1.6 Million WordPress Sites Hit With 13.7 Million Attacks In 36 Hours From 16,000 IPs
https://www.wordfence.com/blog/2021/12/massive-wordpress-attack-campaign/
TP-Link TL-WR840N EU v5 Remote Code Execution
https://k4m1ll0.com/cve-2021-41653.html
CVE-2021-43798 Grafana directory traversal
https://www.openwall.com/lists/oss-security/2021/12/09/2
https://www.wordfence.com/blog/2021/12/massive-wordpress-attack-campaign/
TP-Link TL-WR840N EU v5 Remote Code Execution
https://k4m1ll0.com/cve-2021-41653.html
CVE-2021-43798 Grafana directory traversal
https://www.openwall.com/lists/oss-security/2021/12/09/2
Wordfence
1.6 Million WordPress Sites Hit With 13.7 Million Attacks In 36 Hours From 16,000 IPs
Today, on December 9, 2021, our Threat Intelligence team noticed a drastic uptick in attacks targeting vulnerabilities that make it possible for attackers to update arbitrary options on vulnerable sites. This led us into an investigation which uncovered an…
How SASE is saving the marriage between network and security | VentureBeat
https://venturebeat.com/2021/06/03/how-sase-is-saving-the-marriage-between-network-and-security/
https://venturebeat.com/2021/06/03/how-sase-is-saving-the-marriage-between-network-and-security/
VentureBeat
How SASE is saving the marriage between network and security
The barrier between security and networking teams creates friction which could potentially delay ongoing digital transformation projects.
..being exploited in the wild
https://blog.talosintelligence.com/2021/12/apache-log4j-rce-vulnerability.html?m=1
https://blog.talosintelligence.com/2021/12/apache-log4j-rce-vulnerability.html?m=1
Cisco Talos Blog
Threat Advisory: Critical Apache Log4j vulnerability being exploited in the wild
Update History
DateDenoscription of UpdatesDec. 20, 2021
Additional coverage and IOCs; additional detection capabilities for customers via Cisco Global Threat Alerts.
Dec. 18, 2021
Additional mitigation guidance; updated coverage information.
Dec. 17, 2021…
DateDenoscription of UpdatesDec. 20, 2021
Additional coverage and IOCs; additional detection capabilities for customers via Cisco Global Threat Alerts.
Dec. 18, 2021
Additional mitigation guidance; updated coverage information.
Dec. 17, 2021…
Apache Log4Shell Vaccine
https://www.cybereason.com/blog/cybereason-releases-vaccine-to-prevent-exploitation-of-apache-log4shell-vulnerability-cve-2021-44228
P.S. thx for the link BORODA(C) ✌️
https://www.cybereason.com/blog/cybereason-releases-vaccine-to-prevent-exploitation-of-apache-log4shell-vulnerability-cve-2021-44228
P.S. thx for the link BORODA(C) ✌️
Cybereason
UPDATED: Cybereason Log4Shell Vaccine Offers Permanent Mitigation Option for Log4j Vulnerabilities (CVE-2021-44228 and CVE-2021…
Cybereason researchers have released an updated "vaccine” with permanent mitigation option for the Log4Shell vulnerabilities (CVE-2021-44228 and CVE-2021-45046) which is freely available on GitHub and relatively simple to implement...
About the security content of iOS 15.2 and iPadOS 15.2 - Apple Support
https://support.apple.com/en-us/HT212976
https://support.apple.com/en-us/HT212976
Apple Support
About the security content of iOS 15.2 and iPadOS 15.2
This document describes the security content of iOS 15.2 and iPadOS 15.2.
Microsoft back to its old tricks to get an edge on the competition. | Vivaldi Browser
https://vivaldi.com/blog/microsoft-back-to-its-old-tricks-to-get-an-edge-on-the-competition/
https://vivaldi.com/blog/microsoft-back-to-its-old-tricks-to-get-an-edge-on-the-competition/
Vivaldi Browser
Microsoft back to its old tricks to get an edge on the competition. | Vivaldi Browser
What if Microsoft put the same effort into improving their Internet Explorer (Edge) browser as they do making it so hard for you to use a different browser on Windows? Vivaldi is not afraid of…
Update Google Chrome to Patch New Zero-Day Exploit Detected in the Wild
https://thehackernews.com/2021/12/update-google-chrome-to-patch-new-zero.html?m=1
Chrome Releases
https://chromereleases.googleblog.com/2021/12/stable-channel-update-for-desktop_13.html
https://thehackernews.com/2021/12/update-google-chrome-to-patch-new-zero.html?m=1
Chrome Releases
https://chromereleases.googleblog.com/2021/12/stable-channel-update-for-desktop_13.html
Chrome Releases
Stable Channel Update for Desktop
The Stable channel has been updated to 96.0.4664.110 for Windows, Mac and Linux which will roll out over the coming days/weeks. Extended sta...
Forwarded from Sys-Admin Up (Yevgeniy Goncharov)
wireless_research_report.pdf
1.2 MB
Attacks on Wireless Coexistence: Exploiting
Cross-Technology Performance Features for
Inter-Chip Privilege Escalation
Cross-Technology Performance Features for
Inter-Chip Privilege Escalation
Проверка на уязвимость к Log4Shell / митигация
Кратко, уже наверное набившая оскомину уязвимость о которой здесь в канале публиковалась инфа не раз..
Log4Shell — это критическая уязвимость в библиотеке логирования Log4j, которую используют многие веб-приложения на Java. Эксплуатация уязвимости приводит к удаленному выполнению кода (RCE), эксплоит уже опубликован, и ему подвержены все версии библиотеки до 2.15.0
Проблема в том, что нет простого способа выяснить, использует ли приложение библиотеку Log4j. Веб-сканеры на основе эксплоитов — не выход: они могут пропустить уязвимое приложение
Ребята из BI.ZONE разработали свой сканер на основе YARA-правила, и он работает не из интернета, а на хосте. Его задача — просканировать память процессов Java на наличие сигнатур библиотеки Log4j, на выходе вы получается перечень хостов, на которых есть приложения с Log4j...
Линки:
* yar - https://github.com/bi-zone/Log4j_Detector
* mitigation steps - https://www.lunasec.io/docs/blog/log4j-zero-day-mitigation-guide/
Кратко, уже наверное набившая оскомину уязвимость о которой здесь в канале публиковалась инфа не раз..
Log4Shell — это критическая уязвимость в библиотеке логирования Log4j, которую используют многие веб-приложения на Java. Эксплуатация уязвимости приводит к удаленному выполнению кода (RCE), эксплоит уже опубликован, и ему подвержены все версии библиотеки до 2.15.0
Проблема в том, что нет простого способа выяснить, использует ли приложение библиотеку Log4j. Веб-сканеры на основе эксплоитов — не выход: они могут пропустить уязвимое приложение
Ребята из BI.ZONE разработали свой сканер на основе YARA-правила, и он работает не из интернета, а на хосте. Его задача — просканировать память процессов Java на наличие сигнатур библиотеки Log4j, на выходе вы получается перечень хостов, на которых есть приложения с Log4j...
Линки:
* yar - https://github.com/bi-zone/Log4j_Detector
* mitigation steps - https://www.lunasec.io/docs/blog/log4j-zero-day-mitigation-guide/
GitHub
GitHub - bi-zone/Log4j_Detector: Detection of Log4j in memory
Detection of Log4j in memory. Contribute to bi-zone/Log4j_Detector development by creating an account on GitHub.
Windows AppX Installer Spoofing Vulnerability
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43890
Analysis of Initial In The Wild Attacks Exploiting Log4Shell/Log4J/CVE-2021-44228
https://www.cadosecurity.com/analysis-of-initial-in-the-wild-attacks-exploiting-log4shell-log4j-cve-2021-44228/
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43890
Analysis of Initial In The Wild Attacks Exploiting Log4Shell/Log4J/CVE-2021-44228
https://www.cadosecurity.com/analysis-of-initial-in-the-wild-attacks-exploiting-log4shell-log4j-cve-2021-44228/
Cado
Analysis of Initial In The Wild Attacks Exploiting Log4Shell/Log4J/CVE-2021-44228
Log4J is an open-source logging platform running on Java and built-in to many web platforms. Reports of exploitation started on December 9th.
New Ransomware family Khonsari - use Log4j2 of course 😄
https://businessinsights.bitdefender.com/technical-advisory-zero-day-critical-vulnerability-in-log4j2-exploited-in-the-wild
https://businessinsights.bitdefender.com/technical-advisory-zero-day-critical-vulnerability-in-log4j2-exploited-in-the-wild
Bitdefender Blog
Technical Advisory: Zero-day critical vulnerability in Log4j2 exploited in the wild
On December 9, 2021, Apache disclosed CVE-2021-44228, a remote code execution vulnerability – assigned with a severity of 10 (the highest possible risk score).
Forwarded from Sys-Admin Up (Yevgeniy Goncharov)
cdong1012/Rust-Ransomware: Ransomware written in Rust
https://github.com/cdong1012/Rust-Ransomware
https://github.com/cdong1012/Rust-Ransomware
GitHub
GitHub - cdong1012/Rust-Ransomware: Ransomware written in Rust
Ransomware written in Rust. Contribute to cdong1012/Rust-Ransomware development by creating an account on GitHub.
Owowa: the add-on that turns your OWA into a credential stealer and remote access panel | Securelist
https://securelist.com/owowa-credential-stealer-and-remote-access/105219/
https://securelist.com/owowa-credential-stealer-and-remote-access/105219/
Securelist
Owowa: the add-on that turns your OWA into a credential stealer and remote access panel
We found a suspicious binary and determined it as an IIS module, aimed at stealing credentials and enabling remote command execution from OWA. We named the malicious module ‘Owowa’,
OpenSSL 3.0
For OpenSSL 3.0 a Migration guide has been added, so the CHANGES entries listed here are only a brief denoscription. The migration guide contains more detailed information related to new features, breaking changes, and mappings for the large list of deprecated functions.
Changes between 3.0.0 and 3.0.1 [14 dec 2021]
https://www.openssl.org/news/changelog.html#openssl-30
For OpenSSL 3.0 a Migration guide has been added, so the CHANGES entries listed here are only a brief denoscription. The migration guide contains more detailed information related to new features, breaking changes, and mappings for the large list of deprecated functions.
Changes between 3.0.0 and 3.0.1 [14 dec 2021]
https://www.openssl.org/news/changelog.html#openssl-30
Phishing Campaign Targeting Korean to Deliver Agent Tesla New Variant
.NET, PowerPoint phishing company:
https://www.fortinet.com/blog/threat-research/phishing-campaign-targeting-korean-to-deliver-agent-tesla-new-variant
.NET, PowerPoint phishing company:
https://www.fortinet.com/blog/threat-research/phishing-campaign-targeting-korean-to-deliver-agent-tesla-new-variant
Fortinet Blog
Phishing Campaign Targeting Korean to Deliver Agent Tesla New Variant
FortiGuard Labs recently caught a phishing campaign that delivers a malicious PowerPoint file spreading a new variant of Agent Tesla. Read to learn more about the malicious macro, payload, and how …
Lenovo Privilege escalation
https://support.lenovo.com/cy/en/product_security/ps500461-lenovo-vantage-component-vulnerabilities
VMware Critical Vulnerability Mitigation Recommendation
https://kb.vmware.com/s/article/87167
https://support.lenovo.com/cy/en/product_security/ps500461-lenovo-vantage-component-vulnerabilities
VMware Critical Vulnerability Mitigation Recommendation
https://kb.vmware.com/s/article/87167
New Joker malware detected on Google Play, 500.000+ users affected
https://blog.pradeo.com/pradeo-identifies-app-joker-malware-google-play
https://blog.pradeo.com/pradeo-identifies-app-joker-malware-google-play
Pradeo
New malware detected on Google Play, 100.000+ users affected
Joker is a malware that silently exfiltrates data and subscribes users to unwanted premium subnoscription. The malware was found in 24 apps on Google Play.
…
This could have caused sensitive data to be recorded to a user's Microsoft account. *This bug only affects Firefox for Windows 10+ with Cloud Clipboard enabled. Other operating systems are unaffected.*. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3.
…
https://blog.mozilla.org/security/2021/12/15/preventing-secrets-from-leaking-through-clipboard/
This could have caused sensitive data to be recorded to a user's Microsoft account. *This bug only affects Firefox for Windows 10+ with Cloud Clipboard enabled. Other operating systems are unaffected.*. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3.
…
https://blog.mozilla.org/security/2021/12/15/preventing-secrets-from-leaking-through-clipboard/
Mozilla Security Blog
Preventing secrets from leaking through Clipboard
For decades users have been pressing Ctrl+C or relying on copy buttons. All these tricks and shortcuts to speed up text processing have become natural and intuitive to us. ...
Forwarded from Yevgeniy Goncharov
Помоги Боту Маше жить комфортнее
Бот Маша, это бот Sys-Adm.in сообщества, который занимается модерацией, раздачей кармы и антиспамом. сервер на котором живет Маша, уже не справляется с текущей нагрузкой и нам нужно немного добавить мощностей с Вашей помощью. Помоги Маше быть и чувствовать себя комфортно.
Помимо всего прочего соседями бота являются боты которые созданы так же сообществом @chat_prettier_bot, @GroupWelcoModer_bot, @forum_poster_bot, @Get_Telegram_ID_bot помогая Маше, ты помогаешь целому семейству ботов выполняющих полезные задачи.
Сбор пожертвований здесь:
https://sobe.ru/na/bot_masha_will_live
Или здесь:
https://lab.sys-adm.in/
Бот Маша, это бот Sys-Adm.in сообщества, который занимается модерацией, раздачей кармы и антиспамом. сервер на котором живет Маша, уже не справляется с текущей нагрузкой и нам нужно немного добавить мощностей с Вашей помощью. Помоги Маше быть и чувствовать себя комфортно.
Помимо всего прочего соседями бота являются боты которые созданы так же сообществом @chat_prettier_bot, @GroupWelcoModer_bot, @forum_poster_bot, @Get_Telegram_ID_bot помогая Маше, ты помогаешь целому семейству ботов выполняющих полезные задачи.
Сбор пожертвований здесь:
https://sobe.ru/na/bot_masha_will_live
Или здесь:
https://lab.sys-adm.in/
How I was able to reveal page admin of almost any page on Facebook
https://medium.com/pentesternepal/how-i-was-able-to-reveal-page-admin-of-almost-any-page-on-facebook-5a8d68253e0c
https://medium.com/pentesternepal/how-i-was-able-to-reveal-page-admin-of-almost-any-page-on-facebook-5a8d68253e0c
Medium
How I was able to reveal page admin of almost any page on Facebook
Hello there , I am Sudip Shah from Pokhara, Nepal(a 19 yo independent security researcher). I found a bug on Facebook for Android where I…