Sys-Admin InfoSec

23 Jan 2024 19:11

/ JAVA-Based Sophisticated Stealer Using Discord Bot as EventListener

https://www.trellix.com/about/newsroom/stories/research/java-based-sophisticated-stealer-using-discord-bot-as-eventlistener/

Sys-Admin InfoSec

18 Jan 2024 09:45

📢 Открытый практикум: DWARF, ELF & ptrace или как работает ваш дебагер
⁠
↘ Регистрация

Время:

• 23 Января (Вторник) в 19:00 по МСК

Программа:

• Разберём устройство современного дебагера
• Научимся использовать системный вызов ptrace
• Рассмотрим форматы ELF и DWARF
• Напишем простой отладчик, используя полученные знания

Ведёт:

• Константин Деревцов – Rust разработчик.

Sys-Admin InfoSec

17 Jan 2024 12:40

/ Undetected macOS InfoStealers | KeySteal, Atomic & CherryPie Continue to Adapt

https://www.sentinelone.com/blog/the-many-faces-of-undetected-macos-infostealers-keysteal-atomic-cherrypie-continue-to-adapt/

Sys-Admin InfoSec

15 Jan 2024 14:58

/ CVE-2023-36025 Exploited for Defense Evasion in Phemedrone Stealer Campaign

This blog delves into the Phemedrone Stealer campaign's exploitation of CVE-2023-36025, the Windows Defender SmartScreen Bypass vulnerability, for its defense evasion and investigates the malware's payload:

https://www.trendmicro.com/en_us/research/24/a/cve-2023-36025-exploited-for-defense-evasion-in-phemedrone-steal.html

Sys-Admin InfoSec

15 Jan 2024 09:37

JunOS RCE (critical status)

https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-SRX-Series-and-EX-Series-Security-Vulnerability-in-J-web-allows-a-preAuth-Remote-Code-Execution-CVE-2024-21591?language=en_US

Sys-Admin InfoSec

11 Jan 2024 10:50

/ The malware is spread over SSH protocol using a custom Mirai botnet that was modified by the threat actors.

https://www.akamai.com/blog/security-research/mirai-based-noabot-crypto-mining

Sys-Admin InfoSec

10 Jan 2024 06:01

/ Hyper-V RCE and Kerberos Bypass

MS released two fixes for..:

Windows Kerberos Security Feature Bypass Vulnerability

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20674

Windows Hyper-V Remote Code Execution Vulnerability

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20700

Sys-Admin InfoSec

09 Jan 2024 03:03

How Does PCI DSS 4.0 Affect Web Application Firewalls?

https://www.tripwire.com/state-of-security/how-does-pci-dss-40-affect-web-application-firewalls

Sys-Admin InfoSec

03 Jan 2024 18:49

/ Compromising Google Accounts: Malwares Exploiting Undocumented OAuth2 Functionality for session hijacking

https://cloudsek.com/blog/compromising-google-accounts-malwares-exploiting-undocumented-oauth2-functionality-for-session-hijacking

Sys-Admin InfoSec

26 Dec 2023 19:27

/ RAR SFX with LNK Infection Vector

https://www.deepinstinct.com/blog/threat-actor-uac-0099-continues-to-target-ukraine

Sys-Admin InfoSec

26 Dec 2023 09:37

/ use-after-free vulnerability in the implementation in Linux kernel nf_tables

Openwall note: https://www.openwall.com/lists/oss-security/2023/12/22/6

Exploit prototype - https://www.openwall.com/lists/oss-security/2023/12/22/6/1

Sys-Admin InfoSec

23 Dec 2023 02:57

/ The Cashback Extension Killer - Fake Chrome netPlus VPN Extensions

C2 domain target communications - Kazakhstan, Ukraine, Russia, Belarus, Pakistan...

https://reasonlabs.com/research/the-cashback-extension-killer

P.S. C2 domains already sended to OpenBLD.net 😡

Sys-Admin InfoSec

21 Dec 2023 09:45

📢 Открытый практикум DevOps by Rebrain: IT-Quiz
⁠
↘ Регистрация

Время:

26 Декабря (Вторник) в 19:00 по МСК

Программа:

• Решаем 3 задачки в онлайн-формате
• Получаем подарки за выполнение заданий
• Проводим розыгрыш New Year Sale by Rebrain

Ведёт:

Василий Озеров – Co-Founder REBRAIN. Руководит международной командой в рамках своего агентства Fevlake. Более 8 лет Devops практик.

Sys-Admin InfoSec

20 Dec 2023 07:34

/ Mute the Sound: Chaining Vulnerabilities to Achieve RCE on Outlook: Pt 1

https://www.akamai.com/blog/security-research/chaining-vulnerabilities-to-achieve-rce-part-one

Sys-Admin InfoSec

14 Dec 2023 14:51

/ Threat actors misuse OAuth applications to automate financially driven attacks

https://www.microsoft.com/en-us/security/blog/2023/12/12/threat-actors-misuse-oauth-applications-to-automate-financially-driven-attacks/

Sys-Admin InfoSec

23 Jan 2024 19:09

/ Deserialization of Untrusted Data on Splunk Enterprise for Windows through Path Traversal from Separate Disk Partition

- Mitigations and WorkaroundsPermalink: N/A
- DetectionsPermalink: None
- SeverityPermalink: High

https://advisory.splunk.com/advisories/SVD-2024-0108

Sys-Admin InfoSec

18 Jan 2024 03:03

/ A lightweight method to detect potential iOS malware

https://securelist.com/shutdown-log-lightweight-ios-malware-detection-method/111734/

Sys-Admin InfoSec

17 Jan 2024 08:58

😡 OpenBLD.net growth with AlphaVPS

New OpenBLD points of presence have been added in the world thanks to AlphaVPS!

AlphaVPS.com - Fast & Cheap VPS, Cloud Servers and few servers from AlphaVPS stay which located in Bulgaria and Germany joined in to OpenBLD.net ecosystem.

As you know one of the our prioritites - fast DoH/DoT responses and 1GBit/s from AlphaVPS it is good base for this requirements.

One server already available for users (see status of Ada-h4), second server will be available in the next few days. Enjoy it 🚀

P.S. Few times ago I posted OpenBLD.net IPv6 Pre-Release notice, in few near weeks I'll plan implement DoH/DoT IPv6 for users in Europe, I'll tell about this later 😎...

Sys-Admin InfoSec

15 Jan 2024 11:46

/ CVE-2023-4001: a vulnerability in the (downstream) GRUB boot manager

https://dfir.ru/2024/01/15/cve-2023-4001-a-vulnerability-in-the-downstream-grub-boot-manager/

Sys-Admin InfoSec

11 Jan 2024 14:30

/ Hundreds of Thousands of Dollars Worth of Solana Cryptocurrency Assets Stolen in Recent CLINKSINK Drainer Campaigns

- Overview of CLINKSINK Drainer Campaigns
- Initial Analysis of CLINKSINK
- Distribution of Stolen Solana Cryptocurrency Funds
- Multiple DaaS Offerings Use CLINKSINK
- Outlook and Implications
- YARA Rules

https://www.mandiant.com/resources/blog/solana-cryptocurrency-stolen-clinksink-drainer-campaigns

Sys-Admin InfoSec

11 Jan 2024 09:45

📢 Открытый практикум DevOps by Rebrain: Запуск Nginx и Angie в Docker
⁠
↘ Регистрация

Время:

16 Января (Вторник) 19:00 МСК

Программа:

• Основы контейнеризации веб-сервера
• Зачем использовать контейнер для Nginx
• Особенности веб-сервера Angie и сравнение с Nginx
• Запуск Nginx и Angie в Docker-контейнерах
• Настройка конфигурации
• Работа с логами
• Хранение данных веб-приложения

Ведёт:

• Николай Лавлинский – Технический директор. Веб-разработчик более 15 лет. Спикер конференций HighLoad++, РИТ++. Специализация: ускорение сайтов и веб-приложений

Sys-Admin InfoSec

09 Jan 2024 11:10

/ Deceptive Cracked Software Spreads Lumma Variant on YouTube

https://www.fortinet.com/blog/threat-research/lumma-variant-on-youtube

Sys-Admin InfoSec

08 Jan 2024 12:47

Open Thank You Message.

First of all, thanks to all users of the OpenBLD.net service. Thank you for trusting, service using, contributing and providing feedback.

Some companies, like the people in them, also trust the service and support it with system resources and OSS licenses, which allows the service to grow, be faster, and expand points of presence around the world.

Thanks everyone. I also wrote an Open Tnak You Letter in my blog post to everyone who supported.

Everyone who wants to support, add their logo or name to the project website, support the OpenBLD.net project and receive this benefits.

Peace to all ✌️

Sys-Admin InfoSec

31 Dec 2023 10:47

Let’s Get Ready to Rumble!!

Let the leap year 🎄 bring only high profits and high success!)) Peace ✌️

Sys-Admin InfoSec

26 Dec 2023 10:16

🚀 Glad to present the new release zDNS v0.1.3! 🎉

Following Zero Trust practices, I recently wrote and am slowly beginning to introduce new “blackhole” functionality into the OpenBLD.net DNS ecosystem

zDNS is a DNS server that puts security and control over DNS queries at the center. With new functionality, zDNS now supports regular expressions in hosts.txt files, allowing more flexibility in configuring allowed queries. Now you can use the power of regular expressions to precisely control permissions, including subdomains and patterns.

Main features:

🛑 Denies all DNS queries by default.
✅ Allows you to configure allowed requests through the hosts.txt file.
🔄 Uses balancing strategies to ensure reliable operation with DNS servers.
🛠Easily customizable via YAML configuration.
🔜 Prometheus metrics coming soon

Additional protection of your infrastructure or testing requests with zDNS is possible and may be useful to you! Download the latest version here and start using a DNS server with powerful customization options:

https://github.com/m0zgen/zdns/tree/dev

#zDNS #DNS #Security #Release #News

Sys-Admin InfoSec

25 Dec 2023 09:23

/ The Rising Threat Of Phishing Attacks With Crypto Drainers

Unmasking Deceptive Tactics: A recent investigation by Check Point Research exposes a troubling trend in the cryptocurrency landscape. The cryptocurrency community has been witnessing an alarming increase in sophisticated phishing attacks..:

https://research.checkpoint.com/2023/the-rising-threat-of-phishing-attacks-with-crypto-drainers/

Sys-Admin InfoSec

22 Dec 2023 19:28

/ Android Banking Trojan Chameleon can now bypass any Biometric Authentication

https://www.threatfabric.com/blogs/android-banking-trojan-chameleon-is-back-in-action

Sys-Admin InfoSec

20 Dec 2023 16:56

/ Mozilla Foundation Security Advisory (with fixing RCE)

https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/

Sys-Admin InfoSec

19 Dec 2023 06:13

/ OpenSSH 9.6 release contains a number of security fixes, includes MiTM "Terrain attack"fix:

https://www.openssh.com/releasenotes.html

Sys-Admin InfoSec

14 Dec 2023 11:45

Открытый практикум DevOps by Rebrain: Репликация postgresql
⁠
↘ Детали

Время:

• 20 Декабря (Среда) 20:00 МСК.
Программа:

• Чем хорош posgresql?
• Что такое vacuum?
• Настройка физической репликации

Ведёт:

Андрей Буранов – Специалист по UNIX-системам в компании VK. Опыт работы с ОС Linux более 7 лет.