Sys-Admin InfoSec

11 May 2023 07:27

Fake system update drops Aurora stealer via Invalid Printer loader

https://www.malwarebytes.com/blog/threat-intelligence/2023/05/fake-system-update-drops-new-highly-evasive-loader

Sys-Admin InfoSec

10 May 2023 03:02

MS released update consists of the following 40 Microsoft CVEs:

https://msrc.microsoft.com/update-guide/releaseNote/2023-May

One of CVE indicated as CVE-2023-24932, article for Windows Boot Manager revocations for Secure Boot changes:

https://support.microsoft.com/en-us/topic/kb5025885-how-to-manage-the-windows-boot-manager-revocations-for-secure-boot-changes-associated-with-cve-2023-24932-41a975df-beb2-40c1-99a3-b3ff139f832d

Sys-Admin InfoSec

09 May 2023 19:57

[CVE-2023-32233] Linux kernel use-after-free in Netfilter nf_tables

https://www.openwall.com/lists/oss-security/2023/05/08/4

Sys-Admin InfoSec

05 May 2023 18:04

When Good APIs Go Bad: Uncovering 3 Azure API Management Vulnerabilities

Vulnerabilities in the Azure API Management service. These included two SSRF (Server-Side Request Forgery) vulnerabilities and a file upload path traversal on an internal Azure workload:

— Read more…

Sys-Admin InfoSec

04 May 2023 15:02

/ AirPods under attack. Hotfixes from Apple

https://support.apple.com/en-us/HT213752

Sys-Admin InfoSec

04 May 2023 04:20

/ The LockBit ransomware (kinda) comes for macOS

Detailed research:

https://objective-see.org/blog/blog_0x75.html

Sys-Admin InfoSec

02 May 2023 19:46

/ Three New BGP Message Parsing Vulnerabilities Disclosed in FRRouting Software

https://www.forescout.com/blog/three-new-bgp-message-parsing-vulnerabilities-disclosed-in-frrouting-software/

Sys-Admin InfoSec

29 Apr 2023 07:09

/ Zyxel has released patches for an OS command injection vulnerability

https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-remote-command-injection-vulnerability-of-firewalls

Sys-Admin InfoSec

28 Apr 2023 09:58

/ Elastic Security Labs discovers the LOBSHOT malware

Adversaries continue to abuse and increase reach through malvertising such as Google Ads by impersonating legitimate software..

Deep dive research and protection steps:

— https://www.elastic.co/security-labs/elastic-security-labs-discovers-lobshot-malware

🥋 Malware domains already blocked in Sys-Admin BLD DNS

Sys-Admin InfoSec

28 Apr 2023 04:13

/ Never Connect to RDP Servers Over Untrusted Networks

Demonstration - why connecting using the Remote Desktop Protocol (RDP) must be avoided on untrusted networks like in hotels, conferences, or public Wi-Fi. Protecting the connection with a VPN or a Remote Desktop Gateway is the only safe alternative:

https://www.gosecure.net/blog/2023/04/26/never-connect-to-rdp-servers-over-untrusted-networks/

Sys-Admin InfoSec

27 Apr 2023 12:45

Открытые практикумы DevOps, Linux, Networks и Golang by Rebrain (расписание на май)
 
• 2 мая DevOps: Использование регулярных выражений на примере анализа логов
• 3 мая Linux: Виртуальные интерфейсы и канальный уровень в Linux
• 4 мая Networks: Traffic Engineering (TE)
• 10 мая Linux: ФСТЭК для Linux (часть 2)
• 16 мая DevOps: Введение в Docker
• 17 мая Linux: ФСТЭК для Linux
• 18 мая Networks: Segment Routing (SR)
• 23 мая DevOps by Rebrain
• 24 мая Linux: Сертификат WEB-сервера
• 25 мая Golang by Rebrain
• 30 мая DevOps: Шифрование секретов в GitOps
• 31 мая Linux: Реализации протоколов маршрутизации для Linux

Подключиться можно Здесь

Sys-Admin InfoSec

26 Apr 2023 12:00

/ A maintenance release Git v2.40.1 with fixes many security issues

CVE-2023-25652, CVE-2023-25815, and CVE-2023-29007

— https://lkml.org/lkml/2023/4/25/705

Sys-Admin InfoSec

26 Apr 2023 08:25

/ Detecting and decrypting Sliver C2 – a threat hunter’s guide

Sliver is an open-source, cross-platform, and extensible C2 framework. It’s written primarily in Go, making it fast, portable, and easy to customize. This versatility makes it a popular choice among red teams for adversary emulation and as a learning tool for security enthusiasts.

The Sliver C2 framework has features catering to both beginner and advanced users. One of its main attractions is the ability to generate dynamic payloads for multiple platforms, such as Windows, Linux, and macOS. These payloads, or “slivers,” provide capabilities like establishing persistence, spawning a shell, and exfiltrating data.

When it comes to communication, Sliver supports a wide range of communication protocols, including HTTP, HTTPS, DNS, TCP, and WireGuard. This ensures that C2 traffic is flexible, stealthy, and can blend in with normal network traffic

— Full article…

Sys-Admin InfoSec

25 Apr 2023 16:02

Тезисно о том, как можно получить Open Source - All Product Pack лицензию от JetBrains

Все просто - делай вклад в этот мир и тебе воздастся ;)

— https://youtu.be/9DMnXS0ifAA

Sys-Admin InfoSec

25 Apr 2023 08:17

New side attack to Intel CPU report

Abstract—The transient execution attack is a type of attack
leveraging the vulnerability of modern CPU optimization tech-
nologies. New attacks surface rapidly. The side-channel is a key
part of transient execution attacks to leak data

Sys-Admin InfoSec

10 May 2023 16:54

From One Vulnerability to Another: Outlook Patch Analysis Reveals Important Flaw in Windows API

…
An unauthenticated attacker on the internet could use the vulnerability to coerce an Outlook client to connect to an attacker-controlled server. This results in NTLM credentials theft. It is a zero-click vulnerability, meaning it can be triggered with no user interaction
…

— https://www.akamai.com/blog/security-research/important-outlook-vulnerability-bypass-windows-api

Sys-Admin InfoSec

09 May 2023 19:59

New Akira Ransomware Operation Hits Corporate Networks

https://www.blackhatethicalhacking.com/news/new-akira-ransomware-operation-hits-corporate-networks/

Sys-Admin InfoSec

08 May 2023 09:21

GitLab Critical Security Release: 15.11.2, 15.10.6, and 15.9.7

GitLab Community Edition (CE) and Enterprise Edition (EE) - Malicious Runner Attachment via GraphQL:

— https://about.gitlab.com/releases/2023/05/05/critical-security-release-gitlab-15-11-2-released/

Sys-Admin InfoSec

04 May 2023 17:04

OpenBLD Pre-release Testing Program
 
I'm working on new OpenBLD DoH/DoT release with Anycast DNS, GeoDNS (Europe, Asia locations) functionality.

I think this or next month, I'll start the new faster DoH/DoT OpenBLD testing release with automatic identification of the closest server location continent and network route detection for OpenBLD clients.

You can fill this form in, after review I'll "ping" you with testing as soon as possible:

🔶 REQUEST PARTICIPATION

Let's make internet surfing faster and safer together. Peace ✌️

Sys-Admin InfoSec

04 May 2023 12:45

Открытый практикум Linux by Rebrain: ФСТЭК для Linux. Часть 2
 
• 10 Мая (Среда) в 20:00 по МСК. Детали

Программа:
• Продолжаем выполнять требования
• Что нужно поправить в работе ядра
• Что может быть если это не исправить

Ведет:
• Андрей Буранов - Специалист по UNIX-системам в компании VK. Опыт работы с ОС Linux более 7 лет.

Sys-Admin InfoSec

04 May 2023 04:10

/ Netgear User Management Remote Credentials Disclosur,e Remote Restriction Bypass

https://flashpoint.io/resources/research/fp-2023-01-netgear-prosafe-network-management-system/

Sys-Admin InfoSec

02 May 2023 11:49

 
OpenBLD - Next Stage to Growth with ClouDNS

GeoDNS and Global Anycast DNS features from ClouDNS - it as a brilliant opportunity for additional OpenBLD Performance and Availability

Today ClouDNS supported OpenBLD DNS and provided own features for free:
• Anycast DNS service and Anycast GeoDNS servers
• DDoS Protection
• DNS Failover checks
• EDNS-client-subnet support
• and more...

ClouDNS providing flexible tools for managements services and very affordable pricing plans and it is I like it very much.

This can be a key milestone in the development phase of the OpenBLD project, it is a next stage for growth. I have special domain name for OpenBLD DNS project, may be it is a "that very moment"...

• All ClouDNS features you can found on ClouDNS Site
• How to protect for your self and family with OpenBLD Here

Sys-Admin InfoSec

28 Apr 2023 15:22

/ RTM Locker Ransomware as a Service (RaaS) Now Suits Up for Linux Architecture

ESXi servers under attack..:

https://www.uptycs.com/blog/rtm-locker-ransomware-as-a-service-raas-linux

Sys-Admin InfoSec

28 Apr 2023 04:15

/ CLI tricks every developer should know

https://github.blog/2023-04-26-cli-tricks-every-developer-should-know/

Sys-Admin InfoSec

27 Apr 2023 16:06

/ Threat Actor Selling New Atomic macOS (AMOS) Stealer on Telegram

https://blog.cyble.com/2023/04/26/threat-actor-selling-new-atomic-macos-amos-stealer-on-telegram/

Sys-Admin InfoSec

27 Apr 2023 08:16

/ New high-severity vulnerability (CVE-2023-29552) discovered in the Service Location Protocol (SLP)

https://www.bitsight.com/blog/new-high-severity-vulnerability-cve-2023-29552-discovered-service-location-protocol-slp

Sys-Admin InfoSec

26 Apr 2023 08:28

/ Zscaler ThreatLabz 2023 Phishing Report

Sys-Admin InfoSec

25 Apr 2023 16:23

Note: All DoT (853) BLD (bld.sys-adm.in) clients (Android) shoult be migrate to A-BLD (a-bld.sys-adm.in)

🔆 Внимание. Всем Android клиентам bld.sys-adm.in - необходимо перенастроить безопасный DNS на a-bld.sys-adm.in!

Sys-Admin InfoSec

25 Apr 2023 10:12

Linux Catalogs - Visual Descriptions

Sys-Admin InfoSec

25 Apr 2023 07:14

/ Free Copilot analog from Amazon

https://aws.amazon.com/codewhisperer/