Fake Ransomware Infection Spooks Website Owners
https://blog.sucuri.net/2021/11/fake-ransomware-infection-spooks-website-owners.html
https://blog.sucuri.net/2021/11/fake-ransomware-infection-spooks-website-owners.html
Sucuri Blog
Fake Ransomware Infection Spooks Website Owners
Starting this past Friday we have seen a number of websites showing a fake ransomware infection. Google search results for “FOR RESTORE SEND 0.1 BITCOIN”…
AI-driven adaptive protection against human-operated ransomware - Microsoft Security Blog
https://www.microsoft.com/security/blog/2021/11/15/ai-driven-adaptive-protection-against-human-operated-ransomware/
https://www.microsoft.com/security/blog/2021/11/15/ai-driven-adaptive-protection-against-human-operated-ransomware/
How to migrate Active Directory from Windows Server 2008 R2 to Windows Server 2022
https://techcommunity.microsoft.com/t5/itops-talk-blog/step-by-step-guide-active-directory-migration-from-windows/ba-p/2888117
https://techcommunity.microsoft.com/t5/itops-talk-blog/step-by-step-guide-active-directory-migration-from-windows/ba-p/2888117
TECHCOMMUNITY.MICROSOFT.COM
How to migrate Active Directory from Windows Server 2008 R2 to Windows Server 2022
The step by step guide on how to migrate Active Directory from Windows Server 2008 R2 to Windows Server 2022
Netgear SOHO Devices contain a vulnerability that allows an attacker within the device’s Local Area Network (LAN) to obtain Remote Code Execution (RCE) as root on the device
PoC
https://github.com/grimm-co/NotQuite0DayFriday/tree/trunk/2021.11.16-netgear-upnp
PoC
https://github.com/grimm-co/NotQuite0DayFriday/tree/trunk/2021.11.16-netgear-upnp
GitHub
NotQuite0DayFriday/2021.11.16-netgear-upnp at trunk · grimm-co/NotQuite0DayFriday
This is a repo which documents real bugs in real software to illustrate trends, learn how to prevent or find them more quickly. - grimm-co/NotQuite0DayFriday
Two technical analysis (pdf) - DNS poisoning and MiTM detecting
Catching Transparent Phish:
Analyzing and Detecting MITM Phishing Toolkits:
https://news.1rj.ru/str/sysadm_in_up/898
DNS Cache Poisoning Attack: Resurrections with Side Channels
https://news.1rj.ru/str/sysadm_in_up/899
Catching Transparent Phish:
Analyzing and Detecting MITM Phishing Toolkits:
https://news.1rj.ru/str/sysadm_in_up/898
DNS Cache Poisoning Attack: Resurrections with Side Channels
https://news.1rj.ru/str/sysadm_in_up/899
Telegram
Sys-Admin Up
Catching Transparent Phish:
Analyzing and Detecting MITM Phishing Toolkits
Analyzing and Detecting MITM Phishing Toolkits
Windows 11 known issues and notifications | Microsoft Docs
https://docs.microsoft.com/en-us/windows/release-health/status-windows-11-21h2
https://docs.microsoft.com/en-us/windows/release-health/status-windows-11-21h2
Docs
Windows 11, version 21H2 known issues and notifications
View announcements and review known issues and fixes for Windows 11, version 21H2
CVE-2021-42306 CredManifest: App Registration Certificates Stored in Azure Active Directory
https://www.netspi.com/blog/technical/cloud-penetration-testing/azure-cloud-vulnerability-credmanifest/
Guidance for Azure Active Directory (AD) keyCredential property Information Disclosure in Application and Service Principal APIs
https://msrc-blog.microsoft.com/2021/11/17/guidance-for-azure-active-directory-ad-keycredential-property-information-disclosure-in-application-and-service-principal-apis/
https://www.netspi.com/blog/technical/cloud-penetration-testing/azure-cloud-vulnerability-credmanifest/
Guidance for Azure Active Directory (AD) keyCredential property Information Disclosure in Application and Service Principal APIs
https://msrc-blog.microsoft.com/2021/11/17/guidance-for-azure-active-directory-ad-keycredential-property-information-disclosure-in-application-and-service-principal-apis/
NetSPI
CVE-2021-42306 CredManifest: App Registration Certificates Stored in Azure Active Directory
The vulnerability, found by NetSPI’s cloud pentesting practice director, Karl Fosaaen, affects any organization that uses Automation Account "Run as" accounts in Azure.
DESIGN ISSUES OF MODERN EDR’S: BYPASSING ETW-BASED SOLUTIONS
https://www.binarly.io/posts/Design_issues_of_modern_EDR%E2%80%99s_bypassing_ETW-based_solutions/index.html
https://www.binarly.io/posts/Design_issues_of_modern_EDR%E2%80%99s_bypassing_ETW-based_solutions/index.html
Thousands of Firefox users accidentally commit login cookies on GitHub
https://www.theregister.com/2021/11/18/firefox_cookies_github/
https://www.theregister.com/2021/11/18/firefox_cookies_github/
The Register
Thousands of Firefox users accidentally commit login cookies on GitHub
GitHub: 'Credentials exposed by our users are not in scope'
Bunch of News
New ransomware actor uses password-protected archives to bypass encryption protection
https://news.sophos.com/en-us/2021/11/18/new-ransomware-actor-uses-password-protected-archives-to-bypass-encryption-protection/
Python Malware Imitates Signed PyPI Traffic in Novel Exfiltration Technique
https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/
An APT Group Exploiting a 0-day in FatPipe WARP, MPVPN, and IPVPN Software (FBI Warning)
https://www.ic3.gov/Media/News/2021/211117-2.pdf
The US Defense Department on Friday asked Amazon Web Services, Microsoft, Google and Oracle to submit bids for a new, multi-billion-dollar cloud contract
https://www.zdnet.com/article/pentagon-asks-aws-microsoft-google-and-oracle-to-bid-for-new-cloud-contract/
New ransomware actor uses password-protected archives to bypass encryption protection
https://news.sophos.com/en-us/2021/11/18/new-ransomware-actor-uses-password-protected-archives-to-bypass-encryption-protection/
Python Malware Imitates Signed PyPI Traffic in Novel Exfiltration Technique
https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/
An APT Group Exploiting a 0-day in FatPipe WARP, MPVPN, and IPVPN Software (FBI Warning)
https://www.ic3.gov/Media/News/2021/211117-2.pdf
The US Defense Department on Friday asked Amazon Web Services, Microsoft, Google and Oracle to submit bids for a new, multi-billion-dollar cloud contract
https://www.zdnet.com/article/pentagon-asks-aws-microsoft-google-and-oracle-to-bid-for-new-cloud-contract/
Sophos News
New ransomware actor uses password-protected archives to bypass encryption protection
Calling themselves “Memento team”, actors use Python-based ransomware that they reconfigured after setbacks.
Squirrelwaffle Exploits ProxyShell and ProxyLogon to Hijack Email Chains
https://www.trendmicro.com/en_us/research/21/k/Squirrelwaffle-Exploits-ProxyShell-and-ProxyLogon-to-Hijack-Email-Chains.html
https://www.trendmicro.com/en_us/research/21/k/Squirrelwaffle-Exploits-ProxyShell-and-ProxyLogon-to-Hijack-Email-Chains.html
Trend Micro
Squirrelwaffle Exploits ProxyShell and ProxyLogon to Hijack Email Chains
Squirrelwaffle is known for using the tactic of sending malicious spam as replies to existing email chains. We look into how by investigating its exploit of Microsoft Exchange Server vulnerabilities, ProxyLogon and ProxyShell.
Bunch of News
Vulnerability Spotlight: Vulnerabilities in Lantronix PremierWave 2050 could lead to code execution, file deletion
https://blog.talosintelligence.com/2021/11/lantronix-premier-wave-vuln-spotlight.html
Windows Security Updates for Hackers
https://bitsadm.in/blog/windows-security-updates-for-hackers
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Denial of Service Vulnerabilities
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asafdt-webvpn-dos-KSqJAKPA
[Conti] Ransomware Group In-Depth Analysis
https://www.prodaft.com/resource/detail/conti-ransomware-group-depth-analysis/
GoDaddy Announces Security Incident Affecting Managed WordPress Service
https://www.sec.gov/Archives/edgar/data/1609711/000160971121000122/gddyblogpostnov222021.htm
NGINX Unit is a polyglot app server, a reverse proxy, and a static file server, available for Unix-like systems. It was built by nginx team members from scratch to be highly efficient and fully configurable at runtime.
The latest version is 1.26.0, released on November 18, 2021.
http://unit.nginx.org/
APT Actors Exploiting Newly Identified Vulnerability in ManageEngine ADSelfService Plus
https://us-cert.cisa.gov/ncas/alerts/aa21-259a
Microsoft Exchange Health Checker noscript
https://microsoft.github.io/CSS-Exchange/Diagnostics/HealthChecker/
PoC of CVE-2021-42321: pop mspaint.exe..:
https://news.1rj.ru/str/sysadm_in_up/906
Vulnerability Spotlight: Vulnerabilities in Lantronix PremierWave 2050 could lead to code execution, file deletion
https://blog.talosintelligence.com/2021/11/lantronix-premier-wave-vuln-spotlight.html
Windows Security Updates for Hackers
https://bitsadm.in/blog/windows-security-updates-for-hackers
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Denial of Service Vulnerabilities
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asafdt-webvpn-dos-KSqJAKPA
[Conti] Ransomware Group In-Depth Analysis
https://www.prodaft.com/resource/detail/conti-ransomware-group-depth-analysis/
GoDaddy Announces Security Incident Affecting Managed WordPress Service
https://www.sec.gov/Archives/edgar/data/1609711/000160971121000122/gddyblogpostnov222021.htm
NGINX Unit is a polyglot app server, a reverse proxy, and a static file server, available for Unix-like systems. It was built by nginx team members from scratch to be highly efficient and fully configurable at runtime.
The latest version is 1.26.0, released on November 18, 2021.
http://unit.nginx.org/
APT Actors Exploiting Newly Identified Vulnerability in ManageEngine ADSelfService Plus
https://us-cert.cisa.gov/ncas/alerts/aa21-259a
Microsoft Exchange Health Checker noscript
https://microsoft.github.io/CSS-Exchange/Diagnostics/HealthChecker/
PoC of CVE-2021-42321: pop mspaint.exe..:
https://news.1rj.ru/str/sysadm_in_up/906
Cisco Talos Blog
Vulnerability Spotlight: Vulnerabilities in Lantronix PremierWave 2050 could lead to code execution, file deletion
Matt Wiseman discovered these vulnerabilities.
Cisco Talos recently discovered multiple vulnerabilities in Lantronix’s PremierWave 2050, an embedded Wi-Fi module.
There are several vulnerabilities in PremierWave 2050’s Web Manager, a web-accessible application…
Cisco Talos recently discovered multiple vulnerabilities in Lantronix’s PremierWave 2050, an embedded Wi-Fi module.
There are several vulnerabilities in PremierWave 2050’s Web Manager, a web-accessible application…
Claroty’s researchers discovered a new attack concept to target VPNs (OpenVPN)
https://claroty.com/2021/11/19/blog-research-all-roads-lead-to-openvpn-pwning-industrial-remote-access-clients/
https://claroty.com/2021/11/19/blog-research-all-roads-lead-to-openvpn-pwning-industrial-remote-access-clients/
Claroty
All Roads Lead to OpenVPN: Pwning Industrial Remote Access Clients
Claroty's researchers discovered a new attack concept to target VPNs. Learn more.
Windows Installer Elevation of Privilege Vulnerability
MS Info - https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-41379
PoC - https://github.com/klinix5/InstallerFileTakeOver
MS Info - https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-41379
PoC - https://github.com/klinix5/InstallerFileTakeOver
Your Fingerprint Can Be Hacked For $5. Here’s How
https://blog.kraken.com/post/11905/your-fingerprint-can-be-hacked-for-5-heres-how/
https://blog.kraken.com/post/11905/your-fingerprint-can-be-hacked-for-5-heres-how/
Kraken Blog
Your Fingerprint Can Be Hacked For $5. Here’s How.
Fingerprint authentication is a convenient alternative to passwords and PIN codes. Who wants to spend time typing in a lengthy string of numbers, letters and characters when a simple tap will suffice? Unfortunately, that convenience comes at a cost. Because…
New trojan detected on AppGallery app catalog
At least 9.300.000 Android device owners have installed these dangerous games.
https://news.drweb.com/show/?i=14360&lng=en
At least 9.300.000 Android device owners have installed these dangerous games.
https://news.drweb.com/show/?i=14360&lng=en
Dr.Web
New trojan detected on AppGallery app catalog
Doctor Web malware analysts discovered dozens of games on the AppGallery catalog that have an <a href="https://vms.drweb.com/search/?q=Android.Cynos.7.origin&lng=en"><b>Android.Cynos.7.origin</b></a> trojan built into them. This trojan is designed to collect…
VMware vCenter Server updates address arbitrary file read and SSRF vulnerabilities (CVE-2021-21980, CVE-2021-22049)
https://www.vmware.com/security/advisories/VMSA-2021-0027.html
https://www.vmware.com/security/advisories/VMSA-2021-0027.html
Открытые практикумы DevOps и White hacking by Rebrain (30.11, 2.12)
DevOps by Rebrain: Делаем data plane Kubernetes в AWS дешевле и проще в управлении
• Посмотрим, какие решения можно использовать для запуска подов в Kubernetes в облаке AWS
• Запустим наш кластер полностью на spot-инстансах и развернём приложение в нём
• Добавим в кластер ноды с разными архитектурами: x86 и ARM
• Попробуем serverless-решение Fargate, в котором поды можно запускать без добавления нод в кластер
• 30 Ноября 19.00 МСК. Регистрация
• Михаил Голубев - Sr. Solutions Architect в AWS. Больше 15 лет в IT.
White hacking by Rebrain: OWASP TOP 10 и насколько это применимо в жизни
• Поговорим о динамике owasp top 10 за последние года остановившись на 2021 года
• Подискутируем, что ещё могло бы туда попасть
• Разберём некоторые из уязвимостей на разных стеках
• 2 Декабря 19.00 МСК.Регистрация
• Александр Крылов - Lead DevOps В ПАО СК Росгосстрах. Опыт работы в DevOps более 5 лет.
Microsoft Defender for Endpoint fails to start on Windows Server
https://www.bleepingcomputer.com/news/microsoft/microsoft-defender-for-endpoint-fails-to-start-on-windows-server/
https://www.bleepingcomputer.com/news/microsoft/microsoft-defender-for-endpoint-fails-to-start-on-windows-server/
BleepingComputer
Microsoft Defender for Endpoint fails to start on Windows Server
Microsoft has confirmed a new issue impacting Windows Server devices preventing the Microsoft Defender for Endpoint security solution from launching on some systems.
Joker virus resurfaces on Google Play Store; Hidden in these 14 apps
https://kalingatv.com/technology/beware-joker-virus-back-on-google-play-store-uninstall-these-14-android-apps-immediately/
https://kalingatv.com/technology/beware-joker-virus-back-on-google-play-store-uninstall-these-14-android-apps-immediately/
KalingaTV
Beware! Joker virus back on Google Play Store, Uninstall these 14 Android apps immediately
Beware Android phone users! The very dangerous malware Joker 'virus' has once again surfaced in Google Play Store apps. This Joker virus is a malicious