sysadm_in_channel | Technologies

Telegram-канал sysadm_in_channel - Sys-Admin InfoSec

12335

News of cybersecurity / information security, information technology, data leaks / breaches, cve, hacks, tools, trainings * Multilingual (En, Ru). * Forum - forum.sys-adm.in * Chat - @sysadm_in * Job - @sysadm_in_job * ? - @sysadminkz

Subscribe to a channel

Sys-Admin InfoSec

/ Booting Linux off of Google Drive

https://ersei.net/en/blog/fuse-root

Читать полностью…

Sys-Admin InfoSec

/ Vulnerabilities in CocoaPods Open the Door to Supply Chain Attacks Against Thousands of iOS and MacOS Applications

...Such an attack on the mobile app ecosystem could infect almost every Apple device, leaving thousands of organizations vulnerable to catastrophic financial and reputational damage. One of the vulnerabilities could also enable zero day attacks against the most advanced and secure organizations’ infrastructure..:

https://www.evasec.io/blog/eva-discovered-supply-chain-vulnerabities-in-cocoapods

Читать полностью…

Sys-Admin InfoSec

/ GitLab Critical Patch Release: 17.1.1, 17.0.3, 16.11.5

- Run pipelines as any user
- Private job artifacts can be accessed by any user
- Denial of service using a crafted OpenAPI file
- and more..

https://about.gitlab.com/releases/2024/06/26/patch-release-gitlab-17-1-1-released/

Читать полностью…

Sys-Admin InfoSec

OpenBLD.net Preventing: - Polyfill supply chain attack (hits 100K+ sites)

The polyfill.js is a popular open source library to support older browsers. 100K+ sites embed it using the cdn.polyfill.io domain...

All IoC sent to OpenBLD.net ecosystem 💪

Attack details:

https://sansec.io/research/polyfill-supply-chain-attack

Читать полностью…

Sys-Admin InfoSec

/ Cloaked and Covert: Uncovering UNC3886 Espionage Operations

After exploiting zero-day vulnerabilities to gain access to vCenter servers and subsequently managed ESXi servers, the actor obtained total control of guest virtual machines that shared the same ESXi server as the vCenter server..:

https://cloud.google.com/blog/topics/threat-intelligence/uncovering-unc3886-espionage-operations

Читать полностью…

Sys-Admin InfoSec

/ Backdoor BadSpace delivered by high-ranking infected websites

There is a tendency to infect WordPress websites and to inject the malicious code to the JavaScript libraries like jQuery or in the index page.

..The PowerShell code silently downloads the BadSpace backdoor and after ten seconds it executes the downloaded file using rundll32.exe..:

https://www.gdatasoftware.com/blog/2024/06/37947-badspace-backdoor

Читать полностью…

Sys-Admin InfoSec

/ lnav – Awesome terminal log file viewer for Linux and Unix

https://www.cyberciti.biz/open-source/lnav-linux-unix-ncurses-terminal-log-file-viewer/

Читать полностью…

Sys-Admin InfoSec

Аутлук или Оутглюк? Ясно одно - открыв письмо из него можно словить два эффекта одновременно: Critical Microsoft Outlook Vulnerability Executes as Email is Opened:

https://blog.morphisec.com/cve-2024-30103-microsoft-outlook-vulnerability

Читать полностью…

Sys-Admin InfoSec

/ Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30080

Читать полностью…

Sys-Admin InfoSec

/ 1/6 | How We Hacked Multi-Billion Dollar Companies in 30 Minutes Using a Fake VSCode Extension

amitassaraf/the-story-of-extensiontotal-how-we-hacked-the-vscode-marketplace-5c6e66a0e9d7" rel="nofollow">https://medium.com/@amitassaraf/the-story-of-extensiontotal-how-we-hacked-the-vscode-marketplace-5c6e66a0e9d7

Читать полностью…

Sys-Admin InfoSec

📢 Открытые практикумы DevOps, Linux, Networks, Golang: Расписание на неделю

10 июня Networks: Системы мониторинга VoIP
11 июня Linux: Низкоуровневые интерфейсы Linux
13 июня DevOps: Мониторинг и нагрузочное тестирование Angie

Детали ↘ Здесь

Читать полностью…

Sys-Admin InfoSec

/ ShrinkLocker: Turning BitLocker into ransomware

https://securelist.com/ransomware-abuses-bitlocker/112643/

Читать полностью…

Sys-Admin InfoSec

/ The Pumpkin Eclipse or “Chalubo” - remote access trojan (RAT)

Lumen Technologies’ Black Lotus Labs identified a destructive event, as over 600,000 small office/home office (SOHO) routers were taken offline belonging to a single internet service provider (ISP)..:

https://blog.lumen.com/the-pumpkin-eclipse/

Читать полностью…

Sys-Admin InfoSec

/ Remote Command Execution on TP-Link Archer C5400X

https://onekey.com/blog/security-advisory-remote-command-execution-on-tp-link-archer-c5400x/

Читать полностью…

Sys-Admin InfoSec

/ Infiltrating Defenses: Abusing VMware in MITRE’s Cyber Intrusion

Technical details of new behavior employed by the adversary, who aligns with Google Mandiant’s UNC5221, and how the BRICKSTORM backdoor and BEEFLUSH web shell abused VMs in VMware through a privileged user account, VPXUSER, to establish persistence within the impacted environment. Will also provide detection scripts, from MITRE and CrowdStrike, to find this activity in other environments and go over how Secure Boot serves as a barrier against the adversary technique..:

https://medium.com/mitre-engenuity/infiltrating-defenses-abusing-vmware-in-mitres-cyber-intrusion-4ea647b83f5b

Читать полностью…

Sys-Admin InfoSec

/ CapraTube Remix | Transparent Tribe’s Android Spyware Targeting Gamers...

The new versions of CapraRAT each use WebView to launch a URL to either YouTube or a mobile gaming site, CrazyGames[.]com. There is no indication that an app with the same name, Crazy Games, is weaponized as it does not require several key CapraRAT permissions, such as sending SMS, making calls, accessing contacts, or recording audio and video..:

https://www.sentinelone.com/labs/capratube-remix-transparent-tribes-android-spyware-targeting-gamers-weapons-enthusiasts/

Читать полностью…

Sys-Admin InfoSec

regreSSHion: Remote Unauthenticated Code Execution Vulnerability in OpenSSH server

https://blog.qualys.com/vulnerabilities-threat-research/2024/07/01/regresshion-remote-unauthenticated-code-execution-vulnerability-in-openssh-server

Читать полностью…

Sys-Admin InfoSec

/ The Growing Threat of Malware Concealed Behind Cloud Services

- Affected Platforms: Linux Distributions
- Impacted Users: Any organization
- Impact: Remote attackers gain control of the vulnerable systems
- Severity Level: High

Cybersecurity threats are increasingly leveraging cloud services to store, distribute, and establish command and control (C2) servers, such as VCRUMS stored on AWS or SYK Crypter distributed via DriveHQ. This shift in strategy presents significant challenges for detection and prevention, as cloud services provide scalability, anonymity, and resilience that traditional hosting methods lack..:

https://www.fortinet.com/blog/threat-research/growing-threat-of-malware-concealed-behind-cloud-services

Читать полностью…

Sys-Admin InfoSec

/ Any.Run - Phishing Incident Report: Facts and Timeline

...part of a business email compromise (BEC) phishing campaign:

https://any.run/cybersecurity-blog/phishing-incident-report/

Читать полностью…

Sys-Admin InfoSec

/ New Diamorphine rootkit variant seen undetected in the wild

https://decoded.avast.io/davidalvarez/new-diamorphine-rootkit-variant-seen-undetected-in-the-wild/

Читать полностью…

Sys-Admin InfoSec

/ D-Link router - Hidden Backdoor

Certain models of D-Link wireless routers contain an undisclosed factory testing backdoor. Unauthenticated attackers on the local area network can force the device to enable Telnet service by accessing a specific URL and can log in by using the administrator credentials obtained from analyzing the firmware:

https://www.twcert.org.tw/en/cp-139-7880-629f5-2.html

Читать полностью…

Sys-Admin InfoSec

/ AutoIt Delivering Vidar Stealer Via Drive-by Downloads

Dangerous KMSPico activator tool..:

https://www.esentire.com/blog/autoit-delivering-vidar-stealer-via-drive-by-downloads

Читать полностью…

Sys-Admin InfoSec

/ FortiOS RCE

Multiple stack-based buffer overflow vulnerabilities [CWE-121] in the command line interpreter of FortiOS may allow an authenticated attacker to execute unauthorized code or commands via specially crafted command line arguments:

https://www.fortiguard.com/psirt/FG-IR-23-460

Читать полностью…

Sys-Admin InfoSec

/ Bypassing 2FA with phishing and OTP bots

https://securelist.com/2fa-phishing/112805/

Читать полностью…

Sys-Admin InfoSec

/ Muhstik Malware Targets Message Queuing Services Applications

https://www.aquasec.com/blog/muhstik-malware-targets-message-queuing-services-applications/

Читать полностью…

Sys-Admin InfoSec

/ PikaBot: a Guide to its Deep Secrets and Operations

PikaBot is a malware loader... several sources reported that successful PikaBot compromises led to the deployment of the Black Basta ransomware...

This article provides an in-depth analysis of PikaBot, focusing on its anti-analysis techniques implemented in the different malware stages. Additionally, this report shares technical details on PikaBot C2 infrastructure:

https://blog.sekoia.io/pikabot-a-guide-to-its-deep-secrets-and-operations/

Читать полностью…

Sys-Admin InfoSec

Chrome Manifest v2 RIP coming soon . Google has set the first date for getting rid of the manifest for this version.

Starting on June 3 on the Chrome Beta, Dev and Canary channels, if users still have Manifest V2 extensions installed, some will start to see a warning banner when visiting their extension management page..:

https://blog.chromium.org/2024/05/manifest-v2-phase-out-begins.html

Читать полностью…

Sys-Admin InfoSec

/ Technical Analysis of Anatsa Campaigns: An Android Banking Malware Active in the Google Play Store

https://www.zscaler.com/blogs/security-research/technical-analysis-anatsa-campaigns-android-banking-malware-active-google

Читать полностью…

Sys-Admin InfoSec

/ Threat actors ride the hype for newly released Arc browser

https://www.threatdown.com/blog/threat-actors-ride-the-hype-for-newly-released-arc-browser/

Читать полностью…

Sys-Admin InfoSec

📢 Открытые практикумы DevOps, Linux, Networks, Golang: Расписание на неделю

27 мая Golang: Начало работы с gRPC в Golang (Сергей Парамошкин – Технический менеджер Яндекс.облако)
28 мая Security: Безопасность Docker (Алексей Федулаев – DevSecOps Lead Wildberries)
29 мая Linux: DHCP-сервер на Kea (Даниил Батурин – Основатель проекта VyOS)
30 мая DevOps: Фильтрация пакетов с помощью nftables (Николай Лавлинский – Технический директор)

Детали ↘ Здесь

Читать полностью…
Subscribe to a channel