VMware vCenter Server Vulnerability CVE-2021-22005 Under Active Exploit
https://us-cert.cisa.gov/ncas/current-activity/2021/09/24/vmware-vcenter-server-vulnerability-cve-2021-22005-under-active
https://us-cert.cisa.gov/ncas/current-activity/2021/09/24/vmware-vcenter-server-vulnerability-cve-2021-22005-under-active
FoggyWeb: Targeted NOBELIUM malware leads to persistent backdoor
https://www.microsoft.com/security/blog/2021/09/27/foggyweb-targeted-nobelium-malware-leads-to-persistent-backdoor/
P.S. Thx for the link to @Thatskriptkid
https://www.microsoft.com/security/blog/2021/09/27/foggyweb-targeted-nobelium-malware-leads-to-persistent-backdoor/
P.S. Thx for the link to @Thatskriptkid
Microsoft News
FoggyWeb: Targeted NOBELIUM malware leads to persistent backdoor
In-depth analysis of newly detected NOBELIUM malware: a post-exploitation backdoor that Microsoft Threat Intelligence Center (MSTIC) refers to as FoggyWeb. NOBELIUM uses FoggyWeb to remotely exfiltrate the configuration database of compromised AD FS servers…
fail2ban – Remote Code Execution
https://research.securitum.com/fail2ban-remote-code-execution/
P.S. thx for the link dear subsciber 🤟
https://research.securitum.com/fail2ban-remote-code-execution/
P.S. thx for the link dear subsciber 🤟
research.securitum.com
fail2ban - Remote Code Execution - research.securitum.com
This article is about the recently published security advisory for a pretty popular software, fail2ban (CVE-2021-32749). It is about a bug that may lead to Remote Code Execution.
CSI_SELECTING-HARDENING-REMOTE-ACCESS-VPNS-20210928.PDF
413.9 KB
Selecting and Hardening Remote Access VPN
Recommendations from NSA*
Recommendations from NSA*
New Azure Active Directory password brute-forcing flaw has no fix
https://arstechnica.com/information-technology/2021/09/new-azure-active-directory-password-brute-forcing-flaw-has-no-fix/
https://arstechnica.com/information-technology/2021/09/new-azure-active-directory-password-brute-forcing-flaw-has-no-fix/
Ars Technica
New Azure Active Directory password brute-forcing flaw has no fix
Microsoft says AD authentication responses are working as intended.
Expert found RCE in Visual Studio Code Remote Development ExtensionSecurity Affairs
https://securityaffairs.co/wordpress/122638/hacking/rce-visual-studio-code-remote-development-extension.html
https://securityaffairs.co/wordpress/122638/hacking/rce-visual-studio-code-remote-development-extension.html
Security Affairs
Expert found RCE in Visual Studio Code Remote Development Extension
Researchers from cybersecurity firm Shielder found a remote code execution vulnerability in Visual Studio Code Remote Development Extension.
Tomiris backdoor and its connection to Sunshuttle and Kazuar
DNS hijacking in government zones*
https://securelist.com/darkhalo-after-solarwinds-the-tomiris-connection/104311/
DNS hijacking in government zones*
https://securelist.com/darkhalo-after-solarwinds-the-tomiris-connection/104311/
Securelist
Tomiris backdoor and its connection to Sunshuttle and Kazuar
We discovered a campaign delivering the Tomiris backdoor that shows a number of similarities with the Sunshuttle malware distributed by DarkHalo APT and target overlaps with Kazuar.
GriftHorse Android Trojan Steals Millions from Over 10 Million Victims Globally
https://blog.zimperium.com/grifthorse-android-trojan-steals-millions-from-over-10-million-victims-globally/
https://blog.zimperium.com/grifthorse-android-trojan-steals-millions-from-over-10-million-victims-globally/
BluStealer: from SpyEx to ThunderFox - Avast Threat Labs
https://decoded.avast.io/anhho/blustealer/
https://decoded.avast.io/anhho/blustealer/
Avast Threat Labs
BluStealer: from SpyEx to ThunderFox - Avast Threat Labs
BluStealer (a310logger) is is a crypto stealer, keylogger, and document uploader written in Visual Basic that loads C#.NET hack tools to steal credentials.
GhostEmperor: From ProxyLogon to kernel mode
https://securelist.com/ghostemperor-from-proxylogon-to-kernel-mode/104407/
P.S. Thx for the link to @Thatskriptkid
https://securelist.com/ghostemperor-from-proxylogon-to-kernel-mode/104407/
P.S. Thx for the link to @Thatskriptkid
Securelist
GhostEmperor: From ProxyLogon to kernel mode
With a long-standing operation, high profile victims, advanced toolset and no affinity to a known threat actor, we decided to dub the threat GhostEmperor.
Отчет о телеметрии Trustwave SpiderLabs 2021 года показал, что организации медленно исправляют уязвимости
Включая уязвимости высокой степени опасности/эксплуатации
https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/2021-trustwave-spiderlabs-telemetry-report-finds-that-organizations-are-slow-to-patch-even-high-profile-vulnerabilities/
P.S. Если кому то нужен полный очет и по каким-то причинас его не получается скачать, то в моем случае он уже скачан, дайте знать я его выложу в паблик
Включая уязвимости высокой степени опасности/эксплуатации
https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/2021-trustwave-spiderlabs-telemetry-report-finds-that-organizations-are-slow-to-patch-even-high-profile-vulnerabilities/
P.S. Если кому то нужен полный очет и по каким-то причинас его не получается скачать, то в моем случае он уже скачан, дайте знать я его выложу в паблик
Trustwave
2021 Trustwave SpiderLabs Telemetry Report Finds That Organizations Are Slow to Patch Even High-Profile Vulnerabilities
One of the most difficult tasks an organization faces is keeping tabs on the ever-growing threat landscape that contains malicious actors constantly probing an organization's attack surface, looking for any weakness. Making life even more difficult is an…
Траблшутинг DoH/DoT BLD
urgent: Обнаружено, что все коннекты работают (53, 8443), кроме DoT - 853, что произошло нужно время понять
DoH работает штатно:
- https://bld.sys-adm.in:8443/dns-query
- https://doh.sys-adm.in:8443/dns-query
На данный момент ясно, что с сертами проблем нету, но явно проблема где-то рядом (30 сентября же)..
urgent: Обнаружено, что все коннекты работают (53, 8443), кроме DoT - 853, что произошло нужно время понять
DoH работает штатно:
- https://bld.sys-adm.in:8443/dns-query
- https://doh.sys-adm.in:8443/dns-query
На данный момент ясно, что с сертами проблем нету, но явно проблема где-то рядом (30 сентября же)..
Zero-Day: Hijacking iCloud Credentials with Apple Airtags (Stored XSS)
https://medium.com/@bobbyrsec/zero-day-hijacking-icloud-credentials-with-apple-airtags-stored-xss-6997da43a216
https://medium.com/@bobbyrsec/zero-day-hijacking-icloud-credentials-with-apple-airtags-stored-xss-6997da43a216
Medium
Zero-Day: Hijacking iCloud Credentials with Apple Airtags (Stored XSS)
Apple’s “Lost Mode” allows a user to mark their Airtag as missing if they have misplaced it. This generates a unique…
Cisco Talos Intelligence Group - Comprehensive Threat Intelligence: A wolf in sheep's clothing: Actors spread malware by leveraging trust in Amnesty International and fear of Pegasus
https://blog.talosintelligence.com/2021/09/fakeantipegasusamnesty.html
https://blog.talosintelligence.com/2021/09/fakeantipegasusamnesty.html
Cisco Talos Blog
A wolf in sheep's clothing: Actors spread malware by leveraging trust in Amnesty International and fear of Pegasus
By Vitor Ventura and Arnaud Zobec.
Threat actors are impersonating the group Amnesty International and promising to protect against the Pegasus spyware as part of a scheme to deliver malware.
Amnesty International recently made international headlines when…
Threat actors are impersonating the group Amnesty International and promising to protect against the Pegasus spyware as part of a scheme to deliver malware.
Amnesty International recently made international headlines when…
Misconfigured Apache Airflows Leak Thousands of Credentials from Popular Services
https://www.intezer.com/blog/cloud-security/misconfigured-airflows-leak-credentials/
https://www.intezer.com/blog/cloud-security/misconfigured-airflows-leak-credentials/
Intezer
Misconfigured Airflows Leak Thousands of Credentials from Popular Services
This research refers to misconfigured Apache Airflow managed by individuals or organizations (“users”). As a result of the misconfiguration, the credentials of users are exposed, including their own credentials to the different platforms, applications and…
Update about the October 4th outage - Facebook Engineering
https://engineering.fb.com/2021/10/04/networking-traffic/outage/
Understanding How Facebook Disappeared from the Internet
https://blog.cloudflare.com/october-2021-facebook-outage/
https://engineering.fb.com/2021/10/04/networking-traffic/outage/
Understanding How Facebook Disappeared from the Internet
https://blog.cloudflare.com/october-2021-facebook-outage/
Engineering at Meta
Update about the October 4th outage
To all the people and businesses around the world who depend on us, we are sorry for the inconvenience caused by today’s outage across our platforms. We’ve been working as hard as we can to restore…
Atom Silo ransomware actors use Confluence exploit, DLL side-load for stealthy attack
https://news.sophos.com/en-us/2021/10/04/atom-silo-ransomware-actors-use-confluence-exploit-dll-side-load-for-stealthy-attack/
https://news.sophos.com/en-us/2021/10/04/atom-silo-ransomware-actors-use-confluence-exploit-dll-side-load-for-stealthy-attack/
Sophos News
Atom Silo ransomware actors use Confluence exploit, DLL side-load for stealthy attack
A new ransomware operator uses stealthy techniques, but borrows heavily from other players.
Text message scam infecting Android phones with FluBot | CERT NZ
https://www.cert.govt.nz/individuals/news-and-events/parcel-delivery-text-message-infecting-android-phones/
https://www.cert.govt.nz/individuals/news-and-events/parcel-delivery-text-message-infecting-android-phones/