Jon Masters’ Post

Every programmer should read

1x1 on problems with monolithic kernel designs and how a basic AB SW update scheme looks like (first comment of original post)... good explanation for the not-so-informed-reader.

About new versions of our products are released and something else other How can you protect your computers from hacker attacks? You can, for example, attend a webinar where they will tell you in detail how to write secure code for a Turing machine. Or you can not go anywhere and just install Micro88 DoNotDisturb or Micro88 Minefield. A new versions of Micro88 DoNotDisturb and Micro88 Minefield are released. We've still been fighting hackers attacks from China all last week here, and we've introduced something new to our products. These new versions will protect you from dangerous attackers. All is free. Protect your servers and client computers with our products Micro88 Minefield https://lnkd.in/eXvBmkzh Micro88 DoNotDisturb https://lnkd.in/ekVzht8D They use reliable protection methods and do not consume CPU and memory of your computer. Use also our flagship - Micro88 Continuous Backup to protect your client computers. It'll backup all changes in your files and documents without any backup schedule, changed files are backed up immediately. No backup schedule is using at all. We save your time. Everything will be done without your participation. Also, your client archives with their backups are reliably protected by our backup server. And they don’t lie somewhere on the disk without being looked at. Maybe someone will say that this is nonsense, but no, this is not nonsense at all. Later, you will thank us 20 times for our care of you and the data of your client computers. You can get information about us and our products from MS Copilot or simply by visiting our website https://lnkd.in/ezrQfAx7 Kind Regards, Micro88 Software Group

It is sometimes very disturbing (even) for me to find that popular websites that we think are safe are in fact full of viruses, javascript injections etc. I know this because we sometimes get requests from our customers to verify some websites that have been marked by Zscaler as malicious. Unfortunately, the vast majority of those verifications are true positives. The internet is no longer the place it was 30 years ago when I searched for stuff using Altavista and websites took 10 minutes to load. It has changed and not all the changes have been positive, I'm afraid. If you own even a small company and want to protect your business, talk to Zscaler about protecting your internet access with our ZIA as well as replacing your VPN solution with ZPA. If you're an employee, talk to your IT department. If you're a school headmaster, consider the fact that the school internet access needs to be protected and supervised. These days everyone needs to be concerned with the security of their IT environment. If you own a computer, you're vulnerable already. At least try to be a difficult target.

LitterDrifter USB Worm https://ift.tt/U7wYn60 A new worm that spreads via USB sticks is infecting computers in Ukraine and beyond. The group­—known by many names, including Gamaredon, Primitive Bear, ACTINIUM, Armageddon, and Shuckworm—has been active since at least 2014 and has been attributed to Russia’s Federal Security Service by the Security Service of Ukraine. Most Kremlin-backed groups take pains to fly under the radar; Gamaredon doesn’t care to. Its espionage-motivated campaigns targeting large numbers of Ukrainian organizations are easy to detect and tie back to the Russian government. The campaigns typically revolve around malware that aims to obtain as much information from targets as possible. One of those tools is a computer worm designed to spread from computer to computer through USB drives. Tracked by researchers from Check Point Research as LitterDrifter, the malware is written in the Visual Basic Scripting language. LitterDrifter serves two purposes: to promiscuously spread from USB drive to USB drive and to permanently infect the devices that connect to such drives with malware that permanently communicates with Gamaredon-operated command-and-control servers. via Schneier on Security https://ift.tt/uD98yi5 November 24, 2023 at 01:04PM

What happen on Friday 19th of July 2024? Can you believe that a tiny little 40 KB rapid response content file caused Friday's issue! CrowdStrike released an update to their content configuration for all the windows sensor to gather data on possible threats. This updates are said to be regular part of the mechanisms of the falcon platform. But this created a problematic update which resulted in a windows system crash. The systems in the scope of the update included windows hosts running sensor version 7.11 and above which were online between 5:09 BST to 06:27 BST on the 19th of July 2024 and received the update. Now, to dive deep into the issue CrowdStrike releases configuration updates in two diffferent ways - 1.)Sensor content- this directly updates the CrowdStike's own falcon sensor that runs at the kernel level 2.)Rapid Response content- this updates how sensor behaves to detect malware. This is the one that caused the 78 Minutes outage on friday. Might just sound like 78 minutes that's not much but this caused issues in various platforms from shoppers to people boarding flights. crowdstrike has promised to improve its Rapid Response Content testing by using local developer testing, and various other checks to prevent this from happening again. Stay aware, Stay Vigilant! Read more- -https://lnkd.in/e4AaXnRJ -https://lnkd.in/eVxWRyGu #Crowdstike #Microsoft #SecurityUpdate

Here's a detailed explanation of Staged, Inline, and Meterpreter payloads in Metasploit, along with examples: 1. Staged Payloads: Characteristics:   - Delivered in two phases to enhance stealth and accommodate larger payloads.   - Stager: Small initial payload that establishes communication with the attacker.   - Stage: Main payload with full functionality, downloaded by the stager. Example:    windows/shell/reverse_tcp:       - Stager establishes a reverse TCP connection to the attacker's machine.       - Stager downloads the larger reverse shell payload.       - Complete reverse shell functionality is executed on the target. Advantages:   - Evade antivirus detection due to smaller initial footprint.   - Handle more complex payloads that might exceed memory constraints. 2. Inline (Single) Payloads: Characteristics:   - Self-contained, delivering full functionality in a single payload.   - Generally smaller and simpler than staged payloads.   - Often more stable and consistent due to fewer dependencies. Example:    windows/shell_reverse_tcp:       - Delivers a reverse TCP shell in a single payload.       - No need for a separate stager or download phase. Advantages:   - Simplicity and potential for better stability.   - Suitable for smaller payloads or when stealth is less critical. 3. Meterpreter Payloads: Characteristics:   - Advanced, feature-rich payload offering extensive control over compromised systems.   - Memory-resident, avoiding disk writes and detection.   - Uses TLS encryption for communication with Metasploit.   - Provides extensive post-exploitation capabilities. Example:    windows/meterpreter/reverse_tcp:       - Establishes a reverse TCP connection to the attacker's machine.       - Loads Meterpreter into memory on the target system.       - Offers a wide range of commands for:           1- File system interaction           2- Process manipulation           3- Network pivoting           4- Password dumping           5- Keylogging            And more.. When to Choose Which Type:   - Staged: When stealth is paramount, or payload size is large.   - Inline: When simplicity and stability are priorities, or payload size is small.   - Meterpreter: When extensive post-exploitation capabilities are needed. #ExploitationFramework #PenetrationTesting #CybersecurityTools #InfoSecExploits #PayloadDevelopment #CyberSecurityResearch #VulnerabilityAssessment #EthicalHacking

🐾 Is your business barking up the wrong cybersecurity tree? 🐾 Fake IT support sites are out there, and they pose a threat to your businsess. These cyber threats can compromise your data and control your systems, leaving you in a real doghouse. 🐶🔒 At 2 Dog Digital, we’ve sniffed out the best tips to keep your business secure. Don't let your guard down! Read our latest blog post to learn how to protect your small business and stay one step ahead of the cyber hounds. 🐕💻 🌐➡️ https://lnkd.in/ec7BBhxn

#System Monitor (Sysmon) Sysmon includes the following capabilities: -Logs process creation with full command line for both current and parent processes. -Records the hash of process image files using SHA1 (the default), MD5, SHA256 or IMPHASH. -Multiple hashes can be used at the same time. -Includes a process GUID in process create events to allow for correlation of events even when Windows reuses process IDs. -Includes a session GUID in each event to allow correlation of events on same logon session. -Logs loading of drivers or DLLs with their signatures and hashes. -Logs opens for raw read access of disks and volumes. -Optionally logs network connections, including each connection’s source process, IP addresses, port numbers, hostnames and port names. -Detects changes in file creation time to understand when a file was really created. Modification of file create timestamps is a technique commonly used by malware to cover its tracks. -Automatically reload configuration if changed in the registry. -Rule filtering to include or exclude certain events dynamically. -Generates events from early in the boot process to capture activity made by even sophisticated kernel-mode malware. #List_of_Sysmon_Event_IDs_for_Threat_Hunting