Bunch of News

Exclusive: Resecurity discovered 0-day vulnerability in TP-Link Wi-Fi 6 devices

https://securityaffairs.co/wordpress/125016/hacking/0-day-tp-link-wi-fi-6.html

IKEA email systems hit by ongoing cyberattack

https://www.bleepingcomputer.com/news/security/ikea-email-systems-hit-by-ongoing-cyberattack/

Panasonic India's Data Released in Extortion Plot

https://www.bankinfosecurity.com/panasonic-india-held-to-500k-ransom-data-released-a-15573

Zoom vulnerability. This can potentially allow a malicious actor to crash the service or application, or leverage this vulnerability to execute arbitrary code.

https://nvd.nist.gov/vuln/detail/CVE-2021-34423

CronRAT malware hides behind February 31st

https://sansec.io/research/cronrat
https://gist.github.com/gwillem/fbe3e6b98e2e10d7f1f271ca4b6e813f

GitHub is back online after a two-hour outage

https://www.theverge.com/2021/11/27/22805076/github-down-outage-service-issues

Blocky Listener Daemon (BLD) Service Update Announcement

BLD is a free DoT/DoH/DNS service that prevents tracking, telemetry collection, advertising, malicious content, etc., to improve privacy and distraction-free experience

What's new in this update:

• Got rid of NGINX proxy to reduce overhead. Now all requests are handled by BLD service itself
• Migrated from Let's Encrypt to ACME Cloudflare
• Added / Updated prevention from Clickbait, Coinhive, Malware
• New project logo
• Added info on how to report blocking issues in dns-hole repo

See also:
• "What is BLD?" presentation (RU)

How to use:
• https://lab.sys-adm.in

P.S. Previouse announce

#bld #announce

Bunch of News

DNA Data Security Incident

DNA Diagnostics Center, Inc. (DDC) detected potential unauthorized access to its network, during which there was unauthorized access and acquisition of an archived database

https://dnacenter.com/data-security-incident-information-center/

Printing Shellz

This paper will walk you through the steps of our journey, from how we discovered the vulnerabilities, how we lovingly crafted the exploits and provides mitigation advice also. The vulnerabilities that were discovered affect more than 150 HP multi-function printers (MFPs).

https://labs.f-secure.com/publications/printing-shellz

Illicit coin mining, ransomware, APTs target cloud users in first Google Cybersecurity Action Team Threat Horizons report

https://cloud.google.com/blog/products/identity-security/coin-mining-ransomware-apts-target-cloud-gcat-report

How to Install Brew on Ubuntu and Other Linux

i'm not sure need it or not, but it is can be interesting..:

https://itsfoss.com/homebrew-linux/

Hackers all over the world are targeting Tasmania’s emergency services | Malwarebytes Labs
https://blog.malwarebytes.com/hacking-2/2021/11/hack-tasmania/

Smishing Botnets Going Viral in Iran

Интересно не где, а как...

https://research.checkpoint.com/2021/smishing-botnets-going-viral-in-iran/

Производители умных ТВ зарабатывают на слежке за пользователями больше, чем на самих телевизорах

https://habr.com/ru/company/globalsign/blog/592407/

l0ggg/VMware_vCenter: VMware vCenter 7.0.2.00100 unauth Arbitrary File Read + SSRF + Reflected XSS

PoC

https://github.com/l0ggg/VMware_vCenter

BPF-Based Linux Firewall "bpfilter" Shows Impressive Performance Potential

https://www.phoronix.com/scan.php?page=news_item&px=BPFILTER-2021

P.S. thx for the links dear subscriber ✌️

NginRAT - A stealth malware targets e-store hiding on Nginx serversSecurity Affairs
https://securityaffairs.co/wordpress/125216/malware/nginrat-magecart-attack.html

Алматы, 11 декабря, сбор на тему бинарщины (update)

В прошлый раз я писал о грядущей встрече, тему бинарщины и не только, осталось менее 10 дней до этой движухи.

В виду чего высылаю почти окончательный вариант тем:
1. Мошенничество OLX: Итоги расследования (morty)
2. Attacking Software Developers. Часть 1 (thatskriptkid)
3. Почему вы этого не делаете? (novitoll)
4. Attacking Software Developers. Часть 2 (thatskriptkid)
5. Эксплоитить Линукс ядро стало сложнее, но нас не остановить (novitoll)
6. Бофаем винду сокетами (undefi)

- Формат: оффлайн и только (будет бесплатное пиво (в разумных количествах) + доклады :))
- Дата: 11 декабря (следующая суббота), начало в 18:00 по местному времени
- Место: Lenore Pub, проспект Абая, 124, https://go.2gis.com/jozza

NVD - CVE-2018-14847

MikroTik RouterOS through 6.42 allows unauthenticated remote attackers to read arbitrary files and remote authenticated attackers to write arbitrary files due to a directory traversal vulnerability in the WinBox interface.

https://nvd.nist.gov/vuln/detail/CVE-2018-14847

CVE-2021-40438 Detail

A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier.

https://nvd.nist.gov/vuln/detail/CVE-2021-40438

Magnat campaigns use malvertising to deliver information stealer, backdoor and malicious Chrome extension

https://blog.talosintelligence.com/2021/12/magnat-campaigns-use-malvertising-to.html

Scammers Mimic Microsoft with ‘Spam Notification’ Phishing Email

https://www.mailguard.com.au/blog/scammers-mimic-microsoft-with-spam-notification-phishing-email

Invisible rat: how Sentry, Datadog, and others used by XSS and JavaScript malware
https://lab.wallarm.com/invisible-rat-how-sentry-datadog-and-others-used-by-xss-and-javanoscript-malware/

P.S. Thx for the link ✌️

Introducing CentOS Stream 9

https://blog.centos.org/2021/12/introducing-centos-stream-9/

P.S. CentOS 9 Released

CentOS Linux 8 will reach End Of Life (EOL) on December 31st, 2021:

https://www.centos.org/centos-linux-eol/

EPEL 9 is now available

https://communityblog.fedoraproject.org/epel-9-is-now-available/

⚙ Simple noscript for converting CentOS 8 to CentOS 8 Stream

https://github.com/m0zgen/centos8-to-stream

Публикация Go релизов в GitHub

Недавно написал небольшую утилиту на Go - BENCH-DNS для нагрузочного тестирования DNS серверов, логика проста - создается файл или загружается файл (лист) с доменными именами и в многопоточном режиме в несколько итераций посылаются запросы на резольвинг имен, где в этот момент на самом DNS сервере отлавливаем нагрузку, смотрим кэш и тп. Так вот, собственно утилита есть, теперь нужно сделать автоматически публикуемые и собираемые релизы к этому делу. Для этого решил использовать GORELEASER, далее расскажу на примере репозитория BENCH-DNS как я создавал релизы.

https://sys-adm.in/systadm/969-publikatsiya-go-relizov-v-github.html

P.S. Чуть позже выложу мануал / описание как работает bench-dns

Indicators of Compromise Associated with Cuba
Ransomware. Warn from FBI.

Vulnerability in Cisco Security Devices is Dangerous For Business Processes of Large Companies

https://www.ptsecurity.com/ww-en/about/news/vulnerability-in-cisco-security-devices-is-dangerous-for-business-processes-of-large-companies/

CoinHelper Research | Avast
https://blog.avast.com/coinhelper-research-avast