Sys-Admin & InfoSec Channel. Страница 5

Brand Impersonation Campaign Targeting Big Brands

Bolster's threat research team uncovered a widespread brand impersonation scam campaign targeting 100+ clothing, footwear, and apparel brands.

Microsoft Response to Layer 7 Distributed Denial of Service (DDoS) Attacks | MSRC Blog | Microsoft Security Response Center

Mystic Stealer - Evolving "stealth" Malware - CYFIRMA

EXECUTIVE SUMMARY Information stealers pose an ongoing and dynamic threat to the security of both individuals and organizations. CYFIRMA’s Research...

VMware ESXi Zero-Day Used by Chinese Espionage Actor to Perform Privileged Guest Operations on Compromised Hypervisors | Mandiant

MOVEit Transfer Critical Vulnerability – CVE Pending (June 15, 2023) - Progress Community

Progress has discovered a vulnerability in MOVEit Transfer that could lead to escalated privileges and potential unauthorized access to the environment. If you are a MOVEit Transfer customer, it is extremely important that you take immediate action as noted below in order to help protect your MOVEit Transfer environment.

Detection Engineering in Azure & Introducing AzDetectSuite

Over the past few years of performing Azure security research, I have seen many new attack primitives & techniques discovered that an adversary could abuse within Azure & Azure Active Directory (AAD). When explaining a technique to a client, the challenge wasn’t explaining how something could be abu...

Cisco Security Advisory: Cisco AnyConnect Secure Mobility Client Software for Windows and Cisco Secure Client Software for Windows Privilege Escalation Vulnerability

A vulnerability in the client update feature of Cisco AnyConnect Secure Mobility Client Software for Windows and Cisco Secure Client Software for Windows could allow a low-privileged, authenticated, local attacker to elevate privileges to those of SYSTEM. This vulnerability exists because improper permissions are assigned to a temporary directory that is created during the upgrade process. An attacker could exploit this vulnerability by abusing a specific function of the Windows installer process. A successful exploit could allow the attacker to execute code with SYSTEM privileges. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ac-csc-privesc-wx4U4Kw Attention: Simplifying the Cisco portfolio includes the renaming of security products under one brand: Cisco Secure. For more information, see Meet…

OWASP API Security Top-10 for 2023 Risk Ratings

As you know by now, the final version of the OWASP API Security Top-10 2023 has been released. At first blush, the final 2023 release seems to retain most

r-tec Blog | When Hackers hack the Hackers

Last year, our experts had the opportunity to observe the execution of non-standard processes in a sandbox-like, isolated virtual machine (VM). Further analysis of these processes revealed Command & Control (C2) connections using Discord for communication. As we continued to analyse the C2 agent, we also gained access to the attacker's Discord channel and were able to take a look at all the commands and modules executed for many more compromised systems. This attacker/group was very different to the ones we typically see while doing Incident Response for our customers in terms of the motivation and goals. It seemed, that this attacker was mainly compromising Malware developers and or Offensive Security related people to steal and sell code from the target systems. In this post, the malware analysis process, as well as attacker activities and Indicators of Compromise (IoCs) are presented.

Can you trust ChatGPT’s package recommendations?

ChatGPT can offer coding solutions, but its tendency for hallucination presents attackers with an opportunity. Here's what we learned.

Zyxel’s guidance for the recent attacks on the ZyWALL devices | Zyxel Networks