Sys-Admin InfoSec

31 January 2025 10:27

Browser Syncjacking: How Any Browser Extension can Be Used to Takeover Your Device

https://labs.sqrx.com/browser-syncjacking-cc602ea0cbd0

Sys-Admin InfoSec

27 January 2025 13:41

RID Hijacking Technique

RID Hijacking is typically performed by manipulating the Security Account Manager (SAM) database. Threat actors can create an administrator account or escalate privileges to gain administrator access without knowing the password..:

https://asec.ahnlab.com/en/85942/

Sys-Admin InfoSec

27 January 2025 06:32

PlushDaemon compromises supply chain of Korean VPN service

supply-chain attack research:

https://www.welivesecurity.com/en/eset-research/plushdaemon-compromises-supply-chain-korean-vpn-service/

Sys-Admin InfoSec

22 January 2025 10:00

🟩 OpenBLD.net v8 is here – Cache Warming, UNIX Sockets, and More! 🚀

Excited to introduce the next milestone in the evolution of the open DNS service OpenBLD.net! Here’s what’s new:

• Speed – UNIX sockets + Caching + Load Balancing
• Efficiency – Port reuse allows multiple instances to run on the same port
• Load Balancing – Zero logs (except for errors) for maximum performance
• Memory Optimization – The core binaries take up just 6MB, with the cache stored in binary form, totaling only 11MB
• Buffered Disk Writes – When necessary, writes go through dedicated buffers (tested at 10 million entries in 3.3 seconds)
🔥 Cache Warming – Thousands of domains are preloaded to keep the cache hot, ensuring ultra-fast DNS responses
🔐 Security – Supports Prometheus, SIEM, and Syslog exports for advanced monitoring (for business usage needs)

New mechanisms unlock new possibilities—helping you maintain cyber hygiene, save time, and protect your privacy.

Easy setup: https://openbld.net/docs/category/get-started/

Stay safe. Stay free. Peace to all! ✌️

Sys-Admin InfoSec

17 January 2025 08:13

The great Google Ads heist: criminals ransack advertiser accounts via fake Google ads

https://www.malwarebytes.com/blog/news/2025/01/the-great-google-ads-heist-criminals-ransack-advertiser-accounts-via-fake-google-ads

Sys-Admin InfoSec

15 January 2025 03:30

Analyzing CVE-2024-44243, a macOS System Integrity Protection bypass through kernel extensions

https://www.microsoft.com/en-us/security/blog/2025/01/13/analyzing-cve-2024-44243-a-macos-system-integrity-protection-bypass-through-kernel-extensions/

Sys-Admin InfoSec

08 January 2025 06:26

99.999999% probability AI will end humanity.

Vitalik Buterin proposes a "global soft pause button" to cut AI computing power by 90-99% for 1-2 years — giving ample time to prepare for potential existential doom

Fully agree. Scynet coming:

https://www.windowscentral.com/software-apps/vitalik-buterin-proposes-a-global-soft-pause-button-to-cut-ai

Sys-Admin InfoSec

25 December 2024 14:32

Weaponizing WDAC: Killing the Dreams of EDR

Windows Defender Application Control (WDAC) is a technology introduced with and automatically enabled by default on Windows 10+ and Windows Server 2016+ that allows organizations fine grained control over the executable code that is permitted to run on their Windows machines...:

https://beierle.win/2024-12-20-Weaponizing-WDAC-Killing-the-Dreams-of-EDR/

Sys-Admin InfoSec

17 December 2024 11:54

DeceptionAds — Fake Captcha Driving Infostealer Infections and a Glimpse to the Dark Side of Internet Advertising

The Fake-Captcha Lumma Stealer Campaign

https://labs.guard.io/deceptionads-fake-captcha-driving-infostealer-infections-and-a-glimpse-to-the-dark-side-of-0c516f4dc0b6

Sys-Admin InfoSec

09 December 2024 11:06

Meeten Malware: A Cross-Platform Threat to Crypto Wallets on macOS and Windows

https://www.cadosecurity.com/blog/meeten-malware-threat

Sys-Admin InfoSec

02 December 2024 06:59

SpyLoan: A Global Threat Exploiting Social Engineering

https://www.mcafee.com/blogs/other-blogs/mcafee-labs/spyloan-a-global-threat-exploiting-social-engineering/

Sys-Admin InfoSec

25 November 2024 08:34

When Guardians Become Predators: How Malware Corrupts the Protectors

https://www.trellix.com/blogs/research/when-guardians-become-predators-how-malware-corrupts-the-protectors/

Sys-Admin InfoSec

22 November 2024 03:57

CWE Top 25 Most Dangerous Software Weaknesses from MITRE

https://cwe.mitre.org/top25/

list items:
- https://cwe.mitre.org/top25/archive/2024/2024_cwe_top25.html

Sys-Admin InfoSec

20 November 2024 13:09

ModeLeak: Privilege Escalation to LLM Model Exfiltration in Vertex AI

https://unit42.paloaltonetworks.com/privilege-escalation-llm-model-exfil-vertex-ai/

Sys-Admin InfoSec

18 November 2024 14:22

Prompt Injecting Your Way To Shell: OpenAI's Containerized ChatGPT Environment

https://0din.ai/blog/prompt-injecting-your-way-to-shell-openai-s-containerized-chatgpt-environment

Sys-Admin InfoSec

28 January 2025 10:32

119 vulnerabilities in LTE/5G (some with RCE)

Cellular networks are considered critical infrastructure both for day-to-day communication and emergency services, to the extend that their availability and reliability is often highly regulated by government agencies... what happens if they suddenly become unavailable?

Research:

https://cellularsecurity.org/ransacked

Sys-Admin InfoSec

27 January 2025 10:06

AWS re:Invent re:Cap в Алматы

AWS re:Invent — здесь Amazon Web Services показывает, каким будет IT завтра. Разбор ключевых анонсов, трендов и новинок, всё самое важное и практичное, можно узнать не летая в Лас-Вегас.

Что будет:

• Самые свежие технологии в облаках, данных, AI/ML и DevOps.
• Полезные инсайты и идеи для вашего бизнеса и проектов.
• Лайфхаки от практиков AWS, которые знают, как это работает в реальной жизни.

• 30 января, 19:00. Алматы, ул. Ходжанова 2/2, MOST IT Hub (8 этаж).

Вход бесплатный.

Спикеры

• Антон Коваленко — 20 лет в IT, Senior Solutions Architect в AWS.
• Александр Бернадский — 15+ лет опыта, Solutions Architect в AWS.

• Мест немного, регистрация здесь

Sys-Admin InfoSec

23 January 2025 10:29

ClamAV OLE2 File Format Decryption Denial of Service Vulnerability

A vulnerability in the Object Linking and Embedding 2 (OLE2) decryption routine of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-ole2-H549rphA

Sys-Admin InfoSec

17 January 2025 18:53

One Mikro Typo: How a simple DNS misconfiguration enables malware delivery botnet

This botnet uses a global network of Mikrotik routers to send malicious emails that are designed to appear to come from legitimate domains..:

https://blogs.infoblox.com/threat-intelligence/one-mikro-typo-how-a-simple-dns-misconfiguration-enables-malware-delivery-by-a-russian-botnet/

Sys-Admin InfoSec

15 January 2025 17:14

Console Chaos: A Campaign Targeting Publicly Exposed Management Interfaces on Fortinet FortiGate Firewalls

https://arcticwolf.com/resources/blog/console-chaos-targets-fortinet-fortigate-firewalls/

Sys-Admin InfoSec

09 January 2025 14:55

Phishing vs Real - Red flags 🚩

Sys-Admin InfoSec

06 January 2025 17:02

Inside FireScam : An Information Stealer with Spyware Capabilities

This report explores the mechanics of FireScam, a sophisticated Android malware masquerading as a Telegram Premium app. Through in-depth analysis, authors aim to shed light on its distribution methods, operational features, and the broader implications of its malicious activities.

The findings highlight the malware’s capabilities and the critical need for robust security measures to counteract such threats..:

https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Sys-Admin InfoSec

23 December 2024 11:53

PentestGPT – A ChatGPT Powered Automated Penetration Testing Tool

https://gbhackers.com/pentestgpt/

Sys-Admin InfoSec

11 December 2024 17:38

Compromises Critical Digital Infrastructure via Visual Studio Code Tunnels

https://www.sentinelone.com/labs/operation-digital-eye-chinese-apt-compromises-critical-digital-infrastructure-via-visual-studio-code-tunnels/

Sys-Admin InfoSec

02 December 2024 15:44

LogoFAIL Exploited to Deploy Bootkitty, the first UEFI bootkit for Linux

https://www.binarly.io/blog/logofail-exploited-to-deploy-bootkitty-the-first-uefi-bootkit-for-linux

Sys-Admin InfoSec

26 November 2024 12:01

IT workers masquerade as individuals from different countries to perform legitimate IT work and hack employers, focus areas are:

- Stealing money or cryptocurrency
- Stealing information pertaining to weapons systems, sanctions information, and policy-related decisions
- Performing IT work to generate revenue to help fund various activities

About of masquerading, social engeneering and not only:

https://www.microsoft.com/en-us/security/blog/2024/11/22/microsoft-shares-latest-intelligence-on-north-korean-and-chinese-threat-actors-at-cyberwarcon/

Sys-Admin InfoSec

22 November 2024 10:32

2000+ Palo Alto Firewalls Hacked Exploiting New Vulnerabilities

https://cybersecuritynews.com/2000-palo-alto-firewalls-hacked/

Sys-Admin InfoSec

21 November 2024 09:25

Ghost Tap: New cash-out tactic with NFC Relay

https://www.threatfabric.com/blogs/ghost-tap-new-cash-out-tactic-with-nfc-relay

Sys-Admin InfoSec

19 November 2024 03:23

Malicious Facebook Ad Campaign Targeting Bitwarden Users

https://www.bitdefender.com/en-us/blog/labs/inside-bitdefender-labs-investigation-of-a-malicious-facebook-ad-campaign-targeting-bitwarden-users

Sys-Admin InfoSec

18 November 2024 12:21

8 Free CyberSec & Networking Courses From Cisco

It may be useful to refresh your knowledge or learn something new:It may be useful to refresh your knowledge or learn something new:

1 Ethical Hacker
2 Junior Cybersecurity Analyst
3 Endpoint Security
4 Cyber Threat Management
5 Introduction to Cybersecurity
6 Network Defense
7 Network Addressing and Basic Troubleshooting
8 Networking Essentials