Good old malware for the new Apple Silicon platform
M1 под угрозой..:
Некоторое время назад Apple выпустила компьютеры Mac с новым чипом под названием Apple M1.
Неожиданный выпуск стал важной вехой в индустрии оборудования Apple. Однако по мере развития технологий наблюдается растущий интерес к недавно выпущенной платформе со стороны злоумышленников.
Это неизбежно приводит к новым образцам вредоносного ПО, скомпилированным для платформы Apple Silicon. В статье рассматриваются угрозы для компьютеров Mac с чипом Apple M1 на борту:
https://securelist.com/malware-for-the-new-apple-silicon-platform/101137/
M1 под угрозой..:
Некоторое время назад Apple выпустила компьютеры Mac с новым чипом под названием Apple M1.
Неожиданный выпуск стал важной вехой в индустрии оборудования Apple. Однако по мере развития технологий наблюдается растущий интерес к недавно выпущенной платформе со стороны злоумышленников.
Это неизбежно приводит к новым образцам вредоносного ПО, скомпилированным для платформы Apple Silicon. В статье рассматриваются угрозы для компьютеров Mac с чипом Apple M1 на борту:
https://securelist.com/malware-for-the-new-apple-silicon-platform/101137/
Securelist
Good old malware for the new Apple Silicon platform
In this article, we are going to take a look at threats for Macs with the Apple M1 chip on board.
Google is aware of reports that an exploit for CVE-2021-21193 exists in the wild.
RCE
https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop_12.html
Ссылка не моя, за ссылку спасибо другу канала ✌️
RCE
https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop_12.html
Ссылка не моя, за ссылку спасибо другу канала ✌️
Chrome Releases
Stable Channel Update for Desktop
The Stable channel has been updated to 89.0.4389.90 for Windows, Mac and Linux which will roll out over the coming days/weeks. A full list o...
Flatpak - уязвимость выхода из песочницы
https://github.com/flatpak/flatpak/security/advisories/GHSA-xgh4-387p-hqpp
Что такое Flatpak:
https://sys-adm.in/systadm/nix/816-flatpak-chto-eto-i-kak-ego-mozhno-ispolzovat-v-linux.html
https://github.com/flatpak/flatpak/security/advisories/GHSA-xgh4-387p-hqpp
Что такое Flatpak:
https://sys-adm.in/systadm/nix/816-flatpak-chto-eto-i-kak-ego-mozhno-ispolzovat-v-linux.html
GitHub
CVE-2021-21381: Sandbox escape via special tokens in .desktop file (flatpak#4146)
flatpak since 0.9.4 has a vulnerability in the "file forwarding" feature which can be used by an attacker to gain access to files that would not ordinarily be allowed by the app's per...
Microsoft опубликовали workaround для BSOD возникающий при печати
https://docs.microsoft.com/en-us/windows/release-health/status-windows-10-2004
P.S. та самая ошибка которая возникает после установки
https://docs.microsoft.com/en-us/windows/release-health/status-windows-10-2004
P.S. та самая ошибка которая возникает после установки
KB5000802Docs
Windows release health
Quickly find official information on Windows updates and servicing milestones. Access resources, tools, and news about known issues and safeguards to help you plan your next update. Want the latest Windows release health updates? Follow @WindowsUpdate on…
New Threat: ZHtrap botnet implements honeypot to facilitate finding more victims
ZHtrap создаёт honeypot'ы для сбора данных с других устройств...
PoC
https://blog.netlab.360.com/new_threat_zhtrap_botnet_en/
ZHtrap создаёт honeypot'ы для сбора данных с других устройств...
PoC
https://blog.netlab.360.com/new_threat_zhtrap_botnet_en/
360 Netlab Blog - Network Security Research Lab at 360
New Threat: ZHtrap botnet implements honeypot to facilitate finding more victims
Overview
In the security community, when people talk about honeypot, by default we would assume this is one of the most used toolkits for security researchers to lure the bad guys. But recently we came across a botnet uses honeypot to harvest other infected…
In the security community, when people talk about honeypot, by default we would assume this is one of the most used toolkits for security researchers to lure the bad guys. But recently we came across a botnet uses honeypot to harvest other infected…
Exchange Mitigation Tools
MS выпустили mitigation инструмент для Exchange
https://github.com/microsoft/CSS-Exchange/tree/main/Security
Сам релиз powershell скрипта можно загрузить из раздела releases
https://github.com/microsoft/CSS-Exchange/releases/
Попутно в обновленной статье от MS ( https://msrc-blog.microsoft.com/2021/03/02/multiple-security-updates-released-for-exchange-server/ ) приводятся рекоммендации по использованию Microsoft Safety Scanner - https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download
Так же есть еще сторонние скрипты, как например Exchange Webshell Detection
- https://github.com/cert-lv/exchange_webshell_detection
или Nmap скрипт:
- https://github.com/GossiTheDog/scanning/blob/main/http-vuln-exchange.nse
И ряд статей по выявлению проблем Exchange в отношении уязвимостей:
- https://www.pwndefend.com/2021/03/07/checking-for-hafnium-or-other-groups-impact-from-exchange-abuse/
- Examining Exchange Exploitation and its Lessons for Defenders https://www.domaintools.com/resources/blog/examining-exchange-exploitation-and-its-lessons-for-defenders
MS выпустили mitigation инструмент для Exchange
https://github.com/microsoft/CSS-Exchange/tree/main/Security
Сам релиз powershell скрипта можно загрузить из раздела releases
EOMT.ps1:https://github.com/microsoft/CSS-Exchange/releases/
Попутно в обновленной статье от MS ( https://msrc-blog.microsoft.com/2021/03/02/multiple-security-updates-released-for-exchange-server/ ) приводятся рекоммендации по использованию Microsoft Safety Scanner - https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download
Так же есть еще сторонние скрипты, как например Exchange Webshell Detection
- https://github.com/cert-lv/exchange_webshell_detection
или Nmap скрипт:
- https://github.com/GossiTheDog/scanning/blob/main/http-vuln-exchange.nse
И ряд статей по выявлению проблем Exchange в отношении уязвимостей:
- https://www.pwndefend.com/2021/03/07/checking-for-hafnium-or-other-groups-impact-from-exchange-abuse/
- Examining Exchange Exploitation and its Lessons for Defenders https://www.domaintools.com/resources/blog/examining-exchange-exploitation-and-its-lessons-for-defenders
GitHub
CSS-Exchange/Security at main · microsoft/CSS-Exchange
Exchange Server support tools and noscripts. Contribute to microsoft/CSS-Exchange development by creating an account on GitHub.
Protecting on-premises Exchange Servers against recent attacks
https://www.microsoft.com/security/blog/2021/03/12/protecting-on-premises-exchange-servers-against-recent-attacks/
https://www.microsoft.com/security/blog/2021/03/12/protecting-on-premises-exchange-servers-against-recent-attacks/
Microsoft Security Blog
Protecting on-premises Exchange Servers against recent attacks | Microsoft Security Blog
For the past few weeks, Microsoft and others in the security industry have seen an increase in attacks against on-premises Exchange servers. The target of these attacks is a type of email server most often used by small and medium-sized businesses, although…
Проблемы в облачном MS - Users may be unable to access multiple Microsoft 365 services
Проблема наблюдается до сих пор, где то не работает граф, где то пропали тенант девайсы, статус:
https://status.office.com
Спасибо за эвент @aslan_im ✌️
Проблема наблюдается до сих пор, где то не работает граф, где то пропали тенант девайсы, статус:
https://status.office.com
Спасибо за эвент @aslan_im ✌️
Fedora 34 Feature Focus: Updated Activities Overview
https://fedoramagazine.org/fedora-34-feature-focus-updated-activities-overview/
https://fedoramagazine.org/fedora-34-feature-focus-updated-activities-overview/
Fedora Magazine
Fedora Workstation 34 Feature Focus: Updated Activities Overview - Fedora Magazine
Fedora Workstation 34 is scheduled for release towards the end of April. Among the various changes that it will contain is the soon-to-be-released GNOME 40. This comes with a number of improvements and new features, most notably an updated Activities Overview…
New releases (with security fixes): Tor 0.3.5.14, 0.4.4.8, and 0.4.5.7
https://blog.torproject.org/node/2009
https://blog.torproject.org/node/2009
blog.torproject.org
New releases (with security fixes): Tor 0.3.5.14, 0.4.4.8, and 0.4.5.7 | Tor Project
We have a new stable release today. If you build Tor from source, you can download the source code for 0.4.5.7 on the download page. Packages should be available within the next several weeks, with a new Tor Browser coming next week. Also today, Tor 0.3.5.14…
PYSA Ransomware-Targeting _-Education-Institution.pdf
976.2 KB
Предупрежден, значит вооружен
Предупреждение ФБР о росте атак программ-вымогателей PYSA на образовательные учреждения в США и Великобритании..
Не ровен час и "к нам доберётся" (как это зачастую бывает)
Предупреждение ФБР о росте атак программ-вымогателей PYSA на образовательные учреждения в США и Великобритании..
Не ровен час и "к нам доберётся" (как это зачастую бывает)
LibreSSL 3.2.5 Released
https://www.mail-archive.com/announce@openbsd.org/msg00366.html
It includes the following bug fix:
* A TLS client using session resumption may cause a use-after-free.
The LibreSSL project continues improvement of the codebase to reflect modern,
safe programming practices. We welcome feedback and improvements from the
broader community. Thanks to all of the contributors who helped make this
release possible.`https://www.mail-archive.com/announce@openbsd.org/msg00366.html
Forwarded from Sys-Admin Up (Yevgeniy Goncharov)
The official Rust Programming Language book
https://doc.rust-lang.org/book/noscript-page.html
Learn Rust
https://www.rust-lang.org/learn
Official Rust YouTube
https://www.youtube.com/c/RustVideos/featured
Подборка
https://github.com/ctjhoa/rust-learning
Примеры
https://doc.rust-lang.org/stable/rust-by-example/
https://doc.rust-lang.org/book/noscript-page.html
Learn Rust
https://www.rust-lang.org/learn
Official Rust YouTube
https://www.youtube.com/c/RustVideos/featured
Подборка
https://github.com/ctjhoa/rust-learning
Примеры
https://doc.rust-lang.org/stable/rust-by-example/
New Mirai Variant Targeting Network Security Devices
https://unit42.paloaltonetworks.com/mirai-variant-iot-vulnerabilities/
https://unit42.paloaltonetworks.com/mirai-variant-iot-vulnerabilities/
Unit 42
New Mirai Variant Targeting Network Security Devices
We discovered ongoing attacks leveraging IoT vulnerabilities, including in network security devices, to serve a Mirai variant.
Using GitHub code scanning and CodeQL to detect traces of Solorigate and other backdoors
https://github.blog/2021-03-16-using-github-code-scanning-and-codeql-to-detect-traces-of-solorigate-and-other-backdoors/
https://github.blog/2021-03-16-using-github-code-scanning-and-codeql-to-detect-traces-of-solorigate-and-other-backdoors/
The GitHub Blog
Using GitHub code scanning and CodeQL to detect traces of Solorigate and other backdoors
Last month, a member of the CodeQL security community contributed multiple CodeQL queries for C# codebases that can help organizations assess whether they are affected by the SolarWinds nation-state attack on various parts of critical
Cisco Small Business RV132W and RV134W Routers Management Interface Remote Command Execution and Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-132w134w-overflow-Pptt4H2p
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-132w134w-overflow-Pptt4H2p
Cisco
Cisco Security Advisory: Cisco Small Business RV132W and RV134W Routers Management Interface Remote Command Execution and Denial…
A vulnerability in the web-based management interface of Cisco RV132W ADSL2+ Wireless-N VPN Routers and Cisco RV134W VDSL2 Wireless-AC VPN Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device…
Обновленная бета-версия затемненной темы для GitHub.com (updated at 14 March 2021)
Судя по описанию от первого лица обновленный интерфейс имеет более приглушённую цветовую гамму
https://github.blog/changelog/2021-03-16-dimmed-theme-beta-for-github-com/
Судя по описанию от первого лица обновленный интерфейс имеет более приглушённую цветовую гамму
https://github.blog/changelog/2021-03-16-dimmed-theme-beta-for-github-com/
The GitHub Blog
Dimmed theme beta for GitHub.com - GitHub Changelog
A dimmed theme, with a more subdued UI with a little less contrast than our dark mode theme, is now available to all GitHub.com users as a public beta. This…
Making Chaos Part of Kubernetes/OpenShift Performance and Scalability Tests
https://www.openshift.com/blog/making-chaos-part-of-kubernetes/openshift-performance-and-scalability-tests
https://www.openshift.com/blog/making-chaos-part-of-kubernetes/openshift-performance-and-scalability-tests
Redhat
Making Chaos Part of Kubernetes/OpenShift Performance and Scalability Tests
How we leverage Kraken to ensure that the Kubernetes/OpenShift is reliable, performant and scalable by providing the ability to inject failures while being able to check on the recovery and monitoring the state and performance of the cluster/component.
New macOS malware XcodeSpy Targets Xcode Developers with EggShell Backdoor
https://labs.sentinelone.com/new-macos-malware-xcodespy-targets-xcode-developers-with-eggshell-backdoor/
https://labs.sentinelone.com/new-macos-malware-xcodespy-targets-xcode-developers-with-eggshell-backdoor/
SentinelOne
New macOS Malware XcodeSpy Targets Xcode Developers with EggShell Backdoor - SentinelLabs
Targeting software developers is one route to a successful supply chain attack. Now threat actors are going after Apple developers through the Xcode IDE.