Sys-Admin InfoSec

25 Apr 2023 06:42

/ Cisco patches high and critical flaws across several products

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ind-CAeLFk6V

Sys-Admin InfoSec

24 Apr 2023 15:08

/ EvilExtractor – All-in-One Stealer

EvilExtractor (sometimes spelled Evil Extractor) is an attack tool designed to target Windows operating systems and extract data and files from endpoint devices. It includes several modules that all work via an FTP service. It was developed by a company named Kodex, which claims it is an educational tool. However, research conducted by FortiGuard Labs shows cybercriminals are actively using it as an info stealer:

— https://www.fortinet.com/blog/threat-research/evil-extractor-all-in-one-stealer

Sys-Admin InfoSec

22 Apr 2023 04:43

/ GhostToken – Exploiting GCP application infrastructure to create invisible, unremovable trojan app on Google accounts

https://astrix.security/ghosttoken-exploiting-gcp-application-infrastructure-to-create-invisible-unremovable-trojan-app-on-google-accounts/

Sys-Admin InfoSec

21 Apr 2023 03:14

/ Debugging D-Link: Emulating firmware and hacking hardware

— https://www.greynoise.io/blog/debugging-d-link-emulating-firmware-and-hacking-hardware

Sys-Admin InfoSec

20 Apr 2023 19:22

/ Medusa ransomware crew brags about spreading Bing, Cortana source code

https://www.theregister.com/2023/04/19/medusa_microsoft_data_dump/

Sys-Admin InfoSec

20 Apr 2023 19:12

/ Stop using Telnet to test ports

Make life simpler by automating network checks with tools like Expect, Bash, Netcat, and Nmap instead:

https://www.redhat.com/sysadmin/stop-using-telnet-test-port

Sys-Admin InfoSec

20 Apr 2023 08:37

/ ‘AuKill’ EDR killer malware abuses Process Explorer driver

Over the past several months, Sophos X-Ops has investigated multiple incidents where attackers attempted to disable EDR clients with a new defense evasion tool we’ve dubbed AuKill. The AuKill tool abuses an outdated version of the driver used by version 16.32 of the Microsoft utility, Process Explorer, to disable EDR processes before deploying either a backdoor or ransomware on the target system:

— https://news.sophos.com/en-us/2023/04/19/aukill-edr-killer-malware-abuses-process-explorer-driver/

Sys-Admin InfoSec

19 Apr 2023 16:05

Get started using Attack simulation training

If your organization has Microsoft 365 E5 or Microsoft Defender for Office 365 Plan 2, which includes Threat Investigation and Response capabilities, you can use Attack simulation training in the Microsoft 365:

— More details…

Sys-Admin InfoSec

19 Apr 2023 08:33

/ Microsoft shifts to a new threat actor naming taxonomy

MS is excited to announce that we are shifting to a new threat actor naming taxonomy aligned to the theme of weather:

— https://www.microsoft.com/en-us/security/blog/2023/04/18/microsoft-shifts-to-a-new-threat-actor-naming-taxonomy/

Sys-Admin InfoSec

18 Apr 2023 12:17

Обновление Sys-Admin Open BLD DNS. Что нового Q1 2023.
 
Технологии идут вперед, нас пытаются кормить рекламой, программировать при помощи искусственного интеллекта.

Мы не пальцем деланы, движемся вперед, пытаемся сопротивляться. Рад представить новости о наработках проекта:

▫️ Стабильность - Для более стабильного обновления серверов создан новый публичный сервис cactusd 🌵. Регулярно обновляемые листы блокировок можно качать прямо из репозитория проекта.
▫️ Защита - Внедрена защита от атак "медленного чтения" 🥋 и "брутфорса" доменов
▫️ Скорость - Проработан "скоростной" стек 🏎, сегодня (как и зачастую) BLD DNS превосходит в скорости IBM Quad9 в этом можно легко убедиться попробовав BLD DNS или просто его протестировав, к примеру при помощи dns-tester

Согласно DDoS отчету Cloudflare за 2023 год основная часть атак происходит со взломанных VPS поэтому был мной придуман еще один новый проект: 🧘 Malicious IP relaxator

Sys-Admin Open BLD DNS два года+ с аптаймом 99.9% радует своих пользователей защитой от малвари, трекинга, отсутствием рекламы и аналитики.

Присоединяйся - https://lab.sys-adm.in/
 
P.S. Short in Engllish - /channel/sysadm_in_up/1642

Sys-Admin InfoSec

17 Apr 2023 03:07

Attack Surface Analyzer

Attack Surface Analyzer is a Microsoft developed open source security tool that analyzes the attack surface of a target system and reports on potential security vulnerabilities introduced during the installation of software or system misconfiguration:

— https://github.com/microsoft/AttackSurfaceAnalyzer

Sys-Admin InfoSec

16 Apr 2023 09:42

Nokoyawa ransomware attacks with Windows zero-day

— https://securelist.com/nokoyawa-ransomware-attacks-with-windows-zero-day/109483/

Ref: Windows Common Log File System Driver Elevation of Privilege Vulnerability

P.S. CobaltStrike C2s already blocked in Sys-Admin Open BLD DNS service

Sys-Admin InfoSec

13 Apr 2023 12:45

ELK - Как собрать логи в одном месте. Открытый практикум DevOps by Rebrain.
 
Успевайте зарегистрироваться. Количество мест строго ограничено! Запись практикума “DevOps by Rebrain” в подарок за регистрацию!

• 18 Апреля (Вторник), 19:00 по МСК. Детали

Программа:
• Рассмотрим состав стека ELK
• Поднимем тестовый стенд в докере
• Настроим индексы, политики ротации, маппинг, пайплайны

Ведет:
• Николай Лещев - DevOps, обожает Hashicorp сертифицирован по Consul, Vault и Terraform.

Sys-Admin InfoSec

13 Apr 2023 08:03

/ CVE-2023-1281, CVE-2023-1829: Linux kernel: Vulnerabilities in the
tcindex classifier

Both of these vulnerabilities can be used for local privilege escalation:

— https://www.openwall.com/lists/oss-security/2023/04/11/3

Sys-Admin InfoSec

11 Apr 2023 11:44

Awesome-sysadmin - List of amazingly awesome Free and Open-Source sysadmin resources.

— https://github.com/awesome-foss/awesome-sysadmin

#tool #collection

Sys-Admin InfoSec

25 Apr 2023 06:34

/ BlueNoroff APT group targets macOS with ‘RustBucket’ Malware

https://www.jamf.com/blog/bluenoroff-apt-targets-macos-rustbucket-malware/

Sys-Admin InfoSec

24 Apr 2023 15:01

/ RBAC Buster - First-Ever Attack Leveraging Kubernetes RBAC to Backdoor Clusters

This blog post is a part of a comprehensive study we conducted on misconfigured K8s clusters in the wild. Research findings are significant as they shed light on the risks of misconfigurations and how even large organizations can overlook the importance of securing their clusters, leaving them vulnerable to potential disasters with just one mistake:

— https://blog.aquasec.com/leveraging-kubernetes-rbac-to-backdoor-clusters

Sys-Admin InfoSec

21 Apr 2023 16:10

/ Private vulnerability reporting now generally availablein GitHub

private vulnerability reporting, a private collaboration channel that makes it easier for researchers and maintainers to report and fix vulnerabilities on public repositories:

https://github.blog/2023-04-19-private-vulnerability-reporting-now-generally-available/

Sys-Admin InfoSec

21 Apr 2023 03:12

/ Multiple vulnerabilities in VMware Aria Operations

Critical. An unauthenticated, malicious actor with network access to VMware Aria Operations for Logs may be able to execute arbitrary code as root. Advisory:

— https://www.vmware.com/security/advisories/VMSA-2023-0007.html

Sys-Admin InfoSec

20 Apr 2023 19:13

/ 3CX Software Supply Chain Compromise Initiated by a Prior Software Supply Chain Compromise

https://www.mandiant.com/resources/blog/3cx-software-supply-chain-compromise

Sys-Admin InfoSec

20 Apr 2023 10:45

Открытый практикум DevOps by Rebrain: Шифрование секретов в GitOps
 
• 25 Апреля (Вторник), 19:00 по МСК. Детали

Программа:
• Где хранить секреты - git, vault или облачный сервис?
• Разбираемся с dek, kek и kms
• Изучаем схему работы sops, sealed secrets
• Если успеем, то затронем варианты реализации kubernetes authentication в vault и external secrets

Ведет:
• Василий Озеров - Руководит международной командой в рамках своего агентства Fevlake. Co-Founder REBRAIN. Более 8 лет Devops практик.

Sys-Admin InfoSec

19 Apr 2023 17:59

/ Discarded, not destroyed: Old routers reveal corporate secrets

https://www.welivesecurity.com/2023/04/18/discarded-not-destroyed-old-routers-reveal-corporate-secrets/

Sys-Admin InfoSec

19 Apr 2023 12:45

AppSecFest - Уже в эту пятницу (21 апреля)
 
• Мобильное приложение как средство компрометации персональных данных или зачем нам Mobile Application Security?
• Концепции Incident Management в процессах DevSecOps
• Анализ кода фишингового ресурса
• Безопасность в Kubernetes: как устранить векторы атак на Kubernetes

Будут доклады про создание апсек-направления с нуля, пайплайн проверки, DAST, IAST и OAST...

Планируется онлайн трансляция, ссылка уже есть на сайте. Все детали здесь:
• appsecfest.kz
 

Sys-Admin InfoSec

19 Apr 2023 03:44

/ State-sponsored campaigns target global network infrastructure

..While infrastructure of all types has been observed under attack, attackers have been particularly successful in compromising infrastructure with out-of-date software..:

https://blog.talosintelligence.com/state-sponsored-campaigns-target-global-network-infrastructure/

Sys-Admin InfoSec

17 Apr 2023 09:23

/ Goldoson: Privacy-invasive and Clicker Android Adware found in popular apps

https://www.mcafee.com/blogs/other-blogs/mcafee-labs/goldoson-privacy-invasive-and-clicker-android-adware-found-in-popular-apps-in-south-korea/

Sys-Admin InfoSec

16 Apr 2023 09:44

Google is aware that an exploit for CVE-2023-2033 exists in the wild

Update your Chrome/-based browsers:

— https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop_14.html

Sys-Admin InfoSec

14 Apr 2023 11:10

Legion: an AWS Credential Harvester and SMTP Hijacker

Cado Labs researchers recently encountered an emerging Python-based credential harvester and hacktool, named Legion, aimed at exploiting various services for the purpose of email abuse. The tool is sold via the Telegram messenger, and includes modules dedicated to:

— enumerating vulnerable SMTP servers,
— conducting Remote Code Execution (RCE),
— exploiting vulnerable versions of Apache,
— brute-forcing cPanel and WebHost Manager (WHM) accounts,
— interacting with Shodan’s API to retrieve a target list (providing you supply an API key) and
— additional utilities, many of which involve abusing AWS services

— https://www.cadosecurity.com/legion-an-aws-credential-harvester-and-smtp-hijacker/

Sys-Admin InfoSec

13 Apr 2023 10:18

/ Shell in the Ghost: Ghostscript CVE-2023-28879 writeup

-- https://offsec.almond.consulting/ghostscript-cve-2023-28879.html

Sys-Admin InfoSec

12 Apr 2023 03:46

/ Windows Common Log File System Driver Elevation of Privilege Vulnerability

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28252

Sys-Admin InfoSec

11 Apr 2023 10:15

Возможность скидки на экзамен AWS / Курс Cloud-инженера
 
Курс будет полностью подарочным, коллеги из Core 24/7 обещают следующие призы за участие в конкурсе:

— скидка 50% на экзамен AWS Professional Certification
— курс Cloud-инженер на примере AWS

Победителей будет 3, по плану, каждый из них получит оба подарка.

Скидка будет доступна до 31 мая. Детали - https://core247.io/aws