Adversary Dossier: Ryuk Ransomware Anatomy of an Attack in 2021

https://www.advanced-intel.com/post/adversary-dossier-ryuk-ransomware-anatomy-of-an-attack-in-2021

WordPress: Authenticated disclosure of password-protected posts and pages

https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-pmmh-2f36-wvhq

Hard Drive And SSD Shortages May Occur In The Near Future If New Cryptocurrency Succeeds

Сначала возник дефицит видеокарт, теперь возможно грядет дефицит SSD/HDD..

https://wccftech.com/hard-drive-and-ssd-shortages-may-occur-in-the-near-future-if-new-cryptocurrency-succeeds/

Когда BMP изображение может быть угрозой

Все начинается, как обычно с doc документа, заканчивается установкой вредоносного RAT ( Remote Access Trojan )

PoC

https://blog.malwarebytes.com/malwarebytes-news/2021/04/lazarus-apt-conceals-malicious-code-within-bmp-file-to-drop-its-rat/amp/

Open source goes to Mars
https://github.blog/2021-04-19-open-source-goes-to-mars/

nginx-1.20.0 stable version has been released

http://nginx.org/#2021-04-20

Recent Chromium bug used to attack Chinese WeChat users

https://therecord.media/recent-chromium-bug-used-to-attack-chinese-wechat-users/

Start building your own private network on Cloudflare today
https://blog.cloudflare.com/build-your-own-private-network-on-cloudflare/

От пентеста до АРТ-атаки: группа киберпреступников FIN7 маскирует свою малварь под инструментарий этичного хакера / BI.ZONE / Хабр
https://m.habr.com/ru/company/bizone/blog/553136/

Security Notice: SonicWall Email Security Zero-Day Vulnerabilities

https://www.sonicwall.com/support/product-notification/security-notice-sonicwall-email-security-zero-day-vulnerabilities/210416112932360/

GitHub Actions: Control permissions for GITHUB_TOKEN - GitHub Changelog
https://github.blog/changelog/2021-04-20-github-actions-control-permissions-for-github_token/

PARETO: The most sophisticated CTV botnet ever found...and disrupted

https://www.humansecurity.com/pareto

Announcing Windows 10 Insider Preview Build 21364 | Windows Insider Blog
https://blogs.windows.com/windows-insider/2021/04/21/announcing-windows-10-insider-preview-build-21364/

Facebook has a new mega-leak on its hands

https://arstechnica.com/gadgets/2021/04/tool-links-email-addresses-to-facebook-accounts-at-scale/

The OpenVPN community project team is proud to release OpenVPN 2.5.2. It fixes two related security vulnerabilities (CVE-2020-15078) which under very specific circumstances allow tricking a server using delayed authentication (plugin or management) into returning a PUSH_REPLY before the AUTH_FAILED message, which can possibly be used to gather information about a VPN setup. In combination with “–auth-gen-token” or a user-specific token auth solution it can be possible to get access to a VPN with an otherwise-invalid account. OpenVPN 2.5.2 also includes other bug fixes and improvements. Updated OpenSSL and OpenVPN GUI are included in Windows installers

https://openvpn.net/community-downloads/

PrivateDrop: Practical Privacy-Preserving Authentication for Apple AirDrop

Evolving Kubernetes networking with the Gateway API
https://kubernetes.io/blog/2021/04/22/evolving-kubernetes-networking-with-the-gateway-api/

GitHub - microsoft/wslg: Enabling the Windows Subsystem for Linux to include support for Wayland and X server related scenarios
https://github.com/microsoft/wslg

GitLab 13.11 released with Kubernetes Agent and Pipeline Compliance | GitLab
https://about.gitlab.com/releases/2021/04/22/gitlab-13-11-released/