City and County of San Francisco’s Post

Cyber attack prevented. This article worth a quick read to you open source proponents! To heck with your computer, Does every survivalist have transportation with points and condenser hidden in garage? Sounds Iike we all should. A cyber attack on car guidance systems in future could cripple the nation. https://lnkd.in/eHbQfR48 #cyber #bidenfailures

Points you connect the Symbolic Links to. One of the common methods attackers leverage in misconfigured file permission environments is Symbolic Link (SYMLINK) attacks. A Symbolic Link (SYMLINK) is a type of file in Linux (and Unix-based systems) that acts as a pointer or reference to another file or directory. When you delete a point without authorization, the symbolic link you defined as a reference cannot be accessed. The example I will give is particularly related to the SYMLINK attack vulnerability in SUDO versions prior to 1.8.15, which was a headache in the past. In these versions, sudoedit (or sudo -e) could be tricked into following symbolic links when editing files, allowing attackers to potentially escalate privileges by editing sensitive files. This vulnerability arises because older Sudo versions did not adequately check whether the file being edited via sudoedit was a symbolic link, which is essential to prevent an attacker from tricking the command into editing unintended files. Here who you can: $ mkdir -p /var/www/html/dir_1 $ chmod 777 /var/www/html/dir_1 (We create a directory dir_1 and set its permissions to 777, making it accessible to everyone) $ mkdir /var/www/html/dir_2 $ ln -sf /etc/sudoers <ANY_AUTHORIZED_FILE_WITHIN_THE_DIRECTORY> (Inside dir_2, we create a symbolic link to /etc/sudoers using the command ln -sf /etc/sudoers <ANY_AUTHORIZED_FILE_WITHIN_THE_DIRECTORY>) $ sudoedit <ANY_AUTHORIZED_FILE_WITHIN_THE_DIRECTORY> (Due to misconfigurations or overly permissive file permissions, an attacker can trick sudoedit or another program into editing the authorized file, which is actually a symbolic link pointing to /etc/sudoers) Other critical system configuration files (like /etc/passwd or /etc/shadow) could be edited, leading to unauthorized account creation or modification of passwords. In patched versions, you are not allowed to edit symbolic links with sudoedit, but the "nano" command can still work. If an attacker uses a symbolic link to trick nano into editing security-related configuration files (e.g., firewall rules, SSH configurations, PAM configurations), they could alter system settings. If symbolic links are used to point to configuration or credential files (e.g., database configs or application secrets), attackers could edit them to steal sensitive data too. The list of damage it can cause is extensive. For this reason, you must be careful about which files you grant permissions to which users, cyberpunks! Note it! ^-^/ #freedomofinternet #cybersecurity #informationsecurity #dataprivacy #threatintelligence #linux

A great example of why the management of the Software Development Life Cycle (SDLC) and third party supplier risk management are critical to the digital lives we lead. What a ideal tool to compromise, free, widely used to compress data and one that resides across multiple platforms. Whoever said that cyber attackers weren't efficient in their approach to compromising systems. (https://lnkd.in/e2GYXsBm) This security breach demonstrates the vulnerability of the SDLC and the ease by which third party software is used to compromise systems and data. One wonders how such a tool was compromised in the first instance and how many tools weren't so lucky in being identified before they were deployed? Thaddeus Dziekanowski Brian D. McCarthy Veritas GRC Microsoft #sdlc #cybersecurity #cyberriskmanagement

It'll continue to accelerate in hit rate and manpower attrition. The issue here is the way that global business has been conducted over the past 30 years with outsourcing "low skilled" labor. Low level cybersecurity work is cut off to other companies that don't grasp the context or urgency of work. Over time, the disconnect between the contractor and outsourced vendor becomes ever larger. Meanwhile, cyber attackers are a profit center (cyber defenders being a cost centre), so there is every incentive to keep personnel as long as possible. The mechanisms for this to change currently don't exist yet... But we should remember that we cannot demand excellent service from the same people that we degrade. https://lnkd.in/g7VzcnXk

#DYK: Software is one of technology’s most vulnerable subsets with over 70% of applications containing security flaws. It’s critical that IT leaders know different security risks that come with open source software to protect technology and scale safely. We have brought you the Top 5 open source security risks that IT leaders must know in the following article. Read more here: https://bit.ly/3NYnFzy.

it started with a click ... Another zero-day which cybercriminals will rush to build into their phishing-attempts. Currently there is no patch. We will soon read the statistics of how many 💲 have been lost because of users trustingly clicking links which start exploiting this zero-day. And - with the patch available this zero-day will become a mere vulnerability - there (weeks and months later) will also be the appeals of the authorities that n systems still have not been patched.

Hello hackers!! 😃 You wanted an Active Directory Lab to test your skills right!! Here's a blog which directs you to create your own hacking environment step by step with screenshots which will help you if you're doing any mistake. And you want know about the possible attacks on this machine, here's the list: 1. LLMNR / NBT-NS Poisoning 2. SMB Relay Attacks 3. IPv6 DNS Takeover Attacks 4. Pass-the-Password 5. Pass-the-Hash 6. Token Impersonation 7. Kerberoasting 8. Golden Ticket 9. PowerView / BloodHound / Other Enumeration Tools 10. Credential Dumping with Mimikatz https://lnkd.in/d23RTVe2

HHS Warns of Open Source Risks in Health Sector   The US Department of Health and Human Services (HHS) Office of Information Security and the Health Sector Cybersecurity Coordination Center (HC3) have published a document outlining the risks that open source software poses to the health sector. The report lists open source software concerns – publicly accessible code, constant updates, and lack of testing and accountability – and suggests options for bolstering open source software security. https://lnkd.in/ebeUsxWu

CISA is collaborating with the open source ecosystem to enhance the security of package registries, promoting a set of best practices in the interest of securing critical infrastructure. This initiative is a positive sign that the US government is recognizing the increasing threats facing software supply chains at the package registry level, and is approaching these registries like a public good. https://lnkd.in/gFwfsuJU

ICYMI: A White House working group of federal agencies recently released a series of initiatives aimed at securing open-source software (#OSS)🛡️ Following high-profile cyberattacks like #Log4j and #SolarWinds, these initiatives focus on preventing future attacks by strengthening government partnerships, developing Software Bills of Materials (SBOMs) and improving the security of the software supply chain. Read more from GovCIO Media & Research: https://bit.ly/47vdcV7 #SoftwareSecurity #Cybersecurity #FederalGovernment