Обложка канала

Sys-Admin & InfoSec Channel. Страница 6

13884 @sysadm_in_channel
Открыть

Посты с ИТ-ресурсов, новости, тулзы, хакинг, администрирование, возможны бредовые посты с мемами, поздравлениями, может даже хейтами..

  • Sys-Admin & InfoSec Channel

    Malicious code in PDF Toolbox extension

    PDF Toolbox extension (used by more than 2 million users) contains obfuscated malicious code, allowing serasearchtop[.]com website to inject arbitrary JavaScript code into all websites you visit.

    Almost Secure

  • Sys-Admin & InfoSec Channel

    ‘edit_user’ Capability Privilege Escalation

    A low-privileged user who holds a role that has the ‘edit_user’ capability assigned to it can escalate their privileges to that of the admin user by providing a specially crafted web request. This is because the ‘edit_user’ capability does not honor the ‘grantableRoles’ setting in the authorize.conf configuration file, which prevents this scenario from happening.

    Splunk Vulnerability Disclosure

  • Sys-Admin & InfoSec Channel

    / Multi-stage attack chain uses PowerShell downloader and DLL sideloading New Horabot campaign targets Gmail, Yahoo, Outlook mailboxes.. exfiltrate contacts’ email addresses, and send phishing emails with malicious HTML attachments to all addresses in the victim’s mailbox: blog.talosintelligence.com/new-hor…americas
    New Horabot campaign targets the Americas

    Cisco Talos has observed a threat actor deploying a previously unidentified botnet program Talos is calling “Horabot,” which delivers a known banking trojan and spam tool onto victim machines in a campaign that has been ongoing since at least November 2020.

    Cisco Talos Blog

  • Реклама

  • Sys-Admin & InfoSec Channel

    Открытые практикумы DevOps, Linux, Networks, Golang by Rebrain (расписание, Июнь 2023)   Бесплатные практикумы на всевозможные IT темы. Основное — Kubernetes, Docker, Ansible, Gitlab CI, Linux, Kafka , MySQL, Golang и др. Работа в консоли, разбор реальных кейсов на практике: • 6 июня DevOps: SQL: Введение в использование JOIN (Виктор Щупоченко - DevOps-engineer) • 7 июня Linux: OpenVPN (Даниил Батурин - Основатель проекта VyOS) • 8 июня Golang: Design patterns в GO (Егор Гришечко - Software engineer в Uber) • 13 июня DevOps: Configuration drift - управляем конфигурацией приложений • 14 июня Linux: С Windows на Linux (Андрей Буранов - Специалист по UNIX-системам VK) • 15 июня Networks: OSPF Loop Prevention (Дмитрий Радчук - Team Lead Вконтакте) • 20 июня DevOps: Система Percona Motoring and Management в Docker • 21 июня Linux: Как контролировать ресурсы (Андрей Буранов) • 22 июня Networks: Основы построения Wi-Fi сетей (Ольга Яновская - Руководитель направления Networks by Rebrain) • 27 июня DevOps by Rebrain (Василий Озеров - Co-Founder REBRAIN/Fevlake) • 28 июня Linux: Пользователи Linux (Андрей Буранов) • 29 июня Networks: Дизайн multi-area OSPF (Дмитрий Радчук) Подключиться можно Здесь  

  • Sys-Admin & InfoSec Channel

    Supply Chain Risk From Gigabyte App Center Backdoor Recently, the Eclypsium platform began detecting suspected backdoor-like behavior within Gigabyte systems in the wild. ..analysis discovered that firmware in Gigabyte systems is dropping and executing a Windows native executable during the system startup process, and this executable then downloads and executes additional payloads insecurely. It uses the same techniques as other OEM backdoor-like features like Computrace backdoor (a.k.a. LoJack DoubleAgent)..: eclypsium.com/blog/su…backdoor
    Supply Chain Risk from Gigabyte App Center Backdoor - Eclypsium | Supply Chain Security for the Modern Enterprise

    Recently, the Eclypsium platform began detecting suspected backdoor-like behavior within Gigabyte systems in the wild. These detections were driven by heuristic detection methods, which play an important role in detecting new, previously-unknown supply chain threats, where legitimate third-party technology products or updates have been compromised. Our follow-up analysis discovered that firmware in Gigabyte systems is […]

    Eclypsium | Supply Chain Security for the Modern Enterprise

  • Sys-Admin & InfoSec Channel

    Are your files securely stored at Google Drive and Docs?

    Google Drive and Docs are popular cloud storage and productivity services that allow users to store and share files online. But are your files securely stored when you use these services?

    ad14.gitbook.io

  • Sys-Admin & InfoSec Channel

    Playing for the Wrong Team: Dangerous Functionalities in Microsoft Teams Enable Phishing and Malware Delivery by Attackers | Proofpoint US

    Key Takeaways Proofpoint researchers have uncovered several new ways of effectively abusing Microsoft Teams, including:

    Proofpoint

  • Sys-Admin & InfoSec Channel

    Interruption in Router Product Connectivity and Urgent Mitigation Measures | News|ASUS USA

    During routine security maintenance, our technical team discovered an error in the configuration of our server settings file, which could potentially cause an interruption in netw

    Asus

  • Sys-Admin & InfoSec Channel

    About the security content of macOS Ventura 13.4

    This document describes the security content of macOS Ventura 13.4.

    Apple Support

  • Sys-Admin & InfoSec Channel

    OpenBLD DNS prevented new malicious campaign that spreads through of Google Ads   Today I discovered a new malicious company that spreads through of Google Ads side... In short - "Sponsored" link redirects to malicious site, and boom 💥 I felt "OpenBLD" effect! OpenBLD.net DNS blocked for me browser-hijacking app which was distributing with Google Ads... Wow 💣, very unexpected and nice as I usually try to be more careful when surfing the internet. Be safe with free and OpenBLD.net DNS 🤜🤛️️️️️️ • Look about of free and OpenBLD DNS service on project site - lab.sys-adm.in • Страница проекта на русском - https://lab.sys-adm.in/ru P.S. What is xg4ken and how to removal

  • Sys-Admin & InfoSec Channel

    The AI Attack Surface Map v1.0

    Introduction Purpose Components Attacks Discussion Summary Introduction This resource is a first thrust at a framework for thinking about how to attack AI

    Daniel Miessler

  • Sys-Admin & InfoSec Channel

    / Dynamic Device Code Phishing This blog post is intended to give a light overview of device codes, access tokens, and refresh tokens. Here, author focus on the technical how-to for standing up and operating a Dynamic Device Code phishing campaign: — www.blackhillsinfosec.com/dynamic…phishing
    Dynamic Device Code Phishing  - Black Hills Information Security

    rvrsh3ll //  Introduction  This blog post is intended to give a light overview of device codes, access tokens, and refresh tokens. Here, I focus on the technical how-to for standing […]

    Black Hills Information Security

  • Sys-Admin & InfoSec Channel

    Cisco Security Advisory: Cisco Small Business Series Switches Buffer Overflow Vulnerabilities

    Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory. Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sg-web-multi-S9g4Nkgv

    Cisco

  • Sys-Admin & InfoSec Channel

    Открытый практикум Golang by Rebrain: Design patterns в GO   • 25 Мая (Четверг), 19:00 МСК. Детали Программа: • Рассмотрим представителей 3х основных классов design patterns • Поделимся личным опытом о частоте встреч с каждым из паттернов Ведет: • Егор Гришечко - Software engineer в Uber. Пишет внутреннее облако Uber. 7 лет профессионального опыта. Докладчик на крупных конференциях (.NEXT, GolangConf)

  • Sys-Admin & InfoSec Channel

    Active Directory Spotlight: Attacking The Microsoft Configuration Manager (SCCM/MECM)

    This spotlight covers the Microsoft Configuration Manager (ConfigMgr), also known as SCCM or MECM. Get an intro into the Configuration Manger, an overview and demonstration of known attacks against it, practical tool box knowledge and best practice defensive guidelines.

    www.securesystems.de

  • Реклама

  • Sys-Admin & InfoSec Channel

    VSCode Security: Malicious Extensions Detected- More Than 45,000 Downloads- PII Exposed, and Backdoors Enabled - Check Point Blog

    Highlights: CloudGuard Spectral detected malicious extensions on the VSCode marketplace Users installing these extensions were enabling attackers to steal

    Check Point Blog

  • Sys-Admin & InfoSec Channel

    Как растет и кто помогает расти OpenBLD.net (Q2 2023)   В экосистеме OpenBLD произошел эволюционный всплеск, теперь это: — Anycast/GeoDNS, DNSSEC, DNS-over-HTTPS, DNS-over-TLS, DNS Благодаря этому появились два новых сервиса - Adaptive (ADA), Strict (RIC) которые заменят A-BLD, BLD (в чем отличие) Настало время тестирования, я тестирую уже более двух недель и это пушка, кто использует OpenBLD пробуй заменить: 🔸 DoH: https://a-bld.sys-adm.in/dns-query на https://ada.openbld.net/dns-query 🔸 DoT: a-bld.sys-adm.in на ada.openbld.net 🔹 DoH: https://bld.sys-adm.in/dns-query на https://ric.openbld.net/dns-query 🔹 DoT: bld.sys-adm.in на ric.openbld.net В течении недели, мб двух A-BLD будет полностью смерджен с ADA и перестанет существовать как таковой. Один сервер (109.234.39.72) будет заменен другим (46.151.29.15) более шустрым. Начинай тестирование уже сейчас. Этого не было бы без поддержки. В этом году OpenBLD проект поддержали: — Сервисно: ClouDNS, Gcore, JetBrains, UptimeRobot — Информационо: AST Cyber Lab, Core24/7, qCloudy — Отдельное спасибо Казахстанским хостерам: Unihost.kz, GOhost.kz 🤜️️️️️️🤛️️️️️️ Ты тоже можешь сделать свой вклад в открытый сервис по фильтрации вредоносного контента, пиши @sysadminkz Всем Peace ✌️

  • Sys-Admin & InfoSec Channel

    Fake system update drops Aurora stealer via Invalid Printer loader

    Not all system updates mean well, and some will even trick you into installing malware.

    Malwarebytes