Researcher Details Vulnerabilities Found in AWS API Gateway
https://www.darkreading.com/vulnerabilities-threats/researcher-details-vulnerabilities-found-in-aws-api-gateway

Analyzing a watering hole campaign using macOS exploits
https://blog.google/threat-analysis-group/analyzing-watering-hole-campaign-using-macos-exploits/

Windows User Profile Service 0day LPE

https://halove23.blogspot.com/2021/10/windows-user-profile-service-0day.html

Настал день и час Колес, думаю много интересных тем можно будет узнать и послушать. Трансляция:

youtu_be/ShbLEcSd7gA

up

В общем организаторы на время выпилили видео из паблика (к моей печали и моему неведению)

У кого есть видео, буду признателен

UP

Видос моего доклада:
https://youtu.be/d5vwr36yHoU

AT&T Alien Labs finds new Golang malware (BotenaGo) targeting millions of routers and IoT devices with more than 30 exploits


https://cybersecurity.att.com/blogs/labs-research/att-alien-labs-finds-new-golang-malwarebotenago-targeting-millions-of-routers-and-iot-devices-with-more-than-30-exploits

 
Алматы, 11 декабря, сбор на тему реверса/малвари/фаззинга/эсплоитов

И + любая бинарщина - будет на очередном, открытом митапе r0crewKZ, с бесплатным пивом (в разумных пределах) и конечно же докладами)

Глубокое погружение в темы:
• Мошенничество OLX: Итоги расследования (morty)
• Attacking Software Developers. Часть 1 (thatskriptkid)
• Почему вы этого не делаете? (novitoll)
• Attacking Software Developers. Часть 2 (thatskriptkid)
• Эксплоитить Линукс ядро стало сложнее, но нас не остановить (novitoll)
• ...тема уточняется...

• 11 декабря 2021г. в 18:00. Место: Lenore Pub, проспект Абая, 124, https://go.2gis.com/jozza

Открытая встреча среди профессионалов и не только, отличная площадка для общения и потребления новых знаний ИМХО

P.S. Онлайн вещание пока под вопросом
 

HTML smuggling surges: Highly evasive loader technique increasingly used in banking malware, targeted attacks

https://www.microsoft.com/security/blog/2021/11/11/html-smuggling-surges-highly-evasive-loader-technique-increasingly-used-in-banking-malware-targeted-attacks/

Groups Target Alibaba ECS Instances for Cryptojacking
https://www.trendmicro.com/en_us/research/21/k/groups-target-alibaba-ecs-instances-for-cryptojacking.html

...
We demonstrate that it is possible to trigger Rowhammer bit flips on all DRAM devices today despite deployed mitigations on commodity off-the-shelf systems with little effort.
...

https://comsec.ethz.ch/research/dram/blacksmith/

Website Fingerprinting:
Evaluating Website Fingerprinting Attacks on Tor in the Real World

Цифровой отпечаток в Тор.. Исследование.

Fake Ransomware Infection Spooks Website Owners
https://blog.sucuri.net/2021/11/fake-ransomware-infection-spooks-website-owners.html

AI-driven adaptive protection against human-operated ransomware - Microsoft Security Blog
https://www.microsoft.com/security/blog/2021/11/15/ai-driven-adaptive-protection-against-human-operated-ransomware/

How to migrate Active Directory from Windows Server 2008 R2 to Windows Server 2022
https://techcommunity.microsoft.com/t5/itops-talk-blog/step-by-step-guide-active-directory-migration-from-windows/ba-p/2888117

Netgear SOHO Devices contain a vulnerability that allows an attacker within the device’s Local Area Network (LAN) to obtain Remote Code Execution (RCE) as root on the device

PoC

https://github.com/grimm-co/NotQuite0DayFriday/tree/trunk/2021.11.16-netgear-upnp

Two technical analysis (pdf) - DNS poisoning and MiTM detecting

Catching Transparent Phish:
Analyzing and Detecting MITM Phishing Toolkits:

https://news.1rj.ru/str/sysadm_in_up/898

DNS Cache Poisoning Attack: Resurrections with Side Channels

https://news.1rj.ru/str/sysadm_in_up/899

Windows 11 known issues and notifications | Microsoft Docs
https://docs.microsoft.com/en-us/windows/release-health/status-windows-11-21h2

CVE-2021-42306 CredManifest: App Registration Certificates Stored in Azure Active Directory

https://www.netspi.com/blog/technical/cloud-penetration-testing/azure-cloud-vulnerability-credmanifest/

Guidance for Azure Active Directory (AD) keyCredential property Information Disclosure in Application and Service Principal APIs

https://msrc-blog.microsoft.com/2021/11/17/guidance-for-azure-active-directory-ad-keycredential-property-information-disclosure-in-application-and-service-principal-apis/

Thousands of Firefox users accidentally commit login cookies on GitHub

https://www.theregister.com/2021/11/18/firefox_cookies_github/

Bunch of News

New ransomware actor uses password-protected archives to bypass encryption protection

https://news.sophos.com/en-us/2021/11/18/new-ransomware-actor-uses-password-protected-archives-to-bypass-encryption-protection/

Python Malware Imitates Signed PyPI Traffic in Novel Exfiltration Technique

https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/

An APT Group Exploiting a 0-day in FatPipe WARP, MPVPN, and IPVPN Software (FBI Warning)

https://www.ic3.gov/Media/News/2021/211117-2.pdf

The US Defense Department on Friday asked Amazon Web Services, Microsoft, Google and Oracle to submit bids for a new, multi-billion-dollar cloud contract

https://www.zdnet.com/article/pentagon-asks-aws-microsoft-google-and-oracle-to-bid-for-new-cloud-contract/

Squirrelwaffle Exploits ProxyShell and ProxyLogon to Hijack Email Chains
https://www.trendmicro.com/en_us/research/21/k/Squirrelwaffle-Exploits-ProxyShell-and-ProxyLogon-to-Hijack-Email-Chains.html