Microsoft Remote Desktop Protocol (RDP) Reflection/Amplification DDoS Attack Mitigation Recommendationshttps://www.netscout.com/blog/asert/microsoft-remote-desktop-protocol-rdp-reflectionamplification
NETSCOUT
Microsoft Remote Desktop Protocol (RDP) Reflection/Amplification DDoS Attack Mitigation Recommendations - January 2021 | NETSCOUT
Recently observed DDoS attacks leverage abusable Microsoft RDP service to launch UDP Reflection/Amplification attacks with an 85.9:1 amplification factor.
Амазон похоже хочет создать форк Elastic
https://aws.amazon.com/ru/blogs/opensource/stepping-up-for-a-truly-open-source-elasticsearch/
P.S. Похоже на зарубу, но могли бы и задонатить, денег то у Амазон достаточно
Stepping up for a truly open source Elasticsearchhttps://aws.amazon.com/ru/blogs/opensource/stepping-up-for-a-truly-open-source-elasticsearch/
P.S. Похоже на зарубу, но могли бы и задонатить, денег то у Амазон достаточно
Amazon
Stepping up for a truly open source Elasticsearch | Amazon Web Services
Last week, Elastic announced they will change their software licensing strategy, and will not release new versions of Elasticsearch and Kibana under the Apache License, Version 2.0 (ALv2). Instead, new versions of the software will be offered under the Elastic…
Deep dive into the Solorigate second-stage activation: From SUNBURST to TEARDROP and Raindrop
https://www.microsoft.com/security/blog/2021/01/20/deep-dive-into-the-solorigate-second-stage-activation-from-sunburst-to-teardrop-and-raindrop/
https://www.microsoft.com/security/blog/2021/01/20/deep-dive-into-the-solorigate-second-stage-activation-from-sunburst-to-teardrop-and-raindrop/
Microsoft News
Deep dive into the Solorigate second-stage activation: From SUNBURST to TEARDROP and Raindrop
Our continued investigation into the Solorigate attack has uncovered new details about the handover from the Solorigate DLL backdoor (SUNBURST) to the Cobalt Strike loader (TEARDROP, Raindrop, and others).
CVE-2021-21261: Flatpak sandbox escape via spawn portal
https://github.com/flatpak/flatpak/security/advisories/GHSA-4ppf-fxf6-vxg2
https://github.com/flatpak/flatpak/security/advisories/GHSA-4ppf-fxf6-vxg2
GitHub
CVE-2021-21261: Flatpak sandbox escape via spawn portal
Simon McVittie discovered a bug in the `flatpak-portal` service that can allow sandboxed applications to execute arbitrary code on the host system (a sandbox escape).
The Flatpak portal D-Bus se...
The Flatpak portal D-Bus se...
Security Advisory: MSRPC Printer Spooler Relay (CVE-2021-1678)
https://www.crowdstrike.com/blog/cve-2021-1678-printer-spooler-relay-security-advisory/
https://www.crowdstrike.com/blog/cve-2021-1678-printer-spooler-relay-security-advisory/
CrowdStrike.com
Security Advisory: MSRPC Printer Spooler Relay (CVE-2021-1678)
On Patch Tuesday, January 12, 2021, Microsoft released a patch for CVE-2021-1678, an important vulnerability discovered by CrowdStrike researchers.
Fake Office 365 Used for Phishing Attacks on C-Suite Targets
https://www.trendmicro.com/en_us/research/21/a/fake-office-365-used-for-phishing-attacks-on-c-suite-targets.html
https://www.trendmicro.com/en_us/research/21/a/fake-office-365-used-for-phishing-attacks-on-c-suite-targets.html
Trend Micro
Fake Office 365 Used for Phishing Attacks on C-Suite Targets
Forwarded from Sys-Admin Up (Yevgeniy Goncharov)
Записал видео про то, как в кратце я исследую безопасность Линукс ядра, у каких источников я беру информацию и тд
@novitoll ©
https://www.youtube.com/watch?v=_g9QZF3YBy4
@novitoll ©
https://www.youtube.com/watch?v=_g9QZF3YBy4
YouTube
[novitoll] Вкратце Как я исследую безопасность Линукс у других исследователей
1:10 - Linux security organizations/projects structure
04:15 - KASAN, syzkaller
06:43 - Brad Spengler's view about KSPP; other random security features
09:10 - gcc plugins
10:16 - STACKLEAK patchset story
16:27 - Google project 0 blogposts
04:15 - KASAN, syzkaller
06:43 - Brad Spengler's view about KSPP; other random security features
09:10 - gcc plugins
10:16 - STACKLEAK patchset story
16:27 - Google project 0 blogposts
Stealing Your Private YouTube Videos, One Frame at a Time
https://bugs.xdavidhu.me/google/2021/01/11/stealing-your-private-videos-one-frame-at-a-time/
https://bugs.xdavidhu.me/google/2021/01/11/stealing-your-private-videos-one-frame-at-a-time/
bugs.xdavidhu.me
Stealing Your Private YouTube Videos, One Frame at a Time
David Schütz's bug bounty writeups
Firefox 85 Cracks Down on Supercookies
https://blog.mozilla.org/security/2021/01/26/supercookie-protections/
https://blog.mozilla.org/security/2021/01/26/supercookie-protections/
Mozilla Security Blog
Firefox 85 Cracks Down on Supercookies
Trackers and adtech companies have long abused browser features to follow people around the web. Since 2018, we have been dedicated to reducing the number of ways our users can ...
Heap-based buffer overflow in Sudo (CVE-2021-3156)
https://www.qualys.com/2021/01/26/cve-2021-3156/baron-samedit-heap-based-overflow-sudo.txt
This vulnerability:
- is exploitable by any local user (normal users and system users,
sudoers and non-sudoers), without authentication (i.e., the attacker
does not need to know the user's password);https://www.qualys.com/2021/01/26/cve-2021-3156/baron-samedit-heap-based-overflow-sudo.txt
Security Bulletin: NVIDIA Jetson AGX Xavier Series, Jetson Xavier NX, TX1, TX2, Nano and Nano 2GB - January 2021
https://nvidia.custhelp.com/app/answers/detail/a_id/5147
The update addresses security issues that may lead to denial of service, data loss, and information disclosurehttps://nvidia.custhelp.com/app/answers/detail/a_id/5147
Halogen - is a tool to automate the creation of yara rules against image files embedded within a malicious document
https://github.com/target/halogen
https://github.com/target/halogen
GitHub
GitHub - target/halogen: Automatically create YARA rules from malicious documents.
Automatically create YARA rules from malicious documents. - GitHub - target/halogen: Automatically create YARA rules from malicious documents.
Forwarded from Sys-Admin Up (Yevgeniy Goncharov)
How to Create AWS Lambda Layers for Python
https://wahlnetwork.com/2020/07/28/how-to-create-aws-lambda-layers-for-python/
https://wahlnetwork.com/2020/07/28/how-to-create-aws-lambda-layers-for-python/
Wahl Network
How to Create AWS Lambda Layers for Python - Wahl Network
Curious how to create your own AWS Lambda Layers with Python modules and libraries? Follow along with me in this step-by-step guide!
The ESXi ransomware post-mortem
https://www.reddit.com/r/sysadmin/comments/kysqsc/the_esxi_ransomware_postmortem/
Ссылка не моя, за что отдельное спасибо подписчику ✌️
https://www.reddit.com/r/sysadmin/comments/kysqsc/the_esxi_ransomware_postmortem/
Ссылка не моя, за что отдельное спасибо подписчику ✌️
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
New campaign targeting security researchers
Кампания, нацеленная на исследователей безопасности.
Тот случай, когда сам security research'ер становится объектом исследования. В помощь приходит социальная инженерия, соц. сети, фейковые эксплоиты...
https://blog.google/threat-analysis-group/new-campaign-targeting-security-researchers/
Спасибо за ссылку на интересное исследование Sabyrzhan T. (@novitoll)
Кампания, нацеленная на исследователей безопасности.
Тот случай, когда сам security research'ер становится объектом исследования. В помощь приходит социальная инженерия, соц. сети, фейковые эксплоиты...
https://blog.google/threat-analysis-group/new-campaign-targeting-security-researchers/
Спасибо за ссылку на интересное исследование Sabyrzhan T. (@novitoll)
Security Researcher in Spectre Security GroupGoogle
New campaign targeting security researchers
Details on an ongoing campaign, which we attribute to a government-backed entity based in North Korea, targeting security researchers working on vulnerability research and development.
Fuji Electric Tellus Lite V-Simulator and V-Server Lite
ICS Advisory (ICSA-21-026-01):
https://us-cert.cisa.gov/ics/advisories/icsa-21-026-01
Vulnerabilities: Stack-based Buffer Overflow, Out-of-Bounds Read, Out-of-Bounds Write, Access of Uninitialized Pointer, Heap-based Buffer OverflowICS Advisory (ICSA-21-026-01):
https://us-cert.cisa.gov/ics/advisories/icsa-21-026-01
Что чакоке IPFS, который поддержали Cloudflare, Microsoft, Brave, Opera
Простыми словами об IPFS и том, кто уже внедрил его поддержку:
https://vc.ru/tech/200883-pochinit-internet-chto-za-proekt-ipfs-kotoryy-podderzhali-microsoft-brave-i-drugie-i-chem-on-polezen-polzovatelyam
Простыми словами об IPFS и том, кто уже внедрил его поддержку:
https://vc.ru/tech/200883-pochinit-internet-chto-za-proekt-ipfs-kotoryy-podderzhali-microsoft-brave-i-drugie-i-chem-on-polezen-polzovatelyam
vc.ru
Починить интернет: что за проект IPFS, который поддержали Microsoft, Brave и другие, и чем он полезен пользователям — Техника на…
Децентрализованная сеть может сделать интернет быстрее, свободнее и стабильнее, считают создатели стандарта.
Releasing Windows Feature Experience Pack 120.2212.2020.0 to the Beta Channel
https://blogs.windows.com/windows-insider/2021/01/26/releasing-windows-feature-experience-pack-120-2212-2020-0-to-the-beta-channel/
We are improving the reliability of screen snipping experience, especially with apps that access the clipboard often.https://blogs.windows.com/windows-insider/2021/01/26/releasing-windows-feature-experience-pack-120-2212-2020-0-to-the-beta-channel/
Windows Insider Blog
Releasing Windows Feature Experience Pack 120.2212.2020.0 to the Beta Channel
Hello Windows Insiders, Today, we are releasing Windows Feature Experience Pack 120.2212.2020.0 to Windows Insiders in the Beta Channel. This update includes the following improvements: We are improving the reliability of
Forwarded from Sys-Admin Up (Yevgeniy Goncharov)
Telegram - Перенос чатов из других приложений
Честно говоря только узнал о такой возможности, возможно будет так же кому-либо полезно:
https://telegram.org/blog/move-history/ru
Честно говоря только узнал о такой возможности, возможно будет так же кому-либо полезно:
https://telegram.org/blog/move-history/ru
Telegram
Перенос чатов из других приложений
В этом январе более 100 миллионов новых пользователей выбрали свободу и конфиденциальность — и зарегистрировались в Telegram. С сегодняшнего дня в Telegram можно перенести сообщения, фотографии, видеозаписи и документы из других приложений — например, WhatsApp…