Magecart Groups Abuse Google Tag Manager

https://geminiadvisory.io/magecart-google-tag-manager/

Critical update to Chrome

https://chromereleases.googleblog.com/2021/12/stable-channel-update-for-desktop.html?m=1

USB Over Ethernet | Multiple Vulnerabilities in AWS and Other Major Cloud Services

https://www.sentinelone.com/labs/usb-over-ethernet-multiple-privilege-escalation-vulnerabilities-in-aws-and-other-major-cloud-services/

Note: BLD Сервис - Замена сервера (RU)

Сегодня было решено заменить сервер с IP 193.178.169.33 на другой, более мощный в другом дата-центре с новым IP 49.12.234.130

"Старый" IP будет работать еще 3 дня, после чего сервер будет удален, пожалуйста обновите/измените IP адреса, кто использует "старый" IP адрес.

Заранее всем спасибо за понимание.

Note: BLD Service - Server replacement (EN)

Today it was decided to replace the server with IP 193.178.169.33 with another, more powerful one in another data center with a new IP 49.12.234.130

The "old" IP will work for another 3 days, after which the server will be deleted, please update / change the IP who is using the "old" IP.

Thanks in advance for your understanding.

~~~

What is BLD DNS service - lab.sys-adm.in

CVE-2021-38759 | Raspberry Pi OS hard-coded password (CNVD-2021-43968)
https://vuldb.com/?id.187741

Windows 10 RCE: The exploit is in the link

https://positive.security/blog/ms-officecmd-rce

Exploiting Vulnerabilities in a TLD Registrar to Takeover Tether, Google, and Amazon — Palisade
https://palisade.consulting/blog/tld-hacking

Malicious npm Packages Are After Your Discord Tokens – 17 New Packages Disclosed

https://jfrog.com/blog/malicious-npm-packages-are-after-your-discord-tokens-17-new-packages-disclosed/

A new StrongPity variant hides behind Notepad++ installation

https://blog.minerva-labs.com/a-new-strongpity-variant-hides-behind-notepad-installation

--up--

RCE 0-day exploit found in log4j, a popular Java logging package

- https://www.lunasec.io/docs/blog/log4j-zero-day/

PoC and etc:
- https://github.com/tangxiaofeng7/apache-log4j-poc
- https://github.com/YfryTchsGD/Log4jAttackSurface
- https://gist.github.com/gnremy/c546c7911d5f876f263309d7161a7217

P.S. thx for the some links dear subscribers ✌️

Kali Linux 2021.4 Release | Kali Linux Blog
https://www.kali.org/blog/kali-linux-2021-4-release/

When Honey Bees Become Murder Hornets - Eclypsium

What do you do when two million cheap and powerful devices become the launchpad for one of the most powerful botnets ever? You stop treating the threat like a newly discovered and unexpected honey bee hive and you start remediating like you’ve discovered a Murder Hornet nest.

Based in Latvia, MikroTik may not be a household name, but it has been a popular supplier of routers and wireless ISP devices since 1996 with more than 2,000,000 devices deployed worldwide. These devices are both powerful, and as our research shows, often highly vulnerable. For the money, there is hardly a more powerful device a consumer can get their hands on

https://eclypsium.com/2021/12/09/when-honey-bees-become-murder-hornets/

Напоминаю: Сегодня в Алматы в 18:00 начнётся Бинарный эвент вместе с r0crewKZ

- Ресерчинг, Атаки, Эксплуатация, и Пиво конечно :)

Детали:
- https://news.1rj.ru/str/sysadm_in_up/916

~~

Remind: Today in Almaty at 06:00 PM we will start Binary event with r0crewKZ

- Researching, Attacking, Exploiting and Beer 🍻 of course :)

Details:
- https://news.1rj.ru/str/sysadm_in_up/916

How SASE is saving the marriage between network and security | VentureBeat
https://venturebeat.com/2021/06/03/how-sase-is-saving-the-marriage-between-network-and-security/

..being exploited in the wild

https://blog.talosintelligence.com/2021/12/apache-log4j-rce-vulnerability.html?m=1

Apache Log4Shell Vaccine

https://www.cybereason.com/blog/cybereason-releases-vaccine-to-prevent-exploitation-of-apache-log4shell-vulnerability-cve-2021-44228

P.S. thx for the link BORODA(C) ✌️

About the security content of iOS 15.2 and iPadOS 15.2 - Apple Support
https://support.apple.com/en-us/HT212976

Microsoft back to its old tricks to get an edge on the competition. | Vivaldi Browser
https://vivaldi.com/blog/microsoft-back-to-its-old-tricks-to-get-an-edge-on-the-competition/

Update Google Chrome to Patch New Zero-Day Exploit Detected in the Wild

https://thehackernews.com/2021/12/update-google-chrome-to-patch-new-zero.html?m=1

Chrome Releases

https://chromereleases.googleblog.com/2021/12/stable-channel-update-for-desktop_13.html

Attacks on Wireless Coexistence: Exploiting
Cross-Technology Performance Features for
Inter-Chip Privilege Escalation

Проверка на уязвимость к Log4Shell / митигация

Кратко, уже наверное набившая оскомину уязвимость о которой здесь в канале публиковалась инфа не раз..

Log4Shell — это критическая уязвимость в библиотеке логирования Log4j, которую используют многие веб-приложения на Java. Эксплуатация уязвимости приводит к удаленному выполнению кода (RCE), эксплоит уже опубликован, и ему подвержены все версии библиотеки до 2.15.0

Проблема в том, что нет простого способа выяснить, использует ли приложение библиотеку Log4j. Веб-сканеры на основе эксплоитов — не выход: они могут пропустить уязвимое приложение

Ребята из BI.ZONE разработали свой сканер на основе YARA-правила, и он работает не из интернета, а на хосте. Его задача — просканировать память процессов Java на наличие сигнатур библиотеки Log4j, на выходе вы получается перечень хостов, на которых есть приложения с Log4j...

Линки:
* yar - https://github.com/bi-zone/Log4j_Detector
* mitigation steps - https://www.lunasec.io/docs/blog/log4j-zero-day-mitigation-guide/