Forwarded from Sys-Admin Up (Yevgeniy Goncharov)
Understand your dependencies
Your software and your users rely not only on the code you write, but also on the code your code depends on, the code that code depends on, and so on. An accurate view of the complete dependency graph is critical to understanding the state of your project. And it’s not just code: you need to know about security vulnerabilities, licenses, recent releases, and more.
Может быть полезным при использовании сторонних пакетов/модулей в своих (или чужих :)) проектах
https://deps.dev/
Your software and your users rely not only on the code you write, but also on the code your code depends on, the code that code depends on, and so on. An accurate view of the complete dependency graph is critical to understanding the state of your project. And it’s not just code: you need to know about security vulnerabilities, licenses, recent releases, and more.
Может быть полезным при использовании сторонних пакетов/модулей в своих (или чужих :)) проектах
https://deps.dev/
Using machine learning to improve the Windows 10 update experience - Microsoft Tech Community
https://techcommunity.microsoft.com/t5/windows-it-pro-blog/using-machine-learning-to-improve-the-windows-10-update/ba-p/877860
https://techcommunity.microsoft.com/t5/windows-it-pro-blog/using-machine-learning-to-improve-the-windows-10-update/ba-p/877860
TECHCOMMUNITY.MICROSOFT.COM
Using machine learning to improve the Windows 10 update experience | Microsoft Community Hub
Learn how we use ML to guide the rollout of feature updates and identify which PCs will have a great experience.
Siloscape: First Known Malware Targeting Windows Containers to Compromise Cloud Environments
Siloscape - сильно запутанная вредоносная программа, нацеленная на кластеры Kubernetes через контейнеры Windows. Его основная цель - открыть бэкдор в плохо настроенные кластеры Kubernetes для запуска вредоносных контейнеров
PoC
https://unit42.paloaltonetworks.com/siloscape/
Siloscape - сильно запутанная вредоносная программа, нацеленная на кластеры Kubernetes через контейнеры Windows. Его основная цель - открыть бэкдор в плохо настроенные кластеры Kubernetes для запуска вредоносных контейнеров
PoC
https://unit42.paloaltonetworks.com/siloscape/
Unit 42
Siloscape: First Known Malware Targeting Windows Containers to Compromise Cloud Environments
The main purpose of Siloscape is to open a backdoor into poorly configured Kubernetes clusters in order to run malicious containers.
macOS Monterey introduces powerful features to get more done - Apple
https://www.apple.com/newsroom/2021/06/macos-monterey-introduces-powerful-features-to-get-more-done/
https://www.apple.com/newsroom/2021/06/macos-monterey-introduces-powerful-features-to-get-more-done/
Apple Newsroom
macOS Monterey introduces powerful features to get more done
Apple introduces macOS Monterey, with new ways to connect with friends and family, Shortcuts and tools to get work done, and Continuity features.
Forwarded from Sys-Admin Up (Yevgeniy Goncharov)
Oracle Cloud Free Tier | Oracle
Вот такое вот обещают:
Try Always Free cloud services and get a 30-day trial
Build, test, and deploy applications on Oracle Cloud—for free.
https://www.oracle.com/cloud/free/
Вот такое вот обещают:
Try Always Free cloud services and get a 30-day trial
Build, test, and deploy applications on Oracle Cloud—for free.
https://www.oracle.com/cloud/free/
Oracle
Access Cloud Services for Free
Oracle Cloud Free Tier provides enterprises with Always Free Cloud Services that can be used for an unlimited time.
Fujifilm подверглась атаке шифровальщика
Не стали долго думать и обратились к своим бэкапам с целью восстановления инфраструктуры
Помни дорогой друг - бэкап важно не только иметь, но и периодически его проверять :)
https://www.fujifilm.com/jp/en/news/hq/6642-2
Не стали долго думать и обратились к своим бэкапам с целью восстановления инфраструктуры
Помни дорогой друг - бэкап важно не только иметь, но и периодически его проверять :)
https://www.fujifilm.com/jp/en/news/hq/6642-2
Fujifilm
Updated: Unauthorized access to Fujifilm servers | Fujifilm [Japan]
How Netflix uses eBPF flow logs at scale for network insight | by Netflix Technology Blog | Jun, 2021 | Netflix TechBlog
https://netflixtechblog.com/how-netflix-uses-ebpf-flow-logs-at-scale-for-network-insight-e3ea997dca96
https://netflixtechblog.com/how-netflix-uses-ebpf-flow-logs-at-scale-for-network-insight-e3ea997dca96
Medium
How Netflix uses eBPF flow logs at scale for network insight
By Alok Tiagi, Hariharan Ananthakrishnan, Ivan Porto Carrero and Keerti Lakshminarayan
Automox Experts Weigh In on June 2021 Microsoft Patch Tuesday Release
Порядка ~50 фиксов, в том числе для активно эксплуатируемых уязвимостей
https://blog.automox.com/automox-experts-weigh-in-june-patch-tuesday-2021
Прямая ссылка:
https://msrc.microsoft.com/update-guide
Порядка ~50 фиксов, в том числе для активно эксплуатируемых уязвимостей
https://blog.automox.com/automox-experts-weigh-in-june-patch-tuesday-2021
Прямая ссылка:
https://msrc.microsoft.com/update-guide
PuzzleMaker attacks with Chrome zero-day exploit chain | Securelist
https://securelist.com/puzzlemaker-chrome-zero-day-exploit-chain/102771/
https://securelist.com/puzzlemaker-chrome-zero-day-exploit-chain/102771/
Securelist
PuzzleMaker attacks with Chrome zero-day exploit chain
We detected a wave of highly targeted attacks that exploited a chain of Google Chrome and Microsoft Windows zero-day exploits.
SAP Security Patch Day – June 2021
https://wiki.scn.sap.com/wiki/plugins/servlet/mobile?contentId=578125999#content/view/578125999
https://wiki.scn.sap.com/wiki/plugins/servlet/mobile?contentId=578125999#content/view/578125999
Новая масштабная вредоносная кампания нацелена на Kubeflow
https://techcommunity.microsoft.com/t5/azure-security-center/new-large-scale-campaign-targets-kubeflow/ba-p/2425750
https://techcommunity.microsoft.com/t5/azure-security-center/new-large-scale-campaign-targets-kubeflow/ba-p/2425750
TECHCOMMUNITY.MICROSOFT.COM
New large-scale campaign targets Kubeflow | Microsoft Community Hub
Last June, we reported on a cryptocurrency mining campaign that targeted Kubeflow workloads. Recently, we discovered a new campaign that also targets...
Malware research: What’s hidden in a 1.2 TB malware database
https://nordlocker.com/blog/malware-case-study/
https://nordlocker.com/blog/malware-case-study/
Nordlocker
Here’s what custom malware can steal and how it does it.
We analyzed a database containing 6 million files, 25 million credentials, and 2 billion cookies that had been stolen by custom malware. Here are the results.
Securing the open source supply chain by scanning for package registry credentials | The GitHub Blog
https://github.blog/2021-06-08-securing-open-source-supply-chain-scanning-package-registry-credentials/
https://github.blog/2021-06-08-securing-open-source-supply-chain-scanning-package-registry-credentials/
The GitHub Blog
Securing the open source supply chain by scanning for package registry credentials
An introduction to secrets, GitHub secret scanning, the open source supply chain, and why revoking package registry credentials is so important.
Privilege escalation with polkit: How to get root on Linux with a seven-year-old bug
Баг подтвержден в Debian, Ubuntu, Fedora, RHEL дистрах
https://github.blog/2021-06-10-privilege-escalation-polkit-root-on-linux-with-bug/
Баг подтвержден в Debian, Ubuntu, Fedora, RHEL дистрах
https://github.blog/2021-06-10-privilege-escalation-polkit-root-on-linux-with-bug/
The GitHub Blog
Privilege escalation with polkit: How to get root on Linux with a seven-year-old bug
polkit is a system service installed by default on many Linux distributions. It’s used by systemd, so any Linux distribution that uses systemd also uses polkit.
Fig - Fig adds VSCode-style autocomplete to your existing terminal.
https://fig.io/
https://github.com/withfig/autocomplete
https://fig.io/
https://github.com/withfig/autocomplete
fig.io
The next-generation command line.