AT&T Alien Labs finds new Golang malware (BotenaGo) targeting millions of routers and IoT devices with more than 30 exploits


https://cybersecurity.att.com/blogs/labs-research/att-alien-labs-finds-new-golang-malwarebotenago-targeting-millions-of-routers-and-iot-devices-with-more-than-30-exploits

 
Алматы, 11 декабря, сбор на тему реверса/малвари/фаззинга/эсплоитов

И + любая бинарщина - будет на очередном, открытом митапе r0crewKZ, с бесплатным пивом (в разумных пределах) и конечно же докладами)

Глубокое погружение в темы:
• Мошенничество OLX: Итоги расследования (morty)
• Attacking Software Developers. Часть 1 (thatskriptkid)
• Почему вы этого не делаете? (novitoll)
• Attacking Software Developers. Часть 2 (thatskriptkid)
• Эксплоитить Линукс ядро стало сложнее, но нас не остановить (novitoll)
• ...тема уточняется...

• 11 декабря 2021г. в 18:00. Место: Lenore Pub, проспект Абая, 124, https://go.2gis.com/jozza

Открытая встреча среди профессионалов и не только, отличная площадка для общения и потребления новых знаний ИМХО

P.S. Онлайн вещание пока под вопросом
 

HTML smuggling surges: Highly evasive loader technique increasingly used in banking malware, targeted attacks

https://www.microsoft.com/security/blog/2021/11/11/html-smuggling-surges-highly-evasive-loader-technique-increasingly-used-in-banking-malware-targeted-attacks/

Groups Target Alibaba ECS Instances for Cryptojacking
https://www.trendmicro.com/en_us/research/21/k/groups-target-alibaba-ecs-instances-for-cryptojacking.html

...
We demonstrate that it is possible to trigger Rowhammer bit flips on all DRAM devices today despite deployed mitigations on commodity off-the-shelf systems with little effort.
...

https://comsec.ethz.ch/research/dram/blacksmith/

Website Fingerprinting:
Evaluating Website Fingerprinting Attacks on Tor in the Real World

Цифровой отпечаток в Тор.. Исследование.

Fake Ransomware Infection Spooks Website Owners
https://blog.sucuri.net/2021/11/fake-ransomware-infection-spooks-website-owners.html

AI-driven adaptive protection against human-operated ransomware - Microsoft Security Blog
https://www.microsoft.com/security/blog/2021/11/15/ai-driven-adaptive-protection-against-human-operated-ransomware/

How to migrate Active Directory from Windows Server 2008 R2 to Windows Server 2022
https://techcommunity.microsoft.com/t5/itops-talk-blog/step-by-step-guide-active-directory-migration-from-windows/ba-p/2888117

Netgear SOHO Devices contain a vulnerability that allows an attacker within the device’s Local Area Network (LAN) to obtain Remote Code Execution (RCE) as root on the device

PoC

https://github.com/grimm-co/NotQuite0DayFriday/tree/trunk/2021.11.16-netgear-upnp

Two technical analysis (pdf) - DNS poisoning and MiTM detecting

Catching Transparent Phish:
Analyzing and Detecting MITM Phishing Toolkits:

https://news.1rj.ru/str/sysadm_in_up/898

DNS Cache Poisoning Attack: Resurrections with Side Channels

https://news.1rj.ru/str/sysadm_in_up/899

Windows 11 known issues and notifications | Microsoft Docs
https://docs.microsoft.com/en-us/windows/release-health/status-windows-11-21h2

CVE-2021-42306 CredManifest: App Registration Certificates Stored in Azure Active Directory

https://www.netspi.com/blog/technical/cloud-penetration-testing/azure-cloud-vulnerability-credmanifest/

Guidance for Azure Active Directory (AD) keyCredential property Information Disclosure in Application and Service Principal APIs

https://msrc-blog.microsoft.com/2021/11/17/guidance-for-azure-active-directory-ad-keycredential-property-information-disclosure-in-application-and-service-principal-apis/

Thousands of Firefox users accidentally commit login cookies on GitHub

https://www.theregister.com/2021/11/18/firefox_cookies_github/

Bunch of News

New ransomware actor uses password-protected archives to bypass encryption protection

https://news.sophos.com/en-us/2021/11/18/new-ransomware-actor-uses-password-protected-archives-to-bypass-encryption-protection/

Python Malware Imitates Signed PyPI Traffic in Novel Exfiltration Technique

https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/

An APT Group Exploiting a 0-day in FatPipe WARP, MPVPN, and IPVPN Software (FBI Warning)

https://www.ic3.gov/Media/News/2021/211117-2.pdf

The US Defense Department on Friday asked Amazon Web Services, Microsoft, Google and Oracle to submit bids for a new, multi-billion-dollar cloud contract

https://www.zdnet.com/article/pentagon-asks-aws-microsoft-google-and-oracle-to-bid-for-new-cloud-contract/

Squirrelwaffle Exploits ProxyShell and ProxyLogon to Hijack Email Chains
https://www.trendmicro.com/en_us/research/21/k/Squirrelwaffle-Exploits-ProxyShell-and-ProxyLogon-to-Hijack-Email-Chains.html

Bunch of News

Vulnerability Spotlight: Vulnerabilities in Lantronix PremierWave 2050 could lead to code execution, file deletion

https://blog.talosintelligence.com/2021/11/lantronix-premier-wave-vuln-spotlight.html

Windows Security Updates for Hackers

https://bitsadm.in/blog/windows-security-updates-for-hackers

Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Denial of Service Vulnerabilities

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asafdt-webvpn-dos-KSqJAKPA

[Conti] Ransomware Group In-Depth Analysis

https://www.prodaft.com/resource/detail/conti-ransomware-group-depth-analysis/

GoDaddy Announces Security Incident Affecting Managed WordPress Service

https://www.sec.gov/Archives/edgar/data/1609711/000160971121000122/gddyblogpostnov222021.htm

NGINX Unit is a polyglot app server, a reverse proxy, and a static file server, available for Unix-like systems. It was built by nginx team members from scratch to be highly efficient and fully configurable at runtime.

The latest version is 1.26.0, released on November 18, 2021.

http://unit.nginx.org/

APT Actors Exploiting Newly Identified Vulnerability in ManageEngine ADSelfService Plus

https://us-cert.cisa.gov/ncas/alerts/aa21-259a

Microsoft Exchange Health Checker noscript

https://microsoft.github.io/CSS-Exchange/Diagnostics/HealthChecker/

PoC of CVE-2021-42321: pop mspaint.exe..:

https://news.1rj.ru/str/sysadm_in_up/906

Claroty’s researchers discovered a new attack concept to target VPNs (OpenVPN)

https://claroty.com/2021/11/19/blog-research-all-roads-lead-to-openvpn-pwning-industrial-remote-access-clients/

Windows Installer Elevation of Privilege Vulnerability

MS Info - https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-41379
PoC - https://github.com/klinix5/InstallerFileTakeOver

Your Fingerprint Can Be Hacked For $5. Here’s How

https://blog.kraken.com/post/11905/your-fingerprint-can-be-hacked-for-5-heres-how/