• VayFul®
  • Posts
  • Blockchain Security, Website Hacking, XML Desealization, bunkerweb WAF Tool Spotlight, China linked Botent Attack, Application Security Course & More

Blockchain Security, Website Hacking, XML Desealization, bunkerweb WAF Tool Spotlight, China linked Botent Attack, Application Security Course & More

logo

Cybersecurity — For Security Professionals

Hey! James here. Welcome to VayFul®!

Bringing you the latest insights from the world of cybersecurity.

Today’s edition includes:

  • 🧠 Top Tutorials/learning: Blockchain security, Website hacking, Incident response to cyber attack and more!

  • 🔥 Writeups: Interesting vulnerabilities - RCE, XML desearlization and more!

  • 🛠️ Tools Spotlight: Cloud-security-vm, bunkerweb WAF and more!

  • 📰 Security reads: Chinese sponsored botnet attack, LibreOffice security advisory and more!

Read time: 5 minutes

P.S. If you have any questions or topics you’d like us to cover, just hit reply and let me know. I’d love to hear from you!

Let’s dive in!

🧠 BEST OF TUTORIALS & LEARNING RESOURCES 🧠

Tyler Ramsbey explains steps to perform a thorough penetration test on my websites, uncovering vulnerabilities attempt to penetrate my own sites using tools like Nikto, OWASP Zap, Burp Suite, and Snyk.

How SOC engineer/analyst can investigate the malware. John Hammond explain detailed investigations of a fake captcha which runs malware. 

Bsides Leads talk by Heather Lowrie explains how to defined process of cyber defence incident response and perform incident response to cyber attack.

🔥 INTERESTING WRITEUPS 🔥 

A critical filter bypass vulnerability in Strapi, detailing how attackers can exploit it to access sensitive data. It provides a technical analysis of the vulnerability's mechanics, its implications for security, and emphasizes the need for developers to implement robust validation measures to protect their applications.

Article by Truesec exposes a security risk in PowerShell. Attackers can exploit the way PowerShell handles CLIXML data (used for serialization) to potentially execute malicious code and gain unauthorized access.

CVE-2023-27532 vulnerability in Veeam Backup & Replication, which allows unauthenticated users to execute code and access sensitive credentials. It details the exploitation process, potential impacts on security, and underscores the urgency for organizations to apply patches to safeguard their systems against this threat.

🛠️ TOOLS SPOTLIGHT 🛠️

Cloud assessment tools pre-installed on ubuntu vm, uses a combination of Vagrant and Ansible to deploy the VM and configure it if running locally. You can also build a version as an AWS AMI.

Open-source and next-generation Web Application Firewall (WAF) based on NGINX under the hood, it will protect your web services to make them "secure by default".

TUI for sniffing network traffic using eBPF provides Real-time traffic inspection and visualisation.

LibreOffice has released a security advisory to address a critical vulnerability (CVE-2024-7788) in "repair mode" which allows an attacker could construct a document which, when repaired, reported a signature status not valid for the recovered file.

Tenable Research has identified a RCE vulnerability, named CloudImposer, in Google Cloud Platform. This flaw could have enabled attackers to execute malicious code on millions of servers through a single compromised Python package, highlighting significant risks in supply chain security and the need for immediate remediation.

Chinese linked botnet attack compromised hundreds of thousands of devices, including routers and internet-of-things (IoT) gadgets, potentially for malicious purposes.

  • Introduction to cybersecurity by Cisco (Free Course) - Cisco provides fee course Introduction to cybersecurity which provides a comprehensive foundation in cybersecurity fundamentals. Learn the basics of security, threats, and defenses.

  • Application Security Course (Free Course) - Free Application security course by mygreatlearning explains the fundamentals of application security which covers vulnerabilities, best practices, and emerging threats to help you safeguard your applications and data from malicious attacks.

🎯 FAVOURITE QUOTE OF THE DAY 🎯 

“If you fell down yesterday, stand up today.”
- H.G. Wells

💡 ABOUT VAYFUL® 💡

Vayful® is a cybersecurity newsletter that curates the best cybersecurity news, research, tools, blogs, talks, tutorials, and learning resources — specially handpicked for security professionals. The content is curated with love by security professionals.

Enjoyed this newsletter? Friends don’t keep good things to themselves - forward this to your friends and have them sign up here!

Did someone forward this email to you? Become a subscriber!

Have feedback or questions? Just hit reply and let us know.