Owowa: the add-on that turns your OWA into a credential stealer and remote access panel | Securelist
https://securelist.com/owowa-credential-stealer-and-remote-access/105219/

OpenSSL 3.0
For OpenSSL 3.0 a Migration guide has been added, so the CHANGES entries listed here are only a brief denoscription. The migration guide contains more detailed information related to new features, breaking changes, and mappings for the large list of deprecated functions.

Changes between 3.0.0 and 3.0.1 [14 dec 2021]

https://www.openssl.org/news/changelog.html#openssl-30

Phishing Campaign Targeting Korean to Deliver Agent Tesla New Variant

.NET, PowerPoint phishing company:

https://www.fortinet.com/blog/threat-research/phishing-campaign-targeting-korean-to-deliver-agent-tesla-new-variant

Lenovo Privilege escalation

https://support.lenovo.com/cy/en/product_security/ps500461-lenovo-vantage-component-vulnerabilities


VMware Critical Vulnerability Mitigation Recommendation

https://kb.vmware.com/s/article/87167

New Joker malware detected on Google Play, 500.000+ users affected

https://blog.pradeo.com/pradeo-identifies-app-joker-malware-google-play

…
This could have caused sensitive data to be recorded to a user's Microsoft account. *This bug only affects Firefox for Windows 10+ with Cloud Clipboard enabled. Other operating systems are unaffected.*. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3.
…

https://blog.mozilla.org/security/2021/12/15/preventing-secrets-from-leaking-through-clipboard/

up
~~~
today old Sys-Admin DoH server will be stopped ( 193.178.169.33 )

Помоги Боту Маше жить комфортнее

Бот Маша, это бот Sys-Adm.in сообщества, который занимается модерацией, раздачей кармы и антиспамом. сервер на котором живет Маша, уже не справляется с текущей нагрузкой и нам нужно немного добавить мощностей с Вашей помощью. Помоги Маше быть и чувствовать себя комфортно.

Помимо всего прочего соседями бота являются боты которые созданы так же сообществом @chat_prettier_bot, @GroupWelcoModer_bot, @forum_poster_bot, @Get_Telegram_ID_bot помогая Маше, ты помогаешь целому семейству ботов выполняющих полезные задачи.

Сбор пожертвований здесь:

https://sobe.ru/na/bot_masha_will_live

Или здесь:

https://lab.sys-adm.in/

How I was able to reveal page admin of almost any page on Facebook

https://medium.com/pentesternepal/how-i-was-able-to-reveal-page-admin-of-almost-any-page-on-facebook-5a8d68253e0c

MS AD SAM Name impersonation

….
During the November security update cycle, Microsoft released a patch for two new vulnerabilities, CVE-2021-42287 and CVE-2021-42278. Both vulnerabilities are described as a ‘Windows Active Directory domain service privilege escalation vulnerability’.
 
A few weeks later, on December 12, 2021, a proof-of-concept tool leveraging these vulnerabilities was publicly disclosed.
 
When combining these two vulnerabilities, an attacker can create a straightforward path to a Domain Admin user in an Active Directory environment that hasn’t applied these new updates. This escalation attack allows attackers to easily elevate their privilege to that of a Domain Admin once they compromise a regular user in the domain
…

https://techcommunity.microsoft.com/t5/security-compliance-and-identity/sam-name-impersonation/ba-p/3042699

DarkWatchman: A new evolution in fileless techniques.

https://www.prevailion.com/darkwatchman-new-fileness-techniques/

Attackers test “CAB-less 40444” exploit in a dry run

An updated exploit takes a circuitous route to trigger a Word document into delivering an infection without using macros

https://news.sophos.com/en-us/2021/12/21/attackers-test-cab-less-40444-exploit-in-a-dry-run/

The Continued Evolution of Abcbot

A new version of a malicious shell noscript targeting insecure cloud instances running under Cloud Service Providers such as Tencent, Baidu and Alibaba Cloud has recently been discovered. The shell noscript prepares the target host for additional compromise over SSH, kills off processes from competing threat actors and persists itself, before downloading an additional ELF executable used to connect to a botnet as part of a campaign dubbed by 360Netlab as “Abcbot”.

https://www.cadosecurity.com/the-continued-evolution-of-abcbot/

VMware critical warns

https://www.vmware.com/security/advisories/VMSA-2021-0028.html

Azure App Service Linux source repository exposure

https://msrc-blog.microsoft.com/2021/12/22/azure-app-service-linux-source-repository-exposure/

Apache’s other product: Critical bugs in ‘httpd’ web server, patch now!

https://nakedsecurity.sophos.com/2021/12/21/apaches-other-product-critical-bugs-in-httpd-web-server-patch-now/

MS Teams: 1 feature, 4 vulnerabilities

https://positive.security/blog/ms-teams-1-feature-4-vulns

~
Threat Report: Echelon Malware Detected in Mobile Chat Forums

https://www.safeguardcyber.com/blog/echelon-malware-crypto-wallet-stealer-malware

~
Log4j Java Vulnerabilities for Legacy vGPU Software License Server

https://enterprise-support.nvidia.com/s/article/Log4j-Java-Vulnerability-CVE-2021-44228-for-vGPU-Legacy-License-Server

~
Elastic Security uncovers BLISTER malware campaign

https://www.elastic.co/blog/elastic-security-uncovers-blister-malware-campaign

Обновлен инструмент для установки GVM

- Есть возможность ставить GVM 20
- Есть возможность ставить GVM 21
- Есть возможность обновлять GVM 20 > GVM 21

Все тесты проведены на Ubuntu 20.04.3 LTS

https://github.com/m0zgen/install-gvm21

macOS Big Sur Gatekeeper bypass

Available for: macOS Big Sur
Impact: A malicious application may bypass Gatekeeper checks
Denoscription: This issue was addressed with improved checks.

https://objective-see.com/blog/blog_0x6A.html

December 2021 Web Server Survey

Web servers December vulnerabilities/impacts:

https://news.netcraft.com/archives/2021/12/22/december-2021-web-server-survey.html