Milan Kyselica

#OSCE3. Congratulations again to Petko Melin, our Red Team Lead, with his OffSec Certified Expert 3 (OSCE3) certification. The OSCE3 demonstrates expertise in advanced penetration testing, exploit development, and source code review. The certification proves a mastery of complex scenarios involving multi-layered network environments and custom exploit creation, often simulating real-world, high-stakes cyber attack situations such as those carried out by sophisticated cybercrime groups or nation-state actors. This certification is considered a testament to exceptional mastery in the offensive security domain. Earning the OSCE3 underscores Petko’s elite capabilities as an offensive security professional. The certification not only validates his advanced knowledge in the domain, but also solidifies practical skills in applying offensive security tactics. The OSCE3 requires both the OSWE, OSEP, and OSED certifications, which really cements Petko's expertise in the field. Very impressive and a strong achievement, Petko! itm8 / www.itm8.com #OSCE3 #OffSec #Certification #CyberSecurity #RedTeaming

226

18 Comments

We open the issue with an interview with Magda Chelly, who will tell you about how she got started in cybersecurity and how she got to the top. https://lnkd.in/d2-QwCpr #infosec #cybersecurity #pentest #pentesting #hacking #hackers #opensource

2

Malware Targets Polish Small Businesses In May 2024, hackers hit Polish small and medium-sized companies with smart phishing scams. These attacks put dangerous software like Agent Tesla, Formbook, and Remcos RAT on their systems. The threat spread beyond Poland affecting businesses in Italy and Romania too. This showed how exposed small companies are when they don't have strong cyber defenses. Cybersecurity company ESET has found that the attackers used hacked email accounts and company servers to send harmful emails and gather stolen data. They used DBatLoader, a complex malware loader, to deliver their payloads. This method shows a change from earlier tactics and proves cyber threats have become more advanced. Phishing emails had attachments with malware that when opened, started a multi-step process to install the trojan. The increasing danger to SMBs is worrying, as these companies often fall victim to their weaker cybersecurity defenses. Kaspersky cautions that trojans, which can look like real software create a big risk by getting past normal security measures. To guard against these changing threats small and medium-sized businesses should make email filtering, regular software updates, and thorough phishing awareness training their top priorities. Investing into cutting-edge threat detection tools is also key to spot and stop threats. The latest wave of phishing attacks shows why businesses need to take steps to protect themselves before problems arise. How is your company improving its defenses to handle these kinds of threats? Let us know your plans and thoughts in the comments section. #Phishing #SMBSecurity #Malware #CyberThreats #CyberSecurity

1

New feature in TaskForce 2024.6! 🎉 With the new TaskForce update, you can combine various ports into a group in Express mode. Each group has different settings of target folder, file format, type of hash to calculate, and case report fields. #dfir #digitalforensics #forensicimaging

13

🚨 Security Advisory: Important CVEs Disclosed 🚨 Hi Envoy Community, We would like to inform you about the following Common Vulnerabilities and Exposures (CVEs) identified in Envoy: 🔒 CVE-2024-45807: oghttp2 crash on OnBeginHeadersForStream 🔒 CVE-2024-45808: Malicious log injection via access logs 🔒 CVE-2024-45806: Potential manipulation of x-envoy headers from external sources 🔒 CVE-2024-45809: JWT filter crash in the clear route cache with remote JWKs 🔒 CVE-2024-45810: Envoy crashes for LocalReply in HTTP async client 🔧 Resolutions Coming Soon: These issues will be addressed in the following Envoy releases: - v1.31.2 - v1.30.6 - v1.29.9 - v1.28.7 🔗 Release Information: The updates will be available on our Releases Page starting today. 📖 Documentation: For detailed guidance, please refer to our Envoy Documentation. 🔄 Upgrade Recommendation: We strongly encourage all users to update to the latest versions of Envoy to ensure security and stability. 🔍 Ongoing Improvements: A pull request addressing these vulnerabilities has been initiated on the main branch. Thank you for your attention and continued support. ♻ REPOST this to help other Envoy users stay on top of Envoy News. #EnvoyProxy #Kubernetes #Security #CVE #DevOps #CloudNative #OpenSource #CyberSecurity

6

Máte zájem se zapojit do beta programu ISACA nové certifikace Certified Cybersecurity Operations Analyst CCOA? The certification "Certified Cybersecurity Operations Analyst" (CCOA) is for cybersecurity analysts who need to develop and validate their knowledge and skills. A beta program involving professionals with two to three years of cybersecurity experience will launch 1 August 2024. Applications for the program will be open 1-31 July 2024. Exam passers will be recognized as CCOA certification holders. Who qualifies: The beta will consist of a limited number of approved applicants who: . Have two to three years of cybersecurity experience . Are able to perform technical cybersecurity tasks, and . Can prepare for and sit for the exam by 30 September 2024. Approved volunteers must purchase the beta materials at the discounted rate of US$299. What to expect: QAE, Review Manual, Exam: Selected participants will purchase the Questions, Answers, and Explanations (QAE) with 13 hands-on labs at the discounted rate of US$299 and receive a voucher to obtain the review manual and exam for free (a savings for members of nearly US$500 off the upcoming launch prices). Vouchers will be emailed after purchase of the QAE. Participants may also purchase the online review course at a reduced price of US$199 (a savings for members of US$350). Purchase of the online review course is not required to participate. What is next: . Applicants may apply for the CCOA beta program now through 31 July 2024. . Applications will be reviewed, and individuals who are selected for the limited program will receive details to begin the beta 1 August 2024. If you have or receive any questions, please contact ISACA Support.

4

Lights, camera, Pen Test! This cybersecurity awareness month, Maciej Markiewicz demystifies Penetration Testing and explains why it is a must-have in your cybersecurity arsenal! 🔒 📁 #cybersecurityawarenessmonth #pentesting #cybersecurity #penetrationtesting

26

1 Comment

This time we focused on USB Forensics - inside you will find three excellent articles on the topic, as well as a host of other pieces covering different fields. https://lnkd.in/djYk2ZVR #infosec #cybersecurity #pentest #pentesting #hacking #hackers #opensource

3

This time we focused on USB Forensics - inside you will find three excellent articles on the topic, as well as a host of other pieces covering different fields. https://lnkd.in/djYk2ZVR #infosec #cybersecurity #pentest #pentesting #hacking #hackers #opensource

1

Hello Linkedin community!🌐 Cyberthint's April 2024 #ransomware report has been published! At Cyberthint, we closely monitor the activities of ransomware groups and shed light on the latest statistics every month. 📊🔍 In the meantime, some snaps from the report: - #Lockbit victim French hospital "CHC-SV" rejects ransom payment requests - Omni Hotels Hit by Ransomware Attack - Japanese Optical Giant #Hoya Hit by Ransomware Attack In this report you will also find the necessary information to protect your digital assets. 💡🔒 👉 https://lnkd.in/gG2mfZ_c Join us to unravel the complexities of the cyber realm and stay informed. Follow us to stay one step ahead of the game and learn strategies to keep you safe. 💪 Becasuse, we know what information #hackers have on you! #CyberSecurity #ThreatIntelligence #CTI #InformationSecurity

22

Azanzi Compliance is a powerful tool designed to streamline the management of information security compliance. ✔️ It eliminates the hassle of manual spreadsheets and provides real-time visibility into an organisation’s cyber security posture. Learn more > https://lnkd.in/ebVd6uh8 #compliance

1

🔒Strengthen Your Security Framework with Pera Prometheus 🔒 At Pera Prometheus, we know that any policy is only as good as its application, therefore it is crucial to develop policies and procedures that complement your working practices to protect your information assets. From individual policies to a comprehensive security framework, we’re here to help. Whether it’s enhancing data protection or establishing a clear incident response plan, our custom solutions foster a security-conscious culture where your team can operate with confidence. Secure your future today with Pera Prometheus. 🌐 For further information about our services you can visit our website at https://lnkd.in/eGEyfa2Y or contact Gareth Shaw, CISM, CISSP #CyberSecurity #DataProtection #SecurityStrategy #infosec #riskmanagement #informationsecurity #itsecurity #cybersecurityawareness #securityconsultant #consultingservices #consultingservices #datasecurityconsultants #riskassessments #policydevelopment #compliancesupport #physicalsecurity #safeguarding #datatheft

7