[Announce] Samba 4.15.2, 4.14.10, 4.13.14 Security Releases are available for Download

https://lists.samba.org/archive/samba-announce/2021/000583.html

Mix of news

TA505 exploits SolarWinds Serv-U vulnerability (CVE-2021-35211) for initial access

https://research.nccgroup.com/2021/11/08/ta505-exploits-solarwinds-serv-u-vulnerability-cve-2021-35211-for-initial-access/

PhoneSpy: The App-Based Cyberattack Snooping South Korean Citizens

https://blog.zimperium.com/phonespy-the-app-based-cyberattack-snooping-south-korean-citizens/

Critical Security Vulnerability Fixed In WordPress Reset PRO plugin

https://patchstack.com/wp-reset-pro-critical-vulnerability-fixed/

Citrix Application Delivery Controller, Citrix Gateway, and Citrix SD-WAN WANOP Edition appliance Security Update

https://support.citrix.com/article/CTX330728

Обход блокировки экрана от Apple и проведение безконтактных платежей

Исследование на эту тему:

https://practical_emv.gitlab.io/

PhoneSpy: The App-Based Cyberattack Snooping South Korean Citizens

https://blog.zimperium.com/phonespy-the-app-based-cyberattack-snooping-south-korean-citizens/

Zero-Day Disclosure: Palo Alto Networks GlobalProtect VPN CVE-2021-3064

https://www.randori.com/blog/cve-2021-3064/

Researcher Details Vulnerabilities Found in AWS API Gateway
https://www.darkreading.com/vulnerabilities-threats/researcher-details-vulnerabilities-found-in-aws-api-gateway

Analyzing a watering hole campaign using macOS exploits
https://blog.google/threat-analysis-group/analyzing-watering-hole-campaign-using-macos-exploits/

Windows User Profile Service 0day LPE

https://halove23.blogspot.com/2021/10/windows-user-profile-service-0day.html

Настал день и час Колес, думаю много интересных тем можно будет узнать и послушать. Трансляция:

youtu_be/ShbLEcSd7gA

up

В общем организаторы на время выпилили видео из паблика (к моей печали и моему неведению)

У кого есть видео, буду признателен

UP

Видос моего доклада:
https://youtu.be/d5vwr36yHoU

AT&T Alien Labs finds new Golang malware (BotenaGo) targeting millions of routers and IoT devices with more than 30 exploits


https://cybersecurity.att.com/blogs/labs-research/att-alien-labs-finds-new-golang-malwarebotenago-targeting-millions-of-routers-and-iot-devices-with-more-than-30-exploits

 
Алматы, 11 декабря, сбор на тему реверса/малвари/фаззинга/эсплоитов

И + любая бинарщина - будет на очередном, открытом митапе r0crewKZ, с бесплатным пивом (в разумных пределах) и конечно же докладами)

Глубокое погружение в темы:
• Мошенничество OLX: Итоги расследования (morty)
• Attacking Software Developers. Часть 1 (thatskriptkid)
• Почему вы этого не делаете? (novitoll)
• Attacking Software Developers. Часть 2 (thatskriptkid)
• Эксплоитить Линукс ядро стало сложнее, но нас не остановить (novitoll)
• ...тема уточняется...

• 11 декабря 2021г. в 18:00. Место: Lenore Pub, проспект Абая, 124, https://go.2gis.com/jozza

Открытая встреча среди профессионалов и не только, отличная площадка для общения и потребления новых знаний ИМХО

P.S. Онлайн вещание пока под вопросом
 

HTML smuggling surges: Highly evasive loader technique increasingly used in banking malware, targeted attacks

https://www.microsoft.com/security/blog/2021/11/11/html-smuggling-surges-highly-evasive-loader-technique-increasingly-used-in-banking-malware-targeted-attacks/

Groups Target Alibaba ECS Instances for Cryptojacking
https://www.trendmicro.com/en_us/research/21/k/groups-target-alibaba-ecs-instances-for-cryptojacking.html

...
We demonstrate that it is possible to trigger Rowhammer bit flips on all DRAM devices today despite deployed mitigations on commodity off-the-shelf systems with little effort.
...

https://comsec.ethz.ch/research/dram/blacksmith/

Website Fingerprinting:
Evaluating Website Fingerprinting Attacks on Tor in the Real World

Цифровой отпечаток в Тор.. Исследование.

Fake Ransomware Infection Spooks Website Owners
https://blog.sucuri.net/2021/11/fake-ransomware-infection-spooks-website-owners.html

AI-driven adaptive protection against human-operated ransomware - Microsoft Security Blog
https://www.microsoft.com/security/blog/2021/11/15/ai-driven-adaptive-protection-against-human-operated-ransomware/

How to migrate Active Directory from Windows Server 2008 R2 to Windows Server 2022
https://techcommunity.microsoft.com/t5/itops-talk-blog/step-by-step-guide-active-directory-migration-from-windows/ba-p/2888117

Netgear SOHO Devices contain a vulnerability that allows an attacker within the device’s Local Area Network (LAN) to obtain Remote Code Execution (RCE) as root on the device

PoC

https://github.com/grimm-co/NotQuite0DayFriday/tree/trunk/2021.11.16-netgear-upnp

Two technical analysis (pdf) - DNS poisoning and MiTM detecting

Catching Transparent Phish:
Analyzing and Detecting MITM Phishing Toolkits:

https://news.1rj.ru/str/sysadm_in_up/898

DNS Cache Poisoning Attack: Resurrections with Side Channels

https://news.1rj.ru/str/sysadm_in_up/899

Windows 11 known issues and notifications | Microsoft Docs
https://docs.microsoft.com/en-us/windows/release-health/status-windows-11-21h2