William W Collins’ Post

Last Week in Security - 2024-08-20 by Rusty Robison via SIXGEN ([Global] Security Breach) URL: https://ift.tt/xWVhc6r We're Hiring! Immediate Open Positions: Maryland Applicants: We have openings for a Technical Writer, Red Team Operator, Red Team Operator Infrastructure Engineer, Red Team Operator Tool Developer, Systems Engineer, HPC Software Engineer, Information Systems Security Engineer, Cyber Operator Developer Analyst (CODA), Senior Data Analyst and Earned Value Management Specialist. Virginia Applicants: Available opportunities: Land and Expeditionary Warfare Specialist, Cyber Warfare Threat Analyst, and Cyber Network Operator. For more open positions visit: https://lnkd.in/dsjBaCpM Last Week in Security is a summary of the interesting cybersecurity news, techniques, tools, and exploits from the past week. This post covers 2024-08-12 to 2024-08-19. News Six 0-Days Lead Microsoft’s August 2024 Patch Push - Microsoft released updates to fix 90 security vulnerabilities, including six zero-day flaws actively exploited by attackers. The flaws include local privilege escalation vulnerabilities and remote code execution flaws. One vulnerability allows malware to bypass security features in Windows. It is recommended for Windows users to install security updates promptly and back up data before updating. The updates primarily focus on Windows components, Office products, and Azure services, but do not specifically target Group Policy or Intune. Inside the "3 Billion People" National Public Data Breach - Troy Hunt discusses a major data breach involving National Public Data, a data aggregator, where a threat actor has published personal information of billions of people. The breach includes names, addresses, social security numbers, and other personal details. Multiple parties had access to the data before it was leaked, and legal action has been taken against National Public Data. The data has been circulating on the dark web, and there are questions about its legitimacy and origin. Hunt decided to include the breach in his "Have I Been Pwned" database as an unverified breach to inform those affected. Threat Intel and Defense EastWind Campaign: New CloudSorcerer attacks on government organizations in Russia - The EastWind campaign targeted Russian government organizations and IT companies using phishing emails with malicious attachments to deliver malware such as CloudSorcerer, APT31, and APT27 tools. The attackers used Dropbox and social media sites as Command and Control servers, and also deployed a new implant named PlugY. Ransomware attackers introduce new EDR killer to their arsenal - Sophos analysts discovered a new EDR-killing utility called EDRKillShifter being used by ransomware attackers targeting an organization with RansomHub ransomware. The tool failed to disable Sophos protection, but the attackers attempted to run the ransomware, which also failed due to CryptoGuard. EDRKillShifter works by executing...

Last Week in Security - 2024-08-12 by Rusty Robison via SIXGEN ([Global] oracle cloud) URL: https://ift.tt/4ujbnSL We're Hiring! Immediate Open Positions: Maryland Applicants: We have openings for a Technical Writer, Red Team Operator, Red Team Operator Infrastructure Engineer, Red Team Operator Tool Developer, Systems Engineer, HPC Software Engineer, Information Systems Security Engineer, Cyber Operator Developer Analyst (CODA), Senior Data Analyst and Earned Value Management Specialist. Virginia Applicants: Available opportunities: Land and Expeditionary Warfare Specialist, Cyber Warfare Threat Analyst, and Cyber Network Operator. For more open positions visit: https://lnkd.in/dsjBaCpM Last Week in Security is a summary of the interesting cybersecurity news, techniques, tools, and exploits from the past couple weeks. This post covers 2024-07-29 to 2024-08-12. News Proofpoint Email Routing Flaw Exploited to Send Millions of Spoofed Phishing Emails - An unknown threat actor exploited a flaw in Proofpoint's email routing to send millions of spoofed phishing emails impersonating popular companies. The campaign, named EchoSpoofing, used SPF and DKIM signatures to bypass security protections. The attacker sent messages from SMTP servers on VPS, complying with authentication measures to imitate legitimate domains. Proofpoint addressed the issue by providing corrective instructions to customers and urging VPS providers and email service providers to limit spamming capabilities. The campaign was not attributed to any known threat actor, and no customer data was exposed. Improving the security of Chrome cookies on Windows - This new App-Bound Encryption feature aims to protect users from malware that steals sensitive data by encrypting data tied to app identity, making it more difficult for attackers to access. Enterprises with roaming profiles may need to adjust their configurations to support this new protection. Don’t Let Your Domain Name Become a “Sitting Duck” - Researchers have found that over a million domain names are vulnerable to cybercriminals due to authentication weaknesses at web hosting providers and registrars. This vulnerability allows cybercriminals to take over domains and use them for malicious activities like sending spam and phishing emails. This issue has been ongoing for years and still persists, with security experts urging for stricter verification measures to prevent domain takeovers. Multiple large hosting and DNS providers are still susceptible to this authentication weakness, leaving domains at risk of being hijacked for malicious purposes. Microsoft need to be transparent about customer impacting DDoS attacks - Microsoft has been experiencing customer impacting DDoS attacks that are causing network outages for Azure and Microsoft 365. Despite these incidents, Microsoft has not been transparent about what is happening. After being called out by the Associated Press, Microsoft released a blog po...

Last Week in Security - 2024-08-12 by Rusty Robison via SIXGEN ([Global] Virtual Desktop Infrastructure) URL: https://ift.tt/4ujbnSL We're Hiring! Immediate Open Positions: Maryland Applicants: We have openings for a Technical Writer, Red Team Operator, Red Team Operator Infrastructure Engineer, Red Team Operator Tool Developer, Systems Engineer, HPC Software Engineer, Information Systems Security Engineer, Cyber Operator Developer Analyst (CODA), Senior Data Analyst and Earned Value Management Specialist. Virginia Applicants: Available opportunities: Land and Expeditionary Warfare Specialist, Cyber Warfare Threat Analyst, and Cyber Network Operator. For more open positions visit: https://lnkd.in/dsjBaCpM Last Week in Security is a summary of the interesting cybersecurity news, techniques, tools, and exploits from the past couple weeks. This post covers 2024-07-29 to 2024-08-12. News Proofpoint Email Routing Flaw Exploited to Send Millions of Spoofed Phishing Emails - An unknown threat actor exploited a flaw in Proofpoint's email routing to send millions of spoofed phishing emails impersonating popular companies. The campaign, named EchoSpoofing, used SPF and DKIM signatures to bypass security protections. The attacker sent messages from SMTP servers on VPS, complying with authentication measures to imitate legitimate domains. Proofpoint addressed the issue by providing corrective instructions to customers and urging VPS providers and email service providers to limit spamming capabilities. The campaign was not attributed to any known threat actor, and no customer data was exposed. Improving the security of Chrome cookies on Windows - This new App-Bound Encryption feature aims to protect users from malware that steals sensitive data by encrypting data tied to app identity, making it more difficult for attackers to access. Enterprises with roaming profiles may need to adjust their configurations to support this new protection. Don’t Let Your Domain Name Become a “Sitting Duck” - Researchers have found that over a million domain names are vulnerable to cybercriminals due to authentication weaknesses at web hosting providers and registrars. This vulnerability allows cybercriminals to take over domains and use them for malicious activities like sending spam and phishing emails. This issue has been ongoing for years and still persists, with security experts urging for stricter verification measures to prevent domain takeovers. Multiple large hosting and DNS providers are still susceptible to this authentication weakness, leaving domains at risk of being hijacked for malicious purposes. Microsoft need to be transparent about customer impacting DDoS attacks - Microsoft has been experiencing customer impacting DDoS attacks that are causing network outages for Azure and Microsoft 365. Despite these incidents, Microsoft has not been transparent about what is happening. After being called out by the Associated Press, Microsoft ...

Check out the latest blog Beyviel David and I put together for SIXGEN covering all of the #cybersecurity and #pentesting news, techniques, write-ups, and tools released from 08/12-08/19. SIXGEN is also actively hiring Junior Pentesters, Pentesters, Red Team Operators, and Senior Webapp Pentesters so apply if you're interested! Highlights: - Troy Hunt wrote an article digging into the "3 Billion People" National Public Data Breach - James Kettle of PortSwigger released a primer on novel web timing attacks including methodology, real-world case studies, open-source tools and even a mini CTF. - Outflank's Cedric Van Bockhaven wrote a post about how the MSC file format can be used for initial access or lateral movement - Quentin Roland of Synacktiv wrote a post introducing a tool called SCCMSecrets.py that aims to provide a comprehensive approach regarding SCCM policies exploitation - Oddvar Moe of TrustedSec details using a Universal Data Link Configuration (UDL) file for phishing - And many more tools, techniques, and write-ups! https://lnkd.in/gSi7WXvG

Check out the latest blog Beyviel David and I put together for SIXGEN covering all of the #cybersecurity news, techniques, write-ups, and tools released from 07/08-07/15. Highlights: - CISA performed an unannounced red team assessment against an FCEB member and released an article detailing the findings - AT&T was breached exposing the data of nearly all of their customers - Harry Withington of Aura Information Security released an article detailing some awesome MOTW and Smartscreen bypasses for phishing payloads - In a similar vein Check Point Software's Haifei Li wrote a post on some zero-day tricks being used by threat actors in phishing that could be useful in your own phishing campaigns - Adam Kues of Assetnote details how to chain three vulnerabilities in order to access all of an org's ServiceNow data - A whole team of researchers detail a vulnerability they dub Blast-RADIUS, that affects the RADIUS protocol, allowing a man-in-the-middle attacker to forge a valid protocol accept message without brute-forcing passwords or shared secrets, potentially granting unauthorized access to network devices and services. - And many more tools, techniques, and write-ups! https://lnkd.in/g_WmwT4Y

Check out the latest blog Beyviel David and I put together for SIXGEN covering all of the #cybersecurity news, techniques, write-ups, and tools released from 07/01-07/08. Highlights: - regreSSHion: A Remote Unauthenticated Code Execution Vulnerability in OpenSSH server - Ticketmaster hacked and concert tickets released - Secrets stolen from OpenAI - Jiacheng(Gavin) Zhong and Shuyang Wang at Obsidian Security put out an article detailing a technique they call Shadow Linking in order to obtain persistence using SaaS services - Ziyi Shen wrote an article for 3Nails Information Security about a technique called EDRPrison that is used to evade EDR products - XINTRA's Lina L. wrote an article on detecting lateral movement in Entra ID - And many more tools, techniques, and write-ups!

Check out the latest blog Beyviel David and I put together for SIXGEN covering all of the #cybersecurity and #pentesting news, techniques, write-ups, and tools released from 09/02-09/09. Highlights: - YubiKeys vulnerable to cloning attacks - Fake GitHub stars are a growing threat - Marco Ivaldi of HN Security wrote about learning rust and using it to write a custom Meterpreter stager - Wietze Beukema wrote about argv[0] and how you can use it to help bypass detections, deceive analysts, or corrupt EDR data - GoSecure's Patricia Gagnon-Renaud, P.Eng. wrote about using a picture of a key to create your own copy - Intigriti released a guide on hacking misconfigured AWS S3 buckets - Zavier Lee wrote a primer on exploiting Active Directory from a Linux attack machine - And many more tools, techniques, and write-ups! https://lnkd.in/gySqkztd

Checkout this week's Last Week in Security from a new perspective! SIXGEN's Rusty Robison and Beyviel David crafted this weeks edition just for you! This week covers Ivanti Zero Days, Sharepoint, and some walkthroughs, exploits and tools released in the last week. #lwis #cybernews #cybersecurity #tools #vulnerabilities #hiring #clearedjobs

Check out the latest blog I put together for SIXGEN covering all of the #cybersecurity news, techniques, write-ups, and tools released from 10/07-10/14. Highlights: - Hacked chatbot exposes disturbing prompts - European government air-gapped system breached - Internet Archive hacked - Andrew Lemon of Red Threat dropped the third part in his series on hacking a traffic controller - David Buchanan wrote about using a cigarette lighter to gain root - Daniel/Hackermondev wrote about discovering a Zendesk backdoor and being awarded $50,000+ in bounties - And many more tools, techniques, and write-ups! https://lnkd.in/gFdQY7HS