Microsoft back to its old tricks to get an edge on the competition. | Vivaldi Browser
https://vivaldi.com/blog/microsoft-back-to-its-old-tricks-to-get-an-edge-on-the-competition/

Update Google Chrome to Patch New Zero-Day Exploit Detected in the Wild

https://thehackernews.com/2021/12/update-google-chrome-to-patch-new-zero.html?m=1

Chrome Releases

https://chromereleases.googleblog.com/2021/12/stable-channel-update-for-desktop_13.html

Attacks on Wireless Coexistence: Exploiting
Cross-Technology Performance Features for
Inter-Chip Privilege Escalation

Проверка на уязвимость к Log4Shell / митигация

Кратко, уже наверное набившая оскомину уязвимость о которой здесь в канале публиковалась инфа не раз..

Log4Shell — это критическая уязвимость в библиотеке логирования Log4j, которую используют многие веб-приложения на Java. Эксплуатация уязвимости приводит к удаленному выполнению кода (RCE), эксплоит уже опубликован, и ему подвержены все версии библиотеки до 2.15.0

Проблема в том, что нет простого способа выяснить, использует ли приложение библиотеку Log4j. Веб-сканеры на основе эксплоитов — не выход: они могут пропустить уязвимое приложение

Ребята из BI.ZONE разработали свой сканер на основе YARA-правила, и он работает не из интернета, а на хосте. Его задача — просканировать память процессов Java на наличие сигнатур библиотеки Log4j, на выходе вы получается перечень хостов, на которых есть приложения с Log4j...

Линки:
* yar - https://github.com/bi-zone/Log4j_Detector
* mitigation steps - https://www.lunasec.io/docs/blog/log4j-zero-day-mitigation-guide/

Windows AppX Installer Spoofing Vulnerability

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43890

Analysis of Initial In The Wild Attacks Exploiting Log4Shell/Log4J/CVE-2021-44228

https://www.cadosecurity.com/analysis-of-initial-in-the-wild-attacks-exploiting-log4shell-log4j-cve-2021-44228/

cdong1012/Rust-Ransomware: Ransomware written in Rust
https://github.com/cdong1012/Rust-Ransomware

Owowa: the add-on that turns your OWA into a credential stealer and remote access panel | Securelist
https://securelist.com/owowa-credential-stealer-and-remote-access/105219/

OpenSSL 3.0
For OpenSSL 3.0 a Migration guide has been added, so the CHANGES entries listed here are only a brief denoscription. The migration guide contains more detailed information related to new features, breaking changes, and mappings for the large list of deprecated functions.

Changes between 3.0.0 and 3.0.1 [14 dec 2021]

https://www.openssl.org/news/changelog.html#openssl-30

Phishing Campaign Targeting Korean to Deliver Agent Tesla New Variant

.NET, PowerPoint phishing company:

https://www.fortinet.com/blog/threat-research/phishing-campaign-targeting-korean-to-deliver-agent-tesla-new-variant

Lenovo Privilege escalation

https://support.lenovo.com/cy/en/product_security/ps500461-lenovo-vantage-component-vulnerabilities


VMware Critical Vulnerability Mitigation Recommendation

https://kb.vmware.com/s/article/87167

New Joker malware detected on Google Play, 500.000+ users affected

https://blog.pradeo.com/pradeo-identifies-app-joker-malware-google-play

…
This could have caused sensitive data to be recorded to a user's Microsoft account. *This bug only affects Firefox for Windows 10+ with Cloud Clipboard enabled. Other operating systems are unaffected.*. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3.
…

https://blog.mozilla.org/security/2021/12/15/preventing-secrets-from-leaking-through-clipboard/

up
~~~
today old Sys-Admin DoH server will be stopped ( 193.178.169.33 )

Помоги Боту Маше жить комфортнее

Бот Маша, это бот Sys-Adm.in сообщества, который занимается модерацией, раздачей кармы и антиспамом. сервер на котором живет Маша, уже не справляется с текущей нагрузкой и нам нужно немного добавить мощностей с Вашей помощью. Помоги Маше быть и чувствовать себя комфортно.

Помимо всего прочего соседями бота являются боты которые созданы так же сообществом @chat_prettier_bot, @GroupWelcoModer_bot, @forum_poster_bot, @Get_Telegram_ID_bot помогая Маше, ты помогаешь целому семейству ботов выполняющих полезные задачи.

Сбор пожертвований здесь:

https://sobe.ru/na/bot_masha_will_live

Или здесь:

https://lab.sys-adm.in/

How I was able to reveal page admin of almost any page on Facebook

https://medium.com/pentesternepal/how-i-was-able-to-reveal-page-admin-of-almost-any-page-on-facebook-5a8d68253e0c

MS AD SAM Name impersonation

….
During the November security update cycle, Microsoft released a patch for two new vulnerabilities, CVE-2021-42287 and CVE-2021-42278. Both vulnerabilities are described as a ‘Windows Active Directory domain service privilege escalation vulnerability’.
 
A few weeks later, on December 12, 2021, a proof-of-concept tool leveraging these vulnerabilities was publicly disclosed.
 
When combining these two vulnerabilities, an attacker can create a straightforward path to a Domain Admin user in an Active Directory environment that hasn’t applied these new updates. This escalation attack allows attackers to easily elevate their privilege to that of a Domain Admin once they compromise a regular user in the domain
…

https://techcommunity.microsoft.com/t5/security-compliance-and-identity/sam-name-impersonation/ba-p/3042699

DarkWatchman: A new evolution in fileless techniques.

https://www.prevailion.com/darkwatchman-new-fileness-techniques/

Attackers test “CAB-less 40444” exploit in a dry run

An updated exploit takes a circuitous route to trigger a Word document into delivering an infection without using macros

https://news.sophos.com/en-us/2021/12/21/attackers-test-cab-less-40444-exploit-in-a-dry-run/

The Continued Evolution of Abcbot

A new version of a malicious shell noscript targeting insecure cloud instances running under Cloud Service Providers such as Tencent, Baidu and Alibaba Cloud has recently been discovered. The shell noscript prepares the target host for additional compromise over SSH, kills off processes from competing threat actors and persists itself, before downloading an additional ELF executable used to connect to a botnet as part of a campaign dubbed by 360Netlab as “Abcbot”.

https://www.cadosecurity.com/the-continued-evolution-of-abcbot/

VMware critical warns

https://www.vmware.com/security/advisories/VMSA-2021-0028.html

Azure App Service Linux source repository exposure

https://msrc-blog.microsoft.com/2021/12/22/azure-app-service-linux-source-repository-exposure/