Scammers Mimic Microsoft with ‘Spam Notification’ Phishing Email

https://www.mailguard.com.au/blog/scammers-mimic-microsoft-with-spam-notification-phishing-email

Invisible rat: how Sentry, Datadog, and others used by XSS and JavaScript malware
https://lab.wallarm.com/invisible-rat-how-sentry-datadog-and-others-used-by-xss-and-javanoscript-malware/

P.S. Thx for the link ✌️

Introducing CentOS Stream 9

https://blog.centos.org/2021/12/introducing-centos-stream-9/

P.S. CentOS 9 Released

CentOS Linux 8 will reach End Of Life (EOL) on December 31st, 2021:

https://www.centos.org/centos-linux-eol/

EPEL 9 is now available

https://communityblog.fedoraproject.org/epel-9-is-now-available/

⚙ Simple noscript for converting CentOS 8 to CentOS 8 Stream

https://github.com/m0zgen/centos8-to-stream

Публикация Go релизов в GitHub

Недавно написал небольшую утилиту на Go - BENCH-DNS для нагрузочного тестирования DNS серверов, логика проста - создается файл или загружается файл (лист) с доменными именами и в многопоточном режиме в несколько итераций посылаются запросы на резольвинг имен, где в этот момент на самом DNS сервере отлавливаем нагрузку, смотрим кэш и тп. Так вот, собственно утилита есть, теперь нужно сделать автоматически публикуемые и собираемые релизы к этому делу. Для этого решил использовать GORELEASER, далее расскажу на примере репозитория BENCH-DNS как я создавал релизы.

https://sys-adm.in/systadm/969-publikatsiya-go-relizov-v-github.html

P.S. Чуть позже выложу мануал / описание как работает bench-dns

Indicators of Compromise Associated with Cuba
Ransomware. Warn from FBI.

Vulnerability in Cisco Security Devices is Dangerous For Business Processes of Large Companies

https://www.ptsecurity.com/ww-en/about/news/vulnerability-in-cisco-security-devices-is-dangerous-for-business-processes-of-large-companies/

CoinHelper Research | Avast
https://blog.avast.com/coinhelper-research-avast

Прям свежак, свежак - Установщик GVM 21 на Ubuntu 20+

Пока поддерживается убунту, после планируется Rocky, CentOS. Ставит и собирает готовое vulnerability scanning решение из исходников.

https://github.com/m0zgen/install-gvm21

Билдится согласно оф. ману:

https://greenbone.github.io/docs/gvm-21.04/index.html#setting-up-an-admin-user

Доп. инфо

Как ставить сканер уязвимостей GVM 21 на CentOS 8 из Atomic репы:

* https://sys-adm.in/systadm/nix/964-kak-ustanovit-skaner-uyazvimostej-greenbone-openvas-21-v-centos-8-2022.html

====

(EN) OpenVAS GVM 21 Ubuntu 20+ Installer

You can read REDME.md in repo:

https://github.com/m0zgen/install-gvm21

Script wrote according official documentation:

https://greenbone.github.io/docs/gvm-21.04/index.html#setting-up-an-admin-user

Magecart Groups Abuse Google Tag Manager

https://geminiadvisory.io/magecart-google-tag-manager/

Critical update to Chrome

https://chromereleases.googleblog.com/2021/12/stable-channel-update-for-desktop.html?m=1

USB Over Ethernet | Multiple Vulnerabilities in AWS and Other Major Cloud Services

https://www.sentinelone.com/labs/usb-over-ethernet-multiple-privilege-escalation-vulnerabilities-in-aws-and-other-major-cloud-services/

Note: BLD Сервис - Замена сервера (RU)

Сегодня было решено заменить сервер с IP 193.178.169.33 на другой, более мощный в другом дата-центре с новым IP 49.12.234.130

"Старый" IP будет работать еще 3 дня, после чего сервер будет удален, пожалуйста обновите/измените IP адреса, кто использует "старый" IP адрес.

Заранее всем спасибо за понимание.

Note: BLD Service - Server replacement (EN)

Today it was decided to replace the server with IP 193.178.169.33 with another, more powerful one in another data center with a new IP 49.12.234.130

The "old" IP will work for another 3 days, after which the server will be deleted, please update / change the IP who is using the "old" IP.

Thanks in advance for your understanding.

~~~

What is BLD DNS service - lab.sys-adm.in

CVE-2021-38759 | Raspberry Pi OS hard-coded password (CNVD-2021-43968)
https://vuldb.com/?id.187741

Windows 10 RCE: The exploit is in the link

https://positive.security/blog/ms-officecmd-rce

Exploiting Vulnerabilities in a TLD Registrar to Takeover Tether, Google, and Amazon — Palisade
https://palisade.consulting/blog/tld-hacking

Malicious npm Packages Are After Your Discord Tokens – 17 New Packages Disclosed

https://jfrog.com/blog/malicious-npm-packages-are-after-your-discord-tokens-17-new-packages-disclosed/

A new StrongPity variant hides behind Notepad++ installation

https://blog.minerva-labs.com/a-new-strongpity-variant-hides-behind-notepad-installation

--up--

RCE 0-day exploit found in log4j, a popular Java logging package

- https://www.lunasec.io/docs/blog/log4j-zero-day/

PoC and etc:
- https://github.com/tangxiaofeng7/apache-log4j-poc
- https://github.com/YfryTchsGD/Log4jAttackSurface
- https://gist.github.com/gnremy/c546c7911d5f876f263309d7161a7217

P.S. thx for the some links dear subscribers ✌️

Kali Linux 2021.4 Release | Kali Linux Blog
https://www.kali.org/blog/kali-linux-2021-4-release/

When Honey Bees Become Murder Hornets - Eclypsium

What do you do when two million cheap and powerful devices become the launchpad for one of the most powerful botnets ever? You stop treating the threat like a newly discovered and unexpected honey bee hive and you start remediating like you’ve discovered a Murder Hornet nest.

Based in Latvia, MikroTik may not be a household name, but it has been a popular supplier of routers and wireless ISP devices since 1996 with more than 2,000,000 devices deployed worldwide. These devices are both powerful, and as our research shows, often highly vulnerable. For the money, there is hardly a more powerful device a consumer can get their hands on

https://eclypsium.com/2021/12/09/when-honey-bees-become-murder-hornets/

Напоминаю: Сегодня в Алматы в 18:00 начнётся Бинарный эвент вместе с r0crewKZ

- Ресерчинг, Атаки, Эксплуатация, и Пиво конечно :)

Детали:
- https://news.1rj.ru/str/sysadm_in_up/916

~~

Remind: Today in Almaty at 06:00 PM we will start Binary event with r0crewKZ

- Researching, Attacking, Exploiting and Beer 🍻 of course :)

Details:
- https://news.1rj.ru/str/sysadm_in_up/916