sysadm_in_channel | Technologies

Telegram-канал sysadm_in_channel - Sys-Admin InfoSec

12335

News of cybersecurity / information security, information technology, data leaks / breaches, cve, hacks, tools, trainings * Multilingual (En, Ru). * Forum - forum.sys-adm.in * Chat - @sysadm_in * Job - @sysadm_in_job * ? - @sysadminkz

Subscribe to a channel

Sys-Admin InfoSec

/ CVE-2023-36025 Exploited for Defense Evasion in Phemedrone Stealer Campaign

This blog delves into the Phemedrone Stealer campaign's exploitation of CVE-2023-36025, the Windows Defender SmartScreen Bypass vulnerability, for its defense evasion and investigates the malware's payload:

https://www.trendmicro.com/en_us/research/24/a/cve-2023-36025-exploited-for-defense-evasion-in-phemedrone-steal.html

Читать полностью…

Sys-Admin InfoSec

JunOS RCE (critical status)

https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-SRX-Series-and-EX-Series-Security-Vulnerability-in-J-web-allows-a-preAuth-Remote-Code-Execution-CVE-2024-21591?language=en_US

Читать полностью…

Sys-Admin InfoSec

/ The malware is spread over SSH protocol using a custom Mirai botnet that was modified by the threat actors.

https://www.akamai.com/blog/security-research/mirai-based-noabot-crypto-mining

Читать полностью…

Sys-Admin InfoSec

/ Hyper-V RCE and Kerberos Bypass

MS released two fixes for..:

Windows Kerberos Security Feature Bypass Vulnerability

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20674

Windows Hyper-V Remote Code Execution Vulnerability

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20700

Читать полностью…

Sys-Admin InfoSec

How Does PCI DSS 4.0 Affect Web Application Firewalls?

https://www.tripwire.com/state-of-security/how-does-pci-dss-40-affect-web-application-firewalls

Читать полностью…

Sys-Admin InfoSec

/ Compromising Google Accounts: Malwares Exploiting Undocumented OAuth2 Functionality for session hijacking

https://cloudsek.com/blog/compromising-google-accounts-malwares-exploiting-undocumented-oauth2-functionality-for-session-hijacking

Читать полностью…

Sys-Admin InfoSec

/ RAR SFX with LNK Infection Vector

https://www.deepinstinct.com/blog/threat-actor-uac-0099-continues-to-target-ukraine

Читать полностью…

Sys-Admin InfoSec

/ use-after-free vulnerability in the implementation in Linux kernel nf_tables

Openwall note: https://www.openwall.com/lists/oss-security/2023/12/22/6

Exploit prototype - https://www.openwall.com/lists/oss-security/2023/12/22/6/1

Читать полностью…

Sys-Admin InfoSec

/ The Cashback Extension Killer - Fake Chrome netPlus VPN Extensions

C2 domain target communications - Kazakhstan, Ukraine, Russia, Belarus, Pakistan...

https://reasonlabs.com/research/the-cashback-extension-killer

P.S. C2 domains already sended to OpenBLD.net 😡

Читать полностью…

Sys-Admin InfoSec

📢 Открытый практикум DevOps by Rebrain: IT-Quiz

Регистрация

Время:

26 Декабря (Вторник) в 19:00 по МСК

Программа:

• Решаем 3 задачки в онлайн-формате
• Получаем подарки за выполнение заданий
• Проводим розыгрыш New Year Sale by Rebrain

Ведёт:

Василий Озеров – Co-Founder REBRAIN. Руководит международной командой в рамках своего агентства Fevlake. Более 8 лет Devops практик.

Читать полностью…

Sys-Admin InfoSec

/ Mute the Sound: Chaining Vulnerabilities to Achieve RCE on Outlook: Pt 1

https://www.akamai.com/blog/security-research/chaining-vulnerabilities-to-achieve-rce-part-one

Читать полностью…

Sys-Admin InfoSec

/ Threat actors misuse OAuth applications to automate financially driven attacks

https://www.microsoft.com/en-us/security/blog/2023/12/12/threat-actors-misuse-oauth-applications-to-automate-financially-driven-attacks/

Читать полностью…

Sys-Admin InfoSec

/ Exploiting JetBrains TeamCity CVE Globally

CISA warns:

https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-347a

Читать полностью…

Sys-Admin InfoSec

/ pfSense Security: Sensing Code Vulnerabilities

Attackers can combine the vulnerabilities to execute arbitrary code on the pfSense appliance remotely. An attacker can trick an authenticated pfSense user into clicking on a maliciously crafted link containing an XSS payload that exploits the command injection vulnerability:

https://www.sonarsource.com/blog/pfsense-vulnerabilities-sonarcloud/

Читать полностью…

Sys-Admin InfoSec

📢 OpenBLD.net IPv6 Pre-Release Testing

Last week, last month, this year... I've been meeting and talking to different people, and they all echoed the same sentiment - IPv6 is needed 💯

A few days ago, I got acquainted with VEESP.com, a company that generously provided OpenBLD.net with an incredibly fast server featuring a high-speed Ethernet connection 🛞

Abstract: Usually, I spend some time testing servers, then assign them a secondary role before introducing them to the production environment. However, this time was different...

I was so impressed 😱 with the veesp.com server's speed that it practically flew into production almost immediately... )

I believe this is a great opportunity to start exploring the IPv6 space. In this month or early 2024, I hope we can begin experimenting with IPv6!

If you're ready to participate in the preliminary testing, please let me know through this OpenBLD.net Pre-Release Testing Form. I will reach out to you directly when the time comes, and together we can strive to make this world even better 🌱

P.S. Thanks to veesp.com and everyone who gives incentive to take a step forward 🤝

Читать полностью…

Sys-Admin InfoSec

/ CVE-2023-4001: a vulnerability in the (downstream) GRUB boot manager

https://dfir.ru/2024/01/15/cve-2023-4001-a-vulnerability-in-the-downstream-grub-boot-manager/

Читать полностью…

Sys-Admin InfoSec

/ Hundreds of Thousands of Dollars Worth of Solana Cryptocurrency Assets Stolen in Recent CLINKSINK Drainer Campaigns

- Overview of CLINKSINK Drainer Campaigns
- Initial Analysis of CLINKSINK
- Distribution of Stolen Solana Cryptocurrency Funds
- Multiple DaaS Offerings Use CLINKSINK
- Outlook and Implications
- YARA Rules

https://www.mandiant.com/resources/blog/solana-cryptocurrency-stolen-clinksink-drainer-campaigns

Читать полностью…

Sys-Admin InfoSec

📢 Открытый практикум DevOps by Rebrain: Запуск Nginx и Angie в Docker

Регистрация

Время:

16 Января (Вторник) 19:00 МСК

Программа:

• Основы контейнеризации веб-сервера
• Зачем использовать контейнер для Nginx
• Особенности веб-сервера Angie и сравнение с Nginx
• Запуск Nginx и Angie в Docker-контейнерах
• Настройка конфигурации
• Работа с логами
• Хранение данных веб-приложения

Ведёт:

• Николай Лавлинский – Технический директор. Веб-разработчик более 15 лет. Спикер конференций HighLoad++, РИТ++. Специализация: ускорение сайтов и веб-приложений

Читать полностью…

Sys-Admin InfoSec

/ Deceptive Cracked Software Spreads Lumma Variant on YouTube

https://www.fortinet.com/blog/threat-research/lumma-variant-on-youtube

Читать полностью…

Sys-Admin InfoSec

Open Thank You Message.

First of all, thanks to all users of the OpenBLD.net service. Thank you for trusting, service using, contributing and providing feedback.

Some companies, like the people in them, also trust the service and support it with system resources and OSS licenses, which allows the service to grow, be faster, and expand points of presence around the world.

Thanks everyone. I also wrote an Open Tnak You Letter in my blog post to everyone who supported.

Everyone who wants to support, add their logo or name to the project website, support the OpenBLD.net project and receive this benefits.

Peace to all ✌️

Читать полностью…

Sys-Admin InfoSec

Let’s Get Ready to Rumble!!

Let the leap year 🎄 bring only high profits and high success!)) Peace ✌️

Читать полностью…

Sys-Admin InfoSec

🚀 Glad to present the new release zDNS v0.1.3! 🎉

Following Zero Trust practices, I recently wrote and am slowly beginning to introduce new “blackhole” functionality into the OpenBLD.net DNS ecosystem

zDNS is a DNS server that puts security and control over DNS queries at the center. With new functionality, zDNS now supports regular expressions in hosts.txt files, allowing more flexibility in configuring allowed queries. Now you can use the power of regular expressions to precisely control permissions, including subdomains and patterns.

Main features:

🛑 Denies all DNS queries by default.
✅ Allows you to configure allowed requests through the hosts.txt file.
🔄 Uses balancing strategies to ensure reliable operation with DNS servers.
🛠Easily customizable via YAML configuration.
🔜 Prometheus metrics coming soon

Additional protection of your infrastructure or testing requests with zDNS is possible and may be useful to you! Download the latest version here and start using a DNS server with powerful customization options:

https://github.com/m0zgen/zdns/tree/dev

#zDNS #DNS #Security #Release #News

Читать полностью…

Sys-Admin InfoSec

/ The Rising Threat Of Phishing Attacks With Crypto Drainers

Unmasking Deceptive Tactics: A recent investigation by Check Point Research exposes a troubling trend in the cryptocurrency landscape. The cryptocurrency community has been witnessing an alarming increase in sophisticated phishing attacks..:

https://research.checkpoint.com/2023/the-rising-threat-of-phishing-attacks-with-crypto-drainers/

Читать полностью…

Sys-Admin InfoSec

/ Android Banking Trojan Chameleon can now bypass any Biometric Authentication

https://www.threatfabric.com/blogs/android-banking-trojan-chameleon-is-back-in-action

Читать полностью…

Sys-Admin InfoSec

/ Mozilla Foundation Security Advisory (with fixing RCE)

https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/

Читать полностью…

Sys-Admin InfoSec

/ OpenSSH 9.6 release contains a number of security fixes, includes MiTM "Terrain attack"fix:

https://www.openssh.com/releasenotes.html

Читать полностью…

Sys-Admin InfoSec

Открытый практикум DevOps by Rebrain: Репликация postgresql

Детали

Время:

• 20 Декабря (Среда) 20:00 МСК.
Программа:

• Чем хорош posgresql?
• Что такое vacuum?
• Настройка физической репликации

Ведёт:

Андрей Буранов – Специалист по UNIX-системам в компании VK. Опыт работы с ОС Linux более 7 лет.

Читать полностью…

Sys-Admin InfoSec

📢 serversAwesome

In OpenBLD.net scoping activities, I created lite Go app - Awesome Servers Inventory Web App, which is a simple web app to manage your servers inventory. Ideal solution for small projects and infrastructures or IT ecosystems.

Features:

- Add new server
- Edit existing server
- Delete existing server
- Copy server IP details to clipboard
- Yaml config file
- Portable sqLite database
- One binary file to run the app

- https://github.com/m0zgen/serversAwesome

Читать полностью…

Sys-Admin InfoSec

Urgently Apple iOS Security Updates Content

https://support.apple.com/en-gb/HT214035

Читать полностью…

Sys-Admin InfoSec

/ Curse of the Krasue: New Linux Remote Access Trojan

https://www.group-ib.com/blog/krasue-rat/

Читать полностью…
Subscribe to a channel