Exploiting Vulnerabilities in a TLD Registrar to Takeover Tether, Google, and Amazon — Palisade
https://palisade.consulting/blog/tld-hacking

Malicious npm Packages Are After Your Discord Tokens – 17 New Packages Disclosed

https://jfrog.com/blog/malicious-npm-packages-are-after-your-discord-tokens-17-new-packages-disclosed/

A new StrongPity variant hides behind Notepad++ installation

https://blog.minerva-labs.com/a-new-strongpity-variant-hides-behind-notepad-installation

--up--

RCE 0-day exploit found in log4j, a popular Java logging package

- https://www.lunasec.io/docs/blog/log4j-zero-day/

PoC and etc:
- https://github.com/tangxiaofeng7/apache-log4j-poc
- https://github.com/YfryTchsGD/Log4jAttackSurface
- https://gist.github.com/gnremy/c546c7911d5f876f263309d7161a7217

P.S. thx for the some links dear subscribers ✌️

Kali Linux 2021.4 Release | Kali Linux Blog
https://www.kali.org/blog/kali-linux-2021-4-release/

When Honey Bees Become Murder Hornets - Eclypsium

What do you do when two million cheap and powerful devices become the launchpad for one of the most powerful botnets ever? You stop treating the threat like a newly discovered and unexpected honey bee hive and you start remediating like you’ve discovered a Murder Hornet nest.

Based in Latvia, MikroTik may not be a household name, but it has been a popular supplier of routers and wireless ISP devices since 1996 with more than 2,000,000 devices deployed worldwide. These devices are both powerful, and as our research shows, often highly vulnerable. For the money, there is hardly a more powerful device a consumer can get their hands on

https://eclypsium.com/2021/12/09/when-honey-bees-become-murder-hornets/

Напоминаю: Сегодня в Алматы в 18:00 начнётся Бинарный эвент вместе с r0crewKZ

- Ресерчинг, Атаки, Эксплуатация, и Пиво конечно :)

Детали:
- https://news.1rj.ru/str/sysadm_in_up/916

~~

Remind: Today in Almaty at 06:00 PM we will start Binary event with r0crewKZ

- Researching, Attacking, Exploiting and Beer 🍻 of course :)

Details:
- https://news.1rj.ru/str/sysadm_in_up/916

How SASE is saving the marriage between network and security | VentureBeat
https://venturebeat.com/2021/06/03/how-sase-is-saving-the-marriage-between-network-and-security/

..being exploited in the wild

https://blog.talosintelligence.com/2021/12/apache-log4j-rce-vulnerability.html?m=1

Apache Log4Shell Vaccine

https://www.cybereason.com/blog/cybereason-releases-vaccine-to-prevent-exploitation-of-apache-log4shell-vulnerability-cve-2021-44228

P.S. thx for the link BORODA(C) ✌️

About the security content of iOS 15.2 and iPadOS 15.2 - Apple Support
https://support.apple.com/en-us/HT212976

Microsoft back to its old tricks to get an edge on the competition. | Vivaldi Browser
https://vivaldi.com/blog/microsoft-back-to-its-old-tricks-to-get-an-edge-on-the-competition/

Update Google Chrome to Patch New Zero-Day Exploit Detected in the Wild

https://thehackernews.com/2021/12/update-google-chrome-to-patch-new-zero.html?m=1

Chrome Releases

https://chromereleases.googleblog.com/2021/12/stable-channel-update-for-desktop_13.html

Attacks on Wireless Coexistence: Exploiting
Cross-Technology Performance Features for
Inter-Chip Privilege Escalation

Проверка на уязвимость к Log4Shell / митигация

Кратко, уже наверное набившая оскомину уязвимость о которой здесь в канале публиковалась инфа не раз..

Log4Shell — это критическая уязвимость в библиотеке логирования Log4j, которую используют многие веб-приложения на Java. Эксплуатация уязвимости приводит к удаленному выполнению кода (RCE), эксплоит уже опубликован, и ему подвержены все версии библиотеки до 2.15.0

Проблема в том, что нет простого способа выяснить, использует ли приложение библиотеку Log4j. Веб-сканеры на основе эксплоитов — не выход: они могут пропустить уязвимое приложение

Ребята из BI.ZONE разработали свой сканер на основе YARA-правила, и он работает не из интернета, а на хосте. Его задача — просканировать память процессов Java на наличие сигнатур библиотеки Log4j, на выходе вы получается перечень хостов, на которых есть приложения с Log4j...

Линки:
* yar - https://github.com/bi-zone/Log4j_Detector
* mitigation steps - https://www.lunasec.io/docs/blog/log4j-zero-day-mitigation-guide/

Windows AppX Installer Spoofing Vulnerability

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43890

Analysis of Initial In The Wild Attacks Exploiting Log4Shell/Log4J/CVE-2021-44228

https://www.cadosecurity.com/analysis-of-initial-in-the-wild-attacks-exploiting-log4shell-log4j-cve-2021-44228/

cdong1012/Rust-Ransomware: Ransomware written in Rust
https://github.com/cdong1012/Rust-Ransomware

Owowa: the add-on that turns your OWA into a credential stealer and remote access panel | Securelist
https://securelist.com/owowa-credential-stealer-and-remote-access/105219/

OpenSSL 3.0
For OpenSSL 3.0 a Migration guide has been added, so the CHANGES entries listed here are only a brief denoscription. The migration guide contains more detailed information related to new features, breaking changes, and mappings for the large list of deprecated functions.

Changes between 3.0.0 and 3.0.1 [14 dec 2021]

https://www.openssl.org/news/changelog.html#openssl-30

Phishing Campaign Targeting Korean to Deliver Agent Tesla New Variant

.NET, PowerPoint phishing company:

https://www.fortinet.com/blog/threat-research/phishing-campaign-targeting-korean-to-deliver-agent-tesla-new-variant