Iran-linked DEV-0343 targeting defense, GIS, and maritime sectors

https://www.microsoft.com/security/blog/2021/10/11/iran-linked-dev-0343-targeting-defense-gis-and-maritime-sectors/

Working around expired Root Certificates

https://scotthelme.co.uk/should-clients-care-about-the-expiration-of-a-root-certificate/

Ads are now able to bypass Google Play to install apps WITHOUT user consent. Digital Turbine DSP seems to be the one enabling it.

https://www.reddit.com/r/androiddev/comments/q4nltn/ads_are_now_able_to_bypass_google_play_to_install/

Интересно, кто и как поддерживает security patching продуктов Adobe в компаниях? Бюллетени, да еще критикал, для продукции Adobe (в данном случае Reader) выходят на столько часто, что трудно представить как это дело поддерживается в компаниях, где более 10+ машин)

Идеи и предложения можно писать в комментах (я же это дело в Windows средах поддерживал через Wsus), а Вы?)

https://helpx.adobe.com/security.html/security/security-bulletin.ug.html

Win32k Elevation of Privilege Vulnerability

CVE-2021-40449

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40449

up

https://securelist.com/mysterysnail-attacks-with-windows-zero-day/104509/

https://bazaar.abuse.ch/browse/tag/CVE-2021-40449/

Android Mobile OS Snooping By Samsung,
Xiaomi, Huawei and Realme Handsets

Report about of how mobile device vendors spying to us*

P S. Some "spying" traffic from Android (like as Xiaomi, Facebook (if possible), built-in Android tracking) preventing by free Sys-Admin BLD service (lab.sys-adm.in)

Report from Virus Total about pf ransomware activity

Automating the deployment of Sysmon for Linux 🐧 and Azure Sentinel in a lab environment 🧪 - Microsoft Tech Community

https://techcommunity.microsoft.com/t5/azure-sentinel/automating-the-deployment-of-sysmon-for-linux-and-azure-sentinel/ba-p/2847054

In a bunch:

SysinternalsEBPF
https://github.com/Sysinternals/SysinternalsEBPF

Sysmon for Linux on GitHub:
https://github.com/Sysinternals/SysmonForLinux

Bunch of Juniper vulnerabilities (50+)

https://kb.juniper.net/InfoCenter/index?page=content&channel=SECURITY_ADVISORIES&cat=SIRT_1&actp=&sort=datemodified&dir=descending&max=1000&batch=15&rss=true&itData.offset=0

The ad blocker that injects ads

Browser add-on's can be dangerous:

https://www.imperva.com/blog/the-ad-blocker-that-injects-ads/

Ключи от Королевства или The keys to the kingdom - securing your devices and accounts

Когда то были рекоммендации создавать сложные пароли и пассфразы:

https://support.microsoft.com/en-us/office/the-keys-to-the-kingdom-securing-your-devices-and-accounts-a925f8ad-af7e-40d8-9ce4-60ea1cac2ba4

Рекоммендации по паролям:

https://docs.microsoft.com/en-us/microsoft-365/admin/misc/password-policy-recommendations?view=o365-worldwide

Теперь же прогнозируется беспарольное будущее:

https://www.microsoft.com/security/blog/2021/09/15/the-passwordless-future-is-here-for-your-microsoft-account/

Как бы там ни было - Берегите ключи от своего Королевства, будучи внимательным и предупрежденным 🙂

BlackMatter Ransomware (Alert from CISA)

https://us-cert.cisa.gov/ncas/alerts/aa21-291a

Microsoft Security Advisory CVE-2020-0951: Windows Defender Application Control Security Feature Bypass Vulnerability · Issue #27 · PowerShell/Announcements
https://github.com/PowerShell/Announcements/issues/27

Protecting Prometheus: Insecure configuration exposes secrets

https://jfrog.com/blog/dont-let-prometheus-steal-your-fire/

Когда Прометей отдает метрики всем :)*

Cito (со слов разработчика) может транслировать исходный код в C, C++, C#, Java, JavaScript, Python, Swift, TypeScript, OpenCL C...

https://news.1rj.ru/str/sysadm_in_up/860

P.S. непонятно так ли это на самом деле... нужно смотреть*

Full Disclosure: Defense in depth -- the Microsoft way (part 78): completely outdated, vulnerable open source component(s) shipped with Windows 10&11
https://seclists.org/fulldisclosure/2021/Oct/17

P.S. thx for the link dear subscriber ✌️

Docker and Fedora 35 - Fedora Magazine
https://fedoramagazine.org/docker-and-fedora-35/

Oracle Critical Patch Update Advisory - October 2021

https://www.oracle.com/security-alerts/cpuoct2021.html

Top ten GitLab hacks for all stages of the DevOps Platform

https://about.gitlab.com/blog/2021/10/19/top-10-gitlab-hacks/

The Uptycs Threat Research Team spotted a campaign in which the TeamTNT threat actors deployed a malicious container image on Docker

https://securityaffairs.co/wordpress/123535/cyber-crime/teamtnt-docker-attack.html

CVE-2021-42299: TPM Carte Blanche

https://github.com/google/security-research/blob/master/pocs/bios/tpm-carte-blanche/writeup.md