Microsoft наблюдала, как целью атак становятся привилегированные учетные записи поставщиков услуг с целью дальнейшего горизонтального перемещения в облачных средах, используя доверительные отношения для получения доступа к нижестоящим клиентам и обеспечения дальнейших атак или доступа к целевым системам
Описание, методы зашиты:
https://www.microsoft.com/security/blog/2021/10/25/nobelium-targeting-delegated-administrative-privileges-to-facilitate-broader-attacks/
Описание, методы зашиты:
https://www.microsoft.com/security/blog/2021/10/25/nobelium-targeting-delegated-administrative-privileges-to-facilitate-broader-attacks/
Microsoft News
NOBELIUM targeting delegated administrative privileges to facilitate broader attacks
The Microsoft Threat Intelligence Center (MSTIC) has detected nation-state activity associated with the threat actor tracked as NOBELIUM, attempting to gain access to downstream customers of multiple cloud service providers (CSP), managed service providers…
Critical RCE Vulnerability in Discourse
Всем владельцам форумов Discourse посвящается. Срочное обновление крайне рекомендуемо:
https://us-cert.cisa.gov/ncas/current-activity/2021/10/24/critical-rce-vulnerability-discourse
Всем владельцам форумов Discourse посвящается. Срочное обновление крайне рекомендуемо:
https://us-cert.cisa.gov/ncas/current-activity/2021/10/24/critical-rce-vulnerability-discourse
WinRAR’s vulnerable trialware: when free software isn’t free
https://swarm.ptsecurity.com/winrars-vulnerable-trialware-when-free-software-isnt-free/
https://swarm.ptsecurity.com/winrars-vulnerable-trialware-when-free-software-isnt-free/
PT SWARM
WinRAR’s vulnerable trialware: when free software isn’t free
In this article we discuss a vulnerability in the trial version of WinRAR which has significant consequences for the management of third-party software. This vulnerability allows an attacker to intercept and modify requests sent to the user of the application.…
PHP-FPM local root vulnerability
PoC:
https://www.ambionics.io/blog/php-fpm-local-root
P.S. dear subscriber, thx for the link ✌️
PoC:
https://www.ambionics.io/blog/php-fpm-local-root
P.S. dear subscriber, thx for the link ✌️
Ambionics
PHP-FPM local root vulnerability (CVE-2021-21703)
This article reveals a privilege escalation vulnerability affecting PHP-FPM.
UltimaSMS: A widespread premium SMS scam on the Google Play Store
https://blog.avast.com/premium-sms-scam-apps-on-play-store-avast
https://blog.avast.com/premium-sms-scam-apps-on-play-store-avast
Avast
UltimaSMS: A widespread premium SMS scam on the Google Play Store
An array of scam apps, including a fake photo editor, camera filter, and various games, have been promoted via Instagram and TikTok channels.
Правительство США использует "ордера на ключевые слова", чтобы иметь возможность раскрыть личность любого, кто ищет в Google и других поисковых системах определенные поисковые запросы, которые могут быть связаны с преступлениями:
https://www.dailymail.co.uk/news/article-10063665/Government-orders-Google-track-searching-certain-names-addresses-phone-numbers.html
P.S. thx for the link dear subscriber ✌️
https://www.dailymail.co.uk/news/article-10063665/Government-orders-Google-track-searching-certain-names-addresses-phone-numbers.html
P.S. thx for the link dear subscriber ✌️
Mail Online
Accidental leak reveals US government has secretly hit Google with 'keyword warrants' to identify ANYONE searching certain names…
Cybersecurity experts fear that keyword warrants set a precedent for breaching the protection against unreasonable searches. Google, however, has defended their decision to respond to these warrants.
Gummy Browsers Technical.pdf
4.7 MB
Gummy Browsers: Targeted Browser Spoofing against
State-of-the-Art Fingerprinting Techniques
Technical Analysis
State-of-the-Art Fingerprinting Techniques
Technical Analysis
Cracking WiFi at Scale with One Simple Trick
https://www.cyberark.com/resources/threat-research-blog/cracking-wifi-at-scale-with-one-simple-trick
https://www.cyberark.com/resources/threat-research-blog/cracking-wifi-at-scale-with-one-simple-trick
Cyberark
Cracking WiFi at Scale with One Simple Trick
How I Cracked 70% of Tel Aviv’s Wifi Networks (from a Sample of 5,000 Gathered WiFi). In the past seven years that I’ve lived in Tel Aviv, I’ve changed apartments four times. Every time I...
Fresh KB (26 Oct) with fix printing problems
https://support.microsoft.com/en-us/topic/october-26-2021-kb5006738-os-builds-19041-1320-19042-1320-and-19043-1320-preview-ccbce6bf-ae00-4e66-9789-ce8e7ea35541
https://support.microsoft.com/en-us/topic/october-26-2021-kb5006738-os-builds-19041-1320-19042-1320-and-19043-1320-preview-ccbce6bf-ae00-4e66-9789-ce8e7ea35541
Rooting Malware Makes a Comeback: Lookout Discovers Global Campaign
https://blog.lookout.com/lookout-discovers-global-rooting-malware-campaign
https://blog.lookout.com/lookout-discovers-global-rooting-malware-campaign
Lookout
Rooting Malware Makes Comeback: Lookout Discovers Global Campaign | Threat Intel
Security researchers at Lookout have identified a new rooting malware distributed on Google Play, the Amazon Appstore and the Samsung Galaxy Store.
Agent 007: Pre-Auth Takeover of Build Pipelines in GoCD
In this blog post, we detail a vulnerability that lets unauthenticated attackers leak highly sensitive information from a vulnerable GoCD Server instance, including all encrypted secrets stored on the server
https://blog.sonarsource.com/gocd-pre-auth-pipeline-takeover
In this blog post, we detail a vulnerability that lets unauthenticated attackers leak highly sensitive information from a vulnerable GoCD Server instance, including all encrypted secrets stored on the server
https://blog.sonarsource.com/gocd-pre-auth-pipeline-takeover
Sonarsource
Agent 007: Pre-Auth Takeover of Build Pipelines in GoCD
We recently discovered critical security issues in the popular CI/CD solution GoCD that can be exploited by unauthenticated attackers
Avast releases decryptor for AtomSilo and LockFile ransomware
https://decoded.avast.io/threatintel/decryptor-for-atomsilo-and-lockfile-ransomware/
https://decoded.avast.io/threatintel/decryptor-for-atomsilo-and-lockfile-ransomware/
Gendigital
Raspberry Robin’s Roshtyak: A Little Lesson in Trickery
Innovative Evasion Techniques in Roshtyak
New Quishing Campaign Shows How Threat Actors Innovate to Bypass Security
https://abnormalsecurity.com/blog/qr-code-campaign-bypass-security
https://abnormalsecurity.com/blog/qr-code-campaign-bypass-security
Abnormal AI
New Quishing Campaign Shows How Security Can Be Bypassed
A new phishing campaign using QR codes exploits compromised hosts to send emails, and major services to maintain and host their phishing pages.
Microsoft finds new macOS vulnerability, Shrootless, that could bypass System Integrity Protection
https://www.microsoft.com/security/blog/2021/10/28/microsoft-finds-new-macos-vulnerability-shrootless-that-could-bypass-system-integrity-protection/
https://www.microsoft.com/security/blog/2021/10/28/microsoft-finds-new-macos-vulnerability-shrootless-that-could-bypass-system-integrity-protection/
Microsoft News
Microsoft finds new macOS vulnerability, Shrootless, that could bypass System Integrity Protection
Microsoft found a vulnerability (CVE-2021-30892) that could allow an attacker to bypass System Integrity Protection (SIP) in macOS. We shared our findings with Apple via coordinated vulnerability disclosure, and a fix was released October 26.
SECURITY_GUIDANCE_FOR_5G_CLOUD_INFRASTRUCTURES_PART_I_20211028.PDF
420.9 KB
SECURITY GUIDANCE FOR 5G
CLOUD INFRASTRUCTURES
CLOUD INFRASTRUCTURES
Windows User Profile Service 0day LPE
https://halove23.blogspot.com/2021/10/windows-user-profile-service-0day.html?m=1
https://halove23.blogspot.com/2021/10/windows-user-profile-service-0day.html?m=1
Documents reveal Facebook targeted children as young as 6 for consumer base
https://www.nbcnews.com/tech/social-media/facebook-documents-reveal-company-targeted-children-young-6-rcna4021
https://www.nbcnews.com/tech/social-media/facebook-documents-reveal-company-targeted-children-young-6-rcna4021
NBC News
Facebook documents reveal company targeted children as young as 6
Facebook was hiring employees to build out programs for children and young adults from ages 6 to 17, according to a company blog post.
Trojan Source: Invisible Vulnerabilities
paper describing cool new tricks for crafting targeted vulnerabilities that are invisible to human code reviewers
https://www.lightbluetouchpaper.org/2021/11/01/trojan-source-invisible-vulnerabilities/
up
https://trojansource.codes
https://github.com/nickboucher/trojan-source#trojan-source
paper describing cool new tricks for crafting targeted vulnerabilities that are invisible to human code reviewers
https://www.lightbluetouchpaper.org/2021/11/01/trojan-source-invisible-vulnerabilities/
up
https://trojansource.codes
https://github.com/nickboucher/trojan-source#trojan-source
GitLab Unauthenticated Remote Code Execution CVE-2021-22205 Exploited in the Wild
https://www.rapid7.com/blog/post/2021/11/01/gitlab-unauthenticated-remote-code-execution-cve-2021-22205-exploited-in-the-wild/
https://www.rapid7.com/blog/post/2021/11/01/gitlab-unauthenticated-remote-code-execution-cve-2021-22205-exploited-in-the-wild/
Rapid7
GitLab Unauthenticated RCE CVE-2021-22205 Exploited in the Wild | Rapid7 Blog