Cybecs的动态

Last Week in Security - 2024-08-12 by Rusty Robison via SIXGEN ([Global] Virtual Desktop Infrastructure) URL: https://ift.tt/4ujbnSL We're Hiring! Immediate Open Positions: Maryland Applicants: We have openings for a Technical Writer, Red Team Operator, Red Team Operator Infrastructure Engineer, Red Team Operator Tool Developer, Systems Engineer, HPC Software Engineer, Information Systems Security Engineer, Cyber Operator Developer Analyst (CODA), Senior Data Analyst and Earned Value Management Specialist. Virginia Applicants: Available opportunities: Land and Expeditionary Warfare Specialist, Cyber Warfare Threat Analyst, and Cyber Network Operator. For more open positions visit: https://lnkd.in/dsjBaCpM Last Week in Security is a summary of the interesting cybersecurity news, techniques, tools, and exploits from the past couple weeks. This post covers 2024-07-29 to 2024-08-12. News Proofpoint Email Routing Flaw Exploited to Send Millions of Spoofed Phishing Emails - An unknown threat actor exploited a flaw in Proofpoint's email routing to send millions of spoofed phishing emails impersonating popular companies. The campaign, named EchoSpoofing, used SPF and DKIM signatures to bypass security protections. The attacker sent messages from SMTP servers on VPS, complying with authentication measures to imitate legitimate domains. Proofpoint addressed the issue by providing corrective instructions to customers and urging VPS providers and email service providers to limit spamming capabilities. The campaign was not attributed to any known threat actor, and no customer data was exposed. Improving the security of Chrome cookies on Windows - This new App-Bound Encryption feature aims to protect users from malware that steals sensitive data by encrypting data tied to app identity, making it more difficult for attackers to access. Enterprises with roaming profiles may need to adjust their configurations to support this new protection. Don’t Let Your Domain Name Become a “Sitting Duck” - Researchers have found that over a million domain names are vulnerable to cybercriminals due to authentication weaknesses at web hosting providers and registrars. This vulnerability allows cybercriminals to take over domains and use them for malicious activities like sending spam and phishing emails. This issue has been ongoing for years and still persists, with security experts urging for stricter verification measures to prevent domain takeovers. Multiple large hosting and DNS providers are still susceptible to this authentication weakness, leaving domains at risk of being hijacked for malicious purposes. Microsoft need to be transparent about customer impacting DDoS attacks - Microsoft has been experiencing customer impacting DDoS attacks that are causing network outages for Azure and Microsoft 365. Despite these incidents, Microsoft has not been transparent about what is happening. After being called out by the Associated Press, Microsoft ...

network security engineer

Good opportunity

Last Week in Security - 2024-08-20 by Rusty Robison via SIXGEN ([Global] Security Breach) URL: https://ift.tt/xWVhc6r We're Hiring! Immediate Open Positions: Maryland Applicants: We have openings for a Technical Writer, Red Team Operator, Red Team Operator Infrastructure Engineer, Red Team Operator Tool Developer, Systems Engineer, HPC Software Engineer, Information Systems Security Engineer, Cyber Operator Developer Analyst (CODA), Senior Data Analyst and Earned Value Management Specialist. Virginia Applicants: Available opportunities: Land and Expeditionary Warfare Specialist, Cyber Warfare Threat Analyst, and Cyber Network Operator. For more open positions visit: https://lnkd.in/dsjBaCpM Last Week in Security is a summary of the interesting cybersecurity news, techniques, tools, and exploits from the past week. This post covers 2024-08-12 to 2024-08-19. News Six 0-Days Lead Microsoft’s August 2024 Patch Push - Microsoft released updates to fix 90 security vulnerabilities, including six zero-day flaws actively exploited by attackers. The flaws include local privilege escalation vulnerabilities and remote code execution flaws. One vulnerability allows malware to bypass security features in Windows. It is recommended for Windows users to install security updates promptly and back up data before updating. The updates primarily focus on Windows components, Office products, and Azure services, but do not specifically target Group Policy or Intune. Inside the "3 Billion People" National Public Data Breach - Troy Hunt discusses a major data breach involving National Public Data, a data aggregator, where a threat actor has published personal information of billions of people. The breach includes names, addresses, social security numbers, and other personal details. Multiple parties had access to the data before it was leaked, and legal action has been taken against National Public Data. The data has been circulating on the dark web, and there are questions about its legitimacy and origin. Hunt decided to include the breach in his "Have I Been Pwned" database as an unverified breach to inform those affected. Threat Intel and Defense EastWind Campaign: New CloudSorcerer attacks on government organizations in Russia - The EastWind campaign targeted Russian government organizations and IT companies using phishing emails with malicious attachments to deliver malware such as CloudSorcerer, APT31, and APT27 tools. The attackers used Dropbox and social media sites as Command and Control servers, and also deployed a new implant named PlugY. Ransomware attackers introduce new EDR killer to their arsenal - Sophos analysts discovered a new EDR-killing utility called EDRKillShifter being used by ransomware attackers targeting an organization with RansomHub ransomware. The tool failed to disable Sophos protection, but the attackers attempted to run the ransomware, which also failed due to CryptoGuard. EDRKillShifter works by executing...

Last Week in Security - 2024-08-20 by Rusty Robison via SIXGEN ([Global] Data Breach) URL: https://ift.tt/xWVhc6r We're Hiring! Immediate Open Positions: Maryland Applicants: We have openings for a Technical Writer, Red Team Operator, Red Team Operator Infrastructure Engineer, Red Team Operator Tool Developer, Systems Engineer, HPC Software Engineer, Information Systems Security Engineer, Cyber Operator Developer Analyst (CODA), Senior Data Analyst and Earned Value Management Specialist. Virginia Applicants: Available opportunities: Land and Expeditionary Warfare Specialist, Cyber Warfare Threat Analyst, and Cyber Network Operator. For more open positions visit: https://lnkd.in/dsjBaCpM Last Week in Security is a summary of the interesting cybersecurity news, techniques, tools, and exploits from the past week. This post covers 2024-08-12 to 2024-08-19. News Six 0-Days Lead Microsoft’s August 2024 Patch Push - Microsoft released updates to fix 90 security vulnerabilities, including six zero-day flaws actively exploited by attackers. The flaws include local privilege escalation vulnerabilities and remote code execution flaws. One vulnerability allows malware to bypass security features in Windows. It is recommended for Windows users to install security updates promptly and back up data before updating. The updates primarily focus on Windows components, Office products, and Azure services, but do not specifically target Group Policy or Intune. Inside the "3 Billion People" National Public Data Breach - Troy Hunt discusses a major data breach involving National Public Data, a data aggregator, where a threat actor has published personal information of billions of people. The breach includes names, addresses, social security numbers, and other personal details. Multiple parties had access to the data before it was leaked, and legal action has been taken against National Public Data. The data has been circulating on the dark web, and there are questions about its legitimacy and origin. Hunt decided to include the breach in his "Have I Been Pwned" database as an unverified breach to inform those affected. Threat Intel and Defense EastWind Campaign: New CloudSorcerer attacks on government organizations in Russia - The EastWind campaign targeted Russian government organizations and IT companies using phishing emails with malicious attachments to deliver malware such as CloudSorcerer, APT31, and APT27 tools. The attackers used Dropbox and social media sites as Command and Control servers, and also deployed a new implant named PlugY. Ransomware attackers introduce new EDR killer to their arsenal - Sophos analysts discovered a new EDR-killing utility called EDRKillShifter being used by ransomware attackers targeting an organization with RansomHub ransomware. The tool failed to disable Sophos protection, but the attackers attempted to run the ransomware, which also failed due to CryptoGuard. EDRKillShifter works by executing wit...

DID YOU KNOW? "Businesses with continuous security monitoring detech threats 75% faster." #orbin #teamorbin #innovation #digitaltransformation #softwaredevelopment #webdesign #mobileappdesign #hiring #digitalmarketing #graphicdesign

Your Network Engineering Career Begins Here!???? ???Master the skills to excel as a Network Engineer, Systems Analyst, or Cybersecurity Specialist.? ???Transition smoothly into roles that demand expertise in network architecture and security.? ???Join a global community of IT professionals driving technological innovation.? ???Leverage industry partnerships for career growth and development.? ???Prepare for a future where connectivity is key for development of the society.? ? Get started today by clicking the link in our bio.? Call us????+971 4 871 5333? Hashtags: #NetworkEngineering #TechCareers #DigitalTransformation #ITJobs #Cybersecurity?

Network security engineer

Check out the latest blog Beyviel David and I put together for SIXGEN covering all of the #cybersecurity and #pentesting news, techniques, write-ups, and tools released from 08/12-08/19. SIXGEN is also actively hiring Junior Pentesters, Pentesters, Red Team Operators, and Senior Webapp Pentesters so apply if you're interested! Highlights: - Troy Hunt wrote an article digging into the "3 Billion People" National Public Data Breach - James Kettle of PortSwigger released a primer on novel web timing attacks including methodology, real-world case studies, open-source tools and even a mini CTF. - Outflank's Cedric Van Bockhaven wrote a post about how the MSC file format can be used for initial access or lateral movement - Quentin Roland of Synacktiv wrote a post introducing a tool called SCCMSecrets.py that aims to provide a comprehensive approach regarding SCCM policies exploitation - Oddvar Moe of TrustedSec details using a Universal Data Link Configuration (UDL) file for phishing - And many more tools, techniques, and write-ups! https://lnkd.in/gSi7WXvG

Last Week in Security - 2024-08-12 by Rusty Robison via SIXGEN ([Global] oracle cloud) URL: https://ift.tt/4ujbnSL We're Hiring! Immediate Open Positions: Maryland Applicants: We have openings for a Technical Writer, Red Team Operator, Red Team Operator Infrastructure Engineer, Red Team Operator Tool Developer, Systems Engineer, HPC Software Engineer, Information Systems Security Engineer, Cyber Operator Developer Analyst (CODA), Senior Data Analyst and Earned Value Management Specialist. Virginia Applicants: Available opportunities: Land and Expeditionary Warfare Specialist, Cyber Warfare Threat Analyst, and Cyber Network Operator. For more open positions visit: https://lnkd.in/dsjBaCpM Last Week in Security is a summary of the interesting cybersecurity news, techniques, tools, and exploits from the past couple weeks. This post covers 2024-07-29 to 2024-08-12. News Proofpoint Email Routing Flaw Exploited to Send Millions of Spoofed Phishing Emails - An unknown threat actor exploited a flaw in Proofpoint's email routing to send millions of spoofed phishing emails impersonating popular companies. The campaign, named EchoSpoofing, used SPF and DKIM signatures to bypass security protections. The attacker sent messages from SMTP servers on VPS, complying with authentication measures to imitate legitimate domains. Proofpoint addressed the issue by providing corrective instructions to customers and urging VPS providers and email service providers to limit spamming capabilities. The campaign was not attributed to any known threat actor, and no customer data was exposed. Improving the security of Chrome cookies on Windows - This new App-Bound Encryption feature aims to protect users from malware that steals sensitive data by encrypting data tied to app identity, making it more difficult for attackers to access. Enterprises with roaming profiles may need to adjust their configurations to support this new protection. Don’t Let Your Domain Name Become a “Sitting Duck” - Researchers have found that over a million domain names are vulnerable to cybercriminals due to authentication weaknesses at web hosting providers and registrars. This vulnerability allows cybercriminals to take over domains and use them for malicious activities like sending spam and phishing emails. This issue has been ongoing for years and still persists, with security experts urging for stricter verification measures to prevent domain takeovers. Multiple large hosting and DNS providers are still susceptible to this authentication weakness, leaving domains at risk of being hijacked for malicious purposes. Microsoft need to be transparent about customer impacting DDoS attacks - Microsoft has been experiencing customer impacting DDoS attacks that are causing network outages for Azure and Microsoft 365. Despite these incidents, Microsoft has not been transparent about what is happening. After being called out by the Associated Press, Microsoft released a blog po...