Hossted’s Post

Maliciously Crafted Cracked Software Propagates Lumma Stealer via YouTube Read HiveForce Labs' threat advisory: https://lnkd.in/d5BQ8pye This is an actionable threat advisory and HivePro Uni5 users can action it immediately through HivePro Uni5 console. #Lumma #HiveForceLabs #HivePro #SecurityUpdate #ThreatAdvisory #alert #security #Cybersecurity #ThreatHunting #ThreatIntel #InfoSec #Uni5 #Risk #ActionableIntelligence #Prioritization #vulnerability #CVE

# Special mid-week bullshit cyber busting. The world is filled with bullshit security experts. Check out this CVE for example. CVE-2023–24044 is a host header injection in Plesk Obsidian. It redirects the user to a user-specified host header. From an attackers perspective if you control the host header or are in a position to MITM to update the target host header you have better things to do than redirect the user to another host. https://lnkd.in/g-3VUtkm Note that jetnipat.tho maybe did not report the issue they were merely replicating the issue in an blog post. Are your penetration testers and red team giving you bullshit findings with no impact? Get in touch today and we remove all the bullshit and show you what really matters to your cyber risk. #cybersecurity #redteam

Threat actors are actively exploiting a recently discovered vulnerability, tracked as CVE-2024-28995, in SolarWinds Serv-U software. The vulnerability CVE-2024-28995 is a high-severity directory transversal issue that allows attackers to read sensitive files on the host machine. The flaw was discovered and reported by Hussein Daher. Experts at threat intelligence firm GreyNoise reported that threat actors are actively exploiting a public available proof-of-concept (PoC) exploit code. “SolarWinds Serv-U was susceptible to a directory transversal vulnerability that would allow access to read sensitive files on the host machine.” reads the advisory. The flaw was disclosed on June 6, it impacts Serv-U 15.4.2 HF 1 and previous versions. https://lnkd.in/d5rnMRhD

Broken Access Control Testing ( Method 9 ) #WayToInject => Session Duplication due to Broken Access Control. Poc: https://lnkd.in/d4g7dmVk #CipherEra #VedixEra #AlphaEra #bugbounty #bugbountytips #offensivesecurity #webtesting #pentesting #cybersecurity #cybersecuritytips

SolarWinds Serv-U Vulnerability Under Active Attack - Patch Immediately -- A recently patched high-severity flaw impacting SolarWinds Serv-U file transfer software is being actively exploited by malicious actors in the wild. The vulnerability, tracked as CVE-2024-28995 (CVSS score: 8.6), concerns a directory transversal bug that could allow attackers to read sensitive files on the host machine. Affecting all versions of the software prior to and including Serv-U 15.4.2 HF 1, it was addressed by the company in version Serv-U 15.4.2 HF 2 (15.4.2.157) released earlier this month. https://lnkd.in/gJZp2xuC

Medium CVE-2023-46123: JumpServer - Password brute-force protection bypass via fake IP values JumpServer is an open source bastion machine, professional operation and maintenance security audit system that complies with 4A specifications. A flaw in the Core API allows attackers to bypass password brute-force protections by spoofing arbitrary IP addresses. By exploiting this vulnerability, attackers can effectively make unlimited password attempts by altering their apparent IP address for each request. This vulnerability has been patched in version 3.8.0. CVSSv3.1 Base Score: 5.3 https://lnkd.in/gtzbhBby

PSA: Hackers Gonna Hack. So if it takes me longer to make a vuln report than it does to accidentally find the vuln, you’ve got a problem. Today, I accidentally found a vulnerability that disclosed PII in someone’s system while truly just browsing the web. It’s a long story and yes, I reported it to the system owner. And yes, I resisted the urge to see how far I could get with the access I found. But while it only took minutes for me to find this vulnerability, it took hours of my time to try and find a way to make a responsible disclosure. That’s….not the incentive you want to create. And yet I also get it that making disclosure routes easy/public just generates more noise for your infosec team to sift through. Curious of thoughts on how to balance these competing needs. #responsibledisclosure #whitehat #vulnerabilityreporting #infosec

⚠ AdminSDHolder modification is a persistence technique in which an attacker abuses the SDProp process in Active Directory to establish a persistent backdoor to Active Directory. Learn how to Detect, Mitigate and Respond to this threat in this chapter of Attack Catalouge and protect your Active Directory. #activedirectory #cybersecurity #itsecurity #cyberattack

Kerberoasting is a way for attackers to obtain credentials for Active Directory accounts, and then leverage those credentials to steal data. Kerberoasting attacks are prevalent because of the access granted to a user who is seen by the system as legitimate. The method doesn't require an administrator account or even elevated privileges. Because of this, it's important for detection and response tools to limit alerting to signals that are most likely to be malicious, with all relevant user context, in order to facilitate quick and effective investigation of a suspicious event. This page on Rapid7's site has info on what an example Kerberoasting attack looks like, as well as best practices for preventing, detecting, and responding to one: https://lnkd.in/gnztaaUK

I did a talk around this subject in 2021 for Isolation Con 2 in 2021 called OPSEC - Overly Presenting Some Erroneous Content Good to see the Electronic Frontier Foundation (EFF) share this view. Much easier to say what you like and give random answers to security questions. There are plenty of tools to give random names etc too - find a random place or name generator so it looks realistic and put that into the password manager! https://lnkd.in/emZYPvxs