Network Security Channel

بیش از 97 هزار میل سرور آسیب پذیر مایکروسافت در جهان و 1992 سرور آسیب پذیر در ایران، در حال حاظر هیچ پوک عمومی مشاهده نشده است. پیشنهاد می‌شود آپدیت که در پچ تیوزدی فبریه 2024 توسط مایکروسافت منتشر شده است را بر روی میل سرورهای خود اعمال کنید. @Engineer_Computer

بررسی windbg در حالت نت ورک https://www.aparat.com/v/x2Yzv بفرست برای باینری کارا😎 #windbg #binary #security @Engineer_Computer

🍥 muddy یک کتابخانه مبهم کننده برای جلوگیری از شناسایی توسط ابزارهای ساده تجزیه و تحلیل باینری استاتیک مانند strings یا YARA Rules طراحی شده است که با رمزگذاری برنامه در زمان ساخت و رمزگشایی آن در زمان اجرا عمل می کند. 💠 https://github.com/orph3usLyre/muddy-waters #RedTeam #obfuscation @Engineer_Computer

🔱 Golang scanner to find web cache poisoning vulnerabilities in a list of URLs and test multiple injection techniques. 🪩 https://github.com/xhzeem/toxicache @Engineer_Computer

🛑 Unauthenticated Remote Code Execution – Bricks <= 1.9.6 🌐 https://snicco.io/vulnerability-disclosure/bricks/unauthenticated-rce-in-bricks-1-9-6 💠 https://github.com/Chocapikk/CVE-2024-25600 🧩 Affected plugin Bricks Builder 🌀 Active installs Commercial ~ 25000 ♨ Vulnerable version <= 1.9.6 ♨ Audited version 1.9.6 🔰 Fully patched version 1.9.6.1 ⚠ Recommended remediation Upgrade immediately to version to 1.9.6.1 or higher #exploit #POC @Engineer_Computer

♨ ZTE F660 Routers Authentication Bypass Leading to RCE. ⭕ https://github.com/MaherAzzouzi/ZTE-F660-Exploit 🔰 This bug was already reported to ZTE. #exploit #POC @Engineer_Computer

♨️ Active Directory Enumeration for Red Teams 🚩 https://www.mdsec.co.uk/2024/02/active-directory-enumeration-for-red-teams/ #RedTeam #Enumeration @Engineer_Computer

نکاتی که باید در هانت رعایت کنید https://medium.com/@chandrak.trivedi/threat-hunting-important-things-on-how-to-start-hunting-2b0f2efc90ac @Engineer_Computer

SOC-CMM Metrics Suite https://www.soc-cmm.com/products/metrics/ @Engineer_Computer

متوسط درآمد دارنده مدرک CISSP در جهان ۱۵۸ هزار دلار درسال @Engineer_Computer

Microsoft Azure HDInsight Bugs Expose Big Data to Breaches This new trio opens the door to performance issues and unauthorized administrative access, and all that comes with it: attackers reading, writing, deleting, and performing any other management operations over an organization's sensitive data. @Cyber_Security_Channel

Check Point Debuts AI Copilot to Streamline and Automate Cybersecurity Management Karpati said the vendor plans to integrate AI copilot functions into many of its core products in the future. “Ultimately, Infinity AI Copilot will allow access to cross-product information, address inquiries and execute actions seamlessly across multiple consoles.” Currently, Check Point’s threat prevention blocks over 3 billion attacks each year with 50 AI engines and 2 billion security decisions made daily, he added, one key aspect of the AI implementations is the collaborative sharing of threat insights across the platform to prevent attacks effectively. @Engineer_Computer

Southern Water Reports Major Data Breach Impacting Hundreds of Thousands The incident has been reported to the U.K.’s Information Commissioner’s Office, as Southern Water continues to assess the breach’s impact and work on bolstering its cybersecurity measures to prevent future attacks. @Engineer_Computer

OpenAI's ChatGPT Breaches Privacy Rules, Says Italian Watchdog Italy was the first West European country to curb ChatGPT, whose rapid development has attracted attention from lawmakers and regulators. Under the EU's General Data Protection Regulation (GDPR) introduced in 2018, any company found to have broken rules faces fines of up to 4% of its global turnover. @Engineer_Computer