Forwarded from Yevgeniy Goncharov
Помоги Боту Маше жить комфортнее
Бот Маша, это бот Sys-Adm.in сообщества, который занимается модерацией, раздачей кармы и антиспамом. сервер на котором живет Маша, уже не справляется с текущей нагрузкой и нам нужно немного добавить мощностей с Вашей помощью. Помоги Маше быть и чувствовать себя комфортно.
Помимо всего прочего соседями бота являются боты которые созданы так же сообществом @chat_prettier_bot, @GroupWelcoModer_bot, @forum_poster_bot, @Get_Telegram_ID_bot помогая Маше, ты помогаешь целому семейству ботов выполняющих полезные задачи.
Сбор пожертвований здесь:
https://sobe.ru/na/bot_masha_will_live
Или здесь:
https://lab.sys-adm.in/
Бот Маша, это бот Sys-Adm.in сообщества, который занимается модерацией, раздачей кармы и антиспамом. сервер на котором живет Маша, уже не справляется с текущей нагрузкой и нам нужно немного добавить мощностей с Вашей помощью. Помоги Маше быть и чувствовать себя комфортно.
Помимо всего прочего соседями бота являются боты которые созданы так же сообществом @chat_prettier_bot, @GroupWelcoModer_bot, @forum_poster_bot, @Get_Telegram_ID_bot помогая Маше, ты помогаешь целому семейству ботов выполняющих полезные задачи.
Сбор пожертвований здесь:
https://sobe.ru/na/bot_masha_will_live
Или здесь:
https://lab.sys-adm.in/
How I was able to reveal page admin of almost any page on Facebook
https://medium.com/pentesternepal/how-i-was-able-to-reveal-page-admin-of-almost-any-page-on-facebook-5a8d68253e0c
https://medium.com/pentesternepal/how-i-was-able-to-reveal-page-admin-of-almost-any-page-on-facebook-5a8d68253e0c
Medium
How I was able to reveal page admin of almost any page on Facebook
Hello there , I am Sudip Shah from Pokhara, Nepal(a 19 yo independent security researcher). I found a bug on Facebook for Android where I…
MS AD SAM Name impersonation
….
During the November security update cycle, Microsoft released a patch for two new vulnerabilities, CVE-2021-42287 and CVE-2021-42278. Both vulnerabilities are described as a ‘Windows Active Directory domain service privilege escalation vulnerability’.
A few weeks later, on December 12, 2021, a proof-of-concept tool leveraging these vulnerabilities was publicly disclosed.
When combining these two vulnerabilities, an attacker can create a straightforward path to a Domain Admin user in an Active Directory environment that hasn’t applied these new updates. This escalation attack allows attackers to easily elevate their privilege to that of a Domain Admin once they compromise a regular user in the domain
…
https://techcommunity.microsoft.com/t5/security-compliance-and-identity/sam-name-impersonation/ba-p/3042699
….
During the November security update cycle, Microsoft released a patch for two new vulnerabilities, CVE-2021-42287 and CVE-2021-42278. Both vulnerabilities are described as a ‘Windows Active Directory domain service privilege escalation vulnerability’.
A few weeks later, on December 12, 2021, a proof-of-concept tool leveraging these vulnerabilities was publicly disclosed.
When combining these two vulnerabilities, an attacker can create a straightforward path to a Domain Admin user in an Active Directory environment that hasn’t applied these new updates. This escalation attack allows attackers to easily elevate their privilege to that of a Domain Admin once they compromise a regular user in the domain
…
https://techcommunity.microsoft.com/t5/security-compliance-and-identity/sam-name-impersonation/ba-p/3042699
TECHCOMMUNITY.MICROSOFT.COM
SAM Name impersonation | Microsoft Community Hub
During the November security update cycle, Microsoft released a patch for two new vulnerabilities, CVE-2021-42287 and CVE-2021-42278. Both vulnerabilities...
Пользователи пожаловались на фейковую рассылку с «розыгрышем» из паблика «Яндекс Go»
https://www.forbes.ru//finansy/450379-pol-zovateli-pozalovalis-na-fejkovuu-rassylku-s-rozygrysem-iz-pablika-andeks-go
https://www.forbes.ru//finansy/450379-pol-zovateli-pozalovalis-na-fejkovuu-rassylku-s-rozygrysem-iz-pablika-andeks-go
Forbes.ru
Пользователи пожаловались на фейковую рассылку с «розыгрышем» из паблика «Яндекс Go»
Подписчики сообщества «Яндекс Go» в VK пожаловались на рассылку с фейковым розыгрышем. Некоторые из них написали, что у них списались деньги с банковских карт, и требуют их вернуть
DarkWatchman: A new evolution in fileless techniques.
https://www.prevailion.com/darkwatchman-new-fileness-techniques/
https://www.prevailion.com/darkwatchman-new-fileness-techniques/
Attackers test “CAB-less 40444” exploit in a dry run
An updated exploit takes a circuitous route to trigger a Word document into delivering an infection without using macros
https://news.sophos.com/en-us/2021/12/21/attackers-test-cab-less-40444-exploit-in-a-dry-run/
The Continued Evolution of Abcbot
A new version of a malicious shell noscript targeting insecure cloud instances running under Cloud Service Providers such as Tencent, Baidu and Alibaba Cloud has recently been discovered. The shell noscript prepares the target host for additional compromise over SSH, kills off processes from competing threat actors and persists itself, before downloading an additional ELF executable used to connect to a botnet as part of a campaign dubbed by 360Netlab as “Abcbot”.
https://www.cadosecurity.com/the-continued-evolution-of-abcbot/
VMware critical warns
https://www.vmware.com/security/advisories/VMSA-2021-0028.html
An updated exploit takes a circuitous route to trigger a Word document into delivering an infection without using macros
https://news.sophos.com/en-us/2021/12/21/attackers-test-cab-less-40444-exploit-in-a-dry-run/
The Continued Evolution of Abcbot
A new version of a malicious shell noscript targeting insecure cloud instances running under Cloud Service Providers such as Tencent, Baidu and Alibaba Cloud has recently been discovered. The shell noscript prepares the target host for additional compromise over SSH, kills off processes from competing threat actors and persists itself, before downloading an additional ELF executable used to connect to a botnet as part of a campaign dubbed by 360Netlab as “Abcbot”.
https://www.cadosecurity.com/the-continued-evolution-of-abcbot/
VMware critical warns
https://www.vmware.com/security/advisories/VMSA-2021-0028.html
Sophos News
Attackers test “CAB-less 40444” exploit in a dry run
An updated exploit takes a circuitous route to trigger a Word document into delivering an infection without using macros
Azure App Service Linux source repository exposure
https://msrc-blog.microsoft.com/2021/12/22/azure-app-service-linux-source-repository-exposure/
https://msrc-blog.microsoft.com/2021/12/22/azure-app-service-linux-source-repository-exposure/
Apache’s other product: Critical bugs in ‘httpd’ web server, patch now!
https://nakedsecurity.sophos.com/2021/12/21/apaches-other-product-critical-bugs-in-httpd-web-server-patch-now/
https://nakedsecurity.sophos.com/2021/12/21/apaches-other-product-critical-bugs-in-httpd-web-server-patch-now/
Sophos News
Naked Security – Sophos News
MS Teams: 1 feature, 4 vulnerabilities
https://positive.security/blog/ms-teams-1-feature-4-vulns
~
Threat Report: Echelon Malware Detected in Mobile Chat Forums
https://www.safeguardcyber.com/blog/echelon-malware-crypto-wallet-stealer-malware
~
Log4j Java Vulnerabilities for Legacy vGPU Software License Server
https://enterprise-support.nvidia.com/s/article/Log4j-Java-Vulnerability-CVE-2021-44228-for-vGPU-Legacy-License-Server
~
Elastic Security uncovers BLISTER malware campaign
https://www.elastic.co/blog/elastic-security-uncovers-blister-malware-campaign
https://positive.security/blog/ms-teams-1-feature-4-vulns
~
Threat Report: Echelon Malware Detected in Mobile Chat Forums
https://www.safeguardcyber.com/blog/echelon-malware-crypto-wallet-stealer-malware
~
Log4j Java Vulnerabilities for Legacy vGPU Software License Server
https://enterprise-support.nvidia.com/s/article/Log4j-Java-Vulnerability-CVE-2021-44228-for-vGPU-Legacy-License-Server
~
Elastic Security uncovers BLISTER malware campaign
https://www.elastic.co/blog/elastic-security-uncovers-blister-malware-campaign
positive.security
MS Teams: 1 feature, 4 vulnerabilities | Positive Security
Microsoft Team's link preview feature is susceptible to spoofing and vulnerable to Server-Side Request Forgery. Team's Android users can be DoS'ed and, in the past, their IP address could be leaked.
Forwarded from Sys-Admin Up (Yevgeniy Goncharov)
Обновлен инструмент для установки GVM
- Есть возможность ставить GVM 20
- Есть возможность ставить GVM 21
- Есть возможность обновлять GVM 20 > GVM 21
Все тесты проведены на Ubuntu 20.04.3 LTS
https://github.com/m0zgen/install-gvm21
- Есть возможность ставить GVM 20
- Есть возможность ставить GVM 21
- Есть возможность обновлять GVM 20 > GVM 21
Все тесты проведены на Ubuntu 20.04.3 LTS
https://github.com/m0zgen/install-gvm21
GitHub
GitHub - m0zgen/install-gvm21: 🧘 Script for GVM 21 installs to Ubuntu
🧘 Script for GVM 21 installs to Ubuntu . Contribute to m0zgen/install-gvm21 development by creating an account on GitHub.
The Week in Ransomware - December 24th 2021 - No rest for the weary
https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-december-24th-2021-no-rest-for-the-weary/
https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-december-24th-2021-no-rest-for-the-weary/
BleepingComputer
The Week in Ransomware - December 24th 2021 - No rest for the weary
The holiday season is here, but there is no rest for our weary admins as ransomware gangs are still conducting attacks over the Christmas and New Years breaks.
Forwarded from Sys-Admin Up (Yevgeniy Goncharov)
macOS Big Sur Gatekeeper bypass
Available for: macOS Big Sur
Impact: A malicious application may bypass Gatekeeper checks
Denoscription: This issue was addressed with improved checks.
https://objective-see.com/blog/blog_0x6A.html
Available for: macOS Big Sur
Impact: A malicious application may bypass Gatekeeper checks
Denoscription: This issue was addressed with improved checks.
https://objective-see.com/blog/blog_0x6A.html
December 2021 Web Server Survey
Web servers December vulnerabilities/impacts:
https://news.netcraft.com/archives/2021/12/22/december-2021-web-server-survey.html
Web servers December vulnerabilities/impacts:
https://news.netcraft.com/archives/2021/12/22/december-2021-web-server-survey.html
Netcraft
December 2021 Web Server Survey | Netcraft
Forwarded from Sys-Admin Up (Yevgeniy Goncharov)
Executing Code Using Microsoft Teams Updater
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/executing-code-using-microsoft-teams-updater/
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/executing-code-using-microsoft-teams-updater/
Trustwave
Executing Code Using Microsoft Teams Updater | Trustwave
Red Teamers like to hunt for new methods of code execution through “legitimate” channels, and I’m no exception to that rule.
NotLegit: Azure App Service vulnerability exposed hundreds of source code repositories
https://blog.wiz.io/azure-app-service-source-code-leak/
https://blog.wiz.io/azure-app-service-source-code-leak/
wiz.io
NotLegit: Azure App Service vulnerability exposed hundreds of source code repositories | Wiz Blog
Read about the NotLegit vulnerability discovered by the Wiz Research Team, where the Azure App Service exposed hundreds of source code repositories.
More than 1,200 phishing toolkits capable of intercepting 2FA detected in the wild
https://therecord.media/more-than-1200-phishing-toolkits-capable-of-intercepting-2fa-detected-in-the-wild/
https://therecord.media/more-than-1200-phishing-toolkits-capable-of-intercepting-2fa-detected-in-the-wild/
The Record
More than 1,200 phishing toolkits capable of intercepting 2FA detected in the wild
A team of academics said it found more than 1,200 phishing toolkits deployed in the wild that are capable of intercepting and allowing cybercriminals to bypass two-factor authentication (2FA) security codes.
BLD Project Service - Configurations for Browsers, Devices, Routers
Hey, today I created GitHub wiki page with simple denoscriptions of steps for BLD Configuring on/in your Browsers and Devices:
DoH/Dot
• Google Chrome
• Mozilla Firefox
• Brave
• Edge
• Android (with Private DNS feature version 9+)
• iOS/MacOS
• Standard IP DNS service
• Details on official repo
What is BLD Service - Free & Fast Service from Sys-Admin for prevention - tracking, advertising, malicious and etc..
Details
• General README.md
• Wiki page
• Current BLD official site lab.sys-adm.in site
Forwarded from Sys-Admin Up (Yevgeniy Goncharov)
QNAP NAS devices hit in surge of ech0raix ransomware attacks
https://www.bleepingcomputer.com/news/security/qnap-nas-devices-hit-in-surge-of-ech0raix-ransomware-attacks/
A Deep Dive into DoubleFeature, Equation Group’s Post-Exploitation Dashboard
https://research.checkpoint.com/2021/a-deep-dive-into-doublefeature-equation-groups-post-exploitation-dashboard/
https://www.bleepingcomputer.com/news/security/qnap-nas-devices-hit-in-surge-of-ech0raix-ransomware-attacks/
A Deep Dive into DoubleFeature, Equation Group’s Post-Exploitation Dashboard
https://research.checkpoint.com/2021/a-deep-dive-into-doublefeature-equation-groups-post-exploitation-dashboard/
BleepingComputer
QNAP NAS devices hit in surge of ech0raix ransomware attacks
Users of QNAP network-attached storage (NAS) devices are reporting attacks on their systems with the eCh0raix ransomware, also known as QNAPCrypt.
CVE-2021-44733: Fuzzing and exploitation of a use-after-free in the Linux
https://github.com/pjlantz/optee-qemu
https://github.com/pjlantz/optee-qemu
GitHub
GitHub - pjlantz/optee-qemu: Environment with vulnerable kernel for exploitation of the TEE driver (CVE-2021-44733)
Environment with vulnerable kernel for exploitation of the TEE driver (CVE-2021-44733) - pjlantz/optee-qemu
Forwarded from Sys-Admin Up (Yevgeniy Goncharov)
Practical bruteforce of military grade AES-1024
https://rc3.world/2021/public_fahrplan#3c5f6844-cdc8-5a1a-a342-d93b43546a82
Flagpro: The new malware used by BlackTech
https://insight-jp.nttsecurity.com/post/102hf3q/flagpro-the-new-malware-used-by-blacktech
https://rc3.world/2021/public_fahrplan#3c5f6844-cdc8-5a1a-a342-d93b43546a82
Flagpro: The new malware used by BlackTech
https://insight-jp.nttsecurity.com/post/102hf3q/flagpro-the-new-malware-used-by-blacktech