note: На хостинге где хостится doh.sys-adm.in произошел сбой, кто использует doh пожалуйста переключайтесь на bld.sys-adm.in эти сервера работают штатно.
PS. как подключаться (параметры для браузеров и тп) кратко описаны на lab.sys-adm.in
PS. как подключаться (параметры для браузеров и тп) кратко описаны на lab.sys-adm.in
BrakTooth Proof of Concept
https://github.com/Matheus-Garbelini/braktooth_esp32_bluetooth_classic_attacks
What is BrakTooth
https://news.1rj.ru/str/sysadm_in_channel/3346
https://github.com/Matheus-Garbelini/braktooth_esp32_bluetooth_classic_attacks
What is BrakTooth
https://news.1rj.ru/str/sysadm_in_channel/3346
GitHub
GitHub - Matheus-Garbelini/braktooth_esp32_bluetooth_classic_attacks: A Series of Baseband & LMP Exploits against Bluetooth Classic…
A Series of Baseband & LMP Exploits against Bluetooth Classic Controllers - Matheus-Garbelini/braktooth_esp32_bluetooth_classic_attacks
Hardcoded SSH Key in Cisco Policy Suite Lets Remote Hackers Gain Root Access
https://thehackernews.com/2021/11/hardcoded-ssh-key-in-cisco-policy-suite.html
P.S. thx for the link dear subscriber ✌️
https://thehackernews.com/2021/11/hardcoded-ssh-key-in-cisco-policy-suite.html
P.S. thx for the link dear subscriber ✌️
Microsoft Exchange vulnerabilities exploited once again for ransomware, this time with Babuk
https://blog.talosintelligence.com/2021/11/babuk-exploits-exchange.html
https://blog.talosintelligence.com/2021/11/babuk-exploits-exchange.html
Cisco Talos Blog
Microsoft Exchange vulnerabilities exploited once again for ransomware, this time with Babuk
By Chetan Raghuprasad and Vanja Svajcer, with contributions from Caitlin Huey.
* Cisco Talos recently discovered a malicious campaign deploying variants of the Babuk ransomware predominantly affecting users in the U.S. with smaller number of infections…
* Cisco Talos recently discovered a malicious campaign deploying variants of the Babuk ransomware predominantly affecting users in the U.S. with smaller number of infections…
Action needed by self-managed customers in response to CVE-2021-22205 | GitLab
https://about.gitlab.com/blog/2021/11/04/action-needed-in-response-to-cve2021-22205/
https://about.gitlab.com/blog/2021/11/04/action-needed-in-response-to-cve2021-22205/
Gitlab
Action needed by self-managed customers in response to CVE-2021-22205
Self-managed users using outdated versions should update immediately.
Cisco Catalyst PON Series Switches Optical Network Terminal Vulnerabilities
Multiple vulnerabilities in the web-based management interface of the Cisco Catalyst Passive Optical Network (PON) Series Switches Optical Network Terminal (ONT) could allow an unauthenticated, remote attacker to perform the following actions:
- Log in with a default credential if the Telnet protocol is enabled
- Perform command injection
- Modify the configuration
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-catpon-multivulns-CE3DSYGr
Multiple vulnerabilities in the web-based management interface of the Cisco Catalyst Passive Optical Network (PON) Series Switches Optical Network Terminal (ONT) could allow an unauthenticated, remote attacker to perform the following actions:
- Log in with a default credential if the Telnet protocol is enabled
- Perform command injection
- Modify the configuration
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-catpon-multivulns-CE3DSYGr
Cisco
Cisco Security Advisory: Cisco Catalyst PON Series Switches Optical Network Terminal Vulnerabilities
Multiple vulnerabilities in the web-based management interface of the Cisco Catalyst Passive Optical Network (PON) Series Switches Optical Network Terminal (ONT) could allow an unauthenticated, remote attacker to perform the following actions:
Log in with…
Log in with…
Why You Should Delete Google Chrome On Your Phone
https://www.forbes.com/sites/zakdoffman/2021/11/06/stop-using-google-chrome-on-android-samsung-apple-iphone-and-windows-10-devices/?sh=256118567bf8
https://www.forbes.com/sites/zakdoffman/2021/11/06/stop-using-google-chrome-on-android-samsung-apple-iphone-and-windows-10-devices/?sh=256118567bf8
Forbes
Latest Google Chrome Privacy Warning Gives You Another Reason To Switch
Users given another reason to quit Chrome as more hidden data harvesting is exposed...
New Magecart group uses an e-Skimmer that avoids VMs and sandboxesSecurity Affairs
https://securityaffairs.co/wordpress/124287/hacking/magecart-e-skimmer-avoids-vms.html
https://securityaffairs.co/wordpress/124287/hacking/magecart-e-skimmer-avoids-vms.html
Security Affairs
New Magecart group uses an e-Skimmer that avoids VMs and sandboxes
A new Magecart group leverages a browser noscript to evade virtualized environments and sandboxes used by researchers.
Как российские компании защищаются от целевых атак
Каких угроз опасаются, какие решения используют и тп, полезно для общего понимания общей картины. Отчет от PT:
https://www.ptsecurity.com/ru-ru/research/analytics/kak-rossijskie-kompanii-zashchishchayutsya-ot-celevyh-atak/
Каких угроз опасаются, какие решения используют и тп, полезно для общего понимания общей картины. Отчет от PT:
https://www.ptsecurity.com/ru-ru/research/analytics/kak-rossijskie-kompanii-zashchishchayutsya-ot-celevyh-atak/
ptsecurity.com
Аналитические статьи
По данным исследования Positive Technologies, треть специалистов по ИБ сообщили, что их компании когда-либо подвергались целевой атаке, в большинстве случаев — с серьезными последствиями. В каждом пятом случае организации защищаются с помощью систем класса…
General Availability of PowerShell 7.2 - PowerShell Team
https://devblogs.microsoft.com/powershell/general-availability-of-powershell-7-2/
https://devblogs.microsoft.com/powershell/general-availability-of-powershell-7-2/
Microsoft News
General Availability of PowerShell 7.2
Announcing general availability of PowerShell 7.2
Microsoft Exchange Server Remote Code Execution Vulnerability
Again:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-42321
2013, 2016, 2019
https://techcommunity.microsoft.com/t5/exchange-team-blog/released-november-2021-exchange-server-security-updates/ba-p/2933169
Again:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-42321
2013, 2016, 2019
https://techcommunity.microsoft.com/t5/exchange-team-blog/released-november-2021-exchange-server-security-updates/ba-p/2933169
TECHCOMMUNITY.MICROSOFT.COM
Released: November 2021 Exchange Server Security Updates | Microsoft Community Hub
We are releasing a set of security updates for Exchange Server 2013, 2016 and 2019.
[Announce] Samba 4.15.2, 4.14.10, 4.13.14 Security Releases are available for Download
https://lists.samba.org/archive/samba-announce/2021/000583.html
https://lists.samba.org/archive/samba-announce/2021/000583.html
Mix of news
TA505 exploits SolarWinds Serv-U vulnerability (CVE-2021-35211) for initial access
https://research.nccgroup.com/2021/11/08/ta505-exploits-solarwinds-serv-u-vulnerability-cve-2021-35211-for-initial-access/
PhoneSpy: The App-Based Cyberattack Snooping South Korean Citizens
https://blog.zimperium.com/phonespy-the-app-based-cyberattack-snooping-south-korean-citizens/
Critical Security Vulnerability Fixed In WordPress Reset PRO plugin
https://patchstack.com/wp-reset-pro-critical-vulnerability-fixed/
Citrix Application Delivery Controller, Citrix Gateway, and Citrix SD-WAN WANOP Edition appliance Security Update
https://support.citrix.com/article/CTX330728
TA505 exploits SolarWinds Serv-U vulnerability (CVE-2021-35211) for initial access
https://research.nccgroup.com/2021/11/08/ta505-exploits-solarwinds-serv-u-vulnerability-cve-2021-35211-for-initial-access/
PhoneSpy: The App-Based Cyberattack Snooping South Korean Citizens
https://blog.zimperium.com/phonespy-the-app-based-cyberattack-snooping-south-korean-citizens/
Critical Security Vulnerability Fixed In WordPress Reset PRO plugin
https://patchstack.com/wp-reset-pro-critical-vulnerability-fixed/
Citrix Application Delivery Controller, Citrix Gateway, and Citrix SD-WAN WANOP Edition appliance Security Update
https://support.citrix.com/article/CTX330728
Nccgroup
Cyber Security Research
Cutting-edge cyber security research from NCC Group. Find public reports, technical advisories, analyses, & other novel insights from our global experts.
Forwarded from Sys-Admin Up (Yevgeniy Goncharov)
Обход блокировки экрана от Apple и проведение безконтактных платежей
Исследование на эту тему:
https://practical_emv.gitlab.io/
Исследование на эту тему:
https://practical_emv.gitlab.io/
New Critical Vulnerabilities Found on Nucleus TCP/IP Stack
https://www.forescout.com/blog/new-critical-vulnerabilities-found-on-nucleus-tcp-ip-stack/
https://www.forescout.com/blog/new-critical-vulnerabilities-found-on-nucleus-tcp-ip-stack/
Forescout
New Critical Vulnerabilities Found on Nucleus TCP/IP Stack - Forescout
Forescout Research Labs, with support from Medigate Labs, have discovered a set of 13 new vulnerabilities affecting the Nucleus TCP/IP stack, which we are collectively calling NUCLEUS:13. The new vulnerabilities allow for remote code execution, denial of…
PhoneSpy: The App-Based Cyberattack Snooping South Korean Citizens
https://blog.zimperium.com/phonespy-the-app-based-cyberattack-snooping-south-korean-citizens/
Zero-Day Disclosure: Palo Alto Networks GlobalProtect VPN CVE-2021-3064
https://www.randori.com/blog/cve-2021-3064/
https://blog.zimperium.com/phonespy-the-app-based-cyberattack-snooping-south-korean-citizens/
Zero-Day Disclosure: Palo Alto Networks GlobalProtect VPN CVE-2021-3064
https://www.randori.com/blog/cve-2021-3064/
Zimperium
PhoneSpy: The App-Based Cyberattack Snooping South Korean Citizens - Zimperium
true
Researcher Details Vulnerabilities Found in AWS API Gateway
https://www.darkreading.com/vulnerabilities-threats/researcher-details-vulnerabilities-found-in-aws-api-gateway
https://www.darkreading.com/vulnerabilities-threats/researcher-details-vulnerabilities-found-in-aws-api-gateway
Darkreading
Researcher Details Vulnerabilities Found in AWS API Gateway
AWS fixed the security flaws that left the API service at risk of so-called HTTP header-smuggling attacks, says the researcher who discovered them.
Analyzing a watering hole campaign using macOS exploits
https://blog.google/threat-analysis-group/analyzing-watering-hole-campaign-using-macos-exploits/
https://blog.google/threat-analysis-group/analyzing-watering-hole-campaign-using-macos-exploits/
Google
Analyzing a watering hole campaign using macOS exploits
To protect our users, TAG routinely hunts for 0-day vulnerabilities exploited in-the-wild. In late August 2021, TAG discovered watering hole attacks targeting visitors t…
Windows User Profile Service 0day LPE
https://halove23.blogspot.com/2021/10/windows-user-profile-service-0day.html
https://halove23.blogspot.com/2021/10/windows-user-profile-service-0day.html
Sys-Admin InfoSec
В этом году состоится KolesaConf, где я скорее всего приму участие, по крайней мере тема доклада уже имеется: • Делаем свой Blender c блекджеком и шлюзами На самом деле тем будет много и темы по нашей части довольно интересные, мало того спикеры вполне…
Настал день и час Колес, думаю много интересных тем можно будет узнать и послушать. Трансляция:
youtu_be/ShbLEcSd7gA
up
В общем организаторы на время выпилили видео из паблика (к моей печали и моему неведению)
У кого есть видео, буду признателен
UP
Видос моего доклада:
https://youtu.be/d5vwr36yHoU
youtu_be/ShbLEcSd7gA
up
В общем организаторы на время выпилили видео из паблика (к моей печали и моему неведению)
У кого есть видео, буду признателен
UP
Видос моего доклада:
https://youtu.be/d5vwr36yHoU
YouTube
Blocky Listened Daemon (BLD) - AD-BLENDER
Проект представляет из себя открытый, бесплатный, превентивный сервис по - блокировке рекламы, а также вредоносных, фишинговых доменов, трекинговых и телеметрических сервисов. Не требует установки. Легко настраивается на домашних/рабочих роутерах, мобильных…
AT&T Alien Labs finds new Golang malware (BotenaGo) targeting millions of routers and IoT devices with more than 30 exploits
https://cybersecurity.att.com/blogs/labs-research/att-alien-labs-finds-new-golang-malwarebotenago-targeting-millions-of-routers-and-iot-devices-with-more-than-30-exploits
https://cybersecurity.att.com/blogs/labs-research/att-alien-labs-finds-new-golang-malwarebotenago-targeting-millions-of-routers-and-iot-devices-with-more-than-30-exploits