Sys-Admin InfoSec

06 Apr 2024 19:42

/ CVE-2023-3454: Critical Vulnerability in Brocade Fabric OS Exposes Networks to Remote Attacks

https://securityonline.info/cve-2023-3454-critical-vulnerability-in-brocade-fabric-os-exposes-networks-to-remote-attacks/

Sys-Admin InfoSec

04 Apr 2024 21:22

/ XZ Utils Supply Chain Puzzle: Binarly Ships Free Scanner for CVE-2024-3094 Backdoor

https://www.binarly.io/blog/xz-utils-supply-chain-puzzle-binarly-ships-free-scanner-for-cve-2024-3094-backdoor

Sys-Admin InfoSec

04 Apr 2024 10:48

➕ Открытые практикумы DevOps, Linux, Networks и Golang: Расписание на След. неделю

Расписание:

🟢 9 апреля Networks: Dynamic Multipoint Virtual Private Network (DMVPN) (Дмитрий Радчук – Team Lead Вконтакте)
🟢 10 апреля Linux: Практика работы с дисками (RAID, fdisk, LVM) (Андрей Буранов VK Play)
🟢 11 апреля Golang & DevOps: Стек типичного проекта в Golang в коммерческой разработке (Сергей Парамошкин – Яндекс.облако)

↘ Детали

P.S. Запись практикума “DevOps by Rebrain” в подарок за регистрацию

Sys-Admin InfoSec

01 Apr 2024 12:04

According official Kali twitter blog post - The xz package, starting from version 5.6.0 to 5.6.1, was found to contain a backdoor. The impact of this vulnerability affected Kali between March 26th to March 29th. If you updated your Kali installation on or after March 26th, it is crucial to apply the latest updates today

Hack via hacker distro?)

CVE - https://nvd.nist.gov/vuln/detail/CVE-2024-3094

🔹 FAQ on the xz-utils backdoor: https://gist.github.com/thesamesam/223949d5a074ebc3dce9ee78baad9e27
🔹 Checker vulnerability: https://github.com/FabioBaroni/CVE-2024-3094-checker/blob/main/CVE-2024-3094-checker.sh
🔹 Detection: https://github.com/byinarie/CVE-2024-3094-info
🔹 More details: https://www.wiz.io/blog/cve-2024-3094-critical-rce-vulnerability-found-in-xz-utils

Sys-Admin InfoSec

29 Mar 2024 21:15

DinodasRAT Linux implant targeting entities worldwide

https://securelist.com/dinodasrat-linux-implant/112284/

Sys-Admin InfoSec

29 Mar 2024 06:56

/ PyPi Is Under Attack: Project Creation and User Registration Suspended

https://checkmarx.com/blog/pypi-is-under-attack-project-creation-and-user-registration-suspended/

Sys-Admin InfoSec

28 Mar 2024 16:56

/ Out of the shadows – ’darcula’ iMessage and RCS smishing attacks target USPS and global postal services

https://www.netcraft.com/blog/darcula-smishing-attacks-target-usps-and-global-postal-services/

Sys-Admin InfoSec

27 Mar 2024 15:57

/ Alert: PROXYLIB and LumiApps Transform Mobile Devices into Proxy Nodes

Residential proxies are frequently used by threat actors to conceal malicious activity, including advertising fraud and the use of bots. Access to residential proxy networks is often purchased from other threat actors who create them through enrolling unwitting users’ devices as nodes in the network through malware embedded in mobile, CTV or desktop applications...

How VPN app can convert your device to malicious proxy node:

https://www.humansecurity.com/learn/blog/satori-threat-intelligence-alert-proxylib-and-lumiapps-transform-mobile-devices-into-proxy-nodes

Sys-Admin InfoSec

26 Mar 2024 08:12

/ ZenHammer: Rowhammer Attacks on AMD Zen-based Platforms

https://comsec.ethz.ch/research/dram/zenhammer/

Sys-Admin InfoSec

21 Mar 2024 15:07

/ AWS one-click account takeover vulnerability...

..one-click account takeover vulnerability in the AWS Managed Workflows Apache Airflow service that could have allowed full takeover of a victim’s web management panel of the Airflow instance:

https://www.tenable.com/blog/flowfixation-aws-apache-airflow-service-takeover-vulnerability-and-why-neglecting-guardrails

Sys-Admin InfoSec

20 Mar 2024 16:32

/ SQLi (SQL Injection) org.postgresql:postgresql Dependency in Bamboo Data Center and Server

This Critical severity org.postgresql:postgresql Dependency vulnerability was introduced in versions 8.2.1, 9.0.0, 9.1.0, 9.2.1, 9.3.0, 9.4.0, and 9.5.0 of Bamboo Data Center and Server.

https://jira.atlassian.com/browse/BAM-25716

Sys-Admin InfoSec

18 Mar 2024 04:55

/ Interesting Multi-Stage StopCrypt Ransomware Variant Propagating in the Wild

*with bypass antivirus

https://blog.sonicwall.com/en-us/2024/03/new-multi-stage-stopcrypt-ransomware/

Sys-Admin InfoSec

14 Mar 2024 20:04

/ DarkGate Operators Exploit Microsoft Windows SmartScreen Bypass in Zero-Day Campaign

https://www.trendmicro.com/en_us/research/24/c/cve-2024-21412--darkgate-operators-exploit-microsoft-windows-sma.html

Sys-Admin InfoSec

13 Mar 2024 12:13

/ FortiOS & FortiProxy - Out-of-bounds Write in captive portal

..may allow an inside attacker who has access to captive portal to execute arbitrary code or commands via specially crafted HTTP requests:

https://www.fortiguard.com/psirt/FG-IR-23-328

Sys-Admin InfoSec

11 Mar 2024 14:07

📢 Integration of OpenBLD.net with URLhaus by abuse.ch

URLhaus is a project operated by abuse.ch. Its purpose is to collect, track, and share malware URLs, aiding network administrators and security analysts in safeguarding their networks and customers from cyber threats.

Now, you can check the malicious domain ownership with OpenBLD.net alongside Quad9, AdGuard, Cloudflare, ProtonDNS on abuse.ch.

In addition, you can incorporate abuse.ch lists into your security solutions, just as OpenBLD.net does.

You can check this as example on:
🔹 https://urlhaus.abuse.ch/host/dukeenergyltd.top

Here's to security for us all. Cheers!)

Sys-Admin InfoSec

05 Apr 2024 14:05

🚀 Викторина на розыгрыш билетов на AppSecFest Almaty 2024
⁠
AppSecFest Almaty 2024 официально открыл продажу билетов, у тебя уважаемый username есть возможность попасть на конференцию бесплатно поучаствовав в розыгрыше от нашего Sys-Admin InfoSec канала.

Условия просты:

• Ответь правильно на вопросы из формы, далее путем рандома будет выбрано 5 победителей, которым организаторы разошлют билеты.

Конференция должна быть интересная в плане контента, нетворкинга и общения, будет возможность познакомиться со спикерами, например Михаилом Фленовым, мной, организаторами и многими другими интересными людьми.

Не пропустите возможность обогатить свои знания, узнать о последних трендах и лучших практиках AppSec и не только.

• Дата: 3 мая 2024 г.
• Место проведения: Атакент-экспо, 10 павильон, г. Алматы
• Остальные детали на: https://appsecfest.kz

Форма викторины - Здесь. Happy research!

Sys-Admin InfoSec

04 Apr 2024 13:50

/ HTTP/2 CONTINUATION Flood: Technical Details

https://nowotarski.info/http2-continuation-flood-technical-details/

Sys-Admin InfoSec

03 Apr 2024 10:15

/ OWASP Data Breach

OWASP Foundation became aware of a misconfiguration of OWASP’s old Wiki web server, leading to a data breach involving decade+-old member resumes:

https://owasp.org/blog/2024/03/29/OWASP-data-breach-notification.html

Sys-Admin InfoSec

01 Apr 2024 11:38

📢 Оптимизированный профиль для устройств Apple

После последних атак на одного из хостинг-провайдеров OpenBLD.net, я обновил топологию серверов для оптимизации доставки контента, особенно для пользователей Apple.

Загрузите оптимизированный профиль с сайта проекта и просто установите его поверх существующего:
👉 openbld.net/docs/get-started/setup-mobile-devices/apple/

Если ваша система работает нормально, обновление не обязательно. Просто помните, что такая возможность существует. Мир ✌️

P.S. Будут вопросы по обновлению - Welcome 😎

--- En ---

📢 Optimized Profile for Apple Devices

Following recent attacks on one of the hosting providers within OpenBLD.net, I have updated the server topology to optimize content delivery, especially for Apple users.

Download the optimized profile from the project website and simply install it over your existing one:
👉 openbld.net/docs/get-started/setup-mobile-devices/apple/

If your system is functioning normally, updating is not mandatory. Just remember that the option is available. Peace! ✌️

P.S. If you have any questions regarding the update - Welcome 😎

Sys-Admin InfoSec

29 Mar 2024 20:02

/ Password Spray Attacks Impacting Remote Access VPN Services

https://www.cisco.com/c/en/us/support/docs/security/secure-firewall-threat-defense/221806-password-spray-attacks-impacting-custome.html

Sys-Admin InfoSec

28 Mar 2024 20:01

“CVE-2024-21388”- Microsoft Edge’s Marketing API Exploited for Covert Extension Installation

Microsoft Edge browser, designated CVE-2024–21388. This flaw could have allowed an attacker to exploit a private API, initially intended for marketing purposes, to covertly install additional browser extensions with broad permissions without the user’s knowledge.

https://labs.guard.io/cve-2024-21388-microsoft-edges-marketing-api-exploited-for-covert-extension-installation-879fe5ad35ca

Sys-Admin InfoSec

28 Mar 2024 08:45

📢 Открытый практикум: Кросс-командные взаимодействия - учимся жить дружно
⁠
Время:

• 2 Апреля (Вторник) 19:00 МСК

Программа:

• Предпосылки для построения или изменения процесса взаимодействия
• Построение процесса взаимодействия команд DEV, QA с DevOps командой, когда вы единая служба
• Построение процесса работы DevOps с OPS/support

↘ Детали

Ведёт:

Александр Крылов – Опыт работы в DevOps более 7 лет. Спикер конференций: DevOps conf, TeamLead conf, Highload conf. Автор курса по Haproxy на Rebrain.

Sys-Admin InfoSec

27 Mar 2024 14:12

/ The latest emerging C2 was primarily focused on Asus devices, and grew to over 6,000 bots in a period of 72 hours.

ASUS routers under attack:

https://blog.lumen.com/the-darkside-of-themoon/

Sys-Admin InfoSec

22 Mar 2024 16:51

/ GoFetch is a microarchitectural side-channel attack that can extract secret keys from constant-time cryptographic implementations via data memory-dependent prefetchers (DMPs).

https://gofetch.fail/

Sys-Admin InfoSec

21 Mar 2024 08:45

📢 Открытый практикум DevOps by Rebrain: Как выживать инженеру в потоке тонны звонков
⁠
Время:

• 26 Марта (Вторник) 19:00 МСК

Программа:

• Подходы к оптимизации времени
• Фреймворк потока
• Капсульный подход управления календарём
• Тулсет

↘ Регистрация

Ведёт:

Александр Крылов – Опыт работы в DevOps более 7 лет. Спикер конференций: DevOps conf, TeamLead conf, Highload conf. Автор курса по Haproxy на Rebrain.

Sys-Admin InfoSec

20 Mar 2024 10:27

/ UDP-based, application-layer protocol implementations are vulnerable to network loops

..An unauthenticated attacker can use maliciously-crafted packets against a UDP-based vulnerable implementation of application protocols (e.g., DNS, NTP, TFTP) that can lead to Denial-of-Service (DOS) and/or abuse of resources..:

https://kb.cert.org/vuls/id/417980

Sys-Admin InfoSec

14 Mar 2024 20:05

/ What a Cluster: Local Volumes Vulnerability in Kubernetes

https://www.akamai.com/blog/security-research/kubernetes-local-volumes-command-injection-vulnerability-rce-system-privileges

Sys-Admin InfoSec

14 Mar 2024 08:45

📢 Открытый практикум: Выбираем форк MySQL от Oracle до MariaDB
⁠
Время:

• 19 Марта (Вторник) 19:00 МСК

Программа:

• Обзор открытых форков в экосистеме MySQL
• Oracle MySQL
• Percona Server for MySQL
• MariaDB
• Совместимость, возможности перехода
• Сравнение функциональности

↘ Детали

Ведёт:

Николай Лавлинский – Веб-разработчик более 15 лет. Спикер конференций HighLoad++, РИТ++. Специализация: ускорение сайтов и веб-приложений.

Sys-Admin InfoSec

11 Mar 2024 20:07

/ MAGNET GOBLIN TARGETS PUBLICLY FACING SERVERS USING 1-DAY VULNERABILITIES

https://research.checkpoint.com/2024/magnet-goblin-targets-publicly-facing-servers-using-1-day-vulnerabilities/

Sys-Admin InfoSec

08 Mar 2024 04:56

/ Cisco Secure Client Carriage Return Line Feed Injection Vulnerability (high)

Cisco Secure Client could allow an unauthenticated, remote attacker to conduct a carriage return line feed (CRLF) injection attack against a user:

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-secure-client-crlf-W43V4G7