CISA, NSA, FBI, & global partners disclose the top exploited vulnerabilities of 2022. Beware of CVE-2018-13379, a 4-year-old Fortinet FortiOS SSL flaw still targeted by cybercriminals.

Read: https://thehackernews.com/2023/08/major-cybersecurity-agencies.html

Patch NOW to protect your organization.


-Cyber Security awareness-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.05.14

#DiyakoSecureBow

Entertainment 1 - watching movies and series related 2 the specialized field of cyber security and related elements.(Name UNTRACEABLE, Year 2008, Type Movie, Time 1H 41Min, Grade C) A serial killer who rigs contraptions that kill his victims based on the number of hits received by a website that features a live streaming video of the victim. Millions of people log on, hastening the victims' deaths.

Comment on this post;
You know websites, documentaries, movies, series that are relevant content 4 cyber security enthusiasts and specialists.

سرگرمي شماره 1 - تماشاي فيلم و سريال هاي مرتبط به حوزه تخصصي امنيت سايبري و المان هاي مرتبط. (نام غيرقابل رديابي، سال ٢٠٠٨، نوع فيلم، مدت ١ ساعت و ٤١ دقيقه، درجه C) یک قاتل زنجیره ای که بر اساس تعداد بازدیدهای دریافتی توسط وب سایتی که یک ویدیوی پخش زنده از قربانی را ارائه می دهد، ابزارهایی درست می کند که قربانیانش را می کشد. میلیون ها نفر وارد سیستم می شوند و مرگ قربانیان را تسریع می کنند.

در اين پست كامنت كنيد؛
شما وب سايت، مستند، فيلم، سريال هاي كه محتواي مرتبط براي علاقه مندان و متخصصين امنيت سايبري مي شناسيد

https://www.youtube.com/watch?v=oIqnESZW0qc

-Business Secure Continuity-
1402.05.14
#hackers #hackernews #hackerone #hacking #hackersummercamp #UNTRACEABLE #bugbountytips #bughunting
#BusinessSecureContinuity

https://www.linkedin.com/posts/diyako-secure-bow_untraceable-trailer-activity-7093444258635866112-ZPLo?utm_source=share&utm_medium=member_ios

#DiyakoSecureBow

Entertainment 2 - watching movies and series related 2 the specialized field of cyber security and related elements.(Name Snowden, Year 2016, Type Movie, Time 2H 14 Min, Grade B)
Elliot Alderson, a cybersecurity engineer and hacker with social anxiety disorder and clinical depression. Recruited by an insurrectionary anarchist known as Mr. Robot, to join a group of hacktivists called fsociety.

Comment on this post;
You know websites, documentaries, movies, series that are relevant content 4 cyber security enthusiasts and specialists.

سرگرمي 2 - تماشاي فيلم و سريال هاي مرتبط به حوزه تخصصي امنيت سايبري و المان هاي مرتبط.( نام اسنودن، سال ٢٠١٦، نوع فيلم. مدت ٢ساعت و ١٤ دقيقه، درجه B)الیوت آلدرسون، مهندس امنیت سایبری و هکر مبتلا به اختلال اضطراب اجتماعی و افسردگی بالینی. توسط یک آنارشیست شورشی معروف به آقای ربات استخدام شد تا به گروهی از هکتیویست ها به نام fsociety بپیوندد.

در اين پست كامنت كنيد؛
شما وب سايت، مستند، فيلم، سريال هاي كه محتواي مرتبط براي علاقه مندان و متخصصين امنيت سايبري مي شناسيد.

https://www.youtube.com/watch?v=U94litUpZuc

-Business Secure Continuity-
1402.05.14
#hackers #hackernews #hackerone #hacking #hackersummercamp #bugbountytips #bughunting
#BusinessSecureContinuity

https://www.linkedin.com/posts/diyako-secure-bow_mr-robot-official-extended-trailer-season-activity-7093521881688875008-d6Ei?utm_source=share&utm_medium=member_ios

#DiyakoSecureBow

Entertainment 3- watching movies and series related 2 the specialized field of cyber security and related elements.
Edward Snowden, a Central Intelligence Agency (CIA) subcontractor and whistleblower who copied and leaked highly classified information from the National Security Agency (NSA) beginning in 2013.

Comment on this post;
You know websites, documentaries, movies, series that are relevant content 4 cyber security enthusiasts and specialists.

سرگرمي 3 - تماشاي فيلم و سريال هاي مرتبط به حوزه تخصصي امنيت سايبري و المان هاي مرتبط. ادوارد اسنودن، پیمانکار فرعی آژانس اطلاعات مرکزی (سیا) و افشاگر که از سال 2013 اطلاعات بسیار محرمانه آژانس امنیت ملی (NSA) را کپی و درز داده است.

در اين پست كامنت كنيد؛
شما وب سايت، مستند، فيلم، سريال هاي كه محتواي مرتبط براي علاقه مندان و متخصصين امنيت سايبري مي شناسيد.

https://www.youtube.com/watch?v=QlSAiI3xMh4

-Business Secure Continuity-
1402.05.14
#hackers #hackernews #hackerone #hacking #snowden #edward #hackersummercamp #nsa #bugbountytips #bughunting
#BusinessSecureContinuity

https://www.linkedin.com/posts/diyako-secure-bow_snowden-official-trailer-hd-open-road-activity-7093674110332854272-MKa6?utm_source=share&utm_medium=member_ios

-🤓-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.05.14

⚠️ ALERT: High-severity security flaw in PaperCut print management software for Windows!
CVE-2023-39143 enables remote code execution. Update to version 22.1.3 for protection!
Learn more about this: https://thehackernews.com/2023/08/researchers-uncover-new-high-severity.html


-Cyber Security awareness-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.05.14

#DiyakoSecureBow

Trojan
A Trojan, also called a Trojan horse, looks like something beneficial, but it’s actually something malicious. Trojan horses are named after the infamous horse from the Trojan War. In computers, a Trojan horse can come as pirated software, a useful utility, a game, or something else that users might be enticed to download and try. Attackers are increasingly using drive-by downloads to deliver Trojans. In a drive-by download, web servers include malicious code that attempts to download and install itself on user computers after the user visits. Here are the typical steps involved in a drive-by download.

1. Attackers compromise a web site to gain control of it.
2. Attackers install a Trojan embedded in the web site’s code.
3. Attackers attempt to trick users into visiting the site. Sometimes, they simply send the link to thousands of users via email hoping that some of them click the link.
4. When users visit, the web site attempts to download the Trojan onto the users’ systems.

Remote Access Trojans (RATs)
A remote access Trojan (RAT) is a type of malware that allows attackers to take control of systems from remote locations. It is often delivered via drive-by downloads. Once installed on a system, attackers can then access the infected computer at any time, and install additional malware if desired.

Some RATs automatically collect and log keystrokes, usernames and passwords, incoming and outgoing email, chat sessions, and browser history as well as take screenshots. The RAT can then automatically send the data to the attackers at predetermined times.

Additionally, attackers can explore the network using the credentials of the user or the user’s computer. Attackers often do this to discover, and exploit, additional vulnerabilities within the network. It’s common for attackers to exploit this one infected system and quickly infect the entire network with additional malware, including installing RATs on other systems.

-Business Secure Continuity-
1402.05.15
#Malware #trojan #virus #malicious
#BusinessSecureContinuity

اين اخبار به شدت شكننده، ناراحت كننده و قابل تامل است، با چه مجوزي توسط چه نهادي با اين پرزنت تصويري كسي را مجرم تلقي كرده و دستگير مي كنيد!؟تنها موضوعي كه ميشود برداشت كرد دست اسراييل و امريكا و روسيه در قالب مجاهد و منافق در كار است كه تمام قد ايستاده اند
مملكت را به ورطه نابودي و بطلان بكشند!

آقاي رادان مسول امنيت ماست!؟كي انتخاب كرده ايشان را!؟ هنوز مناظره تور با فرزاد حسني در ذهنمان پاك نشده.

من به عنوان يك ايراني چقدر در خاك كشورم امنيت دارم، از دست … هاي تندرو جان و روح سالم به در ببرم، حتما توسط راهزن ها، خفتگير ها و زور گير ها آسيب خواهم ديد!و در نهايت با اين حجم كوتوله محوري، فساد هاي تخم مرغ دزد و شتر دزد ….+تاراج مملكتم، كنج … و افسردگي نزديك است!
https://www.rouydad24.ir/fa/amp/news/345204


-گوارا نباد جان در تن-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.05.15

#DiyakoSecureBow

Analytics
Threat Horizons:
August 2023 Threat Horizons Report

تجزیه و تحلیل
چشم انداز تهدید:
(گزارش آگوست 2023-گوگل)

Credentials factor into over half of incidents in Q1 2023
The following statistics are based on observations by our Google Cloud incident response teams, which will be skewed to the platforms in the sample and may not be representative of all customer environments and verticals on Google Cloud, but should be representative of general trends.
In Q1 2023, Google Cloud’s incident response teams observed that credential issues continue to be a consistent challenge, accounting for over 60% of compromise factors-- which could be addressed by stronger identity management guardrails in place at the organization level.
Misconfiguration accounted for 19% of compromise factors, which were also associated with other compromise factors such as sensitive UI or APIs exposed. An example of how these two factors are associated could include a misconfigured firewall that unintentionally provided public access to a UI.

-Business Secure Continuity-
1402.05.15
#google #googlecloud #threathunting #threatintelligence #cybersecurity
#BusinessSecureContinuity

https://www.linkedin.com/posts/diyako-secure-bow_analytics-threat-horizons-2023-activity-7094014893200130048-KwP_?utm_source=share&utm_medium=member_ios

#DiyakoSecureBow

Rootkit
A rootkit is a group of programs that hides the fact that the system has been infected or compromised by malicious code. A user might suspect something is wrong, but antivirus scans and other checks indicate everything is fine because the rootkit hides its running processes to avoid detection.

In addition to modifying the internal operating system processes, rootkits often modify system files such as the Registry. In some cases, the rootkit modifies system access, such as removing users’ administrative access.

Rootkits have system-level access to systems. This is sometimes called root-level access, or kernel-level access, indicating that they have the same level of access as the operating system. Rootkits use hooked processes, or hooking techniques, to intercept calls to the operating system. In this context, hooking refers to intercepting system-level function calls, events, or messages. The rootkit installs the hooks into memory and uses them to control the system’s behavior.

Antivirus software often makes calls to the operating system that could detect malware, but the rootkit prevents the antivirus software from making these calls. This is why antivirus software will sometimes report everything is OK, even if the system is infected with a rootkit. However, antivirus software can often detect the hooked processes by examining the contents of the system’s random access memory (RAM).

Another method used to detect rootkits is to boot into safe mode, or have the system scanned before it boots, but this isn’t always successful. It’s important to remember that rootkits are very difficult to detect because they can hide so much of their activity. A clean bill of health by a malware scanner may not be valid.

It’s important to remember that behind any type of malware, you’ll likely find an attacker involved in criminal activity. Attackers who have successfully installed a rootkit on a user’s system might log on to the user’s computer remotely, using a backdoor installed by the rootkit. Similarly, attackers might direct the computer to connect to computers on the Internet and send data. Data can include anything collected from a keylogger, collected passwords, or specific files or file types stored on the user’s computer.

-Business Secure Continuity-
1402.05.16
#Malware #root #keylogger #spyware #adware #virus #malicious
#BusinessSecureContinuity

#DiyakoSecureBow

Keylogger
A keylogger attempts to capture a user’s keystrokes. The keystrokes are stored in a file, and are either sent to an attacker automatically, or the attacker may manually retrieve the file. While a keylogger is typically software, it can also be hardware. For example, you can purchase a USB keylogger, plug it into the computer, and plug the keyboard into the USB keylogger. This hardware keylogger will record all keystrokes and store them within memory on the USB device.

‎کیلاگر یک کیلاگر تلاش می کند تا ضربات کلید کاربر را ضبط کند. ضربه‌های کلید در یک فایل ذخیره می‌شوند و یا به‌طور خودکار برای مهاجم ارسال می‌شوند یا مهاجم ممکن است فایل را به‌صورت دستی بازیابی کند. در حالی که یک کیلاگر معمولا نرم افزاری است، می تواند سخت افزاری نیز باشد. به عنوان مثال، می توانید یک کیلاگر USB بخرید، آن را به کامپیوتر وصل کنید و صفحه کلید را به کیلاگر USB وصل کنید. این کیلاگر سخت افزاری تمام ضربه های کلید را ضبط می کند و آنها را در حافظه دستگاه USB ذخیره می کند

-Business Secure Continuity-
1402.05.16
#Malware #root #keylogger #spyware #adware #virus #malicious
#BusinessSecureContinuity

Download Windows 11  (Current release: Windows 11 2022 Update l Version 22H2)
There are 3 options below for installing or creating Windows 11 media. Check out each one to determine the best option for you. If you are upgrading from Windows 10, we recommend that you wait until you are notified through Windows Update that the upgrade is ready for your PC. Before installing, please refer to the PC Health Check app to confirm your device meets the minimum system requirements for Windows 11 and check the Windows release information status for known issues that may affect your device.
https://www.microsoft.com/en-us/software-download/windows11


-Cyber Security awareness-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.05.16

#DiyakoSecureBow

The ransomware economy is supported by a number of illicit groups that each provide one small piece of the puzzle that is cybercrime. From initial access brokers (IABs) to crypto money launderers, the criminal ecosystem that has sprung up around ransomware is vast.
Halcyon researchers suggest there is yet another player that is, perhaps unwittingly, supporting the booming ransomware economy and other attack operations: the Command-and-Control Providers (C2P) who sell services to threat actors while assuming a legal business profile.
Bulletproof Hosting (BPH) providers usually operate in jurisdictions which have lenient laws against illicit conduct, as such they openly serve criminal operations unapologetically; C2Ps however attempt to blend in as legitimate business, even going so far as to operate in jurisdictions where they are subject to legal standards of conduct (like Cloudzy in the US) but leverage the anonymity of their clients to serve criminal operations with plausible deniability.
While these C2P entities are ostensibly legitimate businesses that may or may not know that their platforms are being abused for attack campaigns, they nonetheless provide a key pillar of the larger attack apparatus leveraged by some of the most advanced threat actors.
In this report, Halcyon demonstrates a unique method for identifying C2P entities that can potentially be used to forecast the precursors of ransomware campaigns and other attacks significantly “left of boom.”
Halcyon also identifies two new, previously undisclosed ransomware affiliates we track as Ghost Clown and Space Kook that currently deploy BlackBasta and Royal, respectively.

-Business Secure Continuity-
1402.05.16
#malware #ransomware #ransomwarerecovery #ransomwareprotection #cybersecurity
#BusinessSecureContinuity

https://www.linkedin.com/posts/diyako-secure-bow_cloudzy-with-a-chance-of-ransomwar-activity-7094248307274731520-iDfM?utm_source=share&utm_medium=member_ios

#DiyakoSecureBow

Blue Team Techniques
The LOLBAS Odyssey: Finding New LOLBAS, and How You Can, Too 2023.Empower your security teams to proactively defend against the use of LOLBAS in an attack vector

Purpose:
Pentera LabsTM Research Series
By reading this article you will learn how you can find unknown LOLBAS, and empower your security teams to proactively defend against the use of LOLBAS in an attack vector.

Executive summary:
LOLBAS (Living-Off-the-Land Binaries-And-Scripts) is a known technique hackers can use to
stay under the radar by utilizing legitimate tools for malicious activities. As the use of LOLBAS is a growing trend in cybersecurity attacks, we wanted to look into exploring innovative ways of finding unfamiliar binaries that malicious hackers could use to exploit organizations.
With more than 3000 binary files on Windows, discovering new LOLBAS can be challenging. This led us to develop an automation-driven approach to our research, which resulted in the discovery of 12 new LOLBAS files in just four weeks. That’s an increase of 30% in known LOLBAS downloaders - plus a few executors!

Because LOLBAS can do just as much damage in a full attack scenario as a new vulnerability, the goal of our research was to shine light on this often overlooked threat, as well as to highlight how automation can be used in cybersecurity research.
We hope you learn something new, and try out our research for yourselves. Good luck!

Does it apply to my organization?
Yes. Assuming your organization uses computers.

Who should read this?
Security researchers and red teamers engage in the exploration of novel attack and research techniques.
Defense teams and blue teamers who are responsible for the configuration of the organization's security systems and conducting investigations of security breaches.
CISOs responsible for defining the organization's defense methodologies.

چه کسی باید این مقاله تخصصي را بخواند؟ محققان امنیتی و تیم‌های قرمز در کاوش تکنیک‌های جدید حمله و تحقیق شرکت می‌کنند. تیم های دفاعی و تیم های آبی که مسئولیت پیکربندی سیستم های امنیتی سازمان و انجام بررسی های مربوط به نقض های امنیتی را بر عهده دارند. CISO ها مسئول تعریف روش های دفاعی سازمان هستند.

-Business Secure Continuity-
1402.05.16
#securityoperationscenter #redteaming #ciso #blueteam #threathunting #threatintelligence #cybersecurity
#BusinessSecureContinuity

https://www.linkedin.com/posts/diyako-secure-bow_finding-new-lolbas-and-how-you-can-activity-7094229432613101568-yMi_?utm_source=share&utm_medium=member_ios

🔒 Enhance your organization's security posture with Wazuh, the open-source XDR and SIEM platform! Monitor, detect, and respond to threats effectively.

Read: https://thehackernews.com/2023/08/enhancing-security-operations-using.html


-Cyber Security awareness-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.05.16

⭕️ توضیحات سرهنگ محمد علی رجبی، رئیس مرکز تشخیص و پیشگیری از جرایم سایبری پلیس فتا در رابطه با پروژه های دسیسه #پانزی.
🆔 @Webamoozir

Malware_analysis
Inside Akira Ransomware Negotiations
https://www.lab539.com/blog/inside-akira-ransomware-negotiations


-Cyber Security awareness-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.05.17

معلم مي گفت :
ﺑﺎﻻﺗﺮﻳﻦ ﺍﺭﺝ ﺷﻬﻴﺪ ﺷﺪﻥ ﺩﺭ ﺭﺍﻩ ﺩﻳﻦ ﺍﺳﺖ

ﻭ ﭘﺪﺭ میﮔﻮﻳﺪ :
ﺑﺰﺭﮒ‌ﺗﺮﻳﻦ ﺍﻓﺘﺨﺎﺭ ﺷﻬﻴﺪ ﺷﺪﻥ ﺩﺭ ﺭﺍﻩ وطن میﺑﺎﺷﺪ

ﻭ ﻣﻦ میﺧﻮﺍﻫﻢ ﺑﺪﺍﻧﻢ
ﺁﻳﺎ کسی ﺩﺭ ﺍﻳﻦ ﺩﻧﯿﺎ ﻭﺟﻮﺩ ﻧﺪﺍﺭﺩ ﻛﻪ ﺍﺯ ﻣﺎ ﺑﺨﻮﺍﻫﺪ ﺯﻧﺪﻩ ﺑﻤﺎﻧﻴﻢ ...؟


-براستي، گام درست، حرف درست منشاء اش چيست؟! تميز دهي سلامت، …!؟ چرا در زندگي به نحوي اسيريم!به كجا برويم كه -

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.05.17