📢 Integration of OpenBLD.net with URLhaus by abuse.ch
URLhaus is a project operated by abuse.ch. Its purpose is to collect, track, and share malware URLs, aiding network administrators and security analysts in safeguarding their networks and customers from cyber threats.
Now, you can check the malicious domain ownership with OpenBLD.net alongside Quad9, AdGuard, Cloudflare, ProtonDNS on abuse.ch.
In addition, you can incorporate abuse.ch lists into your security solutions, just as OpenBLD.net does.
You can check this as example on:
🔹 https://urlhaus.abuse.ch/host/dukeenergyltd.top
Here's to security for us all. Cheers!)
📢 Открытый практикум DevOps by Rebrain: HTTPS в Nginx и Angie
Время:
• 12 Марта (Вторник) 19:00 МСК
Программа:
• Разбираем принципы TLS и HTTPS
• Учимся получать бесплатные сертификаты
• Автоматизируем их обновление
• Настраиваем быстрый и безопасный HTTPS для сайта
↘ Детали
Ведёт:
Николай Лавлинский – Веб-разработчик более 15 лет. Спикер конференций HighLoad++, РИТ++. Специализация: ускорение сайтов и веб-приложений.
/ WogRAT Malware Exploits aNotepad (Windows, Linux)
AhnLab Security intelligence Center (ASEC) has recently discovered the distribution of backdoor malware via aNotepad, a free online notepad platform. Said malware supports both the PE format that targets the Windows system and the ELF format that targets the Linux system. As the threat actor used the string ‘WingOfGod’ during the development of the malware, it is classified as WogRAT:
https://asec.ahnlab.com/en/62446/
/ VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability (Critical)
A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host..:
https://www.vmware.com/security/advisories/VMSA-2024-0006.html
/ 0-Click Account Takeover on Facebook
https://infosecwriteups.com/0-click-account-takeover-on-facebook-e4120651e23e
📢 Открытый практикум Linux by Rebrain: LVM - первая часть
Время:
• 6 Марта (Среда) 20:00 МСК
Программа:
• От логических разделов к логическим томам
• PV, VG, LV
• Практика работы с LVM - создание LV, манипуляции со свободным пространством
↘ Детали
Ведёт:
Андрей Буранов – Системный администратор в департаменте VK Play. 10+ лет опыта работы с ОС Linux.
📢 AppSecFest Объявляет CFP набор 🚀
AppSecFest 2024 ориентировочно пройдет ~3 мая в Almaty, будет разделен на несколько зон:
🔹 App Zone: сосредоточен на трендах разработки ПО (mobile, web, блокчейн, микросервисы и т.п.). Трендах Dev и DevOps AI/ML в SDLC.
🔹 Sec Zone: актуальная безопасность приложений (SAST, SCA, DAST, RASP. API, IaC и Container Security. ASTO, WAF, IAST, MAST, Secrets Management). Векторы атак и управление уязвимостями
Нужны спикеры! Ты специалист в App/Sec? Тогда welcome to CFP:
🔹 https://forms.gle/EBAAArtHtoCmSMri7
/ Zyxel security advisory for multiple vulnerabilities in firewalls and APs
Zyxel has released patches addressing multiple vulnerabilities in some firewall and access point (AP) versions. Users are advised to install the patches for optimal protection:
- some firewall and AP versions could allow an authenticated attacker with administrator privileges to execute some operating system (OS) commands on an affected device via FTP
- IPSec VPN feature in some firewall versions could allow an attacker to achieve unauthorized remote code execution
- LAN-based attacker to cause denial-of-service (DoS)
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-aps-02-21-2024
/ OpenBLD.net PDP Beta Program Announce
Personal DoH Profiling (PDP), a new service that provides:
- Complete isolation of your DNS requests, ensuring that no one can track your online activity.
- Personalized DNS settings, so you can block ads, malicious websites, and other unwanted content.
- Robust security with DNSSEC, TLSv1.2, and TLSv1.3.
- Self Allow/Block lists controls and more...
Details: /channel/openbld/56
📢 Открытый практикум Linux by Rebrain: bash
Время:
• 28 Февраля (Среда) 20:00 МСК
Программа:
• Что такое командная оболочка
• Bash - удобный инструмент для работы в Linux
• Внешние и внутренние команды
• Стандартные потоки информации
• Порядок интерпретации команд
↘ Детали
Ведёт:
Андрей Буранов – Системный администратор в департаменте VK Play. 10+ лет опыта работы с ОС Linux.
📢 VDSina present new hosting project on VDSina.com
With servers based on the latest AMD EPYC processors. Processor frequency 3.55 GHz. Triple redundant NVMe storage. Internet port speed 10 Gbit/sec. Data-center located in Netherlands.
Some of services from lab.sys-adm.in are using this VPS hosting for own needs (like as Chat Prettier, Masha Banhammer or Get Telegram IDs Telegram bots). Price started from 0.16
$ in day, it's great for VPN, websites, telegram bots and other needs...
You can see more details on official VDSina.com site
/ New macOS Backdoor Written in Rust Shows Possible Link with Windows Ransomware Group
https://www.bitdefender.com/blog/labs/new-macos-backdoor-written-in-rust-shows-possible-link-with-windows-ransomware-group/
/ New WiFi Authentication Vulnerabilities Discovered
One vulnerability affects Android, ChromeOS and Linux devices connecting to enterprise WiFi networks, another affects home WiFi using a Linux device as a wireless access point:
https://www.top10vpn.com/research/wifi-vulnerabilities/
/ Snap Trap: The Hidden Dangers Within Ubuntu’s Package Suggestion System
https://www.aquasec.com/blog/snap-trap-the-hidden-dangers-within-ubuntus-package-suggestion-system/
/ After a tip, ExpressVPN acts swiftly to protect customers
Express disclosure VPN users browsing data..
https://www.expressvpn.com/blog/windows-app-dns-requests/
/ Cisco Secure Client Carriage Return Line Feed Injection Vulnerability (high)
Cisco Secure Client could allow an unauthenticated, remote attacker to conduct a carriage return line feed (CRLF) injection attack against a user:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-secure-client-crlf-W43V4G7
/ Spinning YARN - A New Linux Malware Campaign Targets Docker, Apache Hadoop, Redis and Confluence
Cado Security Labs researchers have recently encountered an emerging malware campaign targeting misconfigured servers running the following web-facing services.
- Apache Hadoop YARN,
- Docker,
- Confluence and
- Redis
Detailed research - Details
/ Apple pathes OS 17.4 and iPadOS 17.4
Impact: An app may be able to read sensitive location information:
https://support.apple.com/en-us/HT214081
😡 OpenBLD.net - Phobos Ransomware Attack Mitigations
The Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) are releasing this joint CSA, to disseminate known TTPs and IOCs associated with the Phobos ransomware variants observed as recently as February 2024...
Phobos actors run executables like 1saas.exe or cmd.exe to deploy additional Phobos payloads that have elevated privileges enabled. Additionally, Phobos actors can use the previous commands to perform various windows shell functions. The Windows command shell enables threat actors to control various aspects of a system, with multiple permission levels required for different subsets of commands.
How to mitigate risks:
- Secure RDP
- Reduce administratiove provigese scoping
- Use OpenBLD.net or similar services
Technical details on CISA site:
- https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-060a
/ Data Scientists Targeted by Malicious Hugging Face ML Models with Silent Backdoor
How can loading an ML model lead to payload code execution? Analysis:
https://jfrog.com/blog/data-scientists-targeted-by-malicious-hugging-face-ml-models-with-silent-backdoor/
/ XSS Vulnerability in LiteSpeed Cache Plugin Affecting 4+ Million Sites
The plugin LiteSpeed Cache (free version), which has over 4 million active installations, is known as the most popular caching plugin in WordPress.
This plugin suffers from unauthenticated site-wide stored XSS vulnerability and could allow any unauthenticated user from stealing sensitive information to, in this case, privilege escalation on the WordPress site by performing a single HTTP request.
https://patchstack.com/articles/xss-vulnerability-in-litespeed-cache-plugin-affecting-4-million-sites/
/ Announcing bpftop: Streamlining eBPF performance optimization
https://netflixtechblog.com/announcing-bpftop-streamlining-ebpf-performance-optimization-6a727c1ae2e5
/ Details on Apple’s Shortcuts Vulnerability: A Deep Dive into CVE-2024-23204
https://www.bitdefender.com/blog/labs/details-on-apples-shortcuts-vulnerability-a-deep-dive-into-cve-2024-23204/
/ SSH-Snake: Automatic traversal of networks using SSH private keys
SSH-Snake performs three basic tasks:
- On the current system, find any SSH private keys,
- On the current system, find any hosts or destinations (user@host) that the private keys may be accepted on,
- Attempt to SSH into all of the discovered destinations using all of the private keys discovered.
https://joshua.hu/ssh-snake-ssh-network-traversal-discover-ssh-private-keys-network-graph
/ Pelmeni Wrapper: New Wrapper of Kazuar (Turla Backdoor)
- Infection Chain
- Technical analysis: Kazuar (DotNET) and Pelmeni Wrapper (Wrapper DLL)
- IoC's
https://lab52.io/blog/pelmeni-wrapper-new-wrapper-of-kazuar-turla-backdoor/
😡 OpenBLD.net Preventing: Malicious Campaign Impacting Azure Cloud Environments
New researched malicious campaign from Proofpoint researchers, detected integrating credential phishing and cloud account takeover (ATO) techniques...
This campaign contains multiple endpoints which also included domains used as malicious infrastructure...
So - All malicious infrastructure domains sent to OpenBLD.net ecosystem ✈️
Be safe and be focused my friends 😎
/ Serious Vulnerability in the Internet Infrastructure Fundamental design flaw in DNSSEC discovered
https://www.athene-center.de/en/news/press/key-trap
📢 Открытый практикум DevOps by Rebrain: Работаем с бэклогом команды DevOps
Время:
• 20 Февраля (Вторник) 19:00 МСК
Программа:
• Построение процесса бэклога команды
• Подход к сквозному приоритету задач
• Контроль сроков
↘ Детали
Ведёт:
• Александр Крылов – Опыт работы в DevOps более 7 лет. Спикер конференций: DevOps conf, TeamLead conf, Highload conf. Автор курса по Haproxy на Rebrain.
/ Water Hydra Targets Traders With Microsoft Defender SmartScreen Zero-Day
https://www.trendmicro.com/en_us/research/24/b/cve202421412-water-hydra-targets-traders-with-windows-defender-s.html
Internet Shortcut Files Security Feature Bypass Vulnerability
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21412
/ Fake LastPass in AppStore
Official warning:
https://blog.lastpass.com/2024/02/warning-fraudulent-app-impersonating-lastpass-currently-available-in-apple-app-store/