SecureNexa’s Post

CRYSTALRAY Hackers Infect Over 1,500 Victims Using Network Mapping Tool A threat actor that was previously observed using an open-source network mapping tool has greatly expanded their operations to infect over 1,500 victims. Sysdig, which is tracking the cluster under the name CRYSTALRAY, said the activities have witnessed a 10x surge, adding it includes "mass scanning, exploiting multiple vulnerabilities, and placing backdoors using multiple [open-source software] https://lnkd.in/gPQKfCA6

CRYSTALRAY Hackers Infect Over 1,500 Victims Using Network Mapping Tool: A threat actor that was previously observed using an open-source network mapping tool has greatly expanded their operations to infect over 1,500 victims. Sysdig, which is tracking the cluster under the name CRYSTALRAY, said the activities have witnessed a 10x surge, adding it includes "mass scanning, exploiting multiple vulnerabilities, and placing backdoors using multiple [open-source software] https://lnkd.in/g2zm8Z45

Sandbox Escape Vulnerabilities in Judge0 Expose Systems to Complete Takeover: Multiple critical security flaws have been disclosed in the Judge0 open-source online code execution system that could be exploited to obtain code execution on the target system. The three flaws, all critical in nature, allow an "adversary with sufficient access to perform a sandbox escape and obtain root permissions on the host machine," Australian https://lnkd.in/dJGhYRqt

Multiple Vulnerabilities in Ivanti Products Could Allow for Remote Code Execution https://buff.ly/3Bb1se0 #Cybersecurity #InternetSafety #WebProtection #OnlineSecurity #DataPrivacy #SecureBrowsing #PhishingProtection #MalwarePrevention #BrowserSecurity #FraudAlert #ThreatDetection #SafeSurfing #DigitalSecurity #PrivacyEnhancement #CyberSafe #NetGuard #WebShield #InfoSec #PrivacyFirst #ScamBlock #ThreatIntel #SurfSafely #SecureNet #FraudWatch #Tripleye

During week 3 🎉 , I engaged in two enlightening labs centered around common server vulnerabilities and different methodologies which can be used to exploint them : 🔵 Lab 1: Cross-Site Request Forgery (CSRF) - Explored various CSRF attack scenarios and their potential impacts. - Acquired hands-on experience in identifying and exploiting CSRF vulnerabilities. - Learned best practices for mitigating CSRF risks effectively. 🔵 Lab 2: Server-Side Request Forgery (SSRF) - Investigated the concept of SSRF vulnerabilities and their implications. - Practiced techniques for detecting and exploiting server flaws. - Gained valuable insights into fortifying servers against unauthorized access through SSRF.  #csrf #ssrf #webapplicationsecurity #serversecurity #hacktify

AOC 2024 TryHackMe Day#13 - Websockets: It came without buffering! It came without lag! In this lab, I explored WebSocket vulnerabilities, focusing on Message Tampering. Using Burp Suite, I intercepted and modified messages sent to the server. This allowed me to bypass security checks, send unauthorized requests, and manipulate critical data such as usernames, payment amounts, or access levels. Key risks of WebSocket vulnerabilities include: + Unauthorized actions and privilege escalation. + Data manipulation and corruption. + System instability or crashes. Understanding and mitigating such vulnerabilities is critical to maintaining secure and reliable WebSocket implementations.

Multiple Vulnerabilities in Ivanti Products Could Allow for Remote Code Execution https://buff.ly/3YfdVXf #Cybersecurity #InternetSafety #WebProtection #OnlineSecurity #DataPrivacy #SecureBrowsing #PhishingProtection #MalwarePrevention #BrowserSecurity #FraudAlert #ThreatDetection #SafeSurfing #DigitalSecurity #PrivacyEnhancement #CyberSafe #NetGuard #WebShield #InfoSec #PrivacyFirst #ScamBlock #ThreatIntel #SurfSafely #SecureNet #FraudWatch #Tripleye

During week 3, I engaged in two enlightening labs centered around common server vulnerabilities and different methodologies which can be used to exploint them : 🔵 Lab 1: Cross-Site Request Forgery (CSRF) - Explored various CSRF attack scenarios and their potential impacts. - Acquired hands-on experience in identifying and exploiting CSRF vulnerabilities. - Learned best practices for mitigating CSRF risks effectively. 🔵 Lab 2: Server-Side Request Forgery (SSRF) - Investigated the concept of SSRF vulnerabilities and their implications. - Practiced techniques for detecting and exploiting server flaws. - Gained valuable insights into fortifying servers against unauthorized access through SSRF.  #csrf #ssrf #webapplicationsecurity #serversecurity #hacktify

A summary of my week 3 task in which I participated in 2 insightful labs exploring the common Server Vulnerabilities: ⭕Cross-Site Request Forgery (CSRF) ⭕Server-Side Request Forgery (SSRF) 🔵Lab 1: Cross-Site Request Forgery (CSRF) • I studied different CSRF attack and their potential impact. • I gained practical experience in identifying and exploiting CSRF vulnerabilities • I gained understanding on best practices for mitigating CSRF risks. 🔵Lab 2: Server-Side Request Forgery (SSRF) •I explored the concept of SSRF vulnerabilities and their consequences. • I practiced techniques for discovering and exploiting Server flaws. • I gained valuable insights into securing SERVERS against unauthorized access through SSRF. #csrf #ssrf #webapplicationsecurity #serversecurity #hacktify

A Critical GeoTools RCE Flaw exploited in geoserver attacks allows attackers to execute arbitrary code via improperly validated XPath expressions, risking severe security impacts on thousands of applications. CISA is urging immediate patching due to active exploitation. Attack and patch details here: https://lnkd.in/ekysa5Tj