Full Disclosure: Defense in depth -- the Microsoft way (part 78): completely outdated, vulnerable open source component(s) shipped with Windows 10&11
https://seclists.org/fulldisclosure/2021/Oct/17
P.S. thx for the link dear subscriber ✌️
https://seclists.org/fulldisclosure/2021/Oct/17
P.S. thx for the link dear subscriber ✌️
seclists.org
Full Disclosure: Defense in depth -- the Microsoft way (part 78): completely
outdated,
vulnerable open source component(s) shipped…
outdated,
vulnerable open source component(s) shipped…
Oracle Critical Patch Update Advisory - October 2021
https://www.oracle.com/security-alerts/cpuoct2021.html
https://www.oracle.com/security-alerts/cpuoct2021.html
Top ten GitLab hacks for all stages of the DevOps Platform
https://about.gitlab.com/blog/2021/10/19/top-10-gitlab-hacks/
https://about.gitlab.com/blog/2021/10/19/top-10-gitlab-hacks/
Gitlab
Top ten GitLab hacks for all stages of the DevOps Platform
Get the most out of the GitLab DevOps Platform with our ten best tips for enhanced productivity.
The Uptycs Threat Research Team spotted a campaign in which the TeamTNT threat actors deployed a malicious container image on Docker
https://securityaffairs.co/wordpress/123535/cyber-crime/teamtnt-docker-attack.html
https://securityaffairs.co/wordpress/123535/cyber-crime/teamtnt-docker-attack.html
Security Affairs
TeamTNT Deploys Malicious Docker Image On Docker Hub
The Uptycs Threat Research Team spotted a campaign in which the TeamTNT threat actors deployed a malicious container image on Docker hub.
CVE-2021-42299: TPM Carte Blanche
https://github.com/google/security-research/blob/master/pocs/bios/tpm-carte-blanche/writeup.md
https://github.com/google/security-research/blob/master/pocs/bios/tpm-carte-blanche/writeup.md
GitHub
security-research/pocs/bios/tpm-carte-blanche/writeup.md at master · google/security-research
This project hosts security advisories and their accompanying proof-of-concepts related to research conducted at Google which impact non-Google owned code. - google/security-research
SmashEx
SmashEx is an attack that exploits re-entrancy vulnerabilities in the exception handling designs of Intel SGX (Software Guard eXtensions) enclave runtimes. It is powerful enough to allow an attacker to read secrets or perform arbitrary code execution inside the victim enclave.
https://jasonyu1996.github.io/SmashEx/
SmashEx is an attack that exploits re-entrancy vulnerabilities in the exception handling designs of Intel SGX (Software Guard eXtensions) enclave runtimes. It is powerful enough to allow an attacker to read secrets or perform arbitrary code execution inside the victim enclave.
https://jasonyu1996.github.io/SmashEx/
SmashEx
SmashEx is an attack that exploits re-entrancy vulnerabilities in the exception handling designs of Intel SGX (Software Guard eXtensions) enclave runtimes. It is powerful enough to allow an attacker to read secrets or perform arbitrary code execution inside…
How a simple Linux kernel memory corruption bug can lead to complete system compromise
https://googleprojectzero.blogspot.com/2021/10/how-simple-linux-kernel-memory.html?m=1
https://googleprojectzero.blogspot.com/2021/10/how-simple-linux-kernel-memory.html?m=1
Blogspot
How a simple Linux kernel memory corruption bug can lead to complete system compromise
An analysis of current and potential kernel security mitigations Posted by Jann Horn, Project Zero Introduction This blog post de...
Gummy Browsers: Targeted Browser Spoofing against State-of-the-Art Fingerprinting Techniques
https://arxiv.org/pdf/2110.10129.pdf
https://arxiv.org/pdf/2110.10129.pdf
A Million People’s Personal Information Leaked by Chinese VPN Application
https://www.wizcase.com/blog/quickfox-breach-report/
https://www.wizcase.com/blog/quickfox-breach-report/
WizCase
A Million People’s Personal Information Leaked by Chinese VPN Application
Recently used a free VPN for China? Our cyber security experts have discovered a huge data breach in a popular free VPN
Newly Found npm Malware Mines Cryptocurrency on Windows, Linux, macOS Devices
https://blog.sonatype.com/newly-found-npm-malware-mines-cryptocurrency-on-windows-linux-macos-devices
https://blog.sonatype.com/newly-found-npm-malware-mines-cryptocurrency-on-windows-linux-macos-devices
Sonatype
Newly found npm malware mines cryptocurrency on Windows, Linux, macOS devices
Sonatype’s automated malware detection system has caught multiple malicious packages on the npm registry this month.
FIN7 привлекает специалистов для внедрения программ-вымогателей
Киберпреступная группировка использует легитимные компании нацеленные на сектор оказания ИБ услуг (как пример услуги пентеста)
Это совершенно новый уровень от которого наверное уже ничего не спасет (если услугами таких компаний воспользоваться):
https://geminiadvisory.io/fin7-ransomware-bastion-secure/
P S. часть доменов уже добавлена в BLD сервис
Киберпреступная группировка использует легитимные компании нацеленные на сектор оказания ИБ услуг (как пример услуги пентеста)
Это совершенно новый уровень от которого наверное уже ничего не спасет (если услугами таких компаний воспользоваться):
https://geminiadvisory.io/fin7-ransomware-bastion-secure/
P S. часть доменов уже добавлена в BLD сервис
Massive campaign uses YouTube to push password-stealing malware
https://blog.google/threat-analysis-group/phishing-campaign-targets-youtube-creators-cookie-theft-malware/
https://www.bleepingcomputer.com/news/security/massive-campaign-uses-youtube-to-push-password-stealing-malware/
https://blog.google/threat-analysis-group/phishing-campaign-targets-youtube-creators-cookie-theft-malware/
https://www.bleepingcomputer.com/news/security/massive-campaign-uses-youtube-to-push-password-stealing-malware/
Google
Phishing campaign targets YouTube creators with cookie theft malware
Google’s Threat Analysis Group tracks actors involved in disinformation campaigns, government backed hacking, and financially motivated abuse. Since late 2019, our team has disrupted financially motivated phishing campaigns targeting YouTubers with Cookie…
Digitally-Signed Rootkits are Back - руткит с цифровой подписью Microsoft. Отчет.
- Исследователи Bitdefender определили руткит с цифровой подписью Microsoft;
- Руткит используется для проксирования трафика на интернет-адреса, которые интересуют злоумышленников.
- Предполагается, что руткит нацелен на онлайн-игры с основной целью кражи учетных данных и угона внутриигровых покупок.
- Руткит уже больше года нацелен на пользователей компьютеров.
- Распространение руткитов ограничено Китаем, и есть предположение, что им управляет злоумышленник, проявляющий значительный интерес к рынку.
https://www.bitdefender.com/files/News/CaseStudies/study/405/Bitdefender-DT-Whitepaper-Fivesys-creat5699-en-EN.pdf
P.S. Очень много зловредных доменов фигурирует в отчете, если представится возможность или кто-то выразит желаниие оказать помощь в этом вопросе - эти домены будут добавлены в BLD.
- Исследователи Bitdefender определили руткит с цифровой подписью Microsoft;
- Руткит используется для проксирования трафика на интернет-адреса, которые интересуют злоумышленников.
- Предполагается, что руткит нацелен на онлайн-игры с основной целью кражи учетных данных и угона внутриигровых покупок.
- Руткит уже больше года нацелен на пользователей компьютеров.
- Распространение руткитов ограничено Китаем, и есть предположение, что им управляет злоумышленник, проявляющий значительный интерес к рынку.
https://www.bitdefender.com/files/News/CaseStudies/study/405/Bitdefender-DT-Whitepaper-Fivesys-creat5699-en-EN.pdf
P.S. Очень много зловредных доменов фигурирует в отчете, если представится возможность или кто-то выразит желаниие оказать помощь в этом вопросе - эти домены будут добавлены в BLD.
ControlFlag: A Self-supervised Idiosyncratic Pattern Detection System for Software Control Structures
https://github.com/IntelLabs/control-flag
https://github.com/IntelLabs/control-flag
GitHub
GitHub - IntelLabs/control-flag: A system to flag anomalous source code expressions by learning typical expressions from training…
A system to flag anomalous source code expressions by learning typical expressions from training data - IntelLabs/control-flag
Franken-phish: TodayZoo built from other phishing kits - Microsoft Security Blog
https://www.microsoft.com/security/blog/2021/10/21/franken-phish-todayzoo-built-from-other-phishing-kits/
P.S. phishing domains will block with Sys-Admin BLD soon
https://www.microsoft.com/security/blog/2021/10/21/franken-phish-todayzoo-built-from-other-phishing-kits/
P.S. phishing domains will block with Sys-Admin BLD soon
Microsoft News
Franken-phish: TodayZoo built from other phishing kits
A phishing kit built using pieces of code copied from other kits, some available for sale through publicly accessible scam sellers or are reused and repackaged by other kit resellers, provides rich insight into the state of the economy that drives phishing…
Microsoft наблюдала, как целью атак становятся привилегированные учетные записи поставщиков услуг с целью дальнейшего горизонтального перемещения в облачных средах, используя доверительные отношения для получения доступа к нижестоящим клиентам и обеспечения дальнейших атак или доступа к целевым системам
Описание, методы зашиты:
https://www.microsoft.com/security/blog/2021/10/25/nobelium-targeting-delegated-administrative-privileges-to-facilitate-broader-attacks/
Описание, методы зашиты:
https://www.microsoft.com/security/blog/2021/10/25/nobelium-targeting-delegated-administrative-privileges-to-facilitate-broader-attacks/
Microsoft News
NOBELIUM targeting delegated administrative privileges to facilitate broader attacks
The Microsoft Threat Intelligence Center (MSTIC) has detected nation-state activity associated with the threat actor tracked as NOBELIUM, attempting to gain access to downstream customers of multiple cloud service providers (CSP), managed service providers…
Critical RCE Vulnerability in Discourse
Всем владельцам форумов Discourse посвящается. Срочное обновление крайне рекомендуемо:
https://us-cert.cisa.gov/ncas/current-activity/2021/10/24/critical-rce-vulnerability-discourse
Всем владельцам форумов Discourse посвящается. Срочное обновление крайне рекомендуемо:
https://us-cert.cisa.gov/ncas/current-activity/2021/10/24/critical-rce-vulnerability-discourse
WinRAR’s vulnerable trialware: when free software isn’t free
https://swarm.ptsecurity.com/winrars-vulnerable-trialware-when-free-software-isnt-free/
https://swarm.ptsecurity.com/winrars-vulnerable-trialware-when-free-software-isnt-free/
PT SWARM
WinRAR’s vulnerable trialware: when free software isn’t free
In this article we discuss a vulnerability in the trial version of WinRAR which has significant consequences for the management of third-party software. This vulnerability allows an attacker to intercept and modify requests sent to the user of the application.…
PHP-FPM local root vulnerability
PoC:
https://www.ambionics.io/blog/php-fpm-local-root
P.S. dear subscriber, thx for the link ✌️
PoC:
https://www.ambionics.io/blog/php-fpm-local-root
P.S. dear subscriber, thx for the link ✌️
Ambionics
PHP-FPM local root vulnerability (CVE-2021-21703)
This article reveals a privilege escalation vulnerability affecting PHP-FPM.
UltimaSMS: A widespread premium SMS scam on the Google Play Store
https://blog.avast.com/premium-sms-scam-apps-on-play-store-avast
https://blog.avast.com/premium-sms-scam-apps-on-play-store-avast
Avast
UltimaSMS: A widespread premium SMS scam on the Google Play Store
An array of scam apps, including a fake photo editor, camera filter, and various games, have been promoted via Instagram and TikTok channels.