Sys-Admin InfoSec

10 Apr 2023 16:10

/ Catching Threat Actors using honeypots! (Part1)

— https://burningmalware.com/Catching-Threat-Actors-using-honeypots!-(Part1)/

Sys-Admin InfoSec

10 Apr 2023 07:17

50 Methods For Lsass Dump(RTC0002)

https://redteamrecipe.com/50-Methods-For-Dump-LSASS/

Img raw:

https://raw.githubusercontent.com/elementalsouls/DumpLSASS/main/50_Methods%20for%20LSASS%20Dump.png

Sys-Admin InfoSec

07 Apr 2023 03:25

/ Multiple vulnerabilities in the restricted shell of Cisco EPNM/ISE allow an authenticated, local attacker to escape the restricted shell and gain root privileges on the underlying operating system

-- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-adeos-MLAyEcvk

Sys-Admin InfoSec

06 Apr 2023 07:07

/ Azure AD PowerShell Deprecation as June Deadline Approaches

https://techcommunity.microsoft.com/t5/microsoft-entra-azure-ad-blog/migrate-your-apps-to-access-the-license-managements-apis-from/bc-p/3783180?WT.mc_id=M365-MVP-9501

Sys-Admin InfoSec

06 Apr 2023 03:31

/ Certain HP Enterprise LaserJet and HP LaserJet Managed printers - Potential information disclosure

critical

https://support.hp.com/us-en/document/ish_7905330-7905358-16/hpsbpi03838

Sys-Admin InfoSec

04 Apr 2023 13:48

/ Rorschach – A New Sophisticated And Fast Ransomware

— https://research.checkpoint.com/2023/rorschach-a-new-sophisticated-and-fast-ransomware/

Sys-Admin InfoSec

04 Apr 2023 09:45

AppSecFest - Осталось меньше месяца (21 апреля)
 
• The Evolution of Software Supply Chain Attacks Summary (En)
• От SDLC к Secure SDLC: актуальные вопросы о безопасной разработке
• Как без выделенных ресурсов построить систему управления ИБ, соответствующую SOC2
• Как собрать AppSec-отдел с нуля без смс и регистрации
• DevSecOps пайплайн на опенсорс инструментах
• Задача поиска точек ввода данных (DEP) при динамическом анализе современных веб-приложений
• Концепции Incident Management в процессах DevSecOps

Отдельно хочется сказать о докладе:
• Построение процессов безопасности в финтехе в США
• Докладчик Михаил Фленов - тот самый автор журнала Хакер, написавший несколько книг из серии "Глазами Хакера"

Детали и регистрация здесь - appsecfest.kz

Sys-Admin InfoSec

01 Apr 2023 08:39

After Happy Backup Day (31 March)

▫️ Make backups
▫️ Make them automatic
▫️ Make sure they work

.. and will be happy 🏆🎉🧘

Sys-Admin InfoSec

30 Mar 2023 13:46

/ BingBang: The AAD misconfiguration that led to Bing.com results manipulation and account takeover explained

— https://www.wiz.io/blog/azure-active-directory-bing-misconfiguration

Sys-Admin InfoSec

29 Mar 2023 08:08

GitHub Actions extension for VS Code

GitHub announced workflow extension:

— https://github.blog/2023-03-28-announcing-the-github-actions-extension-for-vs-code/

Sys-Admin InfoSec

28 Mar 2023 14:06

Malware AV/VM evasion - part 14: encrypt/decrypt payload via A5/1. Bypass Kaspersky AV. Simple C++ example.

This post is the result of research on try to evasion AV engines via encrypting payload with another function: GSM A5/1 algorithm:

— https://cocomelonc.github.io/malware/2023/03/24/malware-av-evasion-14.html

Sys-Admin InfoSec

28 Mar 2023 03:51

/ Microsoft Mitigates Outlook Elevation of Privilege Vulnerability

March 23, 2023 update:

— https://msrc.microsoft.com/blog/2023/03/microsoft-mitigates-outlook-elevation-of-privilege-vulnerability/

Sys-Admin InfoSec

27 Mar 2023 12:11

🌵 New Cactusd Release - v.0.1.7
 
Cactusd currently has multiple uses - download > aggregate > compress and sort and then merge to one block and allow domain/IP lists from Internet and finally publish lists in own embeded web server.

Now I want to present new few features:
- Upload server (as example: you can upload own IP lists from servers manually or with ip2drop.py to Cactusd which will merge and publish tis lists as dropped_ip.txt list)
- Now you can view size for published files on web server
- Now Cactusd can configure and ping remote servers with different ports (like as 53, 443, 853 and etc)
- Ping status results displayed on Cactusd web page
- Cactusd written on Go and now you cant simple implement cactusd binary in to systemd unit service

- https://github.com/m0zgen/cactusd

Sys-Admin InfoSec

27 Mar 2023 03:38

/ Nginxpwner is a simple tool to look for common Nginx misconfigurations and vulnerabilities

https://github.com/stark0de/nginxpwner

Sys-Admin InfoSec

25 Mar 2023 07:55

/ GitHub canged RSA SSH - need update locally

how to update key and why did they do it:

— https://github.blog/2023-03-23-we-updated-our-rsa-ssh-host-key/

Sys-Admin InfoSec

10 Apr 2023 10:20

/ Balada Injector: Synopsis of a Massive Ongoing WordPress Malware Campaign

https://blog.sucuri.net/2023/04/balada-injector-synopsis-of-a-massive-ongoing-wordpress-malware-campaign.html

Sys-Admin InfoSec

08 Apr 2023 03:49

/ Actively exploited. About the security content of iOS 16.4.1 and iPadOS 16.4.1

— https://support.apple.com/en-us/HT213720

Sys-Admin InfoSec

06 Apr 2023 10:45

Открытый практикум DevOps by Rebrain: Запускаем MySQL, Percona Server и MariaDB с помощью Docker
 
• 11 Апреля (Вторник), 19:00 по МСК. Регистрация

Программа:
• Посмотрим, как можно одновременно запустить три варианта MySQL на одном хосте с помощью Docker
• Обсудим, как проводить базовые операции с базами данных в контейнерах
• И другие особенности работы в Docker

Ведет:
• Николай Лавинский - Веб-разработчик более 15 лет. Специализация: ускорение сайтов и веб-приложений

Sys-Admin InfoSec

06 Apr 2023 03:36

/ Rilide: A New Malicious Browser Extension for Stealing Cryptocurrencies

https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/rilide-a-new-malicious-browser-extension-for-stealing-cryptocurrencies/

Sys-Admin InfoSec

05 Apr 2023 11:19

Агрегатор доменов для Pi-Hole, AdGuard, Blocky, Open BLD
 
хей хо, кто юзает pi-hole, adguard, blocky, open-bld.. а так же блокирует вредоносные IP через ipset, firewalld или ip2drop

Я запустил новый cactusd пайплайн который два раза в сутки (каждые 12 часов) агрегирует зловредные доменные имена и айпи адреса в мега-листы, которые в том числе юзаются на bld и ip2drop эндпоинтах, кто хочет использовать self hosted решение, конфиги приведены там же в README.md:

— https://github.com/m0zgen/cactusd
 

Sys-Admin InfoSec

04 Apr 2023 13:47

/ Dangerous SFX

How Falcon OverWatch Investigates Malicious Self-Extracting Archives, Decoy Files and Their Hidden Payloads:

— https://www.crowdstrike.com/blog/self-extracting-archives-decoy-files-and-their-hidden-payloads/

Sys-Admin InfoSec

03 Apr 2023 10:01

/ Moobot Strikes Again - Targeting Cacti And RealTek Vulnerabilities

— https://www.fortinet.com/blog/threat-research/moobot-strikes-again-targeting-cacti-and-realtek-vulnerabilities

Sys-Admin InfoSec

31 Mar 2023 11:33

/ Super FabriXss: From XSS to an RCE in Azure Service Fabric Explorer by Abusing an Event Tab Cluster Toggle (CVE-2023-23383)

Super FabriXss (CVE-2023-23383) is a dangerous Cross-Site Scripting (XSS) vulnerability discovered by the Orca Research Pod that affects Azure Service Fabric Explorer (SFX). This vulnerability enables unauthenticated remote attackers to execute code on a container hosted on a Service Fabric node:

— https://orca.security/resources/blog/super-fabrixss-azure-vulnerability/

Sys-Admin InfoSec

29 Mar 2023 15:04

/ Spyware vendors use 0-days and n-days against popular platforms

Your missed parcel included 0-days (CVE-2022-42856; CVE-2022-4135)...

iOS, Android, Samsung Internet Browser..:

https://blog.google/threat-analysis-group/spyware-vendors-use-0-days-and-n-days-against-popular-platforms/

Sys-Admin InfoSec

28 Mar 2023 20:26

/ March 20 ChatGPT outage: Here’s what happened

An update on our findings, the actions we’ve taken, and technical details of the bug:

https://openai.com/blog/march-20-chatgpt-outage

Sys-Admin InfoSec

28 Mar 2023 10:50

MacStealer: New macOS-based Stealer Malware Identified

https://www.uptycs.com/blog/macstealer-command-and-control-c2-malware

Sys-Admin InfoSec

27 Mar 2023 16:38

/ Malicious Actors Use Unicode Support in Python to Evade Detection

-- https://blog.phylum.io/malicious-actors-use-unicode-support-in-python-to-evade-detection

Sys-Admin InfoSec

27 Mar 2023 06:42

/ Shining Light on Dark Power: Yet Another Ransomware Gang

Another day, another ransomware gang. The Dark Power ransomware gang is new on the block, and is trying to make a name for itself..:

https://www.trellix.com/en-us/about/newsroom/stories/research/shining-light-on-dark-power.html

Sys-Admin InfoSec

25 Mar 2023 11:24

/ Apache OpenOffice documents can contain links that call internal macros with arbitrary arguments..

CVE-2022-47502

https://www.cve.org/CVERecord?id=CVE-2022-47502

Sys-Admin InfoSec

24 Mar 2023 11:22

/ “FakeGPT” #2: Open-Source Turned Malicious in Another Variant of the Facebook Account-Stealer Chrome Extension

https://labs.guard.io/fakegpt-2-open-source-turned-malicious-in-another-variant-of-the-facebook-account-stealer-d00ef9883d61