sysadm_in_channel | Technologies

Telegram-канал sysadm_in_channel - Sys-Admin InfoSec

12335

News of cybersecurity / information security, information technology, data leaks / breaches, cve, hacks, tools, trainings * Multilingual (En, Ru). * Forum - forum.sys-adm.in * Chat - @sysadm_in * Job - @sysadm_in_job * ? - @sysadminkz

Subscribe to a channel

Sys-Admin InfoSec

/ Citrix Secure Access client escalate local privileges to AUTHORITY\SYSTEM

https://nvd.nist.gov/vuln/detail/CVE-2023-24491

and has RCE on Ubuntu:

https://nvd.nist.gov/vuln/detail/CVE-2023-24492

Читать полностью…

Sys-Admin InfoSec

⚠️ Reminding/Notice. bld.sys-adm.in will migrate to OpenBLD.net

Review and resetup all DoT, DoH, DNS setings to OpenBLD.net please.

Keep in mind - On this IP addresess will only remain DoT, DoH:
- 49.12.234.130
- 135.125.204.230

Читать полностью…

Sys-Admin InfoSec

/ Multiple Vulnerabilities in Juniper PHP software

Severity: Critical - Official KB article

Читать полностью…

Sys-Admin InfoSec

/ Browse the Internet ecosystem with BGP Tools

https://bgp.tools/

Читать полностью…

Sys-Admin InfoSec

/ Urgent Security Notice: SonicWall GMS/Analytics Impacted by suite of vulnerabilities

https://www.sonicwall.com/support/knowledge-base/urgent-security-notice-sonicwall-gms-analytics-impacted-by-suite-of-vulnerabilities/230710150218060/

Читать полностью…

Sys-Admin InfoSec

/ Storm-0978 attacks reveal financial and espionage motive

New phishing campaign:

https://www.microsoft.com/en-us/security/blog/2023/07/11/storm-0978-attacks-reveal-financial-and-espionage-motives/

And Office and Windows HTML Remote Code Execution Vulnerability:

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36884

Читать полностью…

Sys-Admin InfoSec

Сентябрьский дайджест ИТ конференций в Алматы
 
Сентябрь насыщен ИТ-встречами, много друзей, много встреч, дети начинают учиться, а мы общаться:

• 8 Сентября. DevOps и все что рядом - DevOpsDays.kz
• 13-15 Сентября. Масштабная CyberSec конфа - KazHackStan.com
• 16 Сентября. Открытая IT/Cybersec/Ops Knowledge Sharing конфа Open SysConf.io

13 по 16 дни ИТ концентрата, живущим здесь энергетиков больше, едущим в Алматы на KHS - бери билеты на 4 дня 😉

Мира всем. Peace ✌️

Читать полностью…

Sys-Admin InfoSec

Today info about of OpenBLD.net DNS added to AdGuard Wiki KnowledgeBaseDNS repo 🎉

Читать полностью…

Sys-Admin InfoSec

/ EoP fix Android July update

High: fix elevation of privilege in Android:

https://source.android.com/docs/security/bulletin/aaos/2023-07-01

Читать полностью…

Sys-Admin InfoSec

Открытый практикум Networks by Rebrain: Погружение в VoIP: протокол sip, основы работы с Asterisk
 
• 13 Июля (Четверг), 19:00 по МСК. Детали

Программа:
• SIP протокол: как устанавливается вызов
• Установка Asterisk
• Рассмотрение диагностические команды
• Настройка учетных записей (транки, пиры)
• Настройка dialplan

Ведет:
• Роман Сыртланов – VoIP инженер. Опыт работы с VoIP 7 лет. Работает с Asterisk/FreeSWITCH/Kamailio

Читать полностью…

Sys-Admin InfoSec

TeamsPhisher

is a Python3 program that facilitates the delivery of phishing messages and attachments to Microsoft Teams users whose organizations allow external communications:

https://github.com/Octoberfest7/TeamsPhisher

Читать полностью…

Sys-Admin InfoSec

/ The DPRK strikes using a new variant of RUSTBUCKET

https://www.elastic.co/security-labs/DPRK-strikes-using-a-new-variant-of-rustbucket

Читать полностью…

Sys-Admin InfoSec

AiTM/ MFA phishing attacks in combination with “new” Microsoft protections (2023 edition)

MFA is not the end all solution to identity security challenges. With only MFA there is still a risk for more modern attacks (MFA fatique, AiTM, PRT, OAuth Attacks and more). Adversary-in-the-middle phishing attacks are still more common in use. Since the removal of basic authentication from Exchange Online more and more attackers are using more modern attacks like adversary-in-the-middle phishing, cookie theft, and other used attacks. What is AiTM, automatic attack disruption and etc:

https://jeffreyappel.nl/aitm-mfa-phishing-attacks-in-combination-with-new-microsoft-protections-2023-edt/

Читать полностью…

Sys-Admin InfoSec

Active Directory Lab Setup Tool

https://browninfosecguy.com/Active-Directory-Lab-Setup-Tool

Читать полностью…

Sys-Admin InfoSec

✍️ Notice: at the next week, all deprecated services will be disabled and all freed up resources will be included to OpenBLD.net DNS ecosystem.

Updates notice:
/channel/sysadm_in_channel/4701

Take care of yourself. Peace ✌️

Читать полностью…

Sys-Admin InfoSec

/ Routers From The Underground: Exposing AVrecon

..complex operation that infects small-office/home-office (SOHO) routers, deploying a Linux-based Remote Access Trojan (RAT) we’ve dubbed “AVrecon.”..:

https://blog.lumen.com/routers-from-the-underground-exposing-avrecon/

Читать полностью…

Sys-Admin InfoSec

/ TeamTNT Reemerged with New Aggressive Cloud Campaign

The botnet run by TeamTNT has set its sights on Docker and Kubernetes environments, Redis servers, Postgres databases, Hadoop clusters, Tomcat and Nginx servers, Weave Scope, SSH, and Jupyter applications..:

— Article with Technical Details from AquaSec

Читать полностью…

Sys-Admin InfoSec

Открытый практикум Golang by Rebrain: Реализация kubernetes оператора
 
• 18 Июля (Вторник) 19:00 по МСК. Детали

Программа:
• Рассмотрим паттерн оператор, концепцию ресурсов и k8s REST API
• Рассмотрим реализацию кеша в библиотеки client-go для работы с API k8s
• Поработаем с Operator Framework
• Рассмотрим некоторые практики, используемые при написании операторов

Ведет:
• Дмитрий Гордеев – Руководитель практикума Golang by REBRAIN. Занимается разработкой нового Claud'а в x5 Tech. Опыт разработки – 5 лет

Читать полностью…

Sys-Admin InfoSec

/ MIcrosoft confirms Chinese APT successful exploited Microsoft cloud email systems

Mitigation for China-Based Threat Actor Activity from MS:

https://blogs.microsoft.com/on-the-issues/2023/07/11/mitigation-china-based-threat-actor/

Читать полностью…

Sys-Admin InfoSec

/ Azure AD is Becoming Microsoft Entra ID

https://techcommunity.microsoft.com/t5/microsoft-entra-azure-ad-blog/azure-ad-is-becoming-microsoft-entra-id/ba-p/2520436

Читать полностью…

Sys-Admin InfoSec

/ FortiOS - Allow a remote attacker to execute arbitrary code or command

A stack-based overflow vulnerability [CWE-124] in FortiOS & FortiProxy may allow a remote attacker to execute arbitrary code or command via crafted packets reaching proxy policies or firewall policies with proxy mode alongside SSL deep packet inspection.

Description and workaround:

https://www.fortiguard.com/psirt/FG-IR-23-183

Читать полностью…

Sys-Admin InfoSec

Tailing Big Head Ransomware’s Variants, Tactics, and Impact

https://www.trendmicro.com/en_us/research/23/g/tailing-big-head-ransomware-variants-tactics-and-impact.html

Читать полностью…

Sys-Admin InfoSec

Increased Truebot Activity Infects U.S. and Canada Based Networks

Deploy from phishing and exloitation some CVE..

IOC domains sended to OpenBLD.net DNS:

https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-187a

Читать полностью…

Sys-Admin InfoSec

/ Cisco ACI Multi-Site CloudSec Encryption Information Disclosure Vulnerability

!High: Cisco Nexus 9000 Series Fabric Switches in ACI mode could allow an unauthenticated, remote attacker to read or modify intersite encrypted traffic:

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-aci-cloudsec-enc-Vs5Wn2sX

Читать полностью…

Sys-Admin InfoSec

/ Hunting for Nginx Alias Traversals in the wild

https://labs.hakaioffsec.com/nginx-alias-traversal/

Читать полностью…

Sys-Admin InfoSec

/ Ghostscript bug could allow rogue documents to run system commands

Unfortunately, until the latest release of Ghostscript, now at version 10.01.2, the product had a bug, dubbed CVE-2023-36664, that could allow rogue documents not only to create pages of text and graphics, but also to send system commands into the Ghostscript rendering engine and trick the software into running them:

https://nakedsecurity.sophos.com/2023/07/04/ghostscript-bug-could-allow-rogue-documents-to-run-system-commands/

Читать полностью…

Sys-Admin InfoSec

/ Spear Phishing: How it works and why you should care

https://www.huntandhackett.com/blog/spear-phishing-how-and-why

Читать полностью…

Sys-Admin InfoSec

/ Zyxel security advisory for pre-authentication command injection vulnerability in NAS products

https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-pre-authentication-command-injection-vulnerability-in-nas-products

Читать полностью…

Sys-Admin InfoSec

/ Malvertising Used as Entry Vector for BlackCat, Actors Also Leverage SpyBoy Terminator

Malicious actors used malvertising to distribute malware via cloned webpages of legitimate organizations. The distribution involved a webpage of the well-known application WinSCP, an open-source Windows application for file transfer via Google Ads...

https://www.trendmicro.com/en_us/research/23/f/malvertising-used-as-entry-vector-for-blackcat-actors-also-lever.html

P.S. IOC domains sends to OpenBLD.net DNS watch lists

Читать полностью…

Sys-Admin InfoSec

/ 8Base Ransomware: A Heavy Hitting Player

https://blogs.vmware.com/security/2023/06/8base-ransomware-a-heavy-hitting-player.html

P.S. malicious domains send to OpenBLD.net DNS ecosystem

Читать полностью…
Subscribe to a channel