Aqua Security’s Post

Big news! Supply chain security is an industry-wide challenge, especially when it comes to open source. When you use an OSS library, it might contain vulnerabilities inherited from other projects, which in turn might inherit them from other projects, and so on... (that's why it's called a software supply CHAIN). Having SBOMs for each repo is step one in gaining visibility into the contents of OSS, and the VEX format allows us to openly exchange information about the exploitability of those vulnerabilities - but there hasn't been a central place to share and view such VEX documents, until now... Our fantastic OSS team here at Aqua just launched the first publicly available central VEX hub that can give you visibility into open source across mulitple projects, it's vendor-neutral and, of course, open.

🚨 High risk vulnerability in Fedify! A Server Side Request Forgery (SSRF) attack has been discovered. This could allow an attacker to send requests to internal resources, potentially exposing non-public information. Stay safe and update your systems! #Fedify #SSRF #OWASP #APIsecurity 🚀 https://lnkd.in/eWy2DzBF

⏰ Zero-day Alert! ⏰ CyberPanel RCE Vulnerability - No CVE yet A recent vulnerability was discovered in CyberPanel, allowing an easy remote code execution on the affected machines. The vulnerability is known to be exploited in the wild and an exploit is publicly available. IONIX customers can easily see impacted assets in the IONIX portal Threat Center. Read More 👇 https://lnkd.in/e-mDQHpC #CyberPanel #CVE #Zeroday

At Abusix, we're proud to share insights from our Global Reporting Project! Our commitment to fighting online abuse and enhancing network security is highlighted through innovative initiatives such as ➡️ the Blackhole MX, ➡️ Abusix Contact Database, and ➡️ X-ARF format. Explore our tactics and the notable influence of our efforts in our recent blog article. (link in comments) #abusix #globalreporting #saferinternet #networkabuse #emailsecurity #networksecurity

A huge shoutout to one of our huntrs, @mvlttt, for consistently delivering top-notch proof of concepts! If you're new to huntr, read up on their reports. Their latest discovery is a Server-Side Template Injection in the /completions endpoint in berriai/litellm. For more details, check out the bounty here: https://bit.ly/43HwSTK #huntr #aisecurity #bugbounty

🚨BLACKBASTA RANSOMWARE ALERT: Identified 4 new Domains🔍 ============================================= 😈 BlackBasta Ransomware launched 4 New Data Leak Sites in July, 2024 TOR: l6zxfn3u2s4bl4vt3nvpve6uibqn3he3tgwdpkeeplhwlfwy3ifbt5id.onion stuffstevenpeters3./top stuffstevenpeters4./top onlylegalstuff4./top onlylegalstuff5./top 📌Announced 5 new victims in the month of July 2024 📌Sectors Targeted: Manufacturing, Service, Retail 📌Victim Geography: 🇮🇹 🇺🇸 🇨🇦 🇬🇧 Here are the details:- 1️⃣Domain: stuffstevenpeters3./top 2️⃣Domain: stuffstevenpeters4./top 📌Registrar: HOSITNGER 📍Current IP: 193.17.183.83 🇪🇸 📌AS: AS49600 📌AS Name: Near IP Historical Domain Resolution 📍185.68.93.106 🇷🇺 📍87.251.86.130 🇩🇪 3️⃣Domain: onlylegalstuff4./top 📌Registrar: HOSTINGER 📍IP: 185.82.219.188 🇧🇬 📌ASN: AS59729 📌AS Name: Green Floid LLC 💡This IP served as Cobalt Strike C2 previously Historical 193.233.203.71 🇲🇩 45.147.228.223 🇩🇪 4️⃣Domain: onlylegalstuff5./top 📌Registrar: PDR 📍IP: 185.68.93.235 🇷🇺 📌ASN: AS56577 📌AS Name: Relink LTD Historical 185.68.93.226 🇷🇺 Add these IOCs to 🫵 network! 💡These new DLS are registered between 2nd and 3rd July, 2024 💥Threat Actors are registering new sites on numerical order with same keywords used, hence we can proactively identify the next site. 💡I have already made a post about BlackBasta's another DLS 2 Months back. Here is the link those who missed the story:- https://lnkd.in/gVVDmAD2 Follow me for more info tidbits! ☺️ Twitter/X: @RakeshKrish12 #blackbasta #ransomware #infosec #IOC #security #hack #dataleak #databreach #privacy #cybersecurity #OSINT #ransomwarealert #raas #malware #darkweb #badip #malip #malicious #indicators #indicatorsofcompromise #ioa #hack #crypto

🚨 High Risk Vulnerability! Dragonfly, a P2P-based file distribution and image acceleration system, has a critical vulnerability (CVE-2023-27584) due to hard-coded cryptographic keys. This flaw leads to authentication bypass, allowing attackers to perform actions as admin users. All users are advised to upgrade to version 2.0.9. This highlights the importance of API security and the risks of cryptographic failures. #Dragonfly #CNCF #APIsecurity #OWASP #CVE202327584 https://lnkd.in/gkTv5h9t

Globe, Yondu Champion Cellular Security at RootCon 2024 Globe and its IT solutions subsidiary, Yondu, have taken a stand against mobile communication threats by supporting the Cellular Assault Village at #RootCon 2024, one of Southeast Asia's premier hacker conferences. RootCon 2024’s theme, "Connected Realities," highlighted the convergence of the physical and digital worlds, where every action, transaction, and interaction leaves a traceable footprint. Read more » #APPSGADGET #APPSGADGET

After a short hiatus, my lab honeypot is back in full swing. I substantially modified my digital forensics & incident response (DFIR) network and added some additional visibility with a distributed Security Onion configuration. I have one more sensor to place, but I need some hardware first. Enjoying the new features of Security Onion 2.4, Suricata is already recognizing known malicious IPs on the honeypot network. #dshield #honeypot #securityonion #zeek #suricata #sans #threatintelligence #trafficanalysis #sans #blueteam #sec530