🔥 TRENDING

📢 Lediglich 26 Prozent der CISOs schätzen Cyber-Threat-Intelligence - Netzpalaver

🔗 https://news.google.com/rss/articles/CBMiowFBVV95cUxNeHUzS3h1STRHM3dWUHFMdHd3LUJlQlNpZU5NMWZsb0ZpSTFzWmRJZGZNS2ZXYW1zUUZBN2ViZnY2c21Edjl0TXNtYXY4M2xScE9OeFhIekxKcXdkYVA3ZFUyTFpYQ2hFMUZSX0sxVzlYV0FvdktrQ3JCX0xIWUJtWlhSa0pzaE1xYzhmWmVMZWFzLUZxMXVKNnEwakl5ZEM0MDAw?oc=5

#Lediglich #Prozent #Cisos #Cyber-threat-intelligence #GlobalFeed #News #DE

*Automatisch gepostet von Global Feed Bot*

MYRELLA THE CYBER GIRL - SALVEM O PLANETA ENQUANTO AINDA HÁ TEMPO!
https://www.youtube.com/shorts/hwnQT-vBJ7U

#CYBERGIRL #CYBER #ANDROID #LINUX #NATURE #PLANET #MYRELLA #MEUREFUGIONERD #SAVETHEWORLD #EARTH

Found a way to bypass (probably) Code Integrity in HVCI Enabled Environments Through State Confusion.

Check out the article:
https://github.com/usernameone101/Writeups/blob/main/Bypassing%20Code%20Integrity%20in%20HVCI%20Enabled%20Environments.pdf

#infosec #cybersecurity #cyber #research

What is the best thing that artificial intelligence has done up until now.

And what is the worst thing that artificial intelligence has done up until now.

#Cyber #ArtificialIntelligence #Technology #Tech #Computers

Privacy and Data Protection: Practical Security Controls for Everyday Risk - https://www.redpacketsecurity.com/privacy-and-data-protection-practical-security-controls-for-everyday-risk/

#Privacy_and_data_protection #CyberSecurity #OSINT #Cyber

Race Condition In the SecureKernel.exe

Note* MSRC has already seen this and mentioned it didn't meet servicing requirements as its not a full chain and thus not immediately weaponisable but its a very real bug so sharing for community education.

GitHub Link: https://github.com/usernameone101/Writeups/blob/main/Premature%20Lock%20Release%20%26%20TOCTOU%20in%20the%20securekernel%20(2).pdf

#research #infosec #cybersecurity #cyber

Don't forget that in a few days, it will be the #FirstFriday of the month! Make sure to mark your calendars for #Friday, #June 5th, which is your next monthly @2600 meeting! 2600 Meetings always occur on the first Friday of each month. Please re-toot this to spread the word!

If you're in New Hampshire, then please join us in #Peterborough at Mi Jalisco, located at 19 Wilton Road at 7:00 PM Eastern time. https://nh2600.neocities.org for more info.

If you live elsewhere in the world & want to attend a local #2600meeting then check out https://2600.com/meetings to see where your local meeting is happening!

#2600 #26OO #NH2600 #NH #NewHampshire #HackTheSystem #HackingIsNotACrime #Hacker #Hackers #HackingIsAWayOfLife #HackingIsALifestyle #HackerCulture #infosec #hacking #cyber #cybersecurity #RememberWhenCyberMeantSomethingElse #FirstFridays #MiJalisco

Malcolm v26.06.0 is primarily a security hardening release, addressing fifteen vulnerabilities (2 high severity, 6 medium, and 7 low) identified in a security assessment. Bug fixes address an issue with the zeek container causing performance degredation over time and a fix for duplicate virtual machine entries in NetBox autopopulation. A few component versions have also been updated.

If you are upgrading from an existing Malcolm installation, run ./scripts/status for Malcolm to migrate some settings prior to running ./scripts/configure, ./scripts/start, or other Malcolm control scripts.

https://github.com/idaholab/Malcolm/compare/v26.05.2...v26.06.0

• 🛡️ Security Remediation & Hardening (#996)
  • Unauthenticated reflected XSS / open redirect in /dashboards/app/refred; also added Content-Security-Policy framing headers (frame-ancestors, base-uri, form-action) and X-Frame-Options: SAMEORIGIN globally to mitigate clickjacking (#997)
  • Authenticated command injection in filebeat container via SFTP-uploaded filename (#998)
  • Password stored as MD5-crypt for SFTP (#1009)
  • Authenticated archive zip-slip file write in filebeat container (#999)
  • OpenSearch path injection via /mapi/fields?template (#1000)
  • submit.php Location: open redirect via Referer (#1007)
  • htadmin proxied with no nginx auth gate (#1003)
  • Keycloak OIDC ssl_verify always set to false (#1006)
  • NetBox SUPERUSER_PASSWORD=admin shipped default (#1011)
  • RBAC defaultdict(lambda: True) fail-open for unlisted handlers in Malcolm API (#1004)
  • Read-only Arkime deny-regex omits addtags/removetags (#1008)
  • Read-only deployment allows POST /mapi/event (#1002)
  • WISE auth path selectable by client User-Agent (#1001)
  • ARKIME_PASSWORD_SECRET=Malcolm shipped default (#1005)
  • requests CVE bump reverted in logstash image (#1010)
  • Fix API auth errors and hide NGINX version disclosure (#989)
• 🐛 Bug fixes
  • auto-discovered Virtual Machines in NetBox seem to allow for duplicates (#978)
  • Ensure list of archive file types supported by Malcolm for uploading Zeek logs (application/gzip,application/vnd.rar,application/x-7z-compressed,application/x-bzip2,application/x-cpio,application/x-gzip,application/x-lzip,application/x-lzma,application/x-rar-compressed,application/x-tar,application/x-xz,application/zip) are consistently used across the platform.
  • zeek container continually grows /usr/local/zeek/crontab, causing Malcolm performance to gradually worsen (#1015)
• ✅ Component version updates
  • Filebeat to v9.4.2
  • Fluent Bit to v5.0.6
  • Logstash to v9.4.2
  • Supercronic to v0.2.46
  • uv to v0.11.15
• 🧹 Code and project maintenance
  • Fixed some incorrect links in documentation (#988, thanks @jsoref)
  • Refactored NGINX error pages configuration into its own include file and added a 401.html page
• 📄 Configuration changes for Malcolm (in environment variables in ./config/). The Malcolm control script (e.g., ./scripts/status, ./scripts/start) automatically handles creation and migration of variables according to ./config/env-var-actions.yml.
  • Added KEYCLOAK_SSL_VERIFY (default false) to keycloak.env for #1006
  • The Arkime password hash secret ARKIME_PASSWORD_SECRET in arkime-secret.env no longer has a default value: it must be set during auth_setup (for #1005)
  • The Netbox superuser password SUPERUSER_PASSWORD in netbox-secret.env no longer has a default value: it must be set during auth_setup (for #1011)

Malcolm is a powerful, easily deployable network 🖧 traffic analysis tool suite for network security monitoring 🕵🏻‍♀️.

Malcolm operates as a cluster of containers 📦, isolated sandboxes which each serve a dedicated function of the system. This makes Malcolm deployable with frameworks like Docker 🐋, Podman 🦭, and Kubernetes ⎈. Check out the Quick Start guide for examples on how to get up and running.

Alternatively, dedicated official ISO installer images 💿 for Malcolm and Hedgehog Linux 🦔 can be downloaded from Malcolm's releases page on GitHub. Due to limits on individual files in GitHub releases, these ISO files have been split 🪓 into 2GB chunks and can be reassembled with scripts provided for both Bash 🐧 (release_cleaver.sh) and PowerShell 🪟 (release_cleaver.ps1). See Downloading Malcolm - Installer ISOs for instructions.

As always, join us on the Malcolm discussions board 💬 to engage with the community, or pop some corn 🍿 and watch a video 📼.

#Malcolm #HedgehogLinux #Zeek #Arkime #Strelka #NetBox #OpenSearch #Elasticsearch #Suricata #PCAP #NetworkTrafficAnalysis #networksecuritymonitoring #OT #ICS #icssecurity #CyberSecurity #Cyber #Infosec #INL