Sys-Admin InfoSec

06 Oct 2023 03:16

/ NSA and CISA Advise on Top Ten Cybersecurity Misconfigurations

https://media.defense.gov/2023/Oct/05/2003314578/-1/-1/0/JOINT_CSA_TOP_TEN_MISCONFIGURATIONS_TLP-CLEAR.PDF

Sys-Admin InfoSec

05 Oct 2023 10:42

/ About the security content of iOS 17.0.3 and iPadOS 17.0.3

Impact: A local attacker may be able to elevate their privileges.

https://support.apple.com/en-us/HT213961

Sys-Admin InfoSec

04 Oct 2023 17:53

/ EvilProxy Phishing Attack Strikes Indeed

MS 365 Phishing..:

https//www.menlosecurity.com/blog/evilproxy-phishing-attack-strikes-indeed/

Sys-Admin InfoSec

04 Oct 2023 11:41

/ Detecting human-operated ransomware attacks with Microsoft 365 Defender

-- https://learn.microsoft.com/en-us/microsoft-365/security/defender/playbook-detecting-ransomware-m365-defender?view=o365-worldwide

Sys-Admin InfoSec

04 Oct 2023 10:16

kolesa conf'23 в эту субботу в Алматы
⁠
В этом году с Open SysConf.io нам помогли друзья из Kolesa Group, прошло пару недель и вот 7 числа наступает время kolesa conf.

4 направления, 35+ экспертов.. Кто намеревается быть онлайн, рега завтра после 18:00 будет закрыта, осталось чуть больше суток до закрытия.

Детали: kolesa-conf.kz

Sys-Admin InfoSec

02 Oct 2023 16:12

/ Using Cloudflare To Bypass Cloudflare

Cloudflare customer-configured protection mechanisms (e.g., Firewall, DDoS prevention) for websites can be bypassed due to gaps in cross-tenant security controls, potentially exposing customers to attacks Cloudflare is supposed to prevent. Attackers can utilize their own Cloudflare accounts to abuse the per-design trust-relationship between Cloudflare and the customers websites, rendering the protection mechanism ineffective..:

-- https://certitude.consulting/blog/en/using-cloudflare-to-bypass-cloudflare/

Sys-Admin InfoSec

02 Oct 2023 10:28

Canonical Temporary Suspends Snap Store after found potentially malicious snaps

-- https://forum.snapcraft.io/t/temporary-suspension-of-automatic-snap-registration-following-security-incident/37077

Sys-Admin InfoSec

29 Sep 2023 14:07

NIST Final Release 2023

Sys-Admin InfoSec

29 Sep 2023 04:03

/ The Marvin RSA Attack

..is a return of a 25 year old vulnerability that allows performing RSA decryption and signing operations as an attacker with the ability to observe only the time of the decryption operation performed with the private key..:

https://people.redhat.com/~hkario/marvin/

Sys-Admin InfoSec

28 Sep 2023 10:45

Открытый практикум DevOps by Rebrain: DevOps maturity matrix in product
⁠
• 3 Октября (Вторник) 19:00 МСК. Детали

Программа:
• Концепт DevOps maturity matrix
• Этапы внедрения maturity matrix

Ведёт:
• Александр Крылов - Опыт работы в DevOps более 7 лет. Постоянный спикер конференций: DevOps conf, TeamLead conf, Highload conf. Автор практикума по Haproxy на Rebrain.

Sys-Admin InfoSec

27 Sep 2023 16:12

/ Surprise: When Dependabot Contributes Malicious Code

https://checkmarx.com/blog/surprise-when-dependabot-contributes-malicious-code/

Sys-Admin InfoSec

27 Sep 2023 11:16

📢🚀 Exciting 2023 Q3 News and Improvements in OpenBLD.net DNS

In first - Big Thanks to the DNS Blocklists project for their significant contribution to "Keep the internet clean" ideology

In this quarter of 2023, I've introduced various enhancements to the OpenBLD.net ecosystem.

🔻 Here's the scoop:

1️⃣ OpenBLD.net now incorporates the DNS Blocklists project into its own DNS filtering mechanisms, ensuring a cleaner internet experience.

2️⃣ Successfully resolved major Apple content delivery issues for Eastern Europe, enhancing DNS delivery experience.

3️⃣ Experience a boost in DNS response speed by approximately 5%. The General pool is now around ~111ms, while Local pools are at ~70ms.

4️⃣ According to Alternativeto, OpenBLD.net stands out as an alternative to Quad9, NextDNS, AdGuard DNS, AhaDNS, and BlahDNS.

✨ And most importantly, OpenBLD.net is your go-to solution for a clean Internet – free from Ads, Tracking, Metrics, Telemetry, Phishing, Malware and all that other "Crap.” without agent installations and add-ins in your browsers.

Embrace yourself and stay focused with the power of clean Internet with https://openbld.net DNS 😎

#OpenBLD #DNS #InternetCleanse #Innovation

Sys-Admin InfoSec

26 Sep 2023 05:59

They will take fingerprints when creating a passport in Kazakhstan

https://www.inform.kz/ru/kak-obyazatelnoe-snyatie-otpechatkov-paltsev-uprostit-zhizn-kazahstantsev-ee12c5

Sys-Admin InfoSec

25 Sep 2023 14:45

/ Inside Microsoft's plan to kill PPLFault

In this research publication, authors will learn about upcoming improvements to the Windows Code Integrity subsystem that will make it harder for malware to tamper with Anti-Malware processes and other important security features:

-- https://www.elastic.co/security-labs/inside-microsofts-plan-to-kill-pplfault

Sys-Admin InfoSec

22 Sep 2023 11:29

/ Urgent Apple Updates for iOS, macOS and etc

— iOS: https://support.apple.com/en-us/HT213927 (elevate privileges)
— iPad: https://support.apple.com/en-us/HT213926 (elevate privileges)
— Monterey: https://support.apple.com/en-us/HT213932 (elevate privileges)
— Ventura: https://support.apple.com/en-us/HT213931 (elevate privileges)
— Safari: https://support.apple.com/en-us/HT213930 (arbitrary code execution)

Sys-Admin InfoSec

06 Oct 2023 03:12

/ 1.1.1.1 lookup failures on October 4th, 2023

https//blog.cloudflare.com/1-1-1-1-lookup-failures-on-october-4th-2023/

Sys-Admin InfoSec

05 Oct 2023 09:45

Открытый практикум Networks by Rebrain: Дебаг VoIP в сетях передачи данных
⁠
• 12 Октября (Четверг) 19:00 МСК. Детали

Программа:
• Как устанавливается сессия в SIP
• Как дебажить SIP сообщения с помощью CLI Asterisk/FreeSWITCH
• Работа диагностических утилит tcpdump, sngrep, wireshark и sip3
• Как дебажить RTP. Разбор рядовых проблем

Ведёт:
• Роман Сыртланов – VoIP инженер. Опыт работы с VoIP 7 лет. Работает с Asterisk/FreeSWITCH/Kamailio

Sys-Admin InfoSec

04 Oct 2023 17:18

/ Binarly REsearch Uncovers Major Vulnerabilities in Supermicro BMCs

..Vulnerabilities can be exploited by unauthenticated remote attackers and could result in obtaining the root of the BMC system:

https://binarly.io/posts/Binarly_REsearch_Uncovers_Major_Vulnerabilities_in_Supermicro_BMCs/

Sys-Admin InfoSec

04 Oct 2023 11:38

/ Malicious Packages Hidden in NPM

Affected platforms: All platforms where NPM packages can be installed..:

-- https://www.fortinet.com/blog/threat-research/malicious-packages-hiddin-in-npm

Sys-Admin InfoSec

03 Oct 2023 10:14

🚀 Как достигать своих целей с Live Driving (c)

Например: "Выспаться", "Выучить английский", "Запустить свой проект", "Быть счастливым" - все эти цели вполне осуществимы, я бы сказал, что они жизненно важны.

Тем не менее, руки не доходят до собственных проектов, а счастье кажется где-то в далеком "светлом" будущем, которое может и не наступить.

Оглядись вокруг - мы уже в нужном месте, в нужное время, прямо здесь и сейчас. Все уже случилось!

😎 Некоторое время назад я создал свою точку опоры для достижения целей, которую назвал Live Driving - посредник между человеком и окружающим миром на пути к достижению целей.

Мы встречались 29 октября в Алматы - было здорово, как и всегда на наших встречах. Также есть мысль о встрече в Астане.

🔻 Кто хочет получить позитив, добро пожаловать - заполните форму участия в Live Driving.

Sys-Admin InfoSec

02 Oct 2023 16:09

/ Six 0day exploits were filed against Exim

-- https://lists.exim.org/lurker/message/20231001.165119.aa8c29f9.en.html

Sys-Admin InfoSec

02 Oct 2023 10:23

Two or More Ransomware Variants Impacting the Same Victims and Data Destruction Trends

Report from FBI:
-- https://www.ic3.gov/Media/News/2023/230928.pdf

Sys-Admin InfoSec

29 Sep 2023 07:06

/ ZenRAT: Malware Brings More Chaos Than Calm

..a new malware called ZenRAT being distributed via fake installation packages of the password manager Bitwarden..:

https://www.proofpoint.com/us/blog/threat-insight/zenrat-malware-brings-more-chaos-calm

Sys-Admin InfoSec

28 Sep 2023 14:32

/ MS Teams external participant splash screen bypass

-- https://badoption.eu/blog/2023/09/27/teams4.html

Sys-Admin InfoSec

28 Sep 2023 08:08

/ (0Day) Exim AUTH Out-Of-Bounds Write Remote Code Execution Vulnerability

https://www.zerodayinitiative.com/advisories/ZDI-23-1469/

Sys-Admin InfoSec

27 Sep 2023 15:59

/ Your photos can hear you. AI and machine learning help researchers get audio from still images and silent videos

https://news.northeastern.edu/2023/09/25/audio-recovery-still-images-silent-videos/

Sys-Admin InfoSec

26 Sep 2023 08:45

/ Xenomorph Malware Strikes Again: Over 30+ US Banks Now Targeted

https://www.threatfabric.com/blogs/xenomorph

Sys-Admin InfoSec

25 Sep 2023 14:51

/ Predator In The Wires

Ahmed Eltantawy Targeted with Predator Spyware After Announcing Presidential Ambitions

-- https://citizenlab.ca/2023/09/predator-in-the-wires-ahmed-eltantawy-targeted-with-predator-spyware-after-announcing-presidential-ambitions/

Sys-Admin InfoSec

22 Sep 2023 14:25

📢. What's the Difference Between Ada and Ric OpenBLD.net? 😡

🌟 Ada - Adaptive DNS: Harmoniously filters malicious content and ensures seamless internet connectivity whenever possible

🚫 Ric - Strict DNS: Blocks many marketing and tracking resources, which may affect access to certain internet content

Curious to learn more? Dive into the details here

I recommend Ada for most OpenBLD.net DNS users. Take care of yourself. Peace out! ✌️

Sys-Admin InfoSec

21 Sep 2023 14:25

/ StopRansomware: Snatch Ransomware

Report from CISA, FBI agency - about of how to mitigate/stop this ramsomware:

— https://www.cisa.gov/sites/default/files/2023-09/joint-cybersecurity-advisory-stopransomware-snatch-ransomware_0.pdf

IOCs:
xml - https://www.cisa.gov/sites/default/files/2023-09/AA23-263A.stix_.xml
json - https://www.cisa.gov/sites/default/files/2023-09/AA23-263A%20%23StopRansomware%20Snatch%20Ransomware.stix_.json

Full advisory:
— https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-263av

Thread domains sended to OpenBLD.net DNS 😡