borari

Fortigate published a patch for CVE-2023-27997, a Remote Code Execution vulnerability reachable pre-authentication, on every SSL VPN appliance.

I thought I'd take a break from posting stories that come across my RSS feed to let people know about an upcoming Hack-A-Thon/CTF event that OffSec is running next weekend.

I'm not really sure what the challenges will entail, since I'm not eligible for any of the prizes I haven't been paying much attention to info about it at all. I do know that in order to compete you will have to have an active PG Practice subscription, which is $19 USD/mo, more info is here. I don't really like that they're requiring people to already have a paid subscription to compete, but it's their ecosystem and their rules.

There are three different tiers you can compete in, a PEN-300 tier, an EXP-301 tier, and an PEN-200 tier. The 1st prize for each tier is a year long LearnOne subscription to the tier course, 2nd place is a 90 day course subscription to the tier course, and 3rd place is a 90 day subscription to the PG Practice environment.

While SANS is the king of wildly expensive courses, the OffSec subscriptions definitely aren't cheap either, especially if you're self-paying. I get the irony of making people pay for entry into a contest where they might win a subscription they otherwise couldn't afford, but it's better than nothing I guess.

Elastic Security Labs has discovered the SPECTRALVIPER malware targeting a national Vietnamese agribusiness.

Looks like a patch was released yesterday for the SQL injection vulnerabilities discovered in the MOVEit Transfer application.

The direct link to the official announcement is here.

Hello and welcome! I joined the Lemmy fediverse a week ago, and settled in to the sh.itjust.works instance yesterday. I had pulled back from most of my social and general use of Reddit a few years back, and mostly just used it as a more social RSS feed to keep abreast of things going on in the cybersecurity and information security world. One of the first things I noticed when exploring the Lemmy Fediverse was that outside of the general tech communities, there was only a single cybersecurity community which hadn't seen any activity in over a year or more.

I've gone back to my old stalwart RSS feeds, so I decided to create this community and post any articles I find interesting that come across my feed. Hopefully others will find it helpful as well!

I really hope that the social aspect of the community will take hold here too, and encourage anyone to make any link or text posts related to cybersecurity that they want. I don't really want this to turn into a place where every other question is "How do I get into cybersecurity?" or "Will you be my mentor?", but the Lemmy community is small so at this point I'd welcome any sort of community interaction.

To kick things off with a little about myself, started my career working as a network engineer for a WISP, scampering across city roofs, throwing up non-pen mounts for PtP radios, and slinging multi-Gbps links from building to building. I slowly transitioned into a SOC through a few calculated job transitions, then after a few more I've found myself working on a team that splits our time providing penetration tests for internal business lines and running red team/adversary emulation engagements against my company. Over the past few years I've earned my OSCP, OSEP, and OSWE, along with a handful of GIAC certifications. I'm currently working on the study materials for the OSED. I don't have any coding experience, just a bit of scripting ability, but I am very excited to jump in to binary exploitation and reverse engineering. It's the closest thing to magic to me in this space, and I can't wait to deconstruct and demystify it a bit.

Thanks for reading, and glad you're here!

Microsoft researchers have discovered an emerging cluster of TTP's they have named Storm-1167 being used by an unknown threat actor to target banking and financial services institutions.

This threat actor has been utilizing phishing emails for initial compromise, then using compromised inboxes to further distribute their malicious phishing emails.

The threat actor has been observed taking steps to minimize detection and to establish persistence.

ESET released an analysis of the Asylum Ambuscade crimeware group that has been active since at least early 2020.

This group targets bank customers and cryptocurrency traders in regions including North America and Europe.

The TTP's related to initial access include spearphising emails containing malicious XLS and DOC files.

Kaspersky is reporting a new zero-click iOS exploit in the wild, through message received via iMessage with an attachment containing the payload. Persistence is not supported, most likely due to limitations of the OS.

The Kaspersky writeup can be seen here.

C2 infrastructure mimics sites belonging to the Libyan Ministry of Foreign Affairs. Earliest artifacts date back to October 2022. Suspected that threat actor is targeting Egyptian and Libyan journalists and human rights activists.

Verizon's annual DBIR reports analyze a crazy amount of corporate security incidents, then publish the interesting statistics and trends that were discovered in the data. It's always quite an interesting read.