Found 30 bookmarks
Custom sorting
Active Directory Domain Services Elevation of Privilege Vulnerability (CVE-2025-21293)
Active Directory Domain Services Elevation of Privilege Vulnerability (CVE-2025-21293)
In September of 2024 while on a customer assigment I encountered the “Network Configuration Operators” group, a so called builtin group of Active Directory (default). As I had never heard of or encountered this group membership before, it sprung to eye immediately. Initially I tried to look up if it had any security implications, like its more known colleagues DNS Admins and Backup Operators, but to no avail. Surpisingly little came up about the group but I couldn’t help myself from probing further. This led me down the rabbithole of Registry Database access control lists and possibilities of weaponization, culminating with the discovery of CVE-2025-21293. Before we move along to the body of work, I have to give out a special thanks to Clément Labro, who initially did the heavy lifting of finding a way to weaponize performancecounters. (This will hopefully make more sense by the end of the article) and my colleagues at ReTest Security ApS, who have provided me with knowledge in the field and the oppertunity to put it to use.
#birkep#EN#2025#CVE-2025-21293#vulnerability#Active-Directory#Network#Configuration#Operators
·birkep.github.io·
Active Directory Domain Services Elevation of Privilege Vulnerability (CVE-2025-21293)
Censorship Attack against the Tor network
Censorship Attack against the Tor network
In the last few days, many Tor relay operators - mainly hosting relay nodes on providers like Hetzner - began receiving abuse notices. All the abuses reported many failed SSH login attempts - part of a brute force attack - coming from their Tor relays. Tor relays normally only transport traffic between a guard and an exit node of the Tor network, and per-se should not perform any SSH connections to internet-facing hosts, let alone performing SSH brute force attacks.
#osservatorionessuno#EN#2024#Tor#network#spoofing#attack#relays#SSH
·osservatorionessuno.org·
Censorship Attack against the Tor network
Attacker Abuses Victim Resources to Reap Rewards from Titan Network
Attacker Abuses Victim Resources to Reap Rewards from Titan Network
  • Trend Micro researchers observed an attacker exploiting the Atlassian Confluence vulnerability CVE-2023-22527 to achieve remote code execution for cryptomining via the Titan Network. The malicious actor used public IP lookup services and various system commands to gather details about the compromised machine. The attack involved downloading and executing multiple shell scripts to install Titan binaries and connect to the Titan Network with the attacker’s identity. * The malicious actor connects compromised machines to the Cassini Testnet, which allows them to participate in the delegated proof of stake system for reward tokens.
#trendmicro#EN#2024#Titan#Network#Confluence#exploitation#Atlassian#vulnerability#CVE-2023-22527
·trendmicro.com·
Attacker Abuses Victim Resources to Reap Rewards from Titan Network
Stargazers Ghost Network
Stargazers Ghost Network
  • Check Point Research identified a network of GitHub accounts (Stargazers Ghost Network) that distribute malware or malicious links via phishing repositories. The network consists of multiple accounts that distribute malicious links and malware and perform other actions such as starring, forking, and subscribing to malicious repositories to make them appear legitimate. This network is a highly sophisticated operation that acts as a Distribution as a Service (DaaS). It allows threat actors to share malicious links or malware for distribution through highly victim-oriented phishing repositories. Check Point Research is tracking the threat group behind this service as Stargazer Goblin. The group provides, operates, and maintains the Stargazers Ghost Network and distributes malware and links via their GitHub Ghost accounts. The network distributed all sorts of malware families, including Atlantida Stealer, Rhadamanthys, RisePro, Lumma Stealer, and RedLine. Our latest calculations suggest that more than 3,000 active Ghost accounts are part of the network. Based on core GitHub Ghost accounts, we believe that the network began development or testing on a smaller scale for the first time around August 2022. Check Point Research discovered an advertiser in Dark-Web forums that provides the exact GitHub operation. The first advertisement was published on July 8, 2023, from an account created the previous day. Based on the monitored campaigns from mid-May to mid-June 2024, we estimate that Stargazer Goblin earned approximately $8,000. However, we believe that this amount is only a small fraction of what the actor made during that period. The total amount during the operations’ lifespan is estimated to be approximately $100,000. * Stargazers Ghost Network appears to be only one part of the grand picture, with other Ghost accounts operating on different platforms, constructing an even bigger Distribution as a Service universe.
#checkpoint#EN#2024#research#Stargazers#Ghost#Network#GitHub#dark-web
·research.checkpoint.com·
Stargazers Ghost Network
NSA Releases Network Infrastructure Security Guidance
NSA Releases Network Infrastructure Security Guidance
The National Security Agency (NSA) has released a new Cybersecurity Technical Report (CTR): Network Infrastructure Security Guidance. The report captures best practices based on the depth and breadth of experience in supporting customers and responding to threats. Recommendations include perimeter and internal network defenses to improve monitoring and access controls throughout the network. PDF Document
#uscert#csirt#CISA#NSA#Guidance#Network#howto#bestpractices#2022#EN
·cisa.gov·
NSA Releases Network Infrastructure Security Guidance
NSA Releases Network Infrastructure Security Guidance
NSA Releases Network Infrastructure Security Guidance
The National Security Agency (NSA) has released a new Cybersecurity Technical Report (CTR): Network Infrastructure Security Guidance. The report captures best practices based on the depth and breadth of experience in supporting customers and responding to threats. Recommendations include perimeter and internal network defenses to improve monitoring and access controls throughout the network. PDF Document
#uscert#csirt#CISA#NSA#Guidance#Network#howto#bestpractices#2022#EN
·cisa.gov·
NSA Releases Network Infrastructure Security Guidance
NSA Releases Network Infrastructure Security Guidance
NSA Releases Network Infrastructure Security Guidance
The National Security Agency (NSA) has released a new Cybersecurity Technical Report (CTR): Network Infrastructure Security Guidance. The report captures best practices based on the depth and breadth of experience in supporting customers and responding to threats. Recommendations include perimeter and internal network defenses to improve monitoring and access controls throughout the network. PDF Document
#uscert#csirt#CISA#NSA#Guidance#Network#howto#bestpractices#2022#EN
·cisa.gov·
NSA Releases Network Infrastructure Security Guidance
NSA Releases Network Infrastructure Security Guidance
NSA Releases Network Infrastructure Security Guidance
The National Security Agency (NSA) has released a new Cybersecurity Technical Report (CTR): Network Infrastructure Security Guidance. The report captures best practices based on the depth and breadth of experience in supporting customers and responding to threats. Recommendations include perimeter and internal network defenses to improve monitoring and access controls throughout the network. PDF Document
#uscert#csirt#CISA#NSA#Guidance#Network#howto#bestpractices#2022#EN
·cisa.gov·
NSA Releases Network Infrastructure Security Guidance
Hundreds of network operators’ credentials found circulating in Dark Web
Hundreds of network operators’ credentials found circulating in Dark Web
Following a recent and highly disruptive cyberattack on telecom carrier Orange España the cybersecurity community needs to rethink its approach to safeguarding the digital identity of staff involved in network engineering and IT infrastructure management. Orange España is the second-largest mobile operator in Spain. In early January, an attacker going by the alias ‘Snow’ hijacked Orange España’s RIPE Network Coordination Centre (NCC) account. RIPE is Europe’s regional Internet registry. After this initial breach, Snow sabotaged the telecommunications firm’s border gateway protocol (BGP) and resource public key infrastructure (RPKI) configurations.
#resecurity#EN#2024#network#operators#credentials#darkweb#RIPE#BGP
·resecurity.com·
Hundreds of network operators’ credentials found circulating in Dark Web
Malicious PyPI Packages Slip WhiteSnake InfoStealer Malware onto Windows Machines
Malicious PyPI Packages Slip WhiteSnake InfoStealer Malware onto Windows Machines
Malicious code hiding in seemingly innocent PyPI packages steals your passwords, crypto & more #attacks #breach #computer #cyber #data #hack #hacker #hacking #how #information #malware #network #news #ransomware #security #software #the #to #today #updates #vulnerability
#hacking#attacks#information#network#data#to#updates#malware#cyber#today#news#ransomware#breach#security#software#hack#the#hacker#how#computer#vulnerability
·thehackernews.com·
Malicious PyPI Packages Slip WhiteSnake InfoStealer Malware onto Windows Machines
NSA Releases Network Infrastructure Security Guidance
NSA Releases Network Infrastructure Security Guidance
The National Security Agency (NSA) has released a new Cybersecurity Technical Report (CTR): Network Infrastructure Security Guidance. The report captures best practices based on the depth and breadth of experience in supporting customers and responding to threats. Recommendations include perimeter and internal network defenses to improve monitoring and access controls throughout the network. PDF Document
#uscert#csirt#CISA#NSA#Guidance#Network#howto#bestpractices#2022#EN
·cisa.gov·
NSA Releases Network Infrastructure Security Guidance
NSA Releases Network Infrastructure Security Guidance
NSA Releases Network Infrastructure Security Guidance
The National Security Agency (NSA) has released a new Cybersecurity Technical Report (CTR): Network Infrastructure Security Guidance. The report captures best practices based on the depth and breadth of experience in supporting customers and responding to threats. Recommendations include perimeter and internal network defenses to improve monitoring and access controls throughout the network. PDF Document
#uscert#csirt#CISA#NSA#Guidance#Network#howto#bestpractices#2022#EN
·cisa.gov·
NSA Releases Network Infrastructure Security Guidance
Apple 'Find My' network can be abused to steal keylogged passwords
Apple 'Find My' network can be abused to steal keylogged passwords
Apple's "Find My" location network can be abused by malicious actors to stealthily transmit sensitive information captured by keyloggers installed in keyboards. The Find My network and application is designed to help users locate lost or misplaced Apple devices, including iPhones, iPads, Macs, Apple Watches, AirPods, and Apple Tags. The service relies on GPS and Bluetooth data crowd-sourced from millions of Apple devices worldwide to find devices reported as lost or stolen, even if those are offline.
#bleepingcomputer#EN#2023#Apple#Apple-Find-My#Bluetooth#Data-Exfiltration#Find-My#Keylogger#Network
·bleepingcomputer.com·
Apple 'Find My' network can be abused to steal keylogged passwords
Poland investigates cyber-attack on rail network - BBC News
Poland investigates cyber-attack on rail network - BBC News
olish intelligence services are investigating a hacking attack on the country's railways, Polish media say. Hackers broke into railway frequencies to disrupt traffic in the north-west of the country overnight, the Polish Press Agency (PAP) reported on Saturday. The signals were interspersed with recording of Russia's national anthem and a speech by President Vladimir Putin, the report says.
#BBC#2023#EN#Poland#rail#network#cyber-attack
·bbc.com·
Poland investigates cyber-attack on rail network - BBC News
NSA Releases Network Infrastructure Security Guidance
NSA Releases Network Infrastructure Security Guidance
The National Security Agency (NSA) has released a new Cybersecurity Technical Report (CTR): Network Infrastructure Security Guidance. The report captures best practices based on the depth and breadth of experience in supporting customers and responding to threats. Recommendations include perimeter and internal network defenses to improve monitoring and access controls throughout the network. PDF Document
#uscert#csirt#CISA#NSA#Guidance#Network#howto#bestpractices#2022#EN
·cisa.gov·
NSA Releases Network Infrastructure Security Guidance
Justice Department Announces Court-Authorized Disruption of the Snake Malware Network Controlled by Russia's Federal Security Service
Justice Department Announces Court-Authorized Disruption of the Snake Malware Network Controlled by Russia's Federal Security Service
“Russia used sophisticated malware to steal sensitive information from our allies, laundering it through a network of infected computers in the United States in a cynical attempt to conceal their crimes.  Meeting the challenge of cyberespionage requires creativity and a willingness to use all lawful means to protect our nation and our allies,” stated United States Attorney Peace.  “The court-authorized remote search and remediation announced today demonstrates my Office and our partners’ commitment to using all of the tools at our disposal to protect the American people.”
#justice.gov#US#2023#EN#Operation-MEDUSA#Snake#Malware#Network#FBI#cyberespionage#espionnage#PERSEUS#Russia#FSB
·justice.gov·
Justice Department Announces Court-Authorized Disruption of the Snake Malware Network Controlled by Russia's Federal Security Service
NSA Releases Network Infrastructure Security Guidance
NSA Releases Network Infrastructure Security Guidance
The National Security Agency (NSA) has released a new Cybersecurity Technical Report (CTR): Network Infrastructure Security Guidance. The report captures best practices based on the depth and breadth of experience in supporting customers and responding to threats. Recommendations include perimeter and internal network defenses to improve monitoring and access controls throughout the network. PDF Document
#uscert#csirt#CISA#NSA#Guidance#Network#howto#bestpractices#2022#EN
·cisa.gov·
NSA Releases Network Infrastructure Security Guidance
NSA Releases Network Infrastructure Security Guidance
NSA Releases Network Infrastructure Security Guidance
The National Security Agency (NSA) has released a new Cybersecurity Technical Report (CTR): Network Infrastructure Security Guidance. The report captures best practices based on the depth and breadth of experience in supporting customers and responding to threats. Recommendations include perimeter and internal network defenses to improve monitoring and access controls throughout the network. [PDF Document](https://media.defense.gov/2022/Mar/01/2002947139/-1/-1/0/CTR_NSA_NETWORK_INFRASTRUCTURE_SECURITY_GUIDANCE_20220301.PDF)
#uscert#csirt#CISA#NSA#Guidance#Network#howto#bestpractices#2022#EN
·cisa.gov·
NSA Releases Network Infrastructure Security Guidance
NSA Releases Network Infrastructure Security Guidance
NSA Releases Network Infrastructure Security Guidance
The National Security Agency (NSA) has released a new Cybersecurity Technical Report (CTR): Network Infrastructure Security Guidance. The report captures best practices based on the depth and breadth of experience in supporting customers and responding to threats. Recommendations include perimeter and internal network defenses to improve monitoring and access controls throughout the network. [PDF Document](https://media.defense.gov/2022/Mar/01/2002947139/-1/-1/0/CTR_NSA_NETWORK_INFRASTRUCTURE_SECURITY_GUIDANCE_20220301.PDF)
#uscert#csirt#CISA#NSA#Guidance#Network#howto#bestpractices#2022#EN
·cisa.gov·
NSA Releases Network Infrastructure Security Guidance