Microsoft Defender for Endpoint fails to start on Windows Server
https://www.bleepingcomputer.com/news/microsoft/microsoft-defender-for-endpoint-fails-to-start-on-windows-server/
https://www.bleepingcomputer.com/news/microsoft/microsoft-defender-for-endpoint-fails-to-start-on-windows-server/
BleepingComputer
Microsoft Defender for Endpoint fails to start on Windows Server
Microsoft has confirmed a new issue impacting Windows Server devices preventing the Microsoft Defender for Endpoint security solution from launching on some systems.
Joker virus resurfaces on Google Play Store; Hidden in these 14 apps
https://kalingatv.com/technology/beware-joker-virus-back-on-google-play-store-uninstall-these-14-android-apps-immediately/
https://kalingatv.com/technology/beware-joker-virus-back-on-google-play-store-uninstall-these-14-android-apps-immediately/
KalingaTV
Beware! Joker virus back on Google Play Store, Uninstall these 14 Android apps immediately
Beware Android phone users! The very dangerous malware Joker 'virus' has once again surfaced in Google Play Store apps. This Joker virus is a malicious
Iranian threat actors exploit MS MSHTML bug to steal Google and Instagram credentialsSecurity Affairs
https://securityaffairs.co/wordpress/124984/apt/iran-apt-microsoft-mshtml-exploit.html
https://securityaffairs.co/wordpress/124984/apt/iran-apt-microsoft-mshtml-exploit.html
Security Affairs
Iranian threat actors exploit MS MSHTML bug to steal Google and Instagram credentials
An Iranian threat actor is stealing Google and Instagram credentials of Farsi-speaking targets by exploiting a Microsoft MSHTML bug.
gcat_threathorizons_full_nov2021.pdf
2.6 MB
While cloud customers continue to face a variety of threats across applications and infrastructure,
many successful attacks are due to poor hygiene and a lack of basic control implementation...
Report from Thread Horizons
many successful attacks are due to poor hygiene and a lack of basic control implementation...
Report from Thread Horizons
Bunch of News
RATDispenser: Stealthy JavaScript Loader Dispensing RATs into the Wild
https://threatresearch.ext.hp.com/javanoscript-malware-dispensing-rats-into-the-wild/
Looking for vulnerabilities in MediaTek audio DSP
https://research.checkpoint.com/2021/looking-for-vulnerabilities-in-mediatek-audio-dsp/
“Free Steam games” videos promise much, deliver malware
https://blog.malwarebytes.com/scams/2021/11/free-steam-games-videos-promise-much-deliver-malware/
BABADEDA CRYPTER TARGETING CRYPTO, NFT, AND DEFI COMMUNITIES
https://blog.morphisec.com/the-babadeda-crypter-targeting-crypto-nft-defi-communities
RATDispenser: Stealthy JavaScript Loader Dispensing RATs into the Wild
https://threatresearch.ext.hp.com/javanoscript-malware-dispensing-rats-into-the-wild/
Looking for vulnerabilities in MediaTek audio DSP
https://research.checkpoint.com/2021/looking-for-vulnerabilities-in-mediatek-audio-dsp/
“Free Steam games” videos promise much, deliver malware
https://blog.malwarebytes.com/scams/2021/11/free-steam-games-videos-promise-much-deliver-malware/
BABADEDA CRYPTER TARGETING CRYPTO, NFT, AND DEFI COMMUNITIES
https://blog.morphisec.com/the-babadeda-crypter-targeting-crypto-nft-defi-communities
HP Wolf Security
RATDispenser: Stealthy JavaScript Loader Dispensing RATs into the Wild | HP Wolf Security
With a 11% detection rate, RATDispenser appears to be effective at evading security controls and delivering malware.
Apache redux: preventing Server Side Request Forgery via CVE-2021-40438
https://www.fastly.com/blog/apache-redux-preventing-server-side-request-forgery-via-cve-2021-40438
https://www.fastly.com/blog/apache-redux-preventing-server-side-request-forgery-via-cve-2021-40438
Fastly
Preventing SSRF: Apache CVE-2021-40438 | Fastly | Fastly
Our Security Research Team provides guidance on how to address CVE-2021-40438, a vulnerability in Apache HTTP Server version 2.4.48 and earlier, by patching impacted version(s) and enabling a new templated rule to prevent exploitation.
Mobile Device Cybersecurity Checklist for Organizations
https://www.cisa.gov/sites/default/files/publications/CEG_Mobile%20Device%20Cybersecurty%20Checklist%20for%20Organizations.pdf
Mobile Device Cybersecurity Checklist for Consumers
https://www.cisa.gov/sites/default/files/publications/CEG_Mobile%20Device%20Cybersecurty%20Checklist%20for%20Consumers.pdf
https://www.cisa.gov/sites/default/files/publications/CEG_Mobile%20Device%20Cybersecurty%20Checklist%20for%20Organizations.pdf
Mobile Device Cybersecurity Checklist for Consumers
https://www.cisa.gov/sites/default/files/publications/CEG_Mobile%20Device%20Cybersecurty%20Checklist%20for%20Consumers.pdf
Конференция OFFZONE в следующем году (25–26 августа)
Организаторы обещают конференцию 25–26 августа в 2022 году, к сожалению ни в прошлом, ни в позапрошлом годах конференцию провести не удалось в связи со сложной эпидеомиологической обстановкой. К счастью, правила проведения массовых мероприятий более-менее устаканились, поэтому удалось определиться с датой.
• Конфа пройдет в оффлайн формате. Почему не онлайн - организаторы отказались от этого формата, чтобы не потерять дух OFFZONE 🙂
• Билеты OFFZONE 2020 будут валидны, мало того по ним будут розданы эксклюзивные футболки.
В общем кто планирует посещение уже наверное стоит задуматься о возможном бюджете.
Детали на сайт конференции - https://offzone.moscow/ru/
Bunch of News
Exclusive: Resecurity discovered 0-day vulnerability in TP-Link Wi-Fi 6 devices
https://securityaffairs.co/wordpress/125016/hacking/0-day-tp-link-wi-fi-6.html
IKEA email systems hit by ongoing cyberattack
https://www.bleepingcomputer.com/news/security/ikea-email-systems-hit-by-ongoing-cyberattack/
Panasonic India's Data Released in Extortion Plot
https://www.bankinfosecurity.com/panasonic-india-held-to-500k-ransom-data-released-a-15573
Zoom vulnerability. This can potentially allow a malicious actor to crash the service or application, or leverage this vulnerability to execute arbitrary code.
https://nvd.nist.gov/vuln/detail/CVE-2021-34423
CronRAT malware hides behind February 31st
https://sansec.io/research/cronrat
https://gist.github.com/gwillem/fbe3e6b98e2e10d7f1f271ca4b6e813f
GitHub is back online after a two-hour outage
https://www.theverge.com/2021/11/27/22805076/github-down-outage-service-issues
Exclusive: Resecurity discovered 0-day vulnerability in TP-Link Wi-Fi 6 devices
https://securityaffairs.co/wordpress/125016/hacking/0-day-tp-link-wi-fi-6.html
IKEA email systems hit by ongoing cyberattack
https://www.bleepingcomputer.com/news/security/ikea-email-systems-hit-by-ongoing-cyberattack/
Panasonic India's Data Released in Extortion Plot
https://www.bankinfosecurity.com/panasonic-india-held-to-500k-ransom-data-released-a-15573
Zoom vulnerability. This can potentially allow a malicious actor to crash the service or application, or leverage this vulnerability to execute arbitrary code.
https://nvd.nist.gov/vuln/detail/CVE-2021-34423
CronRAT malware hides behind February 31st
https://sansec.io/research/cronrat
https://gist.github.com/gwillem/fbe3e6b98e2e10d7f1f271ca4b6e813f
GitHub is back online after a two-hour outage
https://www.theverge.com/2021/11/27/22805076/github-down-outage-service-issues
Security Affairs
Resecurity discovered 0-day vulnerability in TP-Link Wi-Fi 6 devices
Resecurity researchers found a zero-day vulnerability in the TP-Link enterprise device with model number TL-XVR1800L.
Blocky Listener Daemon (BLD) Service Update Announcement
BLD is a free DoT/DoH/DNS service that prevents tracking, telemetry collection, advertising, malicious content, etc., to improve privacy and distraction-free experience
What's new in this update:
• Got rid of NGINX proxy to reduce overhead. Now all requests are handled by BLD service itself
• Migrated from Let's Encrypt to ACME Cloudflare
• Added / Updated prevention from Clickbait, Coinhive, Malware
• New project logo
• Added info on how to report blocking issues in dns-hole repo
See also:
• "What is BLD?" presentation (RU)
How to use:
• https://lab.sys-adm.in
P.S. Previouse announce
#bld #announce
BLD is a free DoT/DoH/DNS service that prevents tracking, telemetry collection, advertising, malicious content, etc., to improve privacy and distraction-free experience
What's new in this update:
• Got rid of NGINX proxy to reduce overhead. Now all requests are handled by BLD service itself
• Migrated from Let's Encrypt to ACME Cloudflare
• Added / Updated prevention from Clickbait, Coinhive, Malware
• New project logo
• Added info on how to report blocking issues in dns-hole repo
See also:
• "What is BLD?" presentation (RU)
How to use:
• https://lab.sys-adm.in
P.S. Previouse announce
#bld #announce
lab.sys-adm.in
Sys-Admin Laboratory
Open Sys-Admin BLD DNS - Focus on information for free with adblocking and implicit cybersecurity threat prevention.
Sys-Admin InfoSec pinned «Blocky Listener Daemon (BLD) Service Update Announcement BLD is a free DoT/DoH/DNS service that prevents tracking, telemetry collection, advertising, malicious content, etc., to improve privacy and distraction-free experience What's new in this update: …»
Bunch of News
DNA Data Security Incident
DNA Diagnostics Center, Inc. (DDC) detected potential unauthorized access to its network, during which there was unauthorized access and acquisition of an archived database
https://dnacenter.com/data-security-incident-information-center/
Printing Shellz
This paper will walk you through the steps of our journey, from how we discovered the vulnerabilities, how we lovingly crafted the exploits and provides mitigation advice also. The vulnerabilities that were discovered affect more than 150 HP multi-function printers (MFPs).
https://labs.f-secure.com/publications/printing-shellz
Illicit coin mining, ransomware, APTs target cloud users in first Google Cybersecurity Action Team Threat Horizons report
https://cloud.google.com/blog/products/identity-security/coin-mining-ransomware-apts-target-cloud-gcat-report
DNA Data Security Incident
DNA Diagnostics Center, Inc. (DDC) detected potential unauthorized access to its network, during which there was unauthorized access and acquisition of an archived database
https://dnacenter.com/data-security-incident-information-center/
Printing Shellz
This paper will walk you through the steps of our journey, from how we discovered the vulnerabilities, how we lovingly crafted the exploits and provides mitigation advice also. The vulnerabilities that were discovered affect more than 150 HP multi-function printers (MFPs).
https://labs.f-secure.com/publications/printing-shellz
Illicit coin mining, ransomware, APTs target cloud users in first Google Cybersecurity Action Team Threat Horizons report
https://cloud.google.com/blog/products/identity-security/coin-mining-ransomware-apts-target-cloud-gcat-report
How to Install Brew on Ubuntu and Other Linux
i'm not sure need it or not, but it is can be interesting..:
https://itsfoss.com/homebrew-linux/
i'm not sure need it or not, but it is can be interesting..:
https://itsfoss.com/homebrew-linux/
It's FOSS
How to Install Homebrew on Ubuntu and Other Linux
Homebrew is a popular command line based package manager for macOS. It can also be installed and used on Linux. Here's why and how.
Hackers all over the world are targeting Tasmania’s emergency services | Malwarebytes Labs
https://blog.malwarebytes.com/hacking-2/2021/11/hack-tasmania/
https://blog.malwarebytes.com/hacking-2/2021/11/hack-tasmania/
Malwarebytes
Hackers all over the world are targeting Tasmania’s emergency services
The Island state of Tasmania in Australia continues to be subjected to multiple cyberattacks on its emergency services from all around the globe.
Smishing Botnets Going Viral in Iran
Интересно не где, а как...
https://research.checkpoint.com/2021/smishing-botnets-going-viral-in-iran/
Интересно не где, а как...
https://research.checkpoint.com/2021/smishing-botnets-going-viral-in-iran/
Check Point Research
Smishing Botnets Going Viral in Iran - Check Point Research
Research by: Shmuel Cohen Introduction In the last few months, multiple Iranian media and social networks have published warnings about ongoing SMS phishing campaigns impersonating Iranian government services. The story is as old as time: victims click on…
Производители умных ТВ зарабатывают на слежке за пользователями больше, чем на самих телевизорах
https://habr.com/ru/company/globalsign/blog/592407/
https://habr.com/ru/company/globalsign/blog/592407/
Хабр
Производители умных ТВ зарабатывают на слежке за пользователями больше, чем на самих телевизорах
Сетевая активность телевизора в программе IoT Inspector . Скриншот: Geoffrey Fowler/The Washington Post В 2019 году мы рассказывали, что умные телевизоры Samsung, LG, Vizio и TCL ежесекундно снимают...
l0ggg/VMware_vCenter: VMware vCenter 7.0.2.00100 unauth Arbitrary File Read + SSRF + Reflected XSS
PoC
https://github.com/l0ggg/VMware_vCenter
BPF-Based Linux Firewall "bpfilter" Shows Impressive Performance Potential
https://www.phoronix.com/scan.php?page=news_item&px=BPFILTER-2021
P.S. thx for the links dear subscriber ✌️
PoC
https://github.com/l0ggg/VMware_vCenter
BPF-Based Linux Firewall "bpfilter" Shows Impressive Performance Potential
https://www.phoronix.com/scan.php?page=news_item&px=BPFILTER-2021
P.S. thx for the links dear subscriber ✌️
GitHub
GitHub - l0ggg/VMware_vCenter: VMware vCenter 7.0.2.00100 unauth Arbitrary File Read + SSRF + Reflected XSS
VMware vCenter 7.0.2.00100 unauth Arbitrary File Read + SSRF + Reflected XSS - l0ggg/VMware_vCenter
NginRAT - A stealth malware targets e-store hiding on Nginx serversSecurity Affairs
https://securityaffairs.co/wordpress/125216/malware/nginrat-magecart-attack.html
https://securityaffairs.co/wordpress/125216/malware/nginrat-magecart-attack.html
Security Affairs
NginRAT - A stealth malware targets e-store hiding on Nginx servers
Threat actors are targeting e-stores with remote access malware that hides on Nginx servers bypassing security solutions.
Forwarded from Sys-Admin Up (Yevgeniy Goncharov)
Алматы, 11 декабря, сбор на тему бинарщины (update)
В прошлый раз я писал о грядущей встрече, тему бинарщины и не только, осталось менее 10 дней до этой движухи.
В виду чего высылаю почти окончательный вариант тем:
1. Мошенничество OLX: Итоги расследования (morty)
2. Attacking Software Developers. Часть 1 (thatskriptkid)
3. Почему вы этого не делаете? (novitoll)
4. Attacking Software Developers. Часть 2 (thatskriptkid)
5. Эксплоитить Линукс ядро стало сложнее, но нас не остановить (novitoll)
6. Бофаем винду сокетами (undefi)
- Формат: оффлайн и только (будет бесплатное пиво (в разумных количествах) + доклады :))
- Дата: 11 декабря (следующая суббота), начало в 18:00 по местному времени
- Место: Lenore Pub, проспект Абая, 124, https://go.2gis.com/jozza
В прошлый раз я писал о грядущей встрече, тему бинарщины и не только, осталось менее 10 дней до этой движухи.
В виду чего высылаю почти окончательный вариант тем:
1. Мошенничество OLX: Итоги расследования (morty)
2. Attacking Software Developers. Часть 1 (thatskriptkid)
3. Почему вы этого не делаете? (novitoll)
4. Attacking Software Developers. Часть 2 (thatskriptkid)
5. Эксплоитить Линукс ядро стало сложнее, но нас не остановить (novitoll)
6. Бофаем винду сокетами (undefi)
- Формат: оффлайн и только (будет бесплатное пиво (в разумных количествах) + доклады :))
- Дата: 11 декабря (следующая суббота), начало в 18:00 по местному времени
- Место: Lenore Pub, проспект Абая, 124, https://go.2gis.com/jozza
Telegram
Sys-Admin InfoSec
Алматы, 11 декабря, сбор на тему реверса/малвари/фаззинга/эсплоитов
И + любая бинарщина - будет на очередном, открытом митапе r0crewKZ, с бесплатным пивом (в разумных пределах) и конечно же докладами)
Глубокое погружение в темы:
• Мошенничество OLX:…