Говорят, что взлом произошел благодаря брутфорсу, вроде как сетевого оборудования..
Сжато о взломе из официального источника T-Mobile:
https://www.t-mobile.com/news/network/cyberattack-against-tmobile-and-our-customers
P.S. неплохой пример для того, чтобы задуматься о том, как у себя превентить и мониторить такие векторы атак
Сжато о взломе из официального источника T-Mobile:
https://www.t-mobile.com/news/network/cyberattack-against-tmobile-and-our-customers
P.S. неплохой пример для того, чтобы задуматься о том, как у себя превентить и мониторить такие векторы атак
T-Mobile Newsroom
The Cyberattack Against T-Mobile and Our Customers: What happened, and what we are doing about it. - T-Mobile Newsroom
The last two weeks have been humbling for all of us at T-Mobile as we have worked tirelessly to navigate a malicious cyberattack on our systems.
FVP-02-report.final_.pdf
386.6 KB
Pentest-Report Mozilla VPN Apps & Clients 03.2021
Multiple Low Security Issues in Mozilla VPN
https://www.mozilla.org/en-US/security/advisories/mfsa2021-31/
Multiple Low Security Issues in Mozilla VPN
https://www.mozilla.org/en-US/security/advisories/mfsa2021-31/
AA21-243A-Ransomware_Awareness_for_Holidays_and_Weekends.pdf
1.1 MB
Ransomware Awareness for Holidays and
Weekends (from CISA)
Weekends (from CISA)
Forwarded from Sys-Admin Up (Yevgeniy Goncharov)
Linux from Scratch
https://lists.linuxfromscratch.org/sympa/arc/lfs-announce/2021-09/msg00000.html
Quick links:
[0] http://www.linuxfromscratch.org/lfs/view/11.0/
[1] http://www.linuxfromscratch.org/blfs/view/11.0/
[2] http://www.linuxfromscratch.org/lfs/view/11.0-systemd/
[3] http://www.linuxfromscratch.org/blfs/view/11.0-systemd/
[4] http://www.linuxfromscratch.org/lfs/downloads/11.0/
[5] http://www.linuxfromscratch.org/blfs/downloads/11.0/
[6] http://www.linuxfromscratch.org/lfs/downloads/11.0-systemd/
[7] http://www.linuxfromscratch.org/blfs/downloads/11.0-systemd/
https://lists.linuxfromscratch.org/sympa/arc/lfs-announce/2021-09/msg00000.html
Quick links:
[0] http://www.linuxfromscratch.org/lfs/view/11.0/
[1] http://www.linuxfromscratch.org/blfs/view/11.0/
[2] http://www.linuxfromscratch.org/lfs/view/11.0-systemd/
[3] http://www.linuxfromscratch.org/blfs/view/11.0-systemd/
[4] http://www.linuxfromscratch.org/lfs/downloads/11.0/
[5] http://www.linuxfromscratch.org/blfs/downloads/11.0/
[6] http://www.linuxfromscratch.org/lfs/downloads/11.0-systemd/
[7] http://www.linuxfromscratch.org/blfs/downloads/11.0-systemd/
Cisco Enterprise NFV Infrastructure Software Authentication Bypass Vulnerability (critical)
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nfvis-g2DMVVh
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nfvis-g2DMVVh
Cisco
Cisco Security Advisory: Cisco Enterprise NFV Infrastructure Software Authentication Bypass Vulnerability
A vulnerability in the TACACS+ authentication, authorization and accounting (AAA) feature of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an unauthenticated, remote attacker to bypass authentication and log in to an affected device as…
CVE-2021-26084 Remote Code Execution on Confluence Servers
PoC
https://github.com/httpvoid/writeups/blob/main/Confluence-RCE.md
PoC
https://github.com/httpvoid/writeups/blob/main/Confluence-RCE.md
GitHub
writeups/Confluence-RCE.md at main · httpvoid/writeups
Contribute to httpvoid/writeups development by creating an account on GitHub.
Using nftables in Red Hat Enterprise Linux 8
https://www.redhat.com/en/blog/using-nftables-red-hat-enterprise-linux-8
https://www.redhat.com/en/blog/using-nftables-red-hat-enterprise-linux-8
Redhat
Using nftables in Red Hat Enterprise Linux 8
In Red Hat Enterprise Linux 8 the preferred low level firewall solution is nftables. This post is an introduction to using nftables. This is most relevant for system administrators and DevOps practitioners. Where it makes sense we will highlight differences…
ASSET Research Group: BrakTooth
New BT Vulnerability:
https://asset-group.github.io/disclosures/braktooth/
P .S. Bluetooth Classic (BT) protocol is a widely used wireless protocol in laptops, handheld devices, and audio devices
New BT Vulnerability:
https://asset-group.github.io/disclosures/braktooth/
P .S. Bluetooth Classic (BT) protocol is a widely used wireless protocol in laptops, handheld devices, and audio devices
A deep-dive into the SolarWinds Serv-U SSH vulnerability
http://www.microsoft.com/security/blog/2021/09/02/a-deep-dive-into-the-solarwinds-serv-u-ssh-vulnerability/
http://www.microsoft.com/security/blog/2021/09/02/a-deep-dive-into-the-solarwinds-serv-u-ssh-vulnerability/
Microsoft Security Blog
A deep-dive into the SolarWinds Serv-U SSH vulnerability | Microsoft Security Blog
We're sharing technical information about the vulnerability tracked as CVE-2021-35211, which was used to attack the SolarWinds Serv-U FTP software in limited and targeted attacks.
Google Play sign-ins can be abused to track another person's movements - Malwarebytes Labs
Как без шума и пыли можно шпионить за перемещениями через Google Play:
https://blog.malwarebytes.com/awareness/2021/09/google-play-sign-ins-can-be-abused-to-track-another-persons-movements/
Как без шума и пыли можно шпионить за перемещениями через Google Play:
https://blog.malwarebytes.com/awareness/2021/09/google-play-sign-ins-can-be-abused-to-track-another-persons-movements/
Malwarebytes
Google Play sign-ins can be abused to track another person’s movements
We tried to help somebody install an app on an Android phone and stumbled on a way to track them instead.
Too Log; Didn't Read — Unknown Actor Using CLFS Log Files for Stealth
Technical analysis:
https://www.fireeye.com/blog/threat-research/2021/09/unknown-actor-using-clfs-log-files-for-stealth.html
Technical analysis:
https://www.fireeye.com/blog/threat-research/2021/09/unknown-actor-using-clfs-log-files-for-stealth.html
Со слов издания (см ссылку ниже) Protonmail передал полиции IP-адрес активистов, выступающих против джентрификации
Новость на французском, но переводится легко любым онлайн переводчиком:
https://secoursrouge.org/france-suisse-securite-it-protonmail-a-communique-a-la-police-ladresse-ip-de-militant%c2%b7es-anti-gentrification/
З.Ы. джентрификация - реконструкция (ревитализация) пришедших в упадок городских кварталов путём благоустройства и последующего привлечения более состоятельных жителей.
З.З.Ы. thx for the link dear subscriber ✌️
up
- https://web.archive.org/web/20210719011623/https://privacy-watchdog.io/truth-about-protonmail/#tdi_45_8d1
- https://youtu.be/IeXaYR4ed9c
Новость на французском, но переводится легко любым онлайн переводчиком:
https://secoursrouge.org/france-suisse-securite-it-protonmail-a-communique-a-la-police-ladresse-ip-de-militant%c2%b7es-anti-gentrification/
З.Ы. джентрификация - реконструкция (ревитализация) пришедших в упадок городских кварталов путём благоустройства и последующего привлечения более состоятельных жителей.
З.З.Ы. thx for the link dear subscriber ✌️
up
- https://web.archive.org/web/20210719011623/https://privacy-watchdog.io/truth-about-protonmail/#tdi_45_8d1
- https://youtu.be/IeXaYR4ed9c
secoursrouge.org
France/Suisse/Sécurité IT : Protonmail a communiqué à la police l’adresse IP de militant·es anti-gentrification
L'année 2020 et 2021 a été marqué par la mise en place et la répression d'une série d'occupations ouvertes dans le quartier de la place Sainte Marthe. Durant l'enquête, les policiers se sont concentré sur un collectif et ont remarqué qu'il communiquait via…
Как установить сканер уязвимостей Greenbone OpenVAS 21 в CentOS 8
OpenVAS или Open Vulnerability Assessment Scanner - Сканер уязвимостей, который под капотом имеет много полезных фич, например таких, как NVT (Network Vulnerability Tests) или базы свежих CVE (Common Vulnerabilities and Exposures), отчеты, расписания. дашбоарды и много чего еще, в общем все то, что необходимо сисадминам, и не только в повседневной жизни 🙂
Пост в моем Sys-Admin блоге: Как установить сканер уязвимостей Greenbone OpenVAS 21 в CentOS 8
P.S. Сюда не все новости из блога попадают, все новости из блога (и не только) есть в Sys-Admin Up
Draconian Fear vulnerability (some NETGEAR smart switches) - gynvael.coldwind//vx.log
- https://gynvael.coldwind.pl/?id=741
- https://gynvael.coldwind.pl/?id=740
- https://gynvael.coldwind.pl/?id=741
- https://gynvael.coldwind.pl/?id=740
gynvael.coldwind.pl
Draconian Fear vulnerability (some NETGEAR smart switches)
Fake pirated software sites serve up malware droppers as a service
https://news.sophos.com/en-us/2021/09/01/fake-pirated-software-sites-serve-up-malware-droppers-as-a-service/
https://news.sophos.com/en-us/2021/09/01/fake-pirated-software-sites-serve-up-malware-droppers-as-a-service/
Sophos News
Fake pirated software sites serve up malware droppers as a service
Sites advertising “cracked” software packages lead into a network that serves up downloads full of malware instead.
Demo-занятии "VxLAN EVPN - настройка eBGP в overlay"
Где будут рассмотрены особенности настройки eBGP и какие существуют неудобства
Вебинар проведет Алексей Кулиничев, ведущий системный инженер и преподаватель онлайн-курса "Дизайн сетей ЦОД" от OTUS
• 15 сентября в 20:00 МСК. Регистрация (через вступительный тест): https://otus.pw/BmTS/
Microsoft MSHTML Remote Code Execution Vulnerability
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444
Proxies are complicated: RCE vulnerability in a 3 million downloads/week NPM package
https://httptoolkit.tech/blog/npm-pac-proxy-agent-vulnerability/
https://httptoolkit.tech/blog/npm-pac-proxy-agent-vulnerability/
Httptoolkit
Proxies are complicated: RCE vulnerability in a 3 million downloads/week NPM package
Pac-Resolver, a widely used NPM dependency, had a high-severity RCE (Remote Code Execution) vulnerability that could allow network administrators or other...
А серт-то протух (licensing.microsoft.com)
P.S. thx for the link to iptest.kz
P.P.S. И это "законодатели" технологической моды 🤦♂
P.S. thx for the link to iptest.kz
P.P.S. И это "законодатели" технологической моды 🤦♂
[Atlassian Confluence CVE-2021–26084]::: The other side of bug report!
https://tradahacking.vn/atlassian-confluence-cve-2021-26084-the-other-side-of-bug-bounty-45ed19c814f6
P.S. thx for the link @Thatskriptkid
https://tradahacking.vn/atlassian-confluence-cve-2021-26084-the-other-side-of-bug-bounty-45ed19c814f6
P.S. thx for the link @Thatskriptkid