Linux marketplaces vulnerable to RCE and supply chain attacks | Positive Security
https://positive.security/blog/hacking-linux-marketplaces
https://positive.security/blog/hacking-linux-marketplaces
positive.security
Linux marketplaces vulnerable to RCE and supply chain attacks | Positive Security
We're disclosing patched vulnerabilities in KDE Discover and the Gnome Shell Extensions website, as well as unpatched vulnerabilities in the PlingStore app and Pling-based Linux marketplace websites (e.g. appimagehub.com, store.kde.org, gnome-look.org).
Bash Ransomware DarkRadiation Targets Red Hat- and Debian-based Linux Distributions
https://www.trendmicro.com/en_us/research/21/f/bash-ransomware-darkradiation-targets-red-hat--and-debian-based-linux-distributions.html
https://www.trendmicro.com/en_us/research/21/f/bash-ransomware-darkradiation-targets-red-hat--and-debian-based-linux-distributions.html
Trend Micro
Bash Ransomware DarkRadiation Targets Red Hat- and Debian-based Linux Distributions
We investigate how certain hacking tools are used to move laterally on victims’ networks to deploy ransomware. These tools contain reconnaissance/spreader noscripts, exploits for Red Hat and CentOS, binary injectors, and more. In this blog, we focus on analyzing…
Ubuntu 20.04 LTS / 20.10 / 21.04 : Dovecot vulnerabilities (USN-4993-1) | Tenable®
https://www.tenable.com/plugins/nessus/150939
https://www.tenable.com/plugins/nessus/150939
Podman is gaining rootless overlay support
Но есть одно но:
Sadly, you will only be able to use the native overlay with fresh storage, meaning you will need to destroy all of your container's existing storage. It is necessary to do a podman system reset if you already have images/containers:
https://www.redhat.com/sysadmin/podman-rootless-overlay
Но есть одно но:
Sadly, you will only be able to use the native overlay with fresh storage, meaning you will need to destroy all of your container's existing storage. It is necessary to do a podman system reset if you already have images/containers:
https://www.redhat.com/sysadmin/podman-rootless-overlay
Redhat
Podman is gaining rootless overlay support
Podman can use native overlay file system with the Linux kernel versions 5.13. Up until now, we have been using fuse-overlayfs. The kernel gained rootless su...
Угрозы нацеленные на подмножество устройств Zyxel в которых включено удаленное управление или VPN SSL, а именно в сериях - USG/ZyWALL, USG FLEX, ATP и VPN, работающих под управлением локальной прошивки ZLD
CVE-2021-26868 LPE & CVE-2021-33739 POC
* https://github.com/mavillon1/CVE-2021-33739-POC
Source: https://twitter.com/JAMESWT_MHT/status/1407987022170578946
За ссылку спасибо @Thatskriptkid ✌️
CVE-2021-26868 LPE & CVE-2021-33739 POC
* https://github.com/mavillon1/CVE-2021-33739-POC
Source: https://twitter.com/JAMESWT_MHT/status/1407987022170578946
За ссылку спасибо @Thatskriptkid ✌️
An authentication bypass in the VMware Carbon Black App Control
Critical
https://www.vmware.com/security/advisories/VMSA-2021-0012.html
Critical
https://www.vmware.com/security/advisories/VMSA-2021-0012.html
Google Online Security Blog: Announcing a unified vulnerability schema for open source
Анонсирование единой схемы уязвимостей для открытого исходного кода от Google
https://security.googleblog.com/2021/06/announcing-unified-vulnerability-schema.html?m=1
Анонсирование единой схемы уязвимостей для открытого исходного кода от Google
https://security.googleblog.com/2021/06/announcing-unified-vulnerability-schema.html?m=1
Googleblog
Announcing a unified vulnerability schema for open source
Posted by Oliver Chang, Google Open Source Security team and Russ Cox, Go team In recent months, Google has launched several efforts to st...
A supply-chain breach: Taking over an Atlassian account
https://research.checkpoint.com/2021/a-supply-chain-breach-taking-over-an-atlassian-account/
https://research.checkpoint.com/2021/a-supply-chain-breach-taking-over-an-atlassian-account/
Check Point Research
A supply-chain breach: Taking over an Atlassian account - Check Point Research
Research By: Dikla Barda, Yaara Shriki, Roman Zaikin and Oded Vanunu Background With more than 180,000 customers globally, and millions of users, the Australian 2002 founded company “Atlassian” develops products for software developers, project managers and…
Eclypsium Discovers Multiple Vulnerabilities in Dell BIOSConnect
https://eclypsium.com/2021/06/24/biosdisconnect/
https://eclypsium.com/2021/06/24/biosdisconnect/
Eclypsium | Supply Chain Security for the Modern Enterprise
Eclypsium Discovers Multiple Vulnerabilities in Dell BIOSConnect
BIOS Disconnect - Vulnerabilities in Dell remote OS recovery and firmware update capabilities pose significant risks to 129 models of Dell computers -30 to 40 million devices affected.
Action Required on My Book Live and My Book Live Duo - WD Legacy Products / My Book Live
https://community.wd.com/t/action-required-on-my-book-live-and-my-book-live-duo/268147
Western Digital has determined that some My Book Live devices are being compromised by malicious software. In some cases, this compromise has led to a factory reset that appears to erase all data on the devicehttps://community.wd.com/t/action-required-on-my-book-live-and-my-book-live-duo/268147
WD Community
Important Announcement About Your WD My Book Live Product: WDC-21008
UPDATED 7/6/2021 The My Book Live and My Book Live Duo Data Recovery Service Offer and Trade-In Offer are now available and more information can be found about each at the following links: My Book Live and My Book Live Duo: Data Recovery Service Offer …
Microsoft signed a malicious Netfilter rootkit
Тот случай, когда малварь (не просто малварь, а драйвер работающий на уровне ядра ОС) подписан вендором (в данном случае Microsoft):
https://www.gdatasoftware.com/blog/microsoft-signed-a-malicious-netfilter-rootkit
Тот случай, когда малварь (не просто малварь, а драйвер работающий на уровне ядра ОС) подписан вендором (в данном случае Microsoft):
https://www.gdatasoftware.com/blog/microsoft-signed-a-malicious-netfilter-rootkit
Gdatasoftware
Microsoft signed a malicious Netfilter rootkit
What started as a false positive alert for a Microsoft signed file turns out to be a WFP application layer enforcement callout driver that redirects traffic to a Chinese IP. How did this happen?
Sys-Admin InfoSec pinned « Open SysConf'21 - Новые доклады. Регистрация докладчиков закончена. До нашей онлайн/оффлайн встречи почти осталось две с половиной недели. Регистрация оффлайн участников подходит к концу, так как все свободные места уже практически заняты (еще есть возможность…»
CVE-2020-3580: Proof of Concept Published for Cisco ASA Flaw Patched in October - Blog | Tenable®
https://www.tenable.com/blog/cve-2020-3580-proof-of-concept-published-for-cisco-asa-flaw-patched-in-october
https://www.tenable.com/blog/cve-2020-3580-proof-of-concept-published-for-cisco-asa-flaw-patched-in-october
Tenable®
CVE-2020-3580: Proof of Concept Published for Cisco ASA Flaw Patched in October
Researchers at Positive Technologies have published a proof-of-concept exploit for CVE-2020-3580. There are reports of researchers pursuing bug bounties using this exploit. Update June 28: The Background section has been updated to correct the initial publication…
Exclusive: 700 Million LinkedIn Records Leaked June 2021 | Safety First
https://www.privacysharks.com/exclusive-700-million-linkedin-records-for-sale-on-hacker-forum-june-22nd-2021/
https://www.privacysharks.com/exclusive-700-million-linkedin-records-for-sale-on-hacker-forum-june-22nd-2021/
PrivacySharks
Exclusive: 700 Million LinkedIn Records Leaked June 2021 | PrivacySharks
A recent data breach involving 700 LinkedIn records has been exposed. The leak is the largest that LinkedIn has experienced so far.
Похоже Linux все же будет поддерживать M1
Поддержка M1 озвучена в релизе Linux 5.13-rc1
http://lkml.iu.edu/hypermail/linux/kernel/2105.1/00457.html
Теперь же состоится релиз 5.13 с заявленной поддержкой:
https://lore.kernel.org/lkml/CAHk-=wj7E9iTGHbqfgtaTAM09WrVzwXjda2_D59MT8D_1=54Rg@mail.gmail.com/T/#u
Поддержка M1 озвучена в релизе Linux 5.13-rc1
http://lkml.iu.edu/hypermail/linux/kernel/2105.1/00457.html
Теперь же состоится релиз 5.13 с заявленной поддержкой:
https://lore.kernel.org/lkml/CAHk-=wj7E9iTGHbqfgtaTAM09WrVzwXjda2_D59MT8D_1=54Rg@mail.gmail.com/T/#u
lkml.iu.edu
Linux-Kernel Archive: Linux 5.13-rc1
Cyber Polygon 2021 - бесплатный международный онлайн-тренинг по кибербезопасности (9 июля)
Основная тема - безопасное развитие экосистем и отражение атак supply chain
Тренинг будет включать в себя два сценария — Defence и Response:
- сначала команды будут отражать атаку на цепочку поставок в рамках корпоративной экосистемы
- затем расследовать инцидент с использованием техник классической компьютерной криминалистики и подхода Threat Hunting
Тренинг предназначен для команд - Регистрация / Детали
На тренинг зарегистрировалось более 160 организаций из 47 стран. Среди них — Сбер, "Тинькофф", Home Credit bank, TimeWeb, SB Crédito, Ventum Consulting, OZON, Агентство кибербезопасности Сингапура, UZCERT и многие другие.
Нюансы:
• заявки принимаются только от корпоративных команд
• на прохождение сценариев тренинга нужно заложить сутки
Cyber Polygon 2021 - бесплатный международный онлайн-тренинг по кибербезопасности (9 июля)
Основная тема - безопасное развитие экосистем и отражение атак supply chain
Тренинг будет включать в себя два сценария — Defence и Response:
- сначала команды будут отражать атаку на цепочку поставок в рамках корпоративной экосистемы
- затем расследовать инцидент с использованием техник классической компьютерной криминалистики и подхода Threat Hunting
Тренинг предназначен для команд - Регистрация / Детали
На тренинг зарегистрировалось более 160 организаций из 47 стран. Среди них — Сбер, "Тинькофф", Home Credit bank, TimeWeb, SB Crédito, Ventum Consulting, OZON, Агентство кибербезопасности Сингапура, UZCERT и многие другие.
Нюансы:
• заявки принимаются только от корпоративных команд
• на прохождение сценариев тренинга нужно заложить сутки
New Ransomware Variant Uses Golang Packer
https://www.crowdstrike.com/blog/new-ransomware-variant-uses-golang-packer/
https://www.crowdstrike.com/blog/new-ransomware-variant-uses-golang-packer/
CrowdStrike.com
New Ransomware Variant Uses Golang Packer | CrowdStrike
CrowdStrike has observed a ransomware sample borrowing implementations from FiveHands variants and using a Golang packer with the most recent version of Golang.
Vim vs. Nano vs. Emacs: Three sysadmins weigh in | Enable Sysadmin
https://www.redhat.com/sysadmin/3-text-editors-compared
https://www.redhat.com/sysadmin/3-text-editors-compared
Redhat
Vim vs. Nano vs. Emacs: Three sysadmins weigh in
Text editors. They aren't something that most users put a lot of thought into. However, not all text editors are alike, and with more time at the terminal, y...
MITRE ATT&CK® mappings released for built-in Azure security controls
https://www.microsoft.com/security/blog/2021/06/29/mitre-attck-mappings-released-for-built-in-azure-security-controls/
https://www.microsoft.com/security/blog/2021/06/29/mitre-attck-mappings-released-for-built-in-azure-security-controls/
Microsoft News
MITRE ATT&CK® mappings released for built-in Azure security controls
Microsoft is pleased to announce the publication of the Security Stack Mappings for Azure project in partnership with the Center for Threat-Informed Defense.
An EPYC escape: Case-study of a KVM breakout
Выход за пределы гостевой системы гипервизора KVM
https://googleprojectzero.blogspot.com/2021/06/an-epyc-escape-case-study-of-kvm.html
Выход за пределы гостевой системы гипервизора KVM
https://googleprojectzero.blogspot.com/2021/06/an-epyc-escape-case-study-of-kvm.html
Blogspot
An EPYC escape: Case-study of a KVM breakout
Posted by Felix Wilhelm, Project Zero Introduction KVM (for Kernel-based Virtual Machine) is the de-facto standard hypervisor for Linux-...