Action needed by self-managed customers in response to CVE-2021-22205 | GitLab
https://about.gitlab.com/blog/2021/11/04/action-needed-in-response-to-cve2021-22205/

Cisco Catalyst PON Series Switches Optical Network Terminal Vulnerabilities

Multiple vulnerabilities in the web-based management interface of the Cisco Catalyst Passive Optical Network (PON) Series Switches Optical Network Terminal (ONT) could allow an unauthenticated, remote attacker to perform the following actions:

- Log in with a default credential if the Telnet protocol is enabled
- Perform command injection
- Modify the configuration

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-catpon-multivulns-CE3DSYGr

Why You Should Delete Google Chrome On Your Phone

https://www.forbes.com/sites/zakdoffman/2021/11/06/stop-using-google-chrome-on-android-samsung-apple-iphone-and-windows-10-devices/?sh=256118567bf8

New Magecart group uses an e-Skimmer that avoids VMs and sandboxesSecurity Affairs
https://securityaffairs.co/wordpress/124287/hacking/magecart-e-skimmer-avoids-vms.html

Как российские компании защищаются от целевых атак

Каких угроз опасаются, какие решения используют и тп, полезно для общего понимания общей картины. Отчет от PT:

https://www.ptsecurity.com/ru-ru/research/analytics/kak-rossijskie-kompanii-zashchishchayutsya-ot-celevyh-atak/

General Availability of PowerShell 7.2 - PowerShell Team
https://devblogs.microsoft.com/powershell/general-availability-of-powershell-7-2/

Microsoft Exchange Server Remote Code Execution Vulnerability

Again:

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-42321

2013, 2016, 2019

https://techcommunity.microsoft.com/t5/exchange-team-blog/released-november-2021-exchange-server-security-updates/ba-p/2933169

[Announce] Samba 4.15.2, 4.14.10, 4.13.14 Security Releases are available for Download

https://lists.samba.org/archive/samba-announce/2021/000583.html

Mix of news

TA505 exploits SolarWinds Serv-U vulnerability (CVE-2021-35211) for initial access

https://research.nccgroup.com/2021/11/08/ta505-exploits-solarwinds-serv-u-vulnerability-cve-2021-35211-for-initial-access/

PhoneSpy: The App-Based Cyberattack Snooping South Korean Citizens

https://blog.zimperium.com/phonespy-the-app-based-cyberattack-snooping-south-korean-citizens/

Critical Security Vulnerability Fixed In WordPress Reset PRO plugin

https://patchstack.com/wp-reset-pro-critical-vulnerability-fixed/

Citrix Application Delivery Controller, Citrix Gateway, and Citrix SD-WAN WANOP Edition appliance Security Update

https://support.citrix.com/article/CTX330728

Обход блокировки экрана от Apple и проведение безконтактных платежей

Исследование на эту тему:

https://practical_emv.gitlab.io/

PhoneSpy: The App-Based Cyberattack Snooping South Korean Citizens

https://blog.zimperium.com/phonespy-the-app-based-cyberattack-snooping-south-korean-citizens/

Zero-Day Disclosure: Palo Alto Networks GlobalProtect VPN CVE-2021-3064

https://www.randori.com/blog/cve-2021-3064/

Researcher Details Vulnerabilities Found in AWS API Gateway
https://www.darkreading.com/vulnerabilities-threats/researcher-details-vulnerabilities-found-in-aws-api-gateway

Analyzing a watering hole campaign using macOS exploits
https://blog.google/threat-analysis-group/analyzing-watering-hole-campaign-using-macos-exploits/

Windows User Profile Service 0day LPE

https://halove23.blogspot.com/2021/10/windows-user-profile-service-0day.html

Настал день и час Колес, думаю много интересных тем можно будет узнать и послушать. Трансляция:

youtu_be/ShbLEcSd7gA

up

В общем организаторы на время выпилили видео из паблика (к моей печали и моему неведению)

У кого есть видео, буду признателен

UP

Видос моего доклада:
https://youtu.be/d5vwr36yHoU

AT&T Alien Labs finds new Golang malware (BotenaGo) targeting millions of routers and IoT devices with more than 30 exploits


https://cybersecurity.att.com/blogs/labs-research/att-alien-labs-finds-new-golang-malwarebotenago-targeting-millions-of-routers-and-iot-devices-with-more-than-30-exploits

 
Алматы, 11 декабря, сбор на тему реверса/малвари/фаззинга/эсплоитов

И + любая бинарщина - будет на очередном, открытом митапе r0crewKZ, с бесплатным пивом (в разумных пределах) и конечно же докладами)

Глубокое погружение в темы:
• Мошенничество OLX: Итоги расследования (morty)
• Attacking Software Developers. Часть 1 (thatskriptkid)
• Почему вы этого не делаете? (novitoll)
• Attacking Software Developers. Часть 2 (thatskriptkid)
• Эксплоитить Линукс ядро стало сложнее, но нас не остановить (novitoll)
• ...тема уточняется...

• 11 декабря 2021г. в 18:00. Место: Lenore Pub, проспект Абая, 124, https://go.2gis.com/jozza

Открытая встреча среди профессионалов и не только, отличная площадка для общения и потребления новых знаний ИМХО

P.S. Онлайн вещание пока под вопросом
 

HTML smuggling surges: Highly evasive loader technique increasingly used in banking malware, targeted attacks

https://www.microsoft.com/security/blog/2021/11/11/html-smuggling-surges-highly-evasive-loader-technique-increasingly-used-in-banking-malware-targeted-attacks/

Groups Target Alibaba ECS Instances for Cryptojacking
https://www.trendmicro.com/en_us/research/21/k/groups-target-alibaba-ecs-instances-for-cryptojacking.html

...
We demonstrate that it is possible to trigger Rowhammer bit flips on all DRAM devices today despite deployed mitigations on commodity off-the-shelf systems with little effort.
...

https://comsec.ethz.ch/research/dram/blacksmith/