December 2021 Web Server Survey
Web servers December vulnerabilities/impacts:
https://news.netcraft.com/archives/2021/12/22/december-2021-web-server-survey.html
Web servers December vulnerabilities/impacts:
https://news.netcraft.com/archives/2021/12/22/december-2021-web-server-survey.html
Netcraft
December 2021 Web Server Survey | Netcraft
Forwarded from Sys-Admin Up (Yevgeniy Goncharov)
Executing Code Using Microsoft Teams Updater
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/executing-code-using-microsoft-teams-updater/
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/executing-code-using-microsoft-teams-updater/
Trustwave
Executing Code Using Microsoft Teams Updater | Trustwave
Red Teamers like to hunt for new methods of code execution through “legitimate” channels, and I’m no exception to that rule.
NotLegit: Azure App Service vulnerability exposed hundreds of source code repositories
https://blog.wiz.io/azure-app-service-source-code-leak/
https://blog.wiz.io/azure-app-service-source-code-leak/
wiz.io
NotLegit: Azure App Service vulnerability exposed hundreds of source code repositories | Wiz Blog
Read about the NotLegit vulnerability discovered by the Wiz Research Team, where the Azure App Service exposed hundreds of source code repositories.
More than 1,200 phishing toolkits capable of intercepting 2FA detected in the wild
https://therecord.media/more-than-1200-phishing-toolkits-capable-of-intercepting-2fa-detected-in-the-wild/
https://therecord.media/more-than-1200-phishing-toolkits-capable-of-intercepting-2fa-detected-in-the-wild/
The Record
More than 1,200 phishing toolkits capable of intercepting 2FA detected in the wild
A team of academics said it found more than 1,200 phishing toolkits deployed in the wild that are capable of intercepting and allowing cybercriminals to bypass two-factor authentication (2FA) security codes.
BLD Project Service - Configurations for Browsers, Devices, Routers
Hey, today I created GitHub wiki page with simple denoscriptions of steps for BLD Configuring on/in your Browsers and Devices:
DoH/Dot
• Google Chrome
• Mozilla Firefox
• Brave
• Edge
• Android (with Private DNS feature version 9+)
• iOS/MacOS
• Standard IP DNS service
• Details on official repo
What is BLD Service - Free & Fast Service from Sys-Admin for prevention - tracking, advertising, malicious and etc..
Details
• General README.md
• Wiki page
• Current BLD official site lab.sys-adm.in site
Forwarded from Sys-Admin Up (Yevgeniy Goncharov)
QNAP NAS devices hit in surge of ech0raix ransomware attacks
https://www.bleepingcomputer.com/news/security/qnap-nas-devices-hit-in-surge-of-ech0raix-ransomware-attacks/
A Deep Dive into DoubleFeature, Equation Group’s Post-Exploitation Dashboard
https://research.checkpoint.com/2021/a-deep-dive-into-doublefeature-equation-groups-post-exploitation-dashboard/
https://www.bleepingcomputer.com/news/security/qnap-nas-devices-hit-in-surge-of-ech0raix-ransomware-attacks/
A Deep Dive into DoubleFeature, Equation Group’s Post-Exploitation Dashboard
https://research.checkpoint.com/2021/a-deep-dive-into-doublefeature-equation-groups-post-exploitation-dashboard/
BleepingComputer
QNAP NAS devices hit in surge of ech0raix ransomware attacks
Users of QNAP network-attached storage (NAS) devices are reporting attacks on their systems with the eCh0raix ransomware, also known as QNAPCrypt.
CVE-2021-44733: Fuzzing and exploitation of a use-after-free in the Linux
https://github.com/pjlantz/optee-qemu
https://github.com/pjlantz/optee-qemu
GitHub
GitHub - pjlantz/optee-qemu: Environment with vulnerable kernel for exploitation of the TEE driver (CVE-2021-44733)
Environment with vulnerable kernel for exploitation of the TEE driver (CVE-2021-44733) - pjlantz/optee-qemu
Forwarded from Sys-Admin Up (Yevgeniy Goncharov)
Practical bruteforce of military grade AES-1024
https://rc3.world/2021/public_fahrplan#3c5f6844-cdc8-5a1a-a342-d93b43546a82
Flagpro: The new malware used by BlackTech
https://insight-jp.nttsecurity.com/post/102hf3q/flagpro-the-new-malware-used-by-blacktech
https://rc3.world/2021/public_fahrplan#3c5f6844-cdc8-5a1a-a342-d93b43546a82
Flagpro: The new malware used by BlackTech
https://insight-jp.nttsecurity.com/post/102hf3q/flagpro-the-new-malware-used-by-blacktech
Бот Маша благодарна за Вашу помощь
Бот Маша через меня попросила передать, что благодаря Вашей помощи, у нее теперь больше ресурсов, а на аватар добавился кристалл счастья и звезда дающая + 10 к силе
Соседние боты, молча поддерживают Машу и радуются бОльшему свободному пространству и памяти на обновленном сервере, который обеспечен благодаря Вам ресурсами вплоть до середины 2023 года
От себя же и в целом от всех кому не безразлична судьба Маши, как члена нашего Sys-Admin коммьюнити, желаем Успехов!
Респект тебе, дружище. Peace ✌️
Distrobox is a tool that allows you to create and manage container-based development environments without root privileges.
https://fedoramagazine.org/run-distrobox-on-fedora-linux/
https://fedoramagazine.org/run-distrobox-on-fedora-linux/
Fedora Magazine
Run Distrobox on Fedora Linux - Fedora Magazine
Distrobox is a tool that allows you to create and manage container-based environments without root privileges using podman or docker.
Summary of free and open Sys-Admin activities (2021)
Hello everybody. This year was very interesting and productive for Sys-Admin activities, in generally:
• We had an open IT, Information Security, Dev(Sec)Ops and etc - Open SysConf Conference
• Created and published free Check Windows and Control Configs and Security - CWiCCS PowerShell tool
• Created and Deployed Chat Prettier bot
• Sys-Admin Laboratory reincarnated
• Created many free / open tools and published on GitHub Repositories
• And finally: Sys-Admin BLD free&fast anti-malicious project was started
Try to use BLD for preventig attack, send your feedbacks and take care of yourself, your loved ones and your personal and corporative data.
Thanks to everyone who helped and helps to Sys-Admin Community, who reads the news and gives feedback - Good luck to all of you!
Happy New Year. Sys-Admins POWER, Peace ✌️
Sys-Admin InfoSec pinned « Summary of free and open Sys-Admin activities (2021) Hello everybody. This year was very interesting and productive for Sys-Admin activities, in generally: • We had an open IT, Information Security, Dev(Sec)Ops and etc - Open SysConf Conference • Created…»
Forensic Issues and Techniques to Improve Security in SSD with Flex Capacity Feature
https://arxiv.org/ftp/arxiv/papers/2112/2112.13923.pdf
~
How to Disable Telemetry on Windows 10 and 11
https://www.makeuseof.com/windows-10-11-disable-telemetry/
~
Email Stuck in Exchange On-premises Transport Queues
The problem relates to a date check failure with the change of the new year and it not a failure of the AV engine itself:
https://techcommunity.microsoft.com/t5/exchange-team-blog/email-stuck-in-exchange-on-premises-transport-queues/ba-p/3049447
P.S. thx for one of the link @clevergod ✌️
https://arxiv.org/ftp/arxiv/papers/2112/2112.13923.pdf
~
How to Disable Telemetry on Windows 10 and 11
https://www.makeuseof.com/windows-10-11-disable-telemetry/
~
Email Stuck in Exchange On-premises Transport Queues
The problem relates to a date check failure with the change of the new year and it not a failure of the AV engine itself:
https://techcommunity.microsoft.com/t5/exchange-team-blog/email-stuck-in-exchange-on-premises-transport-queues/ba-p/3049447
P.S. thx for one of the link @clevergod ✌️
MUO
How to Disable Telemetry on Windows 10 and 11
Not a fan of sending usage data to Microsoft? Here's how to disable telemetry on Windows 10 and 11.
Netgear Nighthawk R6700 Multiple Vulnerabilities
https://www.tenable.com/security/research/tra-2021-57
~
HOW TO GET HACKED BY ACCIDENTALLY COPY PASTING
https://www.wizer-training.com/blog/copy-paste
~
Strategically Aged Domain Detection: Capture APT Attacks With DNS Traffic Trends
https://unit42.paloaltonetworks.com/strategically-aged-domain-detection/
~
⚡️ Express inspired web framework written in Go
https://github.com/gofiber/fiber
https://www.tenable.com/security/research/tra-2021-57
~
HOW TO GET HACKED BY ACCIDENTALLY COPY PASTING
https://www.wizer-training.com/blog/copy-paste
~
Strategically Aged Domain Detection: Capture APT Attacks With DNS Traffic Trends
https://unit42.paloaltonetworks.com/strategically-aged-domain-detection/
~
⚡️ Express inspired web framework written in Go
https://github.com/gofiber/fiber
Tenable®
Netgear Nighthawk R6700 Multiple Vulnerabilities
The following security-related issues have been found in the latest available firmware for the Nighthawk R6700v3 AC1750 consumer routing device (1.0.4.120 at the time of this writing).
Malicious Telegram Installer Drops Purple Fox Rootkit
https://blog.minerva-labs.com/malicious-telegram-installer-drops-purple-fox-rootkit
https://blog.minerva-labs.com/malicious-telegram-installer-drops-purple-fox-rootkit
Forwarded from Sys-Admin Up (Yevgeniy Goncharov)
doorLock
A persistent denial of service vulnerability affecting iOS 15.2 - iOS 14.7 (and likely through 14.0), triggered via HomeKit
https://trevorspiniolas.com/doorlock/doorlock.html
A persistent denial of service vulnerability affecting iOS 15.2 - iOS 14.7 (and likely through 14.0), triggered via HomeKit
https://trevorspiniolas.com/doorlock/doorlock.html
Windows Server might experience a black screen, slow sign in, or general slowness
https://docs.microsoft.com/en-us/windows/release-health/status-windows-10-1809-and-windows-server-2019
https://docs.microsoft.com/en-us/windows/release-health/status-windows-10-1809-and-windows-server-2019
Docs
Windows 10, version 1809 and Windows Server 2019 known issues and notifications
View announcements and review known issues and fixes for Windows 10 version 1809 and Windows Server 2019
Bunch of News
~
Persistence without “Persistence”: Meet The Ultimate Persistence Bug – “NoReboot”
https://blog.zecops.com/research/persistence-without-persistence-meet-the-ultimate-persistence-bug-noreboot/
~
Vulnerability in QVPN Service
https://www.qnap.com/en/security-advisory/qsa-21-61
~
A New Web Skimmer Campaign Targets Real Estate Websites Through Attacking Cloud Video Distribution Supply Chain
https://unit42.paloaltonetworks.com/web-skimmer-video-distribution
~
VMware Workstation, Fusion and ESXi updates address a heap-overflow vulnerability (CVE-2021-22045)
https://www.vmware.com/security/advisories/VMSA-2022-0001.html
~
New Zloader Campaign exploits Microsoft’s Signature Verification putting users at risk
https://research.checkpoint.com/2022/can-you-trust-a-files-digital-signature-new-zloader-campaign-exploits-microsofts-signature-verification-putting-users-at-risk/
~
Vulnerability in Apache HTTP Server
Security researchers have discovered a buffer overflow vulnerability (CVE-2021-44790) in Apache HTTP Server. Successful exploitation could allow an attacker to perform a remote code execution attack.
https://www.csa.gov.sg/singcert/Alerts/al-2022-072
~
Persistence without “Persistence”: Meet The Ultimate Persistence Bug – “NoReboot”
https://blog.zecops.com/research/persistence-without-persistence-meet-the-ultimate-persistence-bug-noreboot/
~
Vulnerability in QVPN Service
https://www.qnap.com/en/security-advisory/qsa-21-61
~
A New Web Skimmer Campaign Targets Real Estate Websites Through Attacking Cloud Video Distribution Supply Chain
https://unit42.paloaltonetworks.com/web-skimmer-video-distribution
~
VMware Workstation, Fusion and ESXi updates address a heap-overflow vulnerability (CVE-2021-22045)
https://www.vmware.com/security/advisories/VMSA-2022-0001.html
~
New Zloader Campaign exploits Microsoft’s Signature Verification putting users at risk
https://research.checkpoint.com/2022/can-you-trust-a-files-digital-signature-new-zloader-campaign-exploits-microsofts-signature-verification-putting-users-at-risk/
~
Vulnerability in Apache HTTP Server
Security researchers have discovered a buffer overflow vulnerability (CVE-2021-44790) in Apache HTTP Server. Successful exploitation could allow an attacker to perform a remote code execution attack.
https://www.csa.gov.sg/singcert/Alerts/al-2022-072
Jamf
Jamf Threat Labs | Blog
Patchwork APT caught in its own web
Patchwork is an Indian threat actor that has been active since December 2015 and usually targets Pakistan via spear phishing attacks. In its most recent campaign from late November to early December 2021, Patchwork has used malicious RTF files to drop a variant of the BADNEWS (Ragnatela) Remote Administration Trojan (RAT).
What is interesting among victims of this latest campaign, is that the actor has for the first time targeted several faculty members whose research focus is on molecular medicine and biological science.
https://blog.malwarebytes.com/threat-intelligence/2022/01/patchwork-apt-caught-in-its-own-web/
Patchwork is an Indian threat actor that has been active since December 2015 and usually targets Pakistan via spear phishing attacks. In its most recent campaign from late November to early December 2021, Patchwork has used malicious RTF files to drop a variant of the BADNEWS (Ragnatela) Remote Administration Trojan (RAT).
What is interesting among victims of this latest campaign, is that the actor has for the first time targeted several faculty members whose research focus is on molecular medicine and biological science.
https://blog.malwarebytes.com/threat-intelligence/2022/01/patchwork-apt-caught-in-its-own-web/
ThreatDown by Malwarebytes
Patchwork APT caught in its own web
Patchwork is an Indian threat actor that has been active since December 2015 and usually targets Pakistan via spear phishing attacks….