vt-ransomware-report-2021.pdf
1.2 MB
Report from Virus Total about pf ransomware activity
Automating the deployment of Sysmon for Linux 🐧 and Azure Sentinel in a lab environment 🧪 - Microsoft Tech Community
https://techcommunity.microsoft.com/t5/azure-sentinel/automating-the-deployment-of-sysmon-for-linux-and-azure-sentinel/ba-p/2847054
In a bunch:
SysinternalsEBPF
https://github.com/Sysinternals/SysinternalsEBPF
Sysmon for Linux on GitHub:
https://github.com/Sysinternals/SysmonForLinux
https://techcommunity.microsoft.com/t5/azure-sentinel/automating-the-deployment-of-sysmon-for-linux-and-azure-sentinel/ba-p/2847054
In a bunch:
SysinternalsEBPF
https://github.com/Sysinternals/SysinternalsEBPF
Sysmon for Linux on GitHub:
https://github.com/Sysinternals/SysmonForLinux
TECHCOMMUNITY.MICROSOFT.COM
Automating the deployment of Sysmon for Linux 🐧 and Azure Sentinel in a lab environment 🧪 | Microsoft Community Hub
Today, we celebrate 25 years of Sysinternals, a set of utilities to analyze, troubleshoot and optimize Windows systems and...
The ad blocker that injects ads
Browser add-on's can be dangerous:
https://www.imperva.com/blog/the-ad-blocker-that-injects-ads/
Browser add-on's can be dangerous:
https://www.imperva.com/blog/the-ad-blocker-that-injects-ads/
Blog
The ad blocker that injects ads | Imperva
Deceptive ad injection is a growing concern on the internet today, affecting many people browsing the web. And while the concept isn’t new (Google stated it was the most common complaint amongst Chrome users back in 2015), just like with other online threats…
Ключи от Королевства или The keys to the kingdom - securing your devices and accounts
Когда то были рекоммендации создавать сложные пароли и пассфразы:
https://support.microsoft.com/en-us/office/the-keys-to-the-kingdom-securing-your-devices-and-accounts-a925f8ad-af7e-40d8-9ce4-60ea1cac2ba4
Рекоммендации по паролям:
https://docs.microsoft.com/en-us/microsoft-365/admin/misc/password-policy-recommendations?view=o365-worldwide
Теперь же прогнозируется беспарольное будущее:
https://www.microsoft.com/security/blog/2021/09/15/the-passwordless-future-is-here-for-your-microsoft-account/
Как бы там ни было - Берегите ключи от своего Королевства, будучи внимательным и предупрежденным 🙂
Когда то были рекоммендации создавать сложные пароли и пассфразы:
https://support.microsoft.com/en-us/office/the-keys-to-the-kingdom-securing-your-devices-and-accounts-a925f8ad-af7e-40d8-9ce4-60ea1cac2ba4
Рекоммендации по паролям:
https://docs.microsoft.com/en-us/microsoft-365/admin/misc/password-policy-recommendations?view=o365-worldwide
Теперь же прогнозируется беспарольное будущее:
https://www.microsoft.com/security/blog/2021/09/15/the-passwordless-future-is-here-for-your-microsoft-account/
Как бы там ни было - Берегите ключи от своего Королевства, будучи внимательным и предупрежденным 🙂
Microsoft
The keys to the kingdom - securing your devices and accounts - Microsoft Support
Wondering how you can select better passwords, or use two-step verification to make your accounts more secure? Maybe you're curious about better ways to secure your device? We've got your answers!
Microsoft Security Advisory CVE-2020-0951: Windows Defender Application Control Security Feature Bypass Vulnerability · Issue #27 · PowerShell/Announcements
https://github.com/PowerShell/Announcements/issues/27
https://github.com/PowerShell/Announcements/issues/27
GitHub
Microsoft Security Advisory CVE-2020-0951: Windows Defender Application Control Security Feature Bypass Vulnerability · Issue #27…
Microsoft Security Advisory CVE-2020-0951: Windows Defender Application Control Security Feature Bypass Vulnerability Executive Summary A security feature bypass vulnerability exists in Windows Def...
Protecting Prometheus: Insecure configuration exposes secrets
https://jfrog.com/blog/dont-let-prometheus-steal-your-fire/
Когда Прометей отдает метрики всем :)*
https://jfrog.com/blog/dont-let-prometheus-steal-your-fire/
Когда Прометей отдает метрики всем :)*
JFrog
Don’t let Prometheus Steal your Fire
How to deploy & configure Prometheus securely, including authentication and encryption capabilities. Real-world exposures discovered by the JFrog Security Research team
Cito (со слов разработчика) может транслировать исходный код в C, C++, C#, Java, JavaScript, Python, Swift, TypeScript, OpenCL C...
https://news.1rj.ru/str/sysadm_in_up/860
P.S. непонятно так ли это на самом деле... нужно смотреть*
https://news.1rj.ru/str/sysadm_in_up/860
P.S. непонятно так ли это на самом деле... нужно смотреть*
Telegram
Sys-Admin Up
pfusik/cito: Ć programming language. Translated automatically to C, C++, C#, Java, JavaScript, Python, Swift, TypeScript and OpenCL C.
https://github.com/pfusik/cito
https://github.com/pfusik/cito
Full Disclosure: Defense in depth -- the Microsoft way (part 78): completely outdated, vulnerable open source component(s) shipped with Windows 10&11
https://seclists.org/fulldisclosure/2021/Oct/17
P.S. thx for the link dear subscriber ✌️
https://seclists.org/fulldisclosure/2021/Oct/17
P.S. thx for the link dear subscriber ✌️
seclists.org
Full Disclosure: Defense in depth -- the Microsoft way (part 78): completely
outdated,
vulnerable open source component(s) shipped…
outdated,
vulnerable open source component(s) shipped…
Oracle Critical Patch Update Advisory - October 2021
https://www.oracle.com/security-alerts/cpuoct2021.html
https://www.oracle.com/security-alerts/cpuoct2021.html
Top ten GitLab hacks for all stages of the DevOps Platform
https://about.gitlab.com/blog/2021/10/19/top-10-gitlab-hacks/
https://about.gitlab.com/blog/2021/10/19/top-10-gitlab-hacks/
Gitlab
Top ten GitLab hacks for all stages of the DevOps Platform
Get the most out of the GitLab DevOps Platform with our ten best tips for enhanced productivity.
The Uptycs Threat Research Team spotted a campaign in which the TeamTNT threat actors deployed a malicious container image on Docker
https://securityaffairs.co/wordpress/123535/cyber-crime/teamtnt-docker-attack.html
https://securityaffairs.co/wordpress/123535/cyber-crime/teamtnt-docker-attack.html
Security Affairs
TeamTNT Deploys Malicious Docker Image On Docker Hub
The Uptycs Threat Research Team spotted a campaign in which the TeamTNT threat actors deployed a malicious container image on Docker hub.
CVE-2021-42299: TPM Carte Blanche
https://github.com/google/security-research/blob/master/pocs/bios/tpm-carte-blanche/writeup.md
https://github.com/google/security-research/blob/master/pocs/bios/tpm-carte-blanche/writeup.md
GitHub
security-research/pocs/bios/tpm-carte-blanche/writeup.md at master · google/security-research
This project hosts security advisories and their accompanying proof-of-concepts related to research conducted at Google which impact non-Google owned code. - google/security-research
SmashEx
SmashEx is an attack that exploits re-entrancy vulnerabilities in the exception handling designs of Intel SGX (Software Guard eXtensions) enclave runtimes. It is powerful enough to allow an attacker to read secrets or perform arbitrary code execution inside the victim enclave.
https://jasonyu1996.github.io/SmashEx/
SmashEx is an attack that exploits re-entrancy vulnerabilities in the exception handling designs of Intel SGX (Software Guard eXtensions) enclave runtimes. It is powerful enough to allow an attacker to read secrets or perform arbitrary code execution inside the victim enclave.
https://jasonyu1996.github.io/SmashEx/
SmashEx
SmashEx is an attack that exploits re-entrancy vulnerabilities in the exception handling designs of Intel SGX (Software Guard eXtensions) enclave runtimes. It is powerful enough to allow an attacker to read secrets or perform arbitrary code execution inside…
How a simple Linux kernel memory corruption bug can lead to complete system compromise
https://googleprojectzero.blogspot.com/2021/10/how-simple-linux-kernel-memory.html?m=1
https://googleprojectzero.blogspot.com/2021/10/how-simple-linux-kernel-memory.html?m=1
Blogspot
How a simple Linux kernel memory corruption bug can lead to complete system compromise
An analysis of current and potential kernel security mitigations Posted by Jann Horn, Project Zero Introduction This blog post de...
Gummy Browsers: Targeted Browser Spoofing against State-of-the-Art Fingerprinting Techniques
https://arxiv.org/pdf/2110.10129.pdf
https://arxiv.org/pdf/2110.10129.pdf
A Million People’s Personal Information Leaked by Chinese VPN Application
https://www.wizcase.com/blog/quickfox-breach-report/
https://www.wizcase.com/blog/quickfox-breach-report/
WizCase
A Million People’s Personal Information Leaked by Chinese VPN Application
Recently used a free VPN for China? Our cyber security experts have discovered a huge data breach in a popular free VPN
Newly Found npm Malware Mines Cryptocurrency on Windows, Linux, macOS Devices
https://blog.sonatype.com/newly-found-npm-malware-mines-cryptocurrency-on-windows-linux-macos-devices
https://blog.sonatype.com/newly-found-npm-malware-mines-cryptocurrency-on-windows-linux-macos-devices
Sonatype
Newly found npm malware mines cryptocurrency on Windows, Linux, macOS devices
Sonatype’s automated malware detection system has caught multiple malicious packages on the npm registry this month.
FIN7 привлекает специалистов для внедрения программ-вымогателей
Киберпреступная группировка использует легитимные компании нацеленные на сектор оказания ИБ услуг (как пример услуги пентеста)
Это совершенно новый уровень от которого наверное уже ничего не спасет (если услугами таких компаний воспользоваться):
https://geminiadvisory.io/fin7-ransomware-bastion-secure/
P S. часть доменов уже добавлена в BLD сервис
Киберпреступная группировка использует легитимные компании нацеленные на сектор оказания ИБ услуг (как пример услуги пентеста)
Это совершенно новый уровень от которого наверное уже ничего не спасет (если услугами таких компаний воспользоваться):
https://geminiadvisory.io/fin7-ransomware-bastion-secure/
P S. часть доменов уже добавлена в BLD сервис