Sys-Admin InfoSec

30 Dec 2022 15:36

/ New CatB Ransomware Employs 2-Year Old DLL Hijacking Technique To Evade Detection

https://minerva-labs.com/blog/new-catb-ransomware-employs-2-year-old-dll-hijacking-technique-to-evade-detection/

Sys-Admin InfoSec

29 Dec 2022 16:30

/ New Deployment Option for Self-Hosting Bitwarden

https://bitwarden.com/blog/new-deployment-option-for-self-hosting-bitwarden/

Sys-Admin InfoSec

27 Dec 2022 12:46

/ Pass-the-Challenge: Defeating Windows Defender Credential Guard

..new techniques for recovering the NTLM hash from an encrypted credential protected by Windows Defender Credential Guard..:

https://research.ifcr.dk/pass-the-challenge-defeating-windows-defender-credential-guard-31a892eee22

Sys-Admin InfoSec

26 Dec 2022 11:36

/ ZyXEL LTE3301-M209 - "Backdoor" credentials

https://resolverblog.blogspot.com/2022/12/cve-2022-40602-zyxel-lte3301-m209.html

Sys-Admin InfoSec

24 Dec 2022 07:00

/ ACSESSED: Cross-tenant network bypass in Azure Cognitive Search

https://www.mnemonic.io/resources/blog/acsessed-cross-tenant-network-bypass-in-azure-cognitive-search/

Sys-Admin InfoSec

23 Dec 2022 10:05

/ Detecting Azure AD Account Takeover Attacks

Cloud account takeover(ATO) is an attack where attackers gain access to cloud identities by using methods like social engineering, device code phishing, etc. Detecting these attacks can sometimes be difficult. In this blog, I’ll explain how we can develop a generic detection that covers almost any, if not all, methods for Azure AD (Well, the method can be applied to other identity providers, too)..:

— https://posts.bluraven.io/detecting-azure-ad-account-takeover-attacks-b2652bb65a4c

Sys-Admin InfoSec

22 Dec 2022 09:45

Открытый практикум DevOps by Rebrain: IT-Quiz
 
Программа:
• квизы на разбор проблем в Kubernetes кластере
• решение в онлайн-формате
• призы победителям

• 27 Декабря (Вторник) в 19:00 по МСК. Детали
• Василий Озеров - Co-Founder REBRAIN. Более 8 лет Devops практик.

Sys-Admin InfoSec

22 Dec 2022 05:36

/ Critical Vulnerability – Hikvision Wireless Bridge

…An attacker can exploit the vulnerability by sending crafted messages to the affected devices..:

https://www.redinent.com/blog/critical-vulnerability-hikvision-wireless-bridge/

Sys-Admin InfoSec

20 Dec 2022 15:23

/ Gatekeeper’s Achilles heel: Unearthing a macOS vulnerability

https://www.microsoft.com/en-us/security/blog/2022/12/19/gatekeepers-achilles-heel-unearthing-a-macos-vulnerability/

Sys-Admin InfoSec

19 Dec 2022 01:53

/ VMware ESXi, Workstation, and Fusion updates address a heap out-of-bounds write vulnerability (CVE-2022-31705)

https://www.vmware.com/security/advisories/VMSA-2022-0033.html

Sys-Admin InfoSec

17 Dec 2022 18:07

/ New Samba security release available

This is the latest stable release of the Samba 4.17 release series.
It also contains security changes in order to address the following defects:

https://www.samba.org/samba/history/samba-4.17.4.html

Sys-Admin InfoSec

16 Dec 2022 15:37

/ Leaked a secret? Check your GitHub alerts…for free

https://github.blog/2022-12-15-leaked-a-secret-check-your-github-alerts-for-free/

Sys-Admin InfoSec

16 Dec 2022 09:04

/ MCCrash: Cross-platform DDoS botnet targets private Minecraft servers

Attackers update malware to target additional operating systems, ranging from PCs to IoT devices, growing their infrastructure rapidly..🤗

https://www.microsoft.com/en-us/security/blog/2022/12/15/mccrash-cross-platform-ddos-botnet-targets-private-minecraft-servers/

Sys-Admin InfoSec

15 Dec 2022 11:30

/ OpenVAS - based free online scanner

Yesterday I found helpful online tool - nmap, cve and etc online scanner, free for 10 time scans in month, this is can be enouth for personal/own ASV scans:

https://hostedscan.com/scans

Sys-Admin InfoSec

15 Dec 2022 09:45

Открытый практикум DevOps by Rebrain: Dockerfile

Программа:
• Создание простейшего Dockerfile в три строки
• Разбор оптимального алгоритма создания Dockerfile (в т.ч. multistage)
• Научимся создавать минимальный docker image

• 20 Декабря (Вторник) в 19:00 по МСК. Детали

Sys-Admin InfoSec

30 Dec 2022 05:52

GitOps Cookbook: Kubernetes automation in practice

#book

Sys-Admin InfoSec

27 Dec 2022 19:26

/ WordPress Stop Spammers Security < 2022.6 - Unauthenticated PHP Object Injection

PoC:

https://wpscan.com/vulnerability/e8bb79db-ef77-43be-b449-4c4b5310eedf

Sys-Admin InfoSec

26 Dec 2022 11:44

The FBI is warning the public that cyber criminals are using search engine advertisement services to impersonate brands and direct users to malicious sites that host ransomware and steal login credentials and other financial information:

https://www.ic3.gov/Media/Y2022/PSA221221

Sys-Admin InfoSec

26 Dec 2022 02:49

/ Check Point response to CVE-2021-26414 - "Windows DCOM Server Security Feature Bypass"

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk176148&amp;t=1672019191897

Sys-Admin InfoSec

23 Dec 2022 13:48

/ Details on this supposed Linux Kernel ksmbd RCE

https://seclists.org/oss-sec/2022/q4/228

Sys-Admin InfoSec

23 Dec 2022 02:44

/ LastPass Data Breach December Update

...We recently notified you that an unauthorized party gained access to a third-party cloud-based storage service, which LastPass uses to store archived backups of our production data. In keeping with our commitment to transparency, we want to provide you with an update regarding our ongoing investigation.

What We’ve Learned..:

https://blog.lastpass.com/2022/12/notice-of-recent-security-incident/

Sys-Admin InfoSec

22 Dec 2022 05:50

Domain Name System (DNS) Parameters

Last Updated 2022-12-06

https://www.iana.org/assignments/dns-parameters/dns-parameters.xhtml

Sys-Admin InfoSec

21 Dec 2022 02:50

/ Basic Authentication Deprecation in Exchange Online

https://techcommunity.microsoft.com/t5/exchange-team-blog/basic-authentication-deprecation-in-exchange-online-time-s-up/ba-p/3695312

Sys-Admin InfoSec

20 Dec 2022 09:22

Open BLD DNS Service: December/End of the year 2022. Update News.
 
Open BLD DNS Service - it is a free DoH / DoT / DNS project for blocking trackers, telemetry, advertising, malware with support TLS v1.2/v1.3.

🌱 New Services Added
     ❇ Adaptive Open BLD Service - A-BLD
     ❇ A-BLD service can be convenient for most Open BLD users
     ❇ New donation service added

🧘 Infra Improvements/Updates/Fixes
     ❇ New BLD build released and deployed
     ❇ Updated HTTP header for BLD serves to: Open BLD Server
     ❇ Added HTTPS root redirect from BLD to LAB site
     ❇ Updated & Optimized BLD caching infrastructure mechanisms
     ❇ Optimized on-line stability & balancing
     ❇ Now in most maintenance cases it is not affect endpoint BLD service users
     ❇ Optimized automation deplyment routines
     ❇ Fixed Firefox OCSP STAPLE issue/Fixed caching break issues

🧩 New Open BLD Project micro-tools
     ❇ Check-reboot, Get-Log, Bld-agregator, Alertmanager installer, Timestamp converter
     ❇ Updated: https://github.com/m0zgen/dns-tester
     ❇ Updated: https://github.com/m0zgen/check-dns-servers

🤝 The Open BLD DoH service is mentioned
     ❇ Curl project (https://github.com/curl/curl/wiki/DNS-over-HTTPS) (thx for contribute ✌️)
     ❇ AlternativeTo (https://alternativeto.net/software/open-bld-dns/)

🏂 Setup/How to use Open BLD DNS
     ❇ How to setup Open BLD DNS in Browses, OSs and etc: https://lab.sys-adm.in
     ❇ Donation service: https://donorbox.org/open-bld-dns-donation
 

Sys-Admin InfoSec

17 Dec 2022 18:08

/ Updated Debian 11: 11.6 released

https://www.debian.org/News/2022/20221217

Sys-Admin InfoSec

17 Dec 2022 08:56

/ Veeam Backup & Replication allow executing malicious code remotely without authentication. This may lead to gaining control over the target system

https://www.veeam.com/kb4288

Sys-Admin InfoSec

16 Dec 2022 14:11

/ Backdoor Targets FreePBX Asterisk Management Portal

https://blog.sucuri.net/2022/12/backdoor-targets-freepbx-asterisk-management-portal.html

Sys-Admin InfoSec

15 Dec 2022 17:19

/ How to Detect Malicious OAuth Device Code Phishing

Here’s a quick TL;DR of the attack – in short, an attacker generates a user code and sends it to a victim in a phishing email. The user is then tricked into inputting the code into a Microsoft owned verification link. Upon success, the attacker can fetch both the user’s refresh and access token. This allows the attacker access to the user account:

https://www.inversecos.com/2022/12/how-to-detect-malicious-oauth-device.html

Sys-Admin InfoSec

15 Dec 2022 10:48

/ Linux Kernel: UAF in Bluetooth L2CAP Handshake

https://www.openwall.com/lists/oss-security/2022/12/14/7

Sys-Admin InfoSec

14 Dec 2022 19:55

/ HTML smugglers turn to SVG images

HTML smuggling is a technique attackers use to hide an encoded malicious script within an HTML email attachment or webpage..:

https://blog.talosintelligence.com/html-smugglers-turn-to-svg-images/