LibreSSL 3.2.5 Released
https://www.mail-archive.com/announce@openbsd.org/msg00366.html
It includes the following bug fix:
* A TLS client using session resumption may cause a use-after-free.
The LibreSSL project continues improvement of the codebase to reflect modern,
safe programming practices. We welcome feedback and improvements from the
broader community. Thanks to all of the contributors who helped make this
release possible.`https://www.mail-archive.com/announce@openbsd.org/msg00366.html
Forwarded from Sys-Admin Up (Yevgeniy Goncharov)
The official Rust Programming Language book
https://doc.rust-lang.org/book/noscript-page.html
Learn Rust
https://www.rust-lang.org/learn
Official Rust YouTube
https://www.youtube.com/c/RustVideos/featured
Подборка
https://github.com/ctjhoa/rust-learning
Примеры
https://doc.rust-lang.org/stable/rust-by-example/
https://doc.rust-lang.org/book/noscript-page.html
Learn Rust
https://www.rust-lang.org/learn
Official Rust YouTube
https://www.youtube.com/c/RustVideos/featured
Подборка
https://github.com/ctjhoa/rust-learning
Примеры
https://doc.rust-lang.org/stable/rust-by-example/
New Mirai Variant Targeting Network Security Devices
https://unit42.paloaltonetworks.com/mirai-variant-iot-vulnerabilities/
https://unit42.paloaltonetworks.com/mirai-variant-iot-vulnerabilities/
Unit 42
New Mirai Variant Targeting Network Security Devices
We discovered ongoing attacks leveraging IoT vulnerabilities, including in network security devices, to serve a Mirai variant.
Using GitHub code scanning and CodeQL to detect traces of Solorigate and other backdoors
https://github.blog/2021-03-16-using-github-code-scanning-and-codeql-to-detect-traces-of-solorigate-and-other-backdoors/
https://github.blog/2021-03-16-using-github-code-scanning-and-codeql-to-detect-traces-of-solorigate-and-other-backdoors/
The GitHub Blog
Using GitHub code scanning and CodeQL to detect traces of Solorigate and other backdoors
Last month, a member of the CodeQL security community contributed multiple CodeQL queries for C# codebases that can help organizations assess whether they are affected by the SolarWinds nation-state attack on various parts of critical
Cisco Small Business RV132W and RV134W Routers Management Interface Remote Command Execution and Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-132w134w-overflow-Pptt4H2p
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-132w134w-overflow-Pptt4H2p
Cisco
Cisco Security Advisory: Cisco Small Business RV132W and RV134W Routers Management Interface Remote Command Execution and Denial…
A vulnerability in the web-based management interface of Cisco RV132W ADSL2+ Wireless-N VPN Routers and Cisco RV134W VDSL2 Wireless-AC VPN Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device…
Обновленная бета-версия затемненной темы для GitHub.com (updated at 14 March 2021)
Судя по описанию от первого лица обновленный интерфейс имеет более приглушённую цветовую гамму
https://github.blog/changelog/2021-03-16-dimmed-theme-beta-for-github-com/
Судя по описанию от первого лица обновленный интерфейс имеет более приглушённую цветовую гамму
https://github.blog/changelog/2021-03-16-dimmed-theme-beta-for-github-com/
The GitHub Blog
Dimmed theme beta for GitHub.com - GitHub Changelog
A dimmed theme, with a more subdued UI with a little less contrast than our dark mode theme, is now available to all GitHub.com users as a public beta. This…
Making Chaos Part of Kubernetes/OpenShift Performance and Scalability Tests
https://www.openshift.com/blog/making-chaos-part-of-kubernetes/openshift-performance-and-scalability-tests
https://www.openshift.com/blog/making-chaos-part-of-kubernetes/openshift-performance-and-scalability-tests
Redhat
Making Chaos Part of Kubernetes/OpenShift Performance and Scalability Tests
How we leverage Kraken to ensure that the Kubernetes/OpenShift is reliable, performant and scalable by providing the ability to inject failures while being able to check on the recovery and monitoring the state and performance of the cluster/component.
New macOS malware XcodeSpy Targets Xcode Developers with EggShell Backdoor
https://labs.sentinelone.com/new-macos-malware-xcodespy-targets-xcode-developers-with-eggshell-backdoor/
https://labs.sentinelone.com/new-macos-malware-xcodespy-targets-xcode-developers-with-eggshell-backdoor/
SentinelOne
New macOS Malware XcodeSpy Targets Xcode Developers with EggShell Backdoor - SentinelLabs
Targeting software developers is one route to a successful supply chain attack. Now threat actors are going after Apple developers through the Xcode IDE.
In-the-Wild Series: October 2020 0-day discovery
https://googleprojectzero.blogspot.com/2021/03/in-wild-series-october-2020-0-day.html
https://googleprojectzero.blogspot.com/2021/03/in-wild-series-october-2020-0-day.html
Blogspot
In-the-Wild Series: October 2020 0-day discovery
Posted by Maddie Stone, Project Zero In October 2020, Google Project Zero discovered seven 0-day exploits being actively used in-the-w...
A deep-dive into Cloudflare’s autonomous edge DDoS protection
https://blog.cloudflare.com/deep-dive-cloudflare-autonomous-edge-ddos-protection/
https://blog.cloudflare.com/deep-dive-cloudflare-autonomous-edge-ddos-protection/
The Cloudflare Blog
A deep-dive into Cloudflare’s autonomous edge DDoS protection
Introducing our autonomous DDoS (Distributed Denial of Service) protection system, globally deployed to all of Cloudflare’s 200+ data centers, and is actively protecting all our customers against DDoS attacks across layers 3 to 7 (in the OSI model) without…
F5 BIG-IP и F5 BIG-IQ набор уязвимостей
Многие уязвимости получили балл критичности 8.0+ в системе оценки уязвимостей CVSS
Детали в мартовском security advisory вендора:
https://support.f5.com/csp/article/K02566623
Что такое F5 - решения по контролю, фильтрации, балансировке, управлению трафиком, используются как правило энтерпайзом
Многие уязвимости получили балл критичности 8.0+ в системе оценки уязвимостей CVSS
Детали в мартовском security advisory вендора:
https://support.f5.com/csp/article/K02566623
Что такое F5 - решения по контролю, фильтрации, балансировке, управлению трафиком, используются как правило энтерпайзом
Purple Fox is an active malware campaign targeting Windows machines
Руткит Purple Fox теперь распространяется как червь
Purple Fox - это активная вредоносная кампания, нацеленная на компьютеры Windows.
До недавнего времени операторы Purple Fox заражали машины с помощью наборов эксплойтов и фишинговых писем.
Теперь же определен новый вектор заражения этим вредоносным ПО, когда компьютеры с Windows, подключенные к Интернету, взламывают путем перебора SMB паролей.
На сегодня определена обширная сеть скомпрометированных серверов Purple Fox. Эти сервера - скомпрометированные сервера Microsoft IIS 7.5.
Вредоносная программа Purple Fox включает руткит, который позволяет злоумышленникам скрывать вредоносное ПО на компьютере и затруднять его обнаружение и удаление
PoC
https://www.guardicore.com/labs/purple-fox-rootkit-now-propagates-as-a-worm/
Руткит Purple Fox теперь распространяется как червь
Purple Fox - это активная вредоносная кампания, нацеленная на компьютеры Windows.
До недавнего времени операторы Purple Fox заражали машины с помощью наборов эксплойтов и фишинговых писем.
Теперь же определен новый вектор заражения этим вредоносным ПО, когда компьютеры с Windows, подключенные к Интернету, взламывают путем перебора SMB паролей.
На сегодня определена обширная сеть скомпрометированных серверов Purple Fox. Эти сервера - скомпрометированные сервера Microsoft IIS 7.5.
Вредоносная программа Purple Fox включает руткит, который позволяет злоумышленникам скрывать вредоносное ПО на компьютере и затруднять его обнаружение и удаление
PoC
https://www.guardicore.com/labs/purple-fox-rootkit-now-propagates-as-a-worm/
Akamai
Cloud Computing, Security, Content Delivery (CDN) | Akamai
Akamai is the cybersecurity and cloud computing company that powers and protects business online.
Starting in version 90, Chrome’s address bar will use https:// by default
https://blog.chromium.org/2021/03/a-safer-default-for-navigation-https.html
https://blog.chromium.org/2021/03/a-safer-default-for-navigation-https.html
Chromium Blog
A safer default for navigation: HTTPS
Starting in version 90, Chrome’s address bar will use https:// by default, improving privacy and even loading speed for users visiting webs...
Cybersecurity and Infrastructure Security Agency (CISA) has released Hunt and Incident Response Program (CHIRP) tool
https://github.com/cisagov/CHIRP/blob/main/README.md
https://github.com/cisagov/CHIRP/blob/main/README.md
GitHub
CHIRP/README.md at main · cisagov/CHIRP
A DFIR tool written in Python. . Contribute to cisagov/CHIRP development by creating an account on GitHub.
The Compact Campaign - Анализ фишинговой компании
Фишинговые кампании продолжают использовать локдауны пандемии для нацеливания на жертв, а новая кампания использует растущую популярность Zoom
И снова, в который раз жертвами становятся пользователи продуктов MS...
Кампания нацеленая на тысячи пользователей, выдавая себя за приглашение Zoom, и, по оценкам, собрала более 400 000 учетных данных Outlook Web Access и Office 365. Эта кампания уникальна тем, что использует доверенные домены для обеспечения доставки фишинговых писем и предотвращения блокировки фишинговых страниц:
https://www.wmcglobal.com/blog/the-compact-campaign
Фишинговые кампании продолжают использовать локдауны пандемии для нацеливания на жертв, а новая кампания использует растущую популярность Zoom
И снова, в который раз жертвами становятся пользователи продуктов MS...
Кампания нацеленая на тысячи пользователей, выдавая себя за приглашение Zoom, и, по оценкам, собрала более 400 000 учетных данных Outlook Web Access и Office 365. Эта кампания уникальна тем, что использует доверенные домены для обеспечения доставки фишинговых писем и предотвращения блокировки фишинговых страниц:
https://www.wmcglobal.com/blog/the-compact-campaign
Wmcglobal
The Compact Campaign
A recent campaign being dubbed “The Compact Campaign” is based upon a unique exfiltration filename has been making a lot of noise since December by...
Facebook борется с хакерами из Китая
Деталей в статье нет, но есть краткая оценка тактик, которая возможно может быть интересна:
https://about.fb.com/news/2021/03/taking-action-against-hackers-in-china/
Деталей в статье нет, но есть краткая оценка тактик, которая возможно может быть интересна:
https://about.fb.com/news/2021/03/taking-action-against-hackers-in-china/
Meta Newsroom
Taking Action Against Hackers in China
Today, we’re sharing actions we took to disrupt a group of hackers' ability to use their infrastructure to abuse our platform, distribute malware and hack people’s accounts across the internet.
Новая версия PSExec c фиксом уязвимости повышения привилегий
https://docs.microsoft.com/en-us/sysinternals/downloads/psexec
https://docs.microsoft.com/en-us/sysinternals/downloads/psexec
Docs
PsExec - Sysinternals
Execute processes on remote systems.
WordPress - Recently Patched Vulnerability in Thrive Themes Actively Exploited in the Wild
On March 23, 2021, the Wordfence Threat Intelligence Team discovered two recently patched vulnerabilities being actively exploited in Thrive Theme’s “Legacy” Themes and Thrive Theme plugins that were chained together to allow unauthenticated attackers to upload arbitrary files on vulnerable WordPress sites. We estimate that more than 100,000 WordPress sites are using Thrive Theme products that may still be vulnerable.
https://www.wordfence.com/blog/2021/03/recently-patched-vulnerability-in-thrive-themes-actively-exploited-in-the-wild/
On March 23, 2021, the Wordfence Threat Intelligence Team discovered two recently patched vulnerabilities being actively exploited in Thrive Theme’s “Legacy” Themes and Thrive Theme plugins that were chained together to allow unauthenticated attackers to upload arbitrary files on vulnerable WordPress sites. We estimate that more than 100,000 WordPress sites are using Thrive Theme products that may still be vulnerable.
https://www.wordfence.com/blog/2021/03/recently-patched-vulnerability-in-thrive-themes-actively-exploited-in-the-wild/
Thrive Themes
Thrive Themes - Conversion Focused WordPress Themes
WordPress plugins that put you in control. Get your site set up quicker, grow your traffic, generate leads, and convert more customers with easy-to-use tools!
Forthcoming OpenSSL release
https://mta.openssl.org/pipermail/openssl-announce/2021-March/000196.html
~~
up
https://www.openssl.org/news/secadv/20210325.txt
https://mta.openssl.org/pipermail/openssl-announce/2021-March/000196.html
~~
The OpenSSL project team would like to announce the forthcoming
release of OpenSSL version 1.1.1k.
This release will be made available on Thursday 25th March 2021
between 1300-1700 UTC.
OpenSSL 1.1.1k is a security-fix release. The highest severity issue
fixed in this release is HIGH:
https://www.openssl.org/policies/secpolicy.html#highup
https://www.openssl.org/news/secadv/20210325.txt
Cisco Jabber Desktop and Mobile Client Software Vulnerabilities
Critical
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cisco-jabber-PWrTATTC
Critical
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cisco-jabber-PWrTATTC
Cisco
Cisco Security Advisory: Cisco Jabber Desktop and Mobile Client Software Vulnerabilities
Multiple vulnerabilities in Cisco Jabber for Windows, Cisco Jabber for MacOS, and Cisco Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating system with elevated privileges, access sensitive information…
OpenSSL Security Advisory [25 March 2021]CA certificate check bypass with X509_V_FLAG_X509_STRICT (CVE-2021-3450)
========================================================================
Severity: Highhttps://www.openssl.org/news/secadv/20210325.txt
Ссылка не моя, за что спасибо подписчику 😉