sysadm_in_channel | Technologies

Telegram-канал sysadm_in_channel - Sys-Admin InfoSec

12335

News of cybersecurity / information security, information technology, data leaks / breaches, cve, hacks, tools, trainings * Multilingual (En, Ru). * Forum - forum.sys-adm.in * Chat - @sysadm_in * Job - @sysadm_in_job * ? - @sysadminkz

Subscribe to a channel

Sys-Admin InfoSec

/ VirtualBox KVM public release

https://cyberus-technology.de/articles/vbox-kvm-public-release

Читать полностью…

Sys-Admin InfoSec

/ Critical Security Issue Affecting TeamCity On-Premises (CVE-2024-23917)

https://blog.jetbrains.com/teamcity/2024/02/critical-security-issue-affecting-teamcity-on-premises-cve-2024-23917/

Читать полностью…

Sys-Admin InfoSec

/ SmartScreen Vulnerability CVE-2023-36025 - Exploring the Latest Mispadu Stealer Variant

https://unit42.paloaltonetworks.com/mispadu-infostealer-variant/

Читать полностью…

Sys-Admin InfoSec

/ runc: CVE-2024-21626: high severity container breakout attack

https://www.openwall.com/lists/oss-security/2024/01/31/6

Читать полностью…

Sys-Admin InfoSec

/ HeadCrab 2.0: Evolving Threat in Redis Malware Landscape

Technical analysis of HeadCrab 2.0 advanced malware:

https://www.aquasec.com/blog/headcrab-2-0-evolving-threat-in-redis-malware-landscape/

Читать полностью…

Sys-Admin InfoSec

📢 Практикумы DevOps, Linux, Networks, Golang: расписание на Февраль 2024

• 6 февраля DevOps: Проксирование в Nginx и Angie
• 7 февраля Linux: RAID массивы
• 8 февраля Linux: Погружение в VoIP3: Dialplan в Asterisk
• 12 февраля Linux: RAID массивы 2
• 13 февраля DevOps: Балансировка нагрузки в Nginx и Angie
• 14 февраля Linux: DWARF, ELF, ptrace или как работает ваш дебагер. Часть 2
• 15 февраля DevOps: Ментальная модель Kafka

Открытые Февральские практикумы - Все детали

Читать полностью…

Sys-Admin InfoSec

/ Discovers Important Vulnerabilities in GNU C Library’s syslog()

https://blog.qualys.com/vulnerabilities-threat-research/2024/01/30/qualys-tru-discovers-important-vulnerabilities-in-gnu-c-librarys-syslog

Читать полностью…

Sys-Admin InfoSec

/ DarkGate malware delivered via Microsoft Teams - detection and response

https://cybersecurity.att.com/blogs/security-essentials/darkgate-malware-delivered-via-microsoft-teams-detection-and-response

Читать полностью…

Sys-Admin InfoSec

/ A false-alarm incident involving Panda Security software leads to three very real CVEs

..an attacker might be able to achieve RCE by chaining CVE-2023-6330 with other vulnerabilities..:

https://news.sophos.com/en-us/2024/01/25/multiple-vulnerabilities-discovered-in-widely-used-security-driver/

Читать полностью…

Sys-Admin InfoSec

/ GitLab - upgraded to the latest version as soon as possible

Crirtucal security release:

https://about.gitlab.com/releases/2024/01/11/critical-security-release-gitlab-16-7-2-released/

Читать полностью…

Sys-Admin InfoSec

📢 Открытый практикум DevOps by Rebrain: Практика управления ошибками спринта в DevOps

• 30 Января (Вторник) 19:00 МСК.

Детали

Программа:

• Что такое RCA
• Спринтовое планирование
• Проводим RCA и соотносим со сквозным бэклогом

Ведёт:

Александр Крылов – Team Lead DevOps. Опыт работы в DevOps более 7 лет. Спикер конференций: DevOps conf, TeamLead conf, Highload conf. Автор курса по Haproxy на Rebrain.

Читать полностью…

Sys-Admin InfoSec

/ Malicious npm packages target developer SSH keys

warbeast2000, kodiak2k... Malicious actors looking to obtain SSH keys from developers is an alarming development. Detailed research:

https://www.reversinglabs.com/blog/gitgot-cybercriminals-using-github-to-store-stolen-data

Читать полностью…

Sys-Admin InfoSec

/ Deserialization of Untrusted Data on Splunk Enterprise for Windows through Path Traversal from Separate Disk Partition

- Mitigations and WorkaroundsPermalink: N/A
- DetectionsPermalink: None
- SeverityPermalink: High

https://advisory.splunk.com/advisories/SVD-2024-0108

Читать полностью…

Sys-Admin InfoSec

/ A lightweight method to detect potential iOS malware

https://securelist.com/shutdown-log-lightweight-ios-malware-detection-method/111734/

Читать полностью…

Sys-Admin InfoSec

😡 OpenBLD.net growth with AlphaVPS

New OpenBLD points of presence have been added in the world thanks to AlphaVPS!

AlphaVPS.com - Fast & Cheap VPS, Cloud Servers and few servers from AlphaVPS stay which located in Bulgaria and Germany joined in to OpenBLD.net ecosystem.

As you know one of the our prioritites - fast DoH/DoT responses and 1GBit/s from AlphaVPS it is good base for this requirements.

One server already available for users (see status of Ada-h4), second server will be available in the next few days. Enjoy it 🚀

P.S. Few times ago I posted OpenBLD.net IPv6 Pre-Release notice, in few near weeks I'll plan implement DoH/DoT IPv6 for users in Europe, I'll tell about this later 😎...

Читать полностью…

Sys-Admin InfoSec

📢 Открытый практикум Linux by Rebrain: RAID массивы 2

• 12 Февраля (Понедельник) 20:00 МСК

Программа:

• Для чего нужна очистка метаданных mdadm?
• Как перенести данные с обычного диска на RAID1?
• Как понять был ли диск в RAID массиве mdadm?
• Как получить данные с диска из RAID1?
• Увеличение размера RAID массива

Детали

Ведёт:

Андрей Буранов – Системный администратор VK Play. 10+ лет опыта работы с ОС Linux. 8+ лет опыта преподавания.

Читать полностью…

Sys-Admin InfoSec

/ ResumeLooters gang infects websites with XSS scripts and SQL injections to vacuum up job seekers' personal data and CVs

https://www.group-ib.com/blog/resumelooters/

Читать полностью…

Sys-Admin InfoSec

/ QNAP OS command injection vulnerability

Vulnerability in QTS, QuTS hero and QuTScloud (high):

https://www.qnap.com/en/security-advisory/qsa-23-47

Читать полностью…

Sys-Admin InfoSec

/ AnyDesk - compromised production systems

AnyDesk - compromised any keys:

https://anydesk.com/en/public-statement

Читать полностью…

Sys-Admin InfoSec

/ VajraSpy: A Patchwork of espionage apps

These apps share the same malicious functionality, being capable of exfiltrating the following:
- contacts,
- SMS messages,
- call logs,
- device location,
- a list of installed apps, and
files with specific extensions (.pdf, .doc, .docx, .txt, .ppt, .pptx, .xls, .xlsx, .jpg, .jpeg, .png, .mp3, .Om4a, .aac, and .opus).

Technical review:

https://www.welivesecurity.com/en/eset-research/vajraspy-patchwork-espionage-apps/

Читать полностью…

Sys-Admin InfoSec

/ GitHub Hardening Guide 🛡

Preambula:
Mercedes-Benz Source Code at Risk: GitHub Token Mishap Sparks Major Security Concerns

The story:
It all started during one of our internet scans where we identified a GitHub Token leaked by a Full Time Employee at Mercedez, in his GitHub Repository. The GitHub Token gave ‘unrestricted’ and ‘unmonitored’ access to the entire source code hosted at the Internal GitHub Enterprise Server. Redhunt Says.

Conclusion:
The essence of the story is this: even in large companies, failures happen, always be careful, scan tokens in workflow actions...

Next steps:
GitHub Hardening Guide: https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions

Читать полностью…

Sys-Admin InfoSec

📢 Конкурс от Core 24/7 на 10 ваучеров на бесплатное обучение

Ваучеры дают 100% скидку на курс или экзамен из списка ниже до 17.01.2025:

— Каталог на Linux Foundation
— Сертификационному экзамену (каталог)
— или пакету (курс + сертификация)

Подвод итогов 9 февраля, детали здесь - https://core247.io/cncf

Читать полностью…

Sys-Admin InfoSec

/ Prevent credential exposure with OIDC for GitHub Actions

Many different CI/CD patterns that cause us to raise our eyebrows. One situation in particular that we encounter relatively often is the unsafe use of AWS credentials.

OpenID Connect is an authentication standard, which when coupled with GitHub Actions, offers a more secure alternative for authentication when compared to utilizing traditional access keys..:

https://blog.cloudsecuritypartners.com/oidc-for-github-actions/

Читать полностью…

Sys-Admin InfoSec

/ Info Stealing Packages Hidden in PyPI

The identified packages—nigpal, figflix, telerer, seGMM, fbdebug, sGMM, myGens, NewGends, and TestLibs111—exhibit attack methodologies similar to those outlined in a Checkmarx blog post published four months ago...

The packages released before December 2023 are very similar to those discussed in earlier blog posts. Specifically, they deploy Whitesnake PE malware if the victim’s device runs on Windows, or they can deliver a Python script designed to steal information from Linux devices..:

https://www.fortinet.com/blog/threat-research/info-stealing-packages-hidden-in-pypi

Читать полностью…

Sys-Admin InfoSec

/ Phishing Microsoft Teams for initial access

https://pushsecurity.com/blog/phishing-microsoft-teams-for-initial-access/

Читать полностью…

Sys-Admin InfoSec

🚀 zDNS Released with Big Updates and Features

Few month ago I stared develop from scratch zDNS service, now it's can:

- Restrict DNS queries by type like as A, AAAA, HTTPS, CNAME, MX, PTR..
- Balancing DNS traffic between upstream servers
- Providing Prometheus metrics
- DNS responses caching by custom TTL
- Has few working modes - Zero Trust, Allow/Blocking
- Has separated "Permanent" mode with additional custom upstream DNS servers
- Can load allow/block lists from local and remote through HTTP(S)
- Create/Delete custom users with different configs and hosts files
- and more...

New opportunities, features, looking forward, and info about of new OpenBLD.net Personal Usage Testing pre-relase see here:

https://openbld.net/blog/zdns-big-updates-and-features/

Читать полностью…

Sys-Admin InfoSec

/ JAVA-Based Sophisticated Stealer Using Discord Bot as EventListener

https://www.trellix.com/about/newsroom/stories/research/java-based-sophisticated-stealer-using-discord-bot-as-eventlistener/

Читать полностью…

Sys-Admin InfoSec

📢 Открытый практикум: DWARF, ELF & ptrace или как работает ваш дебагер

Регистрация

Время:

• 23 Января (Вторник) в 19:00 по МСК

Программа:

• Разберём устройство современного дебагера
• Научимся использовать системный вызов ptrace
• Рассмотрим форматы ELF и DWARF
• Напишем простой отладчик, используя полученные знания

Ведёт:

• Константин Деревцов – Rust разработчик.

Читать полностью…

Sys-Admin InfoSec

/ Undetected macOS InfoStealers | KeySteal, Atomic & CherryPie Continue to Adapt

https://www.sentinelone.com/blog/the-many-faces-of-undetected-macos-infostealers-keysteal-atomic-cherrypie-continue-to-adapt/

Читать полностью…

Sys-Admin InfoSec

/ CVE-2023-36025 Exploited for Defense Evasion in Phemedrone Stealer Campaign

This blog delves into the Phemedrone Stealer campaign's exploitation of CVE-2023-36025, the Windows Defender SmartScreen Bypass vulnerability, for its defense evasion and investigates the malware's payload:

https://www.trendmicro.com/en_us/research/24/a/cve-2023-36025-exploited-for-defense-evasion-in-phemedrone-steal.html

Читать полностью…
Subscribe to a channel