Joker virus resurfaces on Google Play Store; Hidden in these 14 apps
https://kalingatv.com/technology/beware-joker-virus-back-on-google-play-store-uninstall-these-14-android-apps-immediately/

Amazon Linux 2022 using under hood Fedora Linux:

https://aws.amazon.com/linux/amazon-linux-2022/

Iranian threat actors exploit MS MSHTML bug to steal Google and Instagram credentialsSecurity Affairs
https://securityaffairs.co/wordpress/124984/apt/iran-apt-microsoft-mshtml-exploit.html

While cloud customers continue to face a variety of threats across applications and infrastructure,
many successful attacks are due to poor hygiene and a lack of basic control implementation...

Report from Thread Horizons

Bunch of News

RATDispenser: Stealthy JavaScript Loader Dispensing RATs into the Wild

https://threatresearch.ext.hp.com/javanoscript-malware-dispensing-rats-into-the-wild/

Looking for vulnerabilities in MediaTek audio DSP

https://research.checkpoint.com/2021/looking-for-vulnerabilities-in-mediatek-audio-dsp/

“Free Steam games” videos promise much, deliver malware

https://blog.malwarebytes.com/scams/2021/11/free-steam-games-videos-promise-much-deliver-malware/

BABADEDA CRYPTER TARGETING CRYPTO, NFT, AND DEFI COMMUNITIES

https://blog.morphisec.com/the-babadeda-crypter-targeting-crypto-nft-defi-communities

Mobile Device Cybersecurity Checklist for Organizations

https://www.cisa.gov/sites/default/files/publications/CEG_Mobile%20Device%20Cybersecurty%20Checklist%20for%20Organizations.pdf

Mobile Device Cybersecurity Checklist for Consumers

https://www.cisa.gov/sites/default/files/publications/CEG_Mobile%20Device%20Cybersecurty%20Checklist%20for%20Consumers.pdf

 
Конференция OFFZONE в следующем году (25–26 августа)

Организаторы обещают конференцию 25–26 августа в 2022 году, к сожалению ни в прошлом, ни в позапрошлом годах конференцию провести не удалось в связи со сложной эпидеомиологической обстановкой. К счастью, правила проведения массовых мероприятий более-менее устаканились, поэтому удалось определиться с датой.

• Конфа пройдет в оффлайн формате. Почему не онлайн - организаторы отказались от этого формата, чтобы не потерять дух OFFZONE 🙂
• Билеты OFFZONE 2020 будут валидны, мало того по ним будут розданы эксклюзивные футболки.

В общем кто планирует посещение уже наверное стоит задуматься о возможном бюджете.

Детали на сайт конференции - https://offzone.moscow/ru/
 

Bunch of News

Exclusive: Resecurity discovered 0-day vulnerability in TP-Link Wi-Fi 6 devices

https://securityaffairs.co/wordpress/125016/hacking/0-day-tp-link-wi-fi-6.html

IKEA email systems hit by ongoing cyberattack

https://www.bleepingcomputer.com/news/security/ikea-email-systems-hit-by-ongoing-cyberattack/

Panasonic India's Data Released in Extortion Plot

https://www.bankinfosecurity.com/panasonic-india-held-to-500k-ransom-data-released-a-15573

Zoom vulnerability. This can potentially allow a malicious actor to crash the service or application, or leverage this vulnerability to execute arbitrary code.

https://nvd.nist.gov/vuln/detail/CVE-2021-34423

CronRAT malware hides behind February 31st

https://sansec.io/research/cronrat
https://gist.github.com/gwillem/fbe3e6b98e2e10d7f1f271ca4b6e813f

GitHub is back online after a two-hour outage

https://www.theverge.com/2021/11/27/22805076/github-down-outage-service-issues

Blocky Listener Daemon (BLD) Service Update Announcement

BLD is a free DoT/DoH/DNS service that prevents tracking, telemetry collection, advertising, malicious content, etc., to improve privacy and distraction-free experience

What's new in this update:

• Got rid of NGINX proxy to reduce overhead. Now all requests are handled by BLD service itself
• Migrated from Let's Encrypt to ACME Cloudflare
• Added / Updated prevention from Clickbait, Coinhive, Malware
• New project logo
• Added info on how to report blocking issues in dns-hole repo

See also:
• "What is BLD?" presentation (RU)

How to use:
• https://lab.sys-adm.in

P.S. Previouse announce

#bld #announce

Bunch of News

DNA Data Security Incident

DNA Diagnostics Center, Inc. (DDC) detected potential unauthorized access to its network, during which there was unauthorized access and acquisition of an archived database

https://dnacenter.com/data-security-incident-information-center/

Printing Shellz

This paper will walk you through the steps of our journey, from how we discovered the vulnerabilities, how we lovingly crafted the exploits and provides mitigation advice also. The vulnerabilities that were discovered affect more than 150 HP multi-function printers (MFPs).

https://labs.f-secure.com/publications/printing-shellz

Illicit coin mining, ransomware, APTs target cloud users in first Google Cybersecurity Action Team Threat Horizons report

https://cloud.google.com/blog/products/identity-security/coin-mining-ransomware-apts-target-cloud-gcat-report

How to Install Brew on Ubuntu and Other Linux

i'm not sure need it or not, but it is can be interesting..:

https://itsfoss.com/homebrew-linux/

Hackers all over the world are targeting Tasmania’s emergency services | Malwarebytes Labs
https://blog.malwarebytes.com/hacking-2/2021/11/hack-tasmania/

Smishing Botnets Going Viral in Iran

Интересно не где, а как...

https://research.checkpoint.com/2021/smishing-botnets-going-viral-in-iran/

Производители умных ТВ зарабатывают на слежке за пользователями больше, чем на самих телевизорах

https://habr.com/ru/company/globalsign/blog/592407/

l0ggg/VMware_vCenter: VMware vCenter 7.0.2.00100 unauth Arbitrary File Read + SSRF + Reflected XSS

PoC

https://github.com/l0ggg/VMware_vCenter

BPF-Based Linux Firewall "bpfilter" Shows Impressive Performance Potential

https://www.phoronix.com/scan.php?page=news_item&px=BPFILTER-2021

P.S. thx for the links dear subscriber ✌️

NginRAT - A stealth malware targets e-store hiding on Nginx serversSecurity Affairs
https://securityaffairs.co/wordpress/125216/malware/nginrat-magecart-attack.html

Алматы, 11 декабря, сбор на тему бинарщины (update)

В прошлый раз я писал о грядущей встрече, тему бинарщины и не только, осталось менее 10 дней до этой движухи.

В виду чего высылаю почти окончательный вариант тем:
1. Мошенничество OLX: Итоги расследования (morty)
2. Attacking Software Developers. Часть 1 (thatskriptkid)
3. Почему вы этого не делаете? (novitoll)
4. Attacking Software Developers. Часть 2 (thatskriptkid)
5. Эксплоитить Линукс ядро стало сложнее, но нас не остановить (novitoll)
6. Бофаем винду сокетами (undefi)

- Формат: оффлайн и только (будет бесплатное пиво (в разумных количествах) + доклады :))
- Дата: 11 декабря (следующая суббота), начало в 18:00 по местному времени
- Место: Lenore Pub, проспект Абая, 124, https://go.2gis.com/jozza

NVD - CVE-2018-14847

MikroTik RouterOS through 6.42 allows unauthenticated remote attackers to read arbitrary files and remote authenticated attackers to write arbitrary files due to a directory traversal vulnerability in the WinBox interface.

https://nvd.nist.gov/vuln/detail/CVE-2018-14847

CVE-2021-40438 Detail

A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier.

https://nvd.nist.gov/vuln/detail/CVE-2021-40438