Sys-Admin InfoSec

17 сентября 2025 09:33

Satori Threat Intelligence Alert: SlopAds Covers Fraud with Layers of Obfuscation

https://www.humansecurity.com/learn/blog/satori-threat-intelligence-alert-slopads-covers-fraud-with-layers-of-obfuscation/

Sys-Admin InfoSec

11 сентября 2025 05:09

How an Attacker’s Blunder Gave Us a Rare Look Inside Their Day-to-Day Operations

https://www.huntress.com/blog/rare-look-inside-attacker-operation

Sys-Admin InfoSec

08 сентября 2025 17:52

AMOS Stealer Campaign Targeting macOS via ‘Cracked’ Apps

https://www.trendmicro.com/en_us/research/25/i/an-mdr-analysis-of-the-amos-stealer-campaign.html

Sys-Admin InfoSec

04 сентября 2025 06:28

🦄 Open SysConf'25 - Интересные факты по докладам

Уникальность не только в том, что доклады от первого лица, но и в том, что этот успех достигнут собственными силами.

- Жаслан, автор одного из докладов - История про деплои 2 стартапов в сфере ИИ (dapmeet.kz, marbix.io) это возможность задать вопросы напрямую автору этих сервисов.
- Денис, опытный системный архитектор, преподаватель матчасти - Архитектура ПО для системных администраторов. Что такие Архитектура ПО, принципы, паттерны и стили. Монолит и микросервисы. Представление архитектуры (C4), архитектура как код.

Лично для меня - это будет уникальный опыт узнать, спросить и "намотать на ус", полезную информацию.

Ты готов продолжать катать вату или уже наконец пришло время узнавать новое?

4 Октября, Алматы, Smart Point. Вход свободный.

https://sysconf.io/2025

Sys-Admin InfoSec

29 августа 2025 10:12

Loophole allows threat actors to claim VS Code extension names

https://www.reversinglabs.com/blog/malware-vs-code-extension-names

Sys-Admin InfoSec

26 августа 2025 10:12

Android Droppers: The Silent Gatekeepers of Malware

Droppers have long been a cornerstone of Android malware campaigns. They’re small, seemingly harmless apps whose real job is to fetch and install a malicious payload. Historically, they were most widely used in families like banking trojans and, at times, Remote Access Trojans (RATs). Especially after Android 13 restricted permissions and APIs, these threats leaned on droppers to slip past upfront scanning and later request powerful permissions (such as Accessibility Services) upon installing payload, without drawing attention..:

https://www.threatfabric.com/blogs/android-droppers-the-silent-gatekeepers-of-malware

Sys-Admin InfoSec

22 августа 2025 10:24

COOKIE SPIDER’s SHAMOS Delivery on macOS

https://www.crowdstrike.com/en-us/blog/falcon-prevents-cookie-spider-shamos-delivery-macos/

Sys-Admin InfoSec

21 августа 2025 15:03

DOM-based Extension Clickjacking: Your Password Manager Data at Risk

Password managers are widely used as browser extensions to simplify website authentication. In this research, I tested 11 password managers using a new technique.

The following password managers were listed there:

- 1Password
- Bitwarden
- Dashlane
- Enpass
- Keeper
- LastPass
- LogMeOnce
- NordPass
- ProtonPass
- RoboForm..:

https://marektoth.com/blog/dom-based-extension-clickjacking/

Sys-Admin InfoSec

19 августа 2025 09:16

A Comprehensive Analysis of HijackLoader and Its Infection Chain

Software repacks - bypass uBlock, Windows Defender...

https://www.trellix.com/blogs/research/analysis-of-hijackloader-and-its-infection-chain/

Sys-Admin InfoSec

12 августа 2025 15:06

Adult sites trick users into Liking Facebook posts using a clickjack Trojan

https://www.malwarebytes.com/blog/news/2025/08/adult-sites-trick-users-into-liking-facebook-posts-using-a-clickjack-trojan

Sys-Admin InfoSec

11 августа 2025 08:25

The Cost of a Call: From Voice Phishing to Data Extortion

Google Data Breach

https://cloud.google.com/blog/topics/threat-intelligence/voice-phishing-data-extortion

Sys-Admin InfoSec

08 августа 2025 11:14

AWS Community Day 2025 Алматы — Доклады

Собраны в кучу темы первой части докладов:

• Building AI Agent on the AWS Bedrock Platform. Тельман И. (Tele2/Altel)
• Building Production GenAI: MCP and Multi-Agent Systems — Виктор В. (AWS)
• MVP with AWS Serverless by a Real Example — Виталий К. (ITS, Signify)
• Building production ready agents with Amazon Bedrock — Дазик А. (AWS)
• Гибридное облако + AI-инфраструктура - платформа для ML/GenAI-сервисов — Максим Г. (БЦК)
• Improve auction house search with vector capabilities: Bedrock or SageMaker Serverless — Михаил Ч. (ACTUM Digital)

📍 22-23 августа, Алматы, детали: community-day.awsug.kz

Sys-Admin InfoSec

07 августа 2025 02:34

AWS deleted 10-year account and all data without warning

https://www.seuros.com/blog/aws-deleted-my-10-year-account-without-warning/

History of restoring:

https://www.seuros.com/blog/aws-restored-account-plot-twist/

Sys-Admin InfoSec

05 августа 2025 13:20

RoKRAT Shellcode and Steganographic Threats: Analysis and EDR Response Strategies

https://www.genians.co.kr/en/blog/threat_intelligence/rokrat_shellcode_steganographic

Sys-Admin InfoSec

01 августа 2025 07:43

PyPi Incident Report: Phishing Attack

- 4 user accounts were successfully phished
- 2 API Tokens were generated by the attackers
- 2 releases of the num2words project were uploaded by the attacker

https://blog.pypi.org/posts/2025-07-31-incident-report-phishing-attack/

Sys-Admin InfoSec

12 сентября 2025 08:30

VMScape: Exposing and Exploiting Incomplete Branch Predictor Isolation in Cloud Environments

https://comsec.ethz.ch/research/microarch/vmscape-exposing-and-exploiting-incomplete-branch-predictor-isolation-in-cloud-environments/

Sys-Admin InfoSec

09 сентября 2025 14:22

The Rise of RatOn: From NFC heists to remote control and ATS

https://www.threatfabric.com/blogs/the-rise-of-raton-from-nfc-heists-to-remote-control-and-ats

Sys-Admin InfoSec

08 сентября 2025 08:28

The largest hacker conference in Central Asia is coming back to Almaty🔥

📆 September 17–19, KazHackStan 2025 will take place at Sadu Arena.

This year’s theme — Zero Day: “A vulnerability doesn’t wait. It appears. And it changes everything.”

The program includes:

- 10,000 participants from across the region,
- top speakers and workshops,
- the legendary CyberKumbez competition.

Organizers: TSARKA Group
Co-organizers: The Committee on Information Security of the Ministry of Digital Development, Innovations and Aerospace Industry (CIS MDDIAI RK).

Registration is available at kazhackstan.com.

Sys-Admin InfoSec

02 сентября 2025 05:11

Like PuTTY in Admin’s Hands

weaponized PuTTY distributed through Bing

https://levelblue.com/blogs/security-essentials/like-putty-in-admins-hands

Sys-Admin InfoSec

27 августа 2025 11:36

Hook Version 3: The Banking Trojan with The Most Advanced Capabilities

Hook Android banking trojan, now featuring some of the most advanced capabilities we’ve seen to date. This version introduces:

- Ransomware-style overlays that display extortion messages
- Fake NFC overlays to trick victims into sharing sensitive data
- Lockscreen bypass via deceptive PIN and pattern prompts
- Transparent overlays to silently capture user gestures
- Stealthy screen-streaming sessions for real-time monitoring

https://zimperium.com/blog/hook-version-3-the-banking-trojan-with-the-most-advanced-capabilities

Sys-Admin InfoSec

25 августа 2025 05:15

SpyVPN: The Google-Featured VPN That Secretly Captures Your Screen

Most people turn to a VPN for one reason: privacy. And with its verified badge, featured placement, and 100k+ installs, FreeVPN.One looked like a safe choice. But once it’s in your browser, it’s not working to keep you safe, it’s continuously watching you..:

https://www.koi.security/blog/spyvpn-the-vpn-that-secretly-captures-your-screen

Sys-Admin InfoSec

22 августа 2025 08:37

QuirkyLoader - A new malware loader delivering infostealers and RATs

https://www.ibm.com/think/x-force/ibm-x-force-threat-analysis-quirkyloader

Sys-Admin InfoSec

20 августа 2025 08:00

Dissecting PipeMagic: Inside the architecture of a modular backdoor framework

Among the plethora of advanced attacker tools that exemplify how threat actors continuously evolve their tactics, techniques, and procedures (TTPs) to evade detection and maximize impact, PipeMagic, a highly modular backdoor used by Storm-2460 masquerading as a legitimate open-source ChatGPT Desktop Application, stands out as particularly advanced..:

https://www.microsoft.com/en-us/security/blog/2025/08/18/dissecting-pipemagic-inside-the-architecture-of-a-modular-backdoor-framework/

Sys-Admin InfoSec

13 августа 2025 09:49

Keys to the Kingdom: Erlang/OTP SSH Vulnerability Analysis and Exploits Observed in the Wild

https://unit42.paloaltonetworks.com/erlang-otp-cve-2025-32433/

Sys-Admin InfoSec

11 августа 2025 11:24

📌 AWS Community Day Almaty — Известны Доклады (вторая часть)

Доклады на 22 августа 2025:

• Гибридное облако+AI-инфраструктура: защищённая платформа для ML/GenAI-сервисов
• Гибридное облако по-казахски: опыт Freedom Cloud и AWS Outposts
• Centras Rankings: аналитика и ML на базе AWS: от сырых данных к бизнес-инсайтам
• Building AI Agent on the AWS Bedrock Platform
• 23 августа будет GameDay - командная симуляция реальных проблем в продакшне, когда "что-то пошло не так” и нужно принять решение и восстановить систему

📍 22-23 августа, Алматы, детали: community-day.awsug.kz

Sys-Admin InfoSec

08 августа 2025 15:04

ECScape: Understanding IAM Privilege Boundaries in Amazon ECS

A way to abuse an undocumented ECS internal protocol to grab AWS credentials belonging to other ECS tasks on the same EC2 instance. A malicious container with a low‑privileged IAM role can obtain the permissions of a higher‑privileged container running on the same host.

https://www.sweet.security/blog/ecscape-understanding-iam-privilege-boundaries-in-amazon-ecs

Sys-Admin InfoSec

07 августа 2025 07:54

New Streamlit Vulnerability Enables Cloud Account Takeover Attack and Stock Market Dashboard Tampering

https://www.catonetworks.com/blog/cato-ctrl-new-streamlit-vulnerability/

Sys-Admin InfoSec

05 августа 2025 21:13

MCP Horror Stories: The Security Issues Threatening AI Infrastructure

https://www.docker.com/blog/mcp-security-issues-threatening-ai-infrastructure/

Sys-Admin InfoSec

04 августа 2025 09:44

Arch Infected AUR packages - firefox, zen-browser, chrome

Just ten days after a previous incident, malware with a Remote Access Trojan has once again been discovered in Arch Linux AUR packages.

https://linuxiac.com/arch-aur-under-fire-once-more-as-malware-resurfaces/

Sys-Admin InfoSec

29 июля 2025 12:02

Malvertising Campaign Delivers Oyster/Broomstick Backdoor via SEO Poisoning and Trojanized Tools

trojanized PuTTY and WinSCP trgets to users...

https://arcticwolf.com/resources/blog/malvertising-campaign-delivers-oyster-broomstick-backdoor-via-seo-poisoning-trojanized-tools/