DarkWatchman: A new evolution in fileless techniques.
https://www.prevailion.com/darkwatchman-new-fileness-techniques/
https://www.prevailion.com/darkwatchman-new-fileness-techniques/
Attackers test “CAB-less 40444” exploit in a dry run
An updated exploit takes a circuitous route to trigger a Word document into delivering an infection without using macros
https://news.sophos.com/en-us/2021/12/21/attackers-test-cab-less-40444-exploit-in-a-dry-run/
The Continued Evolution of Abcbot
A new version of a malicious shell noscript targeting insecure cloud instances running under Cloud Service Providers such as Tencent, Baidu and Alibaba Cloud has recently been discovered. The shell noscript prepares the target host for additional compromise over SSH, kills off processes from competing threat actors and persists itself, before downloading an additional ELF executable used to connect to a botnet as part of a campaign dubbed by 360Netlab as “Abcbot”.
https://www.cadosecurity.com/the-continued-evolution-of-abcbot/
VMware critical warns
https://www.vmware.com/security/advisories/VMSA-2021-0028.html
An updated exploit takes a circuitous route to trigger a Word document into delivering an infection without using macros
https://news.sophos.com/en-us/2021/12/21/attackers-test-cab-less-40444-exploit-in-a-dry-run/
The Continued Evolution of Abcbot
A new version of a malicious shell noscript targeting insecure cloud instances running under Cloud Service Providers such as Tencent, Baidu and Alibaba Cloud has recently been discovered. The shell noscript prepares the target host for additional compromise over SSH, kills off processes from competing threat actors and persists itself, before downloading an additional ELF executable used to connect to a botnet as part of a campaign dubbed by 360Netlab as “Abcbot”.
https://www.cadosecurity.com/the-continued-evolution-of-abcbot/
VMware critical warns
https://www.vmware.com/security/advisories/VMSA-2021-0028.html
Sophos News
Attackers test “CAB-less 40444” exploit in a dry run
An updated exploit takes a circuitous route to trigger a Word document into delivering an infection without using macros
Azure App Service Linux source repository exposure
https://msrc-blog.microsoft.com/2021/12/22/azure-app-service-linux-source-repository-exposure/
https://msrc-blog.microsoft.com/2021/12/22/azure-app-service-linux-source-repository-exposure/
Apache’s other product: Critical bugs in ‘httpd’ web server, patch now!
https://nakedsecurity.sophos.com/2021/12/21/apaches-other-product-critical-bugs-in-httpd-web-server-patch-now/
https://nakedsecurity.sophos.com/2021/12/21/apaches-other-product-critical-bugs-in-httpd-web-server-patch-now/
Sophos News
Naked Security – Sophos News
MS Teams: 1 feature, 4 vulnerabilities
https://positive.security/blog/ms-teams-1-feature-4-vulns
~
Threat Report: Echelon Malware Detected in Mobile Chat Forums
https://www.safeguardcyber.com/blog/echelon-malware-crypto-wallet-stealer-malware
~
Log4j Java Vulnerabilities for Legacy vGPU Software License Server
https://enterprise-support.nvidia.com/s/article/Log4j-Java-Vulnerability-CVE-2021-44228-for-vGPU-Legacy-License-Server
~
Elastic Security uncovers BLISTER malware campaign
https://www.elastic.co/blog/elastic-security-uncovers-blister-malware-campaign
https://positive.security/blog/ms-teams-1-feature-4-vulns
~
Threat Report: Echelon Malware Detected in Mobile Chat Forums
https://www.safeguardcyber.com/blog/echelon-malware-crypto-wallet-stealer-malware
~
Log4j Java Vulnerabilities for Legacy vGPU Software License Server
https://enterprise-support.nvidia.com/s/article/Log4j-Java-Vulnerability-CVE-2021-44228-for-vGPU-Legacy-License-Server
~
Elastic Security uncovers BLISTER malware campaign
https://www.elastic.co/blog/elastic-security-uncovers-blister-malware-campaign
positive.security
MS Teams: 1 feature, 4 vulnerabilities | Positive Security
Microsoft Team's link preview feature is susceptible to spoofing and vulnerable to Server-Side Request Forgery. Team's Android users can be DoS'ed and, in the past, their IP address could be leaked.
Forwarded from Sys-Admin Up (Yevgeniy Goncharov)
Обновлен инструмент для установки GVM
- Есть возможность ставить GVM 20
- Есть возможность ставить GVM 21
- Есть возможность обновлять GVM 20 > GVM 21
Все тесты проведены на Ubuntu 20.04.3 LTS
https://github.com/m0zgen/install-gvm21
- Есть возможность ставить GVM 20
- Есть возможность ставить GVM 21
- Есть возможность обновлять GVM 20 > GVM 21
Все тесты проведены на Ubuntu 20.04.3 LTS
https://github.com/m0zgen/install-gvm21
GitHub
GitHub - m0zgen/install-gvm21: 🧘 Script for GVM 21 installs to Ubuntu
🧘 Script for GVM 21 installs to Ubuntu . Contribute to m0zgen/install-gvm21 development by creating an account on GitHub.
The Week in Ransomware - December 24th 2021 - No rest for the weary
https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-december-24th-2021-no-rest-for-the-weary/
https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-december-24th-2021-no-rest-for-the-weary/
BleepingComputer
The Week in Ransomware - December 24th 2021 - No rest for the weary
The holiday season is here, but there is no rest for our weary admins as ransomware gangs are still conducting attacks over the Christmas and New Years breaks.
Forwarded from Sys-Admin Up (Yevgeniy Goncharov)
macOS Big Sur Gatekeeper bypass
Available for: macOS Big Sur
Impact: A malicious application may bypass Gatekeeper checks
Denoscription: This issue was addressed with improved checks.
https://objective-see.com/blog/blog_0x6A.html
Available for: macOS Big Sur
Impact: A malicious application may bypass Gatekeeper checks
Denoscription: This issue was addressed with improved checks.
https://objective-see.com/blog/blog_0x6A.html
December 2021 Web Server Survey
Web servers December vulnerabilities/impacts:
https://news.netcraft.com/archives/2021/12/22/december-2021-web-server-survey.html
Web servers December vulnerabilities/impacts:
https://news.netcraft.com/archives/2021/12/22/december-2021-web-server-survey.html
Netcraft
December 2021 Web Server Survey | Netcraft
Forwarded from Sys-Admin Up (Yevgeniy Goncharov)
Executing Code Using Microsoft Teams Updater
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/executing-code-using-microsoft-teams-updater/
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/executing-code-using-microsoft-teams-updater/
Trustwave
Executing Code Using Microsoft Teams Updater | Trustwave
Red Teamers like to hunt for new methods of code execution through “legitimate” channels, and I’m no exception to that rule.
NotLegit: Azure App Service vulnerability exposed hundreds of source code repositories
https://blog.wiz.io/azure-app-service-source-code-leak/
https://blog.wiz.io/azure-app-service-source-code-leak/
wiz.io
NotLegit: Azure App Service vulnerability exposed hundreds of source code repositories | Wiz Blog
Read about the NotLegit vulnerability discovered by the Wiz Research Team, where the Azure App Service exposed hundreds of source code repositories.
More than 1,200 phishing toolkits capable of intercepting 2FA detected in the wild
https://therecord.media/more-than-1200-phishing-toolkits-capable-of-intercepting-2fa-detected-in-the-wild/
https://therecord.media/more-than-1200-phishing-toolkits-capable-of-intercepting-2fa-detected-in-the-wild/
The Record
More than 1,200 phishing toolkits capable of intercepting 2FA detected in the wild
A team of academics said it found more than 1,200 phishing toolkits deployed in the wild that are capable of intercepting and allowing cybercriminals to bypass two-factor authentication (2FA) security codes.
BLD Project Service - Configurations for Browsers, Devices, Routers
Hey, today I created GitHub wiki page with simple denoscriptions of steps for BLD Configuring on/in your Browsers and Devices:
DoH/Dot
• Google Chrome
• Mozilla Firefox
• Brave
• Edge
• Android (with Private DNS feature version 9+)
• iOS/MacOS
• Standard IP DNS service
• Details on official repo
What is BLD Service - Free & Fast Service from Sys-Admin for prevention - tracking, advertising, malicious and etc..
Details
• General README.md
• Wiki page
• Current BLD official site lab.sys-adm.in site
Forwarded from Sys-Admin Up (Yevgeniy Goncharov)
QNAP NAS devices hit in surge of ech0raix ransomware attacks
https://www.bleepingcomputer.com/news/security/qnap-nas-devices-hit-in-surge-of-ech0raix-ransomware-attacks/
A Deep Dive into DoubleFeature, Equation Group’s Post-Exploitation Dashboard
https://research.checkpoint.com/2021/a-deep-dive-into-doublefeature-equation-groups-post-exploitation-dashboard/
https://www.bleepingcomputer.com/news/security/qnap-nas-devices-hit-in-surge-of-ech0raix-ransomware-attacks/
A Deep Dive into DoubleFeature, Equation Group’s Post-Exploitation Dashboard
https://research.checkpoint.com/2021/a-deep-dive-into-doublefeature-equation-groups-post-exploitation-dashboard/
BleepingComputer
QNAP NAS devices hit in surge of ech0raix ransomware attacks
Users of QNAP network-attached storage (NAS) devices are reporting attacks on their systems with the eCh0raix ransomware, also known as QNAPCrypt.
CVE-2021-44733: Fuzzing and exploitation of a use-after-free in the Linux
https://github.com/pjlantz/optee-qemu
https://github.com/pjlantz/optee-qemu
GitHub
GitHub - pjlantz/optee-qemu: Environment with vulnerable kernel for exploitation of the TEE driver (CVE-2021-44733)
Environment with vulnerable kernel for exploitation of the TEE driver (CVE-2021-44733) - pjlantz/optee-qemu
Forwarded from Sys-Admin Up (Yevgeniy Goncharov)
Practical bruteforce of military grade AES-1024
https://rc3.world/2021/public_fahrplan#3c5f6844-cdc8-5a1a-a342-d93b43546a82
Flagpro: The new malware used by BlackTech
https://insight-jp.nttsecurity.com/post/102hf3q/flagpro-the-new-malware-used-by-blacktech
https://rc3.world/2021/public_fahrplan#3c5f6844-cdc8-5a1a-a342-d93b43546a82
Flagpro: The new malware used by BlackTech
https://insight-jp.nttsecurity.com/post/102hf3q/flagpro-the-new-malware-used-by-blacktech
Бот Маша благодарна за Вашу помощь
Бот Маша через меня попросила передать, что благодаря Вашей помощи, у нее теперь больше ресурсов, а на аватар добавился кристалл счастья и звезда дающая + 10 к силе
Соседние боты, молча поддерживают Машу и радуются бОльшему свободному пространству и памяти на обновленном сервере, который обеспечен благодаря Вам ресурсами вплоть до середины 2023 года
От себя же и в целом от всех кому не безразлична судьба Маши, как члена нашего Sys-Admin коммьюнити, желаем Успехов!
Респект тебе, дружище. Peace ✌️
Distrobox is a tool that allows you to create and manage container-based development environments without root privileges.
https://fedoramagazine.org/run-distrobox-on-fedora-linux/
https://fedoramagazine.org/run-distrobox-on-fedora-linux/
Fedora Magazine
Run Distrobox on Fedora Linux - Fedora Magazine
Distrobox is a tool that allows you to create and manage container-based environments without root privileges using podman or docker.
Summary of free and open Sys-Admin activities (2021)
Hello everybody. This year was very interesting and productive for Sys-Admin activities, in generally:
• We had an open IT, Information Security, Dev(Sec)Ops and etc - Open SysConf Conference
• Created and published free Check Windows and Control Configs and Security - CWiCCS PowerShell tool
• Created and Deployed Chat Prettier bot
• Sys-Admin Laboratory reincarnated
• Created many free / open tools and published on GitHub Repositories
• And finally: Sys-Admin BLD free&fast anti-malicious project was started
Try to use BLD for preventig attack, send your feedbacks and take care of yourself, your loved ones and your personal and corporative data.
Thanks to everyone who helped and helps to Sys-Admin Community, who reads the news and gives feedback - Good luck to all of you!
Happy New Year. Sys-Admins POWER, Peace ✌️