VMware vCenter Server updates address arbitrary file read and SSRF vulnerabilities (CVE-2021-21980, CVE-2021-22049)

https://www.vmware.com/security/advisories/VMSA-2021-0027.html

 
Открытые практикумы DevOps и White hacking by Rebrain (30.11, 2.12)

DevOps by Rebrain: Делаем data plane Kubernetes в AWS дешевле и проще в управлении
• Посмотрим, какие решения можно использовать для запуска подов в Kubernetes в облаке AWS
• Запустим наш кластер полностью на spot-инстансах и развернём приложение в нём
• Добавим в кластер ноды с разными архитектурами: x86 и ARM
• Попробуем serverless-решение Fargate, в котором поды можно запускать без добавления нод в кластер

• 30 Ноября 19.00 МСК. Регистрация
• Михаил Голубев - Sr. Solutions Architect в AWS. Больше 15 лет в IT.

White hacking by Rebrain: OWASP TOP 10 и насколько это применимо в жизни
• Поговорим о динамике owasp top 10 за последние года остановившись на 2021 года
• Подискутируем, что ещё могло бы туда попасть
• Разберём некоторые из уязвимостей на разных стеках

• 2 Декабря 19.00 МСК.Регистрация
• Александр Крылов - Lead DevOps В ПАО СК Росгосстрах. Опыт работы в DevOps более 5 лет.
 

Joker virus resurfaces on Google Play Store; Hidden in these 14 apps
https://kalingatv.com/technology/beware-joker-virus-back-on-google-play-store-uninstall-these-14-android-apps-immediately/

Amazon Linux 2022 using under hood Fedora Linux:

https://aws.amazon.com/linux/amazon-linux-2022/

Iranian threat actors exploit MS MSHTML bug to steal Google and Instagram credentialsSecurity Affairs
https://securityaffairs.co/wordpress/124984/apt/iran-apt-microsoft-mshtml-exploit.html

While cloud customers continue to face a variety of threats across applications and infrastructure,
many successful attacks are due to poor hygiene and a lack of basic control implementation...

Report from Thread Horizons

Bunch of News

RATDispenser: Stealthy JavaScript Loader Dispensing RATs into the Wild

https://threatresearch.ext.hp.com/javanoscript-malware-dispensing-rats-into-the-wild/

Looking for vulnerabilities in MediaTek audio DSP

https://research.checkpoint.com/2021/looking-for-vulnerabilities-in-mediatek-audio-dsp/

“Free Steam games” videos promise much, deliver malware

https://blog.malwarebytes.com/scams/2021/11/free-steam-games-videos-promise-much-deliver-malware/

BABADEDA CRYPTER TARGETING CRYPTO, NFT, AND DEFI COMMUNITIES

https://blog.morphisec.com/the-babadeda-crypter-targeting-crypto-nft-defi-communities

Mobile Device Cybersecurity Checklist for Organizations

https://www.cisa.gov/sites/default/files/publications/CEG_Mobile%20Device%20Cybersecurty%20Checklist%20for%20Organizations.pdf

Mobile Device Cybersecurity Checklist for Consumers

https://www.cisa.gov/sites/default/files/publications/CEG_Mobile%20Device%20Cybersecurty%20Checklist%20for%20Consumers.pdf

 
Конференция OFFZONE в следующем году (25–26 августа)

Организаторы обещают конференцию 25–26 августа в 2022 году, к сожалению ни в прошлом, ни в позапрошлом годах конференцию провести не удалось в связи со сложной эпидеомиологической обстановкой. К счастью, правила проведения массовых мероприятий более-менее устаканились, поэтому удалось определиться с датой.

• Конфа пройдет в оффлайн формате. Почему не онлайн - организаторы отказались от этого формата, чтобы не потерять дух OFFZONE 🙂
• Билеты OFFZONE 2020 будут валидны, мало того по ним будут розданы эксклюзивные футболки.

В общем кто планирует посещение уже наверное стоит задуматься о возможном бюджете.

Детали на сайт конференции - https://offzone.moscow/ru/
 

Bunch of News

Exclusive: Resecurity discovered 0-day vulnerability in TP-Link Wi-Fi 6 devices

https://securityaffairs.co/wordpress/125016/hacking/0-day-tp-link-wi-fi-6.html

IKEA email systems hit by ongoing cyberattack

https://www.bleepingcomputer.com/news/security/ikea-email-systems-hit-by-ongoing-cyberattack/

Panasonic India's Data Released in Extortion Plot

https://www.bankinfosecurity.com/panasonic-india-held-to-500k-ransom-data-released-a-15573

Zoom vulnerability. This can potentially allow a malicious actor to crash the service or application, or leverage this vulnerability to execute arbitrary code.

https://nvd.nist.gov/vuln/detail/CVE-2021-34423

CronRAT malware hides behind February 31st

https://sansec.io/research/cronrat
https://gist.github.com/gwillem/fbe3e6b98e2e10d7f1f271ca4b6e813f

GitHub is back online after a two-hour outage

https://www.theverge.com/2021/11/27/22805076/github-down-outage-service-issues

Blocky Listener Daemon (BLD) Service Update Announcement

BLD is a free DoT/DoH/DNS service that prevents tracking, telemetry collection, advertising, malicious content, etc., to improve privacy and distraction-free experience

What's new in this update:

• Got rid of NGINX proxy to reduce overhead. Now all requests are handled by BLD service itself
• Migrated from Let's Encrypt to ACME Cloudflare
• Added / Updated prevention from Clickbait, Coinhive, Malware
• New project logo
• Added info on how to report blocking issues in dns-hole repo

See also:
• "What is BLD?" presentation (RU)

How to use:
• https://lab.sys-adm.in

P.S. Previouse announce

#bld #announce

Bunch of News

DNA Data Security Incident

DNA Diagnostics Center, Inc. (DDC) detected potential unauthorized access to its network, during which there was unauthorized access and acquisition of an archived database

https://dnacenter.com/data-security-incident-information-center/

Printing Shellz

This paper will walk you through the steps of our journey, from how we discovered the vulnerabilities, how we lovingly crafted the exploits and provides mitigation advice also. The vulnerabilities that were discovered affect more than 150 HP multi-function printers (MFPs).

https://labs.f-secure.com/publications/printing-shellz

Illicit coin mining, ransomware, APTs target cloud users in first Google Cybersecurity Action Team Threat Horizons report

https://cloud.google.com/blog/products/identity-security/coin-mining-ransomware-apts-target-cloud-gcat-report

How to Install Brew on Ubuntu and Other Linux

i'm not sure need it or not, but it is can be interesting..:

https://itsfoss.com/homebrew-linux/

Hackers all over the world are targeting Tasmania’s emergency services | Malwarebytes Labs
https://blog.malwarebytes.com/hacking-2/2021/11/hack-tasmania/

Smishing Botnets Going Viral in Iran

Интересно не где, а как...

https://research.checkpoint.com/2021/smishing-botnets-going-viral-in-iran/

Производители умных ТВ зарабатывают на слежке за пользователями больше, чем на самих телевизорах

https://habr.com/ru/company/globalsign/blog/592407/

l0ggg/VMware_vCenter: VMware vCenter 7.0.2.00100 unauth Arbitrary File Read + SSRF + Reflected XSS

PoC

https://github.com/l0ggg/VMware_vCenter

BPF-Based Linux Firewall "bpfilter" Shows Impressive Performance Potential

https://www.phoronix.com/scan.php?page=news_item&px=BPFILTER-2021

P.S. thx for the links dear subscriber ✌️

NginRAT - A stealth malware targets e-store hiding on Nginx serversSecurity Affairs
https://securityaffairs.co/wordpress/125216/malware/nginrat-magecart-attack.html