Telegram channel "Sys-Admin InfoSec" — @sysadm_in_channel

Sys-Admin InfoSec

25 Dec 2024, 16:32

Weaponizing WDAC: Killing the Dreams of EDR

Windows Defender Application Control (WDAC) is a technology introduced with and automatically enabled by default on Windows 10+ and Windows Server 2016+ that allows organizations fine grained control over the executable code that is permitted to run on their Windows machines...:

https://beierle.win/2024-12-20-Weaponizing-WDAC-Killing-the-Dreams-of-EDR/

Weaponizing WDAC: Killing the Dreams of EDR

1.3k 1 4

Sys-Admin InfoSec

23 Dec 2024, 13:53

PentestGPT – A ChatGPT Powered Automated Penetration Testing Tool

https://gbhackers.com/pentestgpt/

PentestGPT - ChatGPT Powered Automated Pentesting Tool

new ChatGPT-powered Penetration testing Tool called "PentestGPT" that helps penetration testers to automate their pentesitng operations.

1.9k 1 43

Sys-Admin InfoSec

17 Dec 2024, 13:54

DeceptionAds — Fake Captcha Driving Infostealer Infections and a Glimpse to the Dark Side of Internet Advertising

The Fake-Captcha Lumma Stealer Campaign

https://labs.guard.io/deceptionads-fake-captcha-driving-infostealer-infections-and-a-glimpse-to-the-dark-side-of-0c516f4dc0b6

2.3k 1 4

Sys-Admin InfoSec

11 Dec 2024, 19:38

Compromises Critical Digital Infrastructure via Visual Studio Code Tunnels

https://www.sentinelone.com/labs/operation-digital-eye-chinese-apt-compromises-critical-digital-infrastructure-via-visual-studio-code-tunnels/

Operation Digital Eye | Chinese APT Compromises Critical Digital Infrastructure via Visual Studio Code Tunnels

Threat actors abused Visual Studio Code and Microsoft Azure infrastructure to target large business-to-business IT service providers in Southern Europe.

2.8k 1 5

Sys-Admin InfoSec

9 Dec 2024, 13:06

Meeten Malware: A Cross-Platform Threat to Crypto Wallets on macOS and Windows

https://www.cadosecurity.com/blog/meeten-malware-threat

Meeten Malware: A Cross-Platform Threat to Crypto Wallets on macOS and Windows

Cado Security Labs details the discovery of a new cross-platform information stealer malware dubbed "Meeten" targeting macOS and Windows users.

2.3k 1 5

Sys-Admin InfoSec

2 Dec 2024, 17:44

Forward from: Sys-Admin Up

LogoFAIL Exploited to Deploy Bootkitty, the first UEFI bootkit for Linux

https://www.binarly.io/blog/logofail-exploited-to-deploy-bootkitty-the-first-uefi-bootkit-for-linux

LogoFAIL Exploited to Deploy Bootkitty, the first UEFI bootkit for Linux

Binarly researchers find a direct connection between the newly discovered Bootkitty Linux bootkit and exploitation of the LogoFAIL image parsing vulnerabilities reported more than a year ago

2.5k 0 3

Sys-Admin InfoSec

2 Dec 2024, 08:59

SpyLoan: A Global Threat Exploiting Social Engineering

https://www.mcafee.com/blogs/other-blogs/mcafee-labs/spyloan-a-global-threat-exploiting-social-engineering/

SpyLoan: A Global Threat Exploiting Social Engineering | McAfee Blog

Authored by: Fernando Ruiz The McAfee mobile research team recently identified a significant global increase of SpyLoan, also known as predatory

2.2k 1 3

Sys-Admin InfoSec

26 Nov 2024, 14:01

IT workers masquerade as individuals from different countries to perform legitimate IT work and hack employers, focus areas are:

- Stealing money or cryptocurrency
- Stealing information pertaining to weapons systems, sanctions information, and policy-related decisions
- Performing IT work to generate revenue to help fund various activities

About of masquerading, social engeneering and not only:

https://www.microsoft.com/en-us/security/blog/2024/11/22/microsoft-shares-latest-intelligence-on-north-korean-and-chinese-threat-actors-at-cyberwarcon/

Microsoft shares latest intelligence on North Korean and Chinese threat actors at CYBERWARCON | Microsoft Security Blog

At CYBERWARCON 2024, Microsoft Threat Intelligence analysts will share research and insights on North Korean and Chinese threat actors representing years of threat actor tracking, infrastructure monitoring and disruption, and their attack tooling.

2.7k 1 4

Sys-Admin InfoSec

25 Nov 2024, 10:34

When Guardians Become Predators: How Malware Corrupts the Protectors

https://www.trellix.com/blogs/research/when-guardians-become-predators-how-malware-corrupts-the-protectors/

When Guardians Become Predators: How Malware Corrupts the Protectors

We often trust our security software to stand as an unbreakable wall against malware and attacks, but what happens when that very wall is weaponized against us?

2.1k 1 4

Sys-Admin InfoSec

22 Nov 2024, 12:32

2000+ Palo Alto Firewalls Hacked Exploiting New Vulnerabilities

https://cybersecuritynews.com/2000-palo-alto-firewalls-hacked/

2000+ Palo Alto Firewalls Hacked Exploiting New Vulnerabilities

Over 2,000 Palo Alto Networks firewalls have been compromised in a widespread attack exploiting recently patched vulnerabilities.

2.6k 1 11

Sys-Admin InfoSec

22 Nov 2024, 05:57

CWE Top 25 Most Dangerous Software Weaknesses from MITRE

https://cwe.mitre.org/top25/

list items:
- https://cwe.mitre.org/top25/archive/2024/2024_cwe_top25.html

CWE - CWE Top 25 Most Dangerous Software Weaknesses

Common Weakness Enumeration (CWE) is a list of software and hardware weaknesses.

2.1k 1 12

Sys-Admin InfoSec

21 Nov 2024, 11:25

Ghost Tap: New cash-out tactic with NFC Relay

https://www.threatfabric.com/blogs/ghost-tap-new-cash-out-tactic-with-nfc-relay

Ghost Tap: New cash-out tactic with NFC Relay

ThreatFabric analysts have discovered Ghost Tap: a new cash-out tactic involving relaying of NFC traffic that is actively abused by threat actors.

2.3k 1 8 1

Sys-Admin InfoSec

20 Nov 2024, 15:09

Forward from: Sys-Admin Up

ModeLeak: Privilege Escalation to LLM Model Exfiltration in Vertex AI

https://unit42.paloaltonetworks.com/privilege-escalation-llm-model-exfil-vertex-ai/

ModeLeak: Privilege Escalation to LLM Model Exfiltration in Vertex AI

New research reveals two vulnerabilities in Google's Vertex AI that may lead to privilege escalation or data theft through custom jobs or malicious models. New research reveals two vulnerabilities in Google's Vertex AI that may lead to privilege escalation or data theft through custom jobs or malici...

1.8k 0 4

Sys-Admin InfoSec

19 Nov 2024, 05:23

Malicious Facebook Ad Campaign Targeting Bitwarden Users

https://www.bitdefender.com/en-us/blog/labs/inside-bitdefender-labs-investigation-of-a-malicious-facebook-ad-campaign-targeting-bitwarden-users

Inside Bitdefender Labs’ Investigation of a Malicious Facebook Ad Campaign Targeting Bitwarden Users

Throughout 2024, Bitdefender Labs has been closely monitoring a series of malvertising campaigns that exploit popular platforms to spread malware.

2.1k 1 2

Sys-Admin InfoSec

18 Nov 2024, 16:22

Prompt Injecting Your Way To Shell: OpenAI's Containerized ChatGPT Environment

https://0din.ai/blog/prompt-injecting-your-way-to-shell-openai-s-containerized-chatgpt-environment

Prompt Injecting Your Way To Shell: OpenAI's Containerized ChatGPT Environment

Dive into OpenAI’s containerized ChatGPT environment, demonstrating how users can interact with its underlying structure through controlled prompt injections and file management techniques. By exploring ChatGPT's sandboxed Debian Bookworm environment, readers gain insights into navigating command ex...

2.2k 1 6

Sys-Admin InfoSec

18 Nov 2024, 14:21

Forward from: Sys-Admin Up

8 Free CyberSec & Networking Courses From Cisco

It may be useful to refresh your knowledge or learn something new:It may be useful to refresh your knowledge or learn something new:

1 Ethical Hacker
2 Junior Cybersecurity Analyst
3 Endpoint Security
4 Cyber Threat Management
5 Introduction to Cybersecurity
6 Network Defense
7 Network Addressing and Basic Troubleshooting
8 Networking Essentials

Ethical Hacker - Skills for All

Become an ethical hacker and build your offensive security skills in this free online course - from Cisco Networking Academy. Sign up today!

2k 0 32 2

Sys-Admin InfoSec

18 Nov 2024, 10:51

BrazenBamboo Weaponizes FortiClient Vulnerability to Steal VPN Credentials via DEEPDATA

https://www.volexity.com/blog/2024/11/15/brazenbamboo-weaponizes-forticlient-vulnerability-to-steal-vpn-credentials-via-deepdata/

BrazenBamboo Weaponizes FortiClient Vulnerability to Steal VPN Credentials via DEEPDATA

KEY TAKEAWAYS Volexity discovered and reported a vulnerability in Fortinet's Windows VPN client, FortiClient, where user credentials remain in process memory after a user authenticates to the VPN. This vulnerability was abused by BrazenBamboo in their DEEPDATA malware. BrazenBamboo is the threat act...

1.9k 1 3

Sys-Admin InfoSec

15 Nov 2024, 15:03

Stealthy Attributes of APT Lazarus: Evading Detection with Extended Attributes

https://www.group-ib.com/blog/stealthy-attributes-of-apt-lazarus/

Stealthy Attributes of APT Lazarus | Group-IB Blog

In this blog, we examine a fresh take on techniques regarding concealing codes in Extended Attributes in order to evade detection in macOS systems. This is a new technique that has yet to be included in the MITRE ATT&CK framework.

2k 1 4 1

Sys-Admin InfoSec

14 Nov 2024, 08:34

Forward from: OpenBLD.net

🏎 OpenBLD.net – Engine for a Faster Internet

Increased throughput with the newest Gears in the racing engine of OpenBLD.net. Some Gears have been rewritten or built from scratch:

• Synchronous processing of block lists
• Caching of blocking events
• Updated caching system — the log enricher now has its own cache
• Enhanced request processing system
• New health-checking system for upstream servers, with response time detection
• Improved load balancing, routing requests to servers with the lowest response time
• Optimized parallel DNS request handling, delivering the fastest response

I hope these features will help us save valuable time online while the OpenBLD.net system's gears run smoothly under the hood.

What's Gears?

Gears are the components of the OpenBLD.net system that help to customize online experiences.

If you notice any “engine misfires,” please let me know. I’m always open to constructive feedback.

Wishing everyone a safe journey across the internet! ✌️

2k 0 2 1

Sys-Admin InfoSec

13 Nov 2024, 05:27

APT Actors Embed Malware within macOS Flutter Applications

https://www.jamf.com/blog/jamf-threat-labs-apt-actors-embed-malware-within-macos-flutter-applications/

Jamf Threat Labs discovers a new threat targeting macOS

With malicious code hidden within, the new malware with ties to DPRK, has evaded detection by notable malware checking systems that may signal a new way of attacking macOS devices.

2k 1 2

TGStat Bot

Telegram Analytics

SearcheeBot

TGAlertsBot

Sys-Admin InfoSec

Channel's geo and language

Category

Sys-Admin InfoSec

Sys-Admin InfoSec

Sys-Admin InfoSec

Sys-Admin InfoSec

Sys-Admin InfoSec

Sys-Admin InfoSec

Sys-Admin InfoSec

Sys-Admin InfoSec

Sys-Admin InfoSec

Sys-Admin InfoSec

Sys-Admin InfoSec

Sys-Admin InfoSec

Sys-Admin InfoSec

Sys-Admin InfoSec

Sys-Admin InfoSec

Sys-Admin InfoSec

Sys-Admin InfoSec

Sys-Admin InfoSec

Sys-Admin InfoSec

Sys-Admin InfoSec

11 964

Popular in the channel

Site language

TGStat Bot

Telegram Analytics

SearcheeBot

TGAlertsBot

Sys-Admin InfoSec

Channel's geo and language

Category

11 964

Popular in the channel