了几种不同的工具,包括钴袭击,银和多个商业网络扫描仪。这起事件的最初切入点是..。



[[这仅仅是开始! 请访问博客获得完整的条目]]
文章链接: 思科塔洛斯情报集团-综合威胁情报: Avos 勒索软件集团扩大新的攻击武器库
1名1职参与者
阅读完整主题
2022年6月21日 20:40malware.news
Jihyun Park fled from North Korea in winter, making her way across the frozen Tumen river with her younger brother in tow. “Our escape was my father’s last wish,” she told the Click Here podcast as part of this week’s episode on North Korean hacking.
For years, Pyongyang has been famous for its ‘supernote’ – an American $100-dollar-bill that was so good, the Treasury Department had to change how it printed the currency – and an obsession with the hard currency its needs to fund its nuclear arsenal..
In a wide-ranging interview, Park talked about growing up in North Korea, her harrowing escape, and how she went on to become a well-known human rights activist and political candidate in the United Kingdom. The discussion took place ahead of the release of her new book, “The Hard Road Out: One Woman’s Escape From North Korea.”
The interview has been edited and condensed for clarity.
CLICK HERE: What was life like growing up in North Korea?
JINYUN PARK: When I lived in North Korea, I didn’t know anything about the
2022年6月21日 19:40malware.news
Got a tech question? Ed Bott and ZDNet’s squad of editors and experts probably have the answer.
Article Link: How can I keep junk email out of my inbox without juggling two or more email accounts? [Ask ZDNet] | ZDNet
1 post - 1 participant
Read full topic
有什么技术问题吗? Ed Bott 和 ZDNet 的编辑和专家小组可能有答案。
文章链接: 我如何保持垃圾邮件我的收件箱没有杂乱的两个或两个以上的电子邮件帐户?[问 ZDNet ] | ZDNet
1名1职参与者
阅读完整主题
2022年6月21日 19:10malware.news
This blog was written by an independent guest blogger.
USM Anywhere is the ideal solution for small and mid-sized businesses that need multiple high-quality security tools in a single, unified package.
There’s no reason large, global enterprises should have a monopoly on top cybersecurity technology. Solutions like USM Anywhere give smaller organizations access to security tools that are both effective and affordable.
USM Anywhere offers a centralized solution for monitoring networks and devices for security threats. It secures devices operating on-premises, remotely, and in the cloud. By combining multiple security tools into a single, streamlined interface, USM Anywhere gives smaller organizations a competitive solution for obtaining best-in-class security outcomes.
Castra's extensive experience working with USM Anywhere has given us unique insight into the value it represents. There is a clear difference in security returns and outcomes between USM Anywhere users and those that put their faith in proprieta
2022年6月21日 19:10malware.news
A US-based company has been ordered to delete all the personal data they have collected from UK citizens. Clearview AI were also ordered to pay a fine of £7.5 million for harvesting photos and images from social media sites without permission.
The ruling by the Information Commissioner’s Office (ICO), the UK’s data protection regulator is the fourth such judgement against Clearview AI. The UK joins France, Italy and Australia in fining the company, after deciding their image collection practices violate local data protection laws.
What is the problem?
Clearview AI offers facial recognition technology for use by businesses and law enforcement agencies across the world. The concern is that these systems use a database of images that have been collected from Facebook, Instagram and other social media websites without the owner’s knowledge or permission.
The collection process, known as ‘scraping’, is highly controversial. All of the images are publicly accessible and viewable – however, businesses are not legall
2022年6月21日 19:10malware.news
Businesses and governments these days are relying on dozens of different Software-as-a-Service (SaaS) applications to run their operations — and it’s no secret that hackers are always looking for security vulnerabilities in them to exploit.
According to research by BetterCloud, the average company with 500 to 999 employees uses about 93 different SaaS applications, with that number rising to 177 for companies with over 1000 employees.
Coupled with the fact that vendors release thousands of updates each year to patch security vulnerabilities in their software, it’s not surprising that businesses and governments are struggling to keep up with the volume of security vulnerabilities and patches.
And lo and behold, despite the best efforts of governments and businesses around the globe, hackers still managed to exploit multiple security vulnerabilities in 2021.
In this post, we’ll take a look at five times governments and businesses got hacked thanks to security vulnerabilities in 2021.
1.   APT41 exploits Log4She
2022年6月21日 19:10malware.news
A researcher has found a way to generate a fingerprint of your device from your installed Google Chrome extensions, and then use that fingerprint to track you online.
Fingerprinting is a way of figuring out what makes your device unique and then using that to identify you as you move around the internet. Websites you visit receive a huge amount of information when you land on their portal—it’s a lot more than “just” which web browser you use to load up someone’s site.
What extensions do you have? How does your screen resolution compare with others? If you use a specific, unusual resolution, do you run other extensions alongside it? Do other people? Which versions of those extensions are on board? Is your IP address plain and exposed, or hidden behind a VPN?
How do sites fingerprint my device?
You can see a typical voluntary form of fingerprinting testing here. The site checks for a variety of information related to your device (including the below), and then places a cookie on your PC for four months:
the Use
2022年6月21日 19:10malware.news
The security incident occurred in December 2021.
Article Link: 1.5 million customers impacted by Flagstar Bank data breach | ZDNet
1 post - 1 participant
Read full topic
安全事件发生在2021年12月。
文章链接: 150万客户受到 Flagstar Bank 数据泄露的影响 | ZDNet
1名1职参与者
阅读完整主题
2022年6月21日 17:40malware.news
A new Trail of Bits research report examines unintended centralities in distributed ledgers
Blockchains are exciting and innovative and can help push the boundaries of current technology in useful ways. However, to make good risk decisions involving exciting and innovative technologies, people need demonstrable facts that are arrived at through reproducible methods and open data.
We believe the risks inherent in blockchains and cryptocurrencies have been poorly described and are often ignored—or even mocked—by those seeking to cash in on this decade’s gold rush.
In response to recent market turmoil and plummeting prices, proponents of cryptocurrency point to the technology’s fundamentals as sound. Are they?
Read the report
Listen to the Trail of Bits podcast episode about this report
Over the past year, Trail of Bits was engaged by the Defense Advanced Research Projects Agency (DARPA) to examine the fundamental properties of blockchains and the cybersecurity risks associated with them. DARPA wanted to underst
2022年6月21日 17:40malware.news
Article Link: https://blog.vincss.net/2022/06/fido003-introduction-of-world-first-passwordless-password-manager-using-physical-FIDO2-key.html
1 post - 1 participant
Read full topic
文章链接:  https://blog.vincss.net/2022/06/fido003-introduction-of-world-first-passwordless-password-manager-using-physical-fido2-key.html
1名1职参与者
阅读完整主题
2022年6月21日 17:40malware.news
Author : HOTSAUCE | S2W TALON
Executive Summary
On June 15th, 2022, a user who is operating the carding market “BidenCash” uploaded an advertisement with a link for downloading free carding information on underground forums.
From April 27, 2022, until now, the user has been active on underground forums that trade carding information such as Blackbones, Crdpro, and Club2CRD.
7,948,828 carding information is freely available on the BidenCash market, and the information includes the cardholder’s name, city, country, bank, address, phone number, etc. Some information also includes the card number and CVV information.
After analysis, a total of 6,487 card numbers were found on the market as below.
— Excluding invalid card numbers, 1,427 valid numbers were found.
— 13 duplicated card numbers were found from the “AllWorldCards leak”, disclosed on August 3rd, 2021.
— A total of 4 instances including all the information such as the card number/CVV/expiration date was found, but all were expired.
Detailed Analysis
Bide
2022年6月21日 17:37Trail of Bits Blog
A new Trail of Bits research report examines unintended centralities in distributed ledgers Blockchains can help push the boundaries of current technology in useful ways. However, to make good risk decisions involving exciting and innovative technologies, people need demonstrable facts that are arrived at through reproducible methods and open data. We believe the risks inherent […]
一份新的比特追踪研究报告调查了分布式总账中意外的集中性。区块链可以帮助以有用的方式推动当前技术的边界。然而,要做出涉及令人兴奋和创新技术的良好风险决策,人们需要通过可重复的方法和开放数据得出的可证明的事实。我们相信内在的风险[ ... ]
2022年6月21日 17:36Stories by SAFARAS K A on Medi
A guide to make secret communication with the untraceable IRC server
Photo by Clint Patterson on Unsplash
Do you wanna build a secret communication with your anonymous team?
Or, You have a secret project with a secret team member?
In this article, I would support what you need.
IRC stands for Internet Relay Chat, is a text-based chat system for instant messaging (https://en.wikipedia.org/wiki/Internet_Relay_Chat). The process of IRC is based on client-server networking model.
So, When you wanna make chat with other people, you need IRC Server and IRC Client.
The Onion Router?
TOR or The Onion Router is the answer for anonymity, this protocol helps you make a secret communication without knowing your IP Address or you analytical activity.
Privacy is a human right
The quote above is one of the reasons why I like TOR. I agree with TOR Project’s statement that is “Everyone deserves privacy”.
Then, as I mention before, today we would make a secret communication with IRC for the chat system and TOR for the magic an
2022年6月21日 17:36Stories by SAFARAS K A on Medi
This blog will introduce a must-have skill called google Dorking, also known as Google hacking.
credits:Null Byte(Youtube)
What are Google Dorks?
Google Dorks, also known as Google Dorking or Google hacking is a hacking technique that is used to find the best-desired search results without wasting time exploring google for required information. Usually, google dorks are used by researchers or hackers to find critical information about a company, individual, software or app, a research topic, or anything else. But a normal person can also use google dorks in many places and can save time and will get better information.
How Google Dorks work?
As you all know, Google crawls almost all websites and indexes almost everything available on that website including some sensitive information. That simply means google exposes too much information about websites including the technologies used, username, passwords, and some other general vulnerabilities.
By using some simple techniques which we call google dorks, we are
2022年6月21日 17:36Stories by SAFARAS K A on Medi
Kubernetes Security Policy Enforcement Using OPA
1. Policy as Code via OPA
Kubernetes is a well-known orchestration engine which can automate the deployment, management and scaling of containerized workloads. Cloud-native containers are being used on a large scale, making it imperative to secure Kubernetes environment.
With the ever-changing technology and security landscape, various institutions offer standardized frameworks and guidelines to help administer dynamic Kubernetes ecosystem security.
There are a variety of security frameworks available for Kubernetes, such as CIS, NIST, and MITRE ATT&CK. But how to make Kubernetes ecosystem adhere to the handbook-based security guideline and regulation might be a challenge for Kubernetes professionals. Not everyone has the bandwidth to work through the details of these security guidelines and determine which ones are most important to implement with the limited resources. Police-as-code comes into play to help with enforcement of compliance standards. This ratio
2022年6月21日 17:31Noah Lab
Part.1 basic
0x00 前言
这个系列是关于Windows计划任务中一些更为本质化的使用,初步估计大概四章。
相比于工具文档或技术文章,我更倾向于将这几篇文章作为传统安全研究的思维笔记,一方面阐述研究过程与思维逻辑,另一方面记录研究成果落地为实战工具的过程。
武器化也好安全开发也罢,将理论基础作为依据,以研究成果作补充,从实战效果作证明的三板斧不能变。
希望在使用之余,能为大家带来研究思路上的启发。
0x01 现象
对Windows对抗有一定研究的,大多都接触过计划任务的相关知识。
作为文档化的组件之一,好处是有完整的官方文档https://docs.microsoft.com/en-us/windows/win32/taskschd/task-scheduler-start-page作为参考,例如我们可以几乎不费力气找到很常用的登录自启动代码https://docs.microsoft.com/en-us/windows/win32/taskschd/logon-trigger-example--c---,稍作修改即可直接使用。
坏处是,文档太长了,面向对象的代码也太复杂了(相对于脚本尤其是安全工具而言)。以上文登录自启动的代码为例,十几个API调用,
2022年6月21日 17:10malware.news
<div> <div> <div> <div></div> </div><div> <div><h1>Technical Support Specialist</h1>
Skopje
Apply now
<div><p>The Hornetsecurity Group is the leading cloud security provider in Europe, which protects the IT infrastructure, digital communication and data of companies and organizations of all sizes. Its services are provided worldwide via 11 redundantly secured data centers. The product portfolio covers all important areas of email security, including spam and virus filters, legally compliant archiving and encryption, as well as defense against CEO fraud and ransomware. With more than 350 employees, the Hornetsecurity Group is represented globally at several locations and operates in more than 30 countries through its international distribution network. The premium services are used by approximately 50,000 customers including Swisscom, Telefónica, KONICA MINOLTA, LVM Versicherung and CLAAS.</p>
For our location in Skopje (North Macedonia) we are looking for a motivated Technical Support Specialist for 40 hours/
2022年6月21日 17:10malware.news
<div> <div> <div> <div><h2>The survey, conducted by Hornetsecurity, reveals that organizations activated more Microsoft 365 security features as they were increasingly targeted by cyber-attacks in the last year.</h2>
Hanover, Germany (21 June 2022) – A global IT security and compliance survey of 800+ IT professionals found that the rate of IT security incidents increases the more Microsoft 365 security features are used. Organizations using Microsoft 365 and that use 1 or 2 of its stock security features reported attacks 24.4% and 28.2% of the time respectively, while those that use 6 or 7 features reported attacks 55.6% and 40.8% of the time respectively. Overall, it was found that 3 in 10 organizations (29.2%) using Microsoft 365 reported a known security incident in the last 12 months.
Conducted by Hornetsecurity, a leading security and backup solution provider for Microsoft 365, the survey indicates that while the use of additional security features is essential, it is more practical to use tried and test
2022年6月21日 17:09malware.news
Since the last quarter of 2020 MuddyWater has mantained a “long-term” infection campaign targeting Middle East countries. We have gathered samples from November 2020 to January 2022, and due to the recent samples found, it seems that this campaign might still be currently active. The latest campaigns of the Muddy Water threat group, allegedly sponsored […]
Article Link: MuddyWater’s “light” first-stager targetting Middle East
1 post - 1 participant
Read full topic
自2020年第四季度以来,MuddyWater 一直在针对中东国家开展“长期”感染运动。我们收集了2020年11月至2022年1月的样本,根据最近发现的样本,这次活动似乎仍然在进行中。泥水威胁组织的最新行动,据称是赞助的[ ... ]
文章链接: MuddyWater 针对中东的“轻量级”第一阶段行动
1名1职参与者
阅读完整主题
2022年6月21日 15:35Microsoft Security Blog
To simplify your IoT security journey, today, we’re announcing the availability of Windows IoT Edge Secured-core devices available in the Azure Certified Device catalog from Lenovo, ASUS and AAEON, additionally we’re also announcing the availability of devices that meet the Microsoft sponsored Edge Compute Node protection profile which is governed with industry oversight, from Scalys and Eurotech. And learn more on Microsoft’s investments in MCU security.
The post Securing your IoT with Edge Secured-core devices appeared first on Microsoft Security Blog.
为了简化你的物联网安全之旅,今天,我们宣布可以在 Azure 认证设备目录中获得来自联想、华硕和 AAEON 的 Windows IoT Edge 安全核心设备,此外,我们还宣布可以获得来自 Scalys 和欧洲技术公司的满足微软赞助的 Edge Compute Node 保护配置文件的设备。了解更多关于微软在 MCU 安全方面的投资。
用边缘安全核心设备保护你的物联网的帖子首先出现在微软安全博客上。