puni.md

😺
!noid
!sage
!no
※追記 2023/09/09 00:33:51!NO

Cisco ASA Zero-Day Exploited in Akira Ransomware Attacks
https://hatenablog-parts.com/embed?url=https://www.securityweek.com/cisco-asa-zero-day-exploited-in-akira-ransomware-attacks/</a>" frameborder="0">https://www.securityweek.com/cisco-asa-zero-day-exploited-in-akira-ransomware-attacks/

Tracked as CVE-2023-20269 (CVSS score of 5.0, medium severity), the issue exists in the remote access VPN feature of Cisco ASA and FTD and can be exploited remotely, without authentication, in brute force attacks.

“This vulnerability is due to improper separation of authentication, authorization, and accounting (AAA) between the remote access VPN feature and the HTTPS management and site-to-site VPN features,” Cisco explains in an advisory.

>>2
https://hatenablog-parts.com/embed?url=https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ravpn-auth-8LyfCkeC</a>" frameborder="0">https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ravpn-auth-8LyfCkeC

!add!NO

Three men arrested for stealing thousands of dollars by hacking into ATMs with a Raspberry Pi device
https://hatenablog-parts.com/embed?url=https://www.pcgamer.com/three-men-arrested-for-stealing-thousands-of-dollars-by-hacking-into-atms-with-a-raspberry-pi-device/</a>" frameborder="0">https://www.pcgamer.com/three-men-arrested-for-stealing-thousands-of-dollars-by-hacking-into-atms-with-a-raspberry-pi-device/

EverythingLubbock (via Tom's Hardware) reports that the thieves could turn off the ATM's security system with a Raspberry Pi device (by plugging it into the machine), which gave them access to the cash drawer without raising alarm bells.

>>5
昔ラズパイ使って生体認証を盗むってレポートを読んだことがある
ドイツの研究機関か大学が出してたやつ

An Empirical Study of Malicious Code In PyPI Ecosystem
https://hatenablog-parts.com/embed?url=https://about.honywen.com/publication/2023ase/</a>" frameborder="0">https://about.honywen.com/publication/2023ase/

A real-world investigation showed that many reported malicious packages persist in PyPI mirror servers globally, with over 72% remaining for an extended period after being discovered.

I Want YOU for U.S. Army

Join the military, become a US citizen: Uncle Sam wants you and vous and tu
https://hatenablog-parts.com/embed?url=https://apnews.com/article/army-air-force-recruiting-shortfall-immigrants-citizenship-2cd690352210606945010d1800c5bdbe</a>" frameborder="0">https://apnews.com/article/army-air-force-recruiting-shortfall-immigrants-citizenship-2cd690352210606945010d1800c5bdbe

Spoof iOS devices with Bluetooth pairing messages using Android
https://hatenablog-parts.com/embed?url=https://www.mobile-hacker.com/2023/09/07/spoof-ios-devices-with-bluetooth-pairing-messages-using-android/</a>" frameborder="0">https://www.mobile-hacker.com/2023/09/07/spoof-ios-devices-with-bluetooth-pairing-messages-using-android/

Requirements
We need rooted Android device with installed NetHunter’s custom kernel or any other kernel that will support either internal Bluetooth chip or any external Bluetooth adapter. In case of external Bluetooth dongle, it is necessary to have OTG adapter to connect it to your smartphone. And don’t forget about targeted iPhone.

In my case I will use OnePlus 7T Pro with internal chipset and external Bluetooth adapter.

AI abuse grows beyond phishing to multistage cyberattacks
https://hatenablog-parts.com/embed?url=https://www.scmagazine.com/news/multistage-payload-attacks-it-team-impersonations-up-as-ai-adopted-at-large</a>" frameborder="0">https://www.scmagazine.com/news/multistage-payload-attacks-it-team-impersonations-up-as-ai-adopted-at-large

The multistage payload technique saw the rise in Quishing, phishing using QR codes, which researchers said indicated the use of automation in attacks.

悪用されるやつ

VSCode now has built-in port forwarding. This feature allows you to share locally running services over the internet to other people and devices.

https://twitter.com/code/status/1699869087071899669

🤭

Allegedly, Internal access to government-organized KYC collection system of a specific Southeast Asian country is on sale

Threat actor claims to have access to over 3GB of unique KYC photos.

Price: $15,000

https://i.imgur.com/Guy1Rix.jpg" data-lightbox="image">https://i.imgur.com/Guy1Rix.jpg" loading="lazy">
https://i.imgur.com/Guy1Rix.jpg

Stay secure with upgrades to Safe Browsing

Google Safe Browsing in Chrome automatically protects you by flagging dangerous sites and files. Previously, it worked by checking every site visit against a locally-stored list of known bad sites, which is updated every 30 to 60 minutes. But phishing domains have gotten more sophisticated — and today, 60% of them exist for less than 10 minutes, making them difficult to block.

To block these dangerous sites the moment they launch, we’re upgrading Safe Browsing so it will now check sites against Google’s known-bad sites in real time. By shortening the time between identification and prevention of threats, we expect to see 25% improved protection from malware and phishing threats. This update will roll out to Chrome in the coming weeks.

https://hatenablog-parts.com/embed?url=https://blog.google/products/chrome/Google-chrome-new-features-redesign-2023/</a>" frameborder="0">https://blog.google/products/chrome/Google-chrome-new-features-redesign-2023/

Nagios Plugins: Hacking Monitored Servers with check_by_ssh and Argument Injection: CVE-2023-37154
https://hatenablog-parts.com/embed?url=https://joshua.hu/nagios-hacking-cve-2023-37154</a>" frameborder="0">https://joshua.hu/nagios-hacking-cve-2023-37154

Official repository vuls Scan: 15000+PoCs; 23 kinds of application password crack; 7000+Web fingerprints; 146 protocols and 90000+ rules Port scanning; Fuzz, HW, awesome BugBounty( ͡° ͜ʖ ͡°)...
https://hatenablog-parts.com/embed?url=https://github.com/hktalent/scan4all</a>" frameborder="0">https://github.com/hktalent/scan4all

NSO Group iPhone Zero-Click, Zero-Day Exploit Captured in the Wild
https://hatenablog-parts.com/embed?url=https://citizenlab.ca/2023/09/blastpass-nso-group-iphone-zero-click-zero-day-exploit-captured-in-the-wild/</a>" frameborder="0">https://citizenlab.ca/2023/09/blastpass-nso-group-iphone-zero-click-zero-day-exploit-captured-in-the-wild/

>>16
The exploit involved PassKit attachments containing malicious images sent from an attacker iMessage account to the victim.

Binding Operational Directive 23-01 - Improving Asset Visibility and Vulnerability Detection on Federal Networks👈🤭ﾂﾝﾂﾝ

CISA Warning: Nation-State Hackers Exploit Fortinet and Zoho Vulnerabilities
https://hatenablog-parts.com/embed?url=https://thehackernews.com/2023/09/cisa-warning-nation-state-hackers.html</a>" frameborder="0">https://thehackernews.com/2023/09/cisa-warning-nation-state-hackers.html

>>18
https://hatenablog-parts.com/embed?url=https://internet.watch.impress.co.jp/docs/column/security/1452812.html</a>" frameborder="0">https://internet.watch.impress.co.jp/docs/column/security/1452812.html

😼
CatSniffer: original multiprotocol, and multiband board made for sniffing, communicating, and attacking IoT devices
https://hatenablog-parts.com/embed?url=https://securityonline.info/catsniffer-original-multiprotocol-and-multiband-board-made-for-sniffing-communicating-and-attacking-iot-device/</a>" frameborder="0">https://securityonline.info/catsniffer-original-multiprotocol-and-multiband-board-made-for-sniffing-communicating-and-attacking-iot-device/

Protocols
Thread
Zigbee
Bluetooth 5 Low Energy (BLE)
IEEE 802.15.4g
6LoWPAN (IPv6 over Low power Wireless Personal Area Networks)
Sub 1GHz and patented systems
LoRa/LoRaWAN

言語の学習コストがLLMの発展コストに置き換わる話

India’s Reliance partners with Nvidia to build large language model
https://hatenablog-parts.com/embed?url=https://techcrunch.com/2023/09/08/reliance-nvidia-india/</a>" frameborder="0">https://techcrunch.com/2023/09/08/reliance-nvidia-india/

zip（gTLD）
https://hatenablog-parts.com/embed?url=https://browsers.zip/</a>" frameborder="0">https://browsers.zip/

EU AI Act: Notes and Thoughts on the Proposed Regulation
https://hatenablog-parts.com/embed?url=https://outofthecomfortzone.frantzmiccoli.com/thoughts/2023/09/07/eu-ai-act-notes-thoughts-proposed-regulation.html</a>" frameborder="0">https://outofthecomfortzone.frantzmiccoli.com/thoughts/2023/09/07/eu-ai-act-notes-thoughts-proposed-regulation.html

🌿

whoa.onrender.com is a free JSON API for every "whoa" said by actor Keanu Reeves in his movies.

https://hatenablog-parts.com/embed?url=https://whoa.onrender.com/</a>" frameborder="0">https://whoa.onrender.com/

>>24
草

puni.md (25)