TGStat Academy | Большой урок

Бесплатный открытый урок по трафику в Telegram!

3 урока по Telegram бесплатно

TGStat Academy создали бесплатный мини-курс для всех!

ШАГ студента

Канал о твоей студенческой жизни от @stepbyshag

Статистика Избранное

Sys-Admin Up

Гео и язык канала: Казахстан, Английский

Категория: Технологии

InfoSec, Hacks, Perks, Tools, IT/IS Courses, CVE… Contains part of the news that was not included in the Sys-Admin & InfoSec Channel (@sysadm_in_channel)

Связанные каналы | Похожие каналы

Гео и язык канала

Казахстан, Английский

Категория

Технологии

Статистика

Избранное

Фильтр публикаций

Скрывать удаленные

Скрывать репосты

Sys-Admin Up

21 Nov, 10:51

One Sock Fits All: The Use And Abuse Of The NSOCKS Botnet

https://blog.lumen.com/one-sock-fits-all-the-use-and-abuse-of-the-nsocks-botnet/

One Sock Fits All: The use and abuse of the NSOCKS botnet

Black Lotus Labs has tracked down a notorious criminal proxy network, with a daily average of 35k bots located mostly in the U.S., allowing users to attack networks with total anonymity

39 0 0

Sys-Admin Up

20 Nov, 15:08

ModeLeak: Privilege Escalation to LLM Model Exfiltration in Vertex AI

https://unit42.paloaltonetworks.com/privilege-escalation-llm-model-exfil-vertex-ai/

ModeLeak: Privilege Escalation to LLM Model Exfiltration in Vertex AI

New research reveals two vulnerabilities in Google's Vertex AI that may lead to privilege escalation or data theft through custom jobs or malicious models. New research reveals two vulnerabilities in Google's Vertex AI that may lead to privilege escalation or data theft through custom jobs or malici...

899 2 4

Sys-Admin Up

18 Nov, 14:19

8 Free CyberSec & Networking Courses From Cisco

It may be useful to refresh your knowledge or learn something new:It may be useful to refresh your knowledge or learn something new:

1 Ethical Hacker
2 Junior Cybersecurity Analyst
3 Endpoint Security
4 Cyber Threat Management
5 Introduction to Cybersecurity
6 Network Defense
7 Network Addressing and Basic Troubleshooting
8 Networking Essentials

Ethical Hacker - Skills for All

Become an ethical hacker and build your offensive security skills in this free online course - from Cisco Networking Academy. Sign up today!

1.4k 2 49

Sys-Admin Up

18 Nov, 10:59

CVE org celebrates 25 years

https://www.cve.org/Resources/Media/Cve25YearsAnniversaryReport.pdf

134 0 0

Sys-Admin Up

18 Nov, 06:11

Subject Linux 6.12

Linus commented: No strange surprises this last week, so we're sticking to the regular release schedule, and that obviously means that the merge window opens tomorrow. I already have two dozen+ pull requests in my mailbox, kudos to all the early birds..:

https://lkml.org/lkml/2024/11/17/326

147 0 0

Sys-Admin Up

16 Nov, 10:28

Glove Stealer: Leveraging IElevator to Bypass App-Bound Encryption & Steal Sensitive Data

https://www.gendigital.com/blog/insights/research/glove-stealer

Glove Stealer: Leveraging IElevator to Bypass App-Bound Encryption & Steal Sensitive Data

A .NET malware, bypasses Chrome's App-Bound Encryption, stealing data from browsers, crypto wallets, 2FA authenticators

160 0 1

Sys-Admin Up

14 Nov, 08:48

Управление памятью и сборщиком мусора в Go (Memory Management and Garbage Collection in Go)

https://www.youtube.com/live/UVqpl4PExkM?si=HbRHSYTQdQcOFswt

Управление памятью и сборщиком мусора в Go

22 мая Нина сделала новый доклад на Go-митапе в Москве: https://www.youtube.com/live/5BTrGM5ElAA Слайды: https://github.com/progmsk/progmsk.github.io/files/14963281/go-garbage-collection.pdf Репозиторий: https://github.com/PakshNina/gc Канал Нины на ютубе: https://youtube.com/@PakshinaNina Разрабо...

185 0 0

Sys-Admin Up

13 Nov, 16:26

Linux kernel test robot noticed a 3888.9% improvement of will-it-scale.per_process_ops

https://lore.kernel.org/lkml/202411072132.a8d2cf0f-oliver.sang@intel.com/

Commit:

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d4148aeab412432bf928f311eca8a2ba52bb05df

181 0 0

Sys-Admin Up

13 Nov, 06:20

Offset-free DSE bypass across Windows 11 & 10: utilising ntkrnlmp.pdb

https://blog.cryptoplague.net/main/research/windows-research/offset-free-dse-bypass-across-windows-11-and-10-utilising-ntkrnlmp.pdb

Offset-free DSE bypass across Windows 11 & 10: utilising ntkrnlmp.pdb | cryptoplague blog

Parsing ntkrnlmp.pdb on the target to eliminate the need for static offsetting and thus safely and dynamically bypassing driver signature enforcement across multiple Windows 10 & 11 versions.

191 0 1

Sys-Admin Up

12 Nov, 12:03

Вредоносные приложения в Google Play: как злоумышленники используют DNS-протокол для скрытой связи троянов с управляющими серверами

https://news.drweb.ru/show/?i=14935&lng=ru

Вредоносные приложения в Google Play: как злоумышленники используют DNS-протокол для скрытой связи троянов с управляющими серверами

Задачей многих троянов Android.FakeApp является переход по ссылкам на различные сайты, и с технической точки зрения такие вредоносные программы довольно примитивны. При запуске они получают команду на открытие заданного веб-адреса, в результате чего установившие их пользователи вместо ожидаемой прог...

182 0 1

Sys-Admin Up

8 Nov, 22:48

Palo Alto Expedition Missing Authentication Vulnerability: Palo Alto Expedition contains a missing authentication vulnerability that allows an attacker with network access to takeover an Expedition admin account and potentially access configuration secrets, credentials, and other data

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-5910&field_date_added_wrapper=all&field_cve=&sort_by=field_date_added&items_per_page=20&url=

Known Exploited Vulnerabilities Catalog | CISA

For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild. Organizations should use the KEV catal...

274 0 1

Sys-Admin Up

7 Nov, 09:37

Threat Campaign Spreads Winos4.0 Through Game Application

https://www.fortinet.com/blog/threat-research/threat-campaign-spreads-winos4-through-game-application

Threat Campaign Spreads Winos4.0 Through Game Application

FortiGuard Labs reveals a threat actor spreads Winos4.0, infiltrating gaming apps and targeting the education sector. Learn more.…

2k 2 2

Sys-Admin Up

6 Nov, 19:55

Typosquat Campaign Targeting npm Developers

https://blog.phylum.io/supply-chain-security-typosquat-campaign-targeting-puppeteer-users/

Fake Puppeteer Packages Contain Malware

Ongoing supply chain attack targets Puppeteer users with malicious npm packages.

200 0 1

Sys-Admin Up

6 Nov, 18:49

CloudSec Frmwk

183 0 1

Sys-Admin Up

6 Nov, 09:23

ToxicPanda: a new banking trojan from Asia hit Europe and LATAM

https://www.cleafy.com/cleafy-labs/toxicpanda-a-new-banking-trojan-from-asia-hit-europe-and-latam

ToxicPanda: a new banking trojan from Asia hit Europe and LATAM | Cleafy Labs

Discover Cleafy's in-depth analysis of a new Android banking Trojan campaign, ToxicPanda, initially linked to TgToxic. Our findings reveal a sophisticated fraud operation targeting European and LATAM banks, using On-Device Fraud (ODF) tactics to execute account takeovers. Learn about ToxicPanda's ev...

207 0 2

Sys-Admin Up

5 Nov, 22:33

CVE-2024-46538 PfSense Stored XSS lead to RCE PoC

https://github.com/EQSTLab/CVE-2024-46538

GitHub - EQSTLab/CVE-2024-46538: Proof-of-Concept for CVE-2024-46538

Proof-of-Concept for CVE-2024-46538. Contribute to EQSTLab/CVE-2024-46538 development by creating an account on GitHub.

228 0 5

Sys-Admin Up

5 Nov, 17:46

Details about of Storm-0940 spray attack

https://www.microsoft.com/en-us/security/blog/2024/10/31/chinese-threat-actor-storm-0940-uses-credentials-from-password-spray-attacks-from-a-covert-network/

Previous post:
https://t.me/sysadm_in_channel/5254

Chinese threat actor Storm-0940 uses credentials from password spray attacks from a covert network | Microsoft Security Blog

Since August 2023, Microsoft has observed intrusion activity targeting and successfully stealing credentials from multiple Microsoft customers that is enabled by highly evasive password spray attacks. Microsoft has linked the source of these password spray attacks to a network of compromised devices...

269 0 1

Sys-Admin Up

5 Nov, 15:40

🗣Конкурс результатом которого может быть 100% скидка на курс или экзамен от Linux Foundation

Выбирай не хочу:
— Курс
— Сертификат

Конкурс от core247.kz вполне может помочь в этом, ваучер применим к:

— онлайн-курсу
— сертификационному экзамену
— или пакету (курс + сертификация)

🚩 14 ноября - итоги и выбор 7 победителей. Активировать ваучер нужно до 31.10.2025. После этого будет 1 год и 2 попытки, чтобы завершить обучение и/или сдать экзамен.

Детали здесь: https://core247.io/cncf

296 2 2

Sys-Admin Up

4 Nov, 21:49

https://securelist.ru/llm-phish-blunders/110922/

Как фишинговые страницы признаются, что созданы с помощью LLM

Мошенники используют большие языковые модели (LLM) для создания фишинговых страниц и оставляют в текстах и тегах артефакты, такие как фраза As an AI language model.

245 0 0

Sys-Admin Up

4 Nov, 20:25

https://sysdig.com/blog/emeraldwhale/

EMERALDWHALE: 15k Cloud Credentials Stolen in Operation Targeting Exposed Git Config Files

EMERALDWHALE is an operation targeting exposed Git configurations, resulting in more than 15,000 cloud service credentials stolen.

207 0 0

Показано 20 последних публикаций.

925

подписчиков

Статистика канала

Популярное в канале

macOS NotLockBit | Evolving Ransomware Samples Suggest a Threat Actor Sharpening Its Tools https...

qBittorrent fixes flaw exposing users to MitM attacks for 14 years https://www.bleepingcomputer....

Threat Campaign Spreads Winos4.0 Through Game Application https://www.fortinet.com/blog/threat-r...

8 Free CyberSec & Networking Courses From Cisco It may be useful to refresh your knowledge or le...

ModeLeak: Privilege Escalation to LLM Model Exfiltration in Vertex AI https://unit42.paloaltonet...