Practical bruteforce of military grade AES-1024

https://rc3.world/2021/public_fahrplan#3c5f6844-cdc8-5a1a-a342-d93b43546a82

Flagpro: The new malware used by BlackTech

https://insight-jp.nttsecurity.com/post/102hf3q/flagpro-the-new-malware-used-by-blacktech

 
Бот Маша благодарна за Вашу помощь

Бот Маша через меня попросила передать, что благодаря Вашей помощи, у нее теперь больше ресурсов, а на аватар добавился кристалл счастья и звезда дающая + 10 к силе

Соседние боты, молча поддерживают Машу и радуются бОльшему свободному пространству и памяти на обновленном сервере, который обеспечен благодаря Вам ресурсами вплоть до середины 2023 года

От себя же и в целом от всех кому не безразлична судьба Маши, как члена нашего Sys-Admin коммьюнити, желаем Успехов!

Респект тебе, дружище. Peace ✌️
 

Implant.ARM.iLOBleed.a

https://threats.amnpardaz.com/en/2021/12/28/implant-arm-ilobleed-a/

Distrobox is a tool that allows you to create and manage container-based development environments without root privileges.

https://fedoramagazine.org/run-distrobox-on-fedora-linux/

 
Summary of free and open Sys-Admin activities (2021)

Hello everybody. This year was very interesting and productive for Sys-Admin activities, in generally:

• We had an open IT, Information Security, Dev(Sec)Ops and etc - Open SysConf Conference
• Created and published free Check Windows and Control Configs and Security - CWiCCS PowerShell tool
• Created and Deployed Chat Prettier bot
• Sys-Admin Laboratory reincarnated
• Created many free / open tools and published on GitHub Repositories
• And finally: Sys-Admin BLD free&fast anti-malicious project was started

Try to use BLD for preventig attack, send your feedbacks and take care of yourself, your loved ones and your personal and corporative data.

Thanks to everyone who helped and helps to Sys-Admin Community, who reads the news and gives feedback - Good luck to all of you!

Happy New Year. Sys-Admins POWER, Peace ✌️

Forensic Issues and Techniques to Improve Security in SSD with Flex Capacity Feature

https://arxiv.org/ftp/arxiv/papers/2112/2112.13923.pdf

~
How to Disable Telemetry on Windows 10 and 11

https://www.makeuseof.com/windows-10-11-disable-telemetry/

~
Email Stuck in Exchange On-premises Transport Queues

The problem relates to a date check failure with the change of the new year and it not a failure of the AV engine itself:

https://techcommunity.microsoft.com/t5/exchange-team-blog/email-stuck-in-exchange-on-premises-transport-queues/ba-p/3049447

P.S. thx for one of the link @clevergod ✌️

Netgear Nighthawk R6700 Multiple Vulnerabilities

https://www.tenable.com/security/research/tra-2021-57

~
HOW TO GET HACKED BY ACCIDENTALLY COPY PASTING

https://www.wizer-training.com/blog/copy-paste

~
Strategically Aged Domain Detection: Capture APT Attacks With DNS Traffic Trends

https://unit42.paloaltonetworks.com/strategically-aged-domain-detection/

~
⚡️ Express inspired web framework written in Go

https://github.com/gofiber/fiber

doorLock

A persistent denial of service vulnerability affecting iOS 15.2 - iOS 14.7 (and likely through 14.0), triggered via HomeKit

https://trevorspiniolas.com/doorlock/doorlock.html

Windows Server might experience a black screen, slow sign in, or general slowness

https://docs.microsoft.com/en-us/windows/release-health/status-windows-10-1809-and-windows-server-2019

Bunch of News

~
Persistence without “Persistence”: Meet The Ultimate Persistence Bug – “NoReboot”

https://blog.zecops.com/research/persistence-without-persistence-meet-the-ultimate-persistence-bug-noreboot/

~
Vulnerability in QVPN Service

https://www.qnap.com/en/security-advisory/qsa-21-61

~
A New Web Skimmer Campaign Targets Real Estate Websites Through Attacking Cloud Video Distribution Supply Chain

https://unit42.paloaltonetworks.com/web-skimmer-video-distribution

~
VMware Workstation, Fusion and ESXi updates address a heap-overflow vulnerability (CVE-2021-22045)

https://www.vmware.com/security/advisories/VMSA-2022-0001.html

~
New Zloader Campaign exploits Microsoft’s Signature Verification putting users at risk

https://research.checkpoint.com/2022/can-you-trust-a-files-digital-signature-new-zloader-campaign-exploits-microsofts-signature-verification-putting-users-at-risk/

~
Vulnerability in Apache HTTP Server

Security researchers have discovered a buffer overflow vulnerability (CVE-2021-44790) in Apache HTTP Server. Successful exploitation could allow an attacker to perform a remote code execution attack.

https://www.csa.gov.sg/singcert/Alerts/al-2022-072

Patchwork APT caught in its own web

Patchwork is an Indian threat actor that has been active since December 2015 and usually targets Pakistan via spear phishing attacks. In its most recent campaign from late November to early December 2021, Patchwork has used malicious RTF files to drop a variant of the BADNEWS (Ragnatela) Remote Administration Trojan (RAT).

What is interesting among victims of this latest campaign, is that the actor has for the first time targeted several faculty members whose research focus is on molecular medicine and biological science.

https://blog.malwarebytes.com/threat-intelligence/2022/01/patchwork-apt-caught-in-its-own-web/

WordPress Security Release

This security release features four security fixes. Because this is a security release, it is recommended that you update your sites immediately. All versions since WordPress 3.7 have also been updated.

https://wordpress.org/news/2022/01/wordpress-5-8-3-security-release/

Abcbot - An Evolution of Xanthe

The malware was named Xanthe and its main purpose is to hijack the resources of a compromised host to mine cryptocurrency.

https://www.cadosecurity.com/abcbot-an-evolution-of-xanthe/

~
Would You Exchange Your Security for a Gift Card?

This letter was supposedly from Best Buy giving out a $50 gift card to its loyal customers. Included in this letter is seemingly a USB drive that claims to contain a list of items to spend on…

Bad USB as phisycal attachment)

https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/would-you-exchange-your-security-for-a-gift-card/

New macOS vulnerability, “powerdir,” could lead to unauthorized user data access

https://www.microsoft.com/security/blog/2022/01/10/new-macos-vulnerability-powerdir-could-lead-to-unauthorized-user-data-access/

~
Linux version of AvosLocker ransomware targets VMware ESXi servers

https://www.bleepingcomputer.com/news/security/linux-version-of-avoslocker-ransomware-targets-vmware-esxi-servers/

CVE-2021-45608 | NetUSB RCE Flaw in Millions of End User Routers

https://www.sentinelone.com/labs/cve-2021-45608-netusb-rce-flaw-in-millions-of-end-user-routers/

CVE-2021-20038..42: SonicWall SMA 100 Multiple Vulnerabilities

Over the course of routine security research, Rapid7 researcher Jake Baines discovered and reported five vulnerabilities involving the SonicWall Secure Mobile Access (SMA) 100 series of devices, which includes SMA 200, 210, 400, 410, and 500v. The most serious of these issues can lead to unauthenticated remote code execution (RCE) on affected devices.

https://www.rapid7.com/blog/post/2022/01/11/cve-2021-20038-42-sonicwall-sma-100-multiple-vulnerabilities-fixed-2/

Microsoft January 2022 Patch Tuesday: Six zero-days, over 90 vulnerabilities fixed

Microsoft has released 96 security fixes including updates to address six zero-day vulnerabilities.

https://www.zdnet.com/article/microsoft-january-2022-patch-tuesday-six-zero-days-over-90-vulnerabilities-fixed/

~
SAP Security Patch Day – January 2022

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=596902035

New SysJoker Backdoor Targets Windows, Linux, and macOS

Malware targeting multiple operating systems has become no exception in the malware threat landscape. Vermilion Strike, which was documented just last September, is among the latest examples until now

https://www.intezer.com/blog/malware-analysis/new-backdoor-sysjoker/

KNOWN EXPLOITED VULNERABILITIES CATALOG from CISA

https://www.cisa.gov/known-exploited-vulnerabilities-catalog

~
Siemens multiple Vulnerabilities

https://new.siemens.com/global/en/products/services/cert.html#SecurityPublications

~
Night Sky is the latest ransomware targeting corporate networks

https://www.bleepingcomputer.com/news/security/night-sky-is-the-latest-ransomware-targeting-corporate-networks/

~
From User to Domain Admin in (less than) 60 seconds: CVE-2021-42278/CVE-2021-42287

https://www.fortinet.com/blog/threat-research/cve-2021-42278-cve-2021-42287-from-user-to-domain-admin-60-seconds

~
APT35 exploits Log4j vulnerability to distribute new modular PowerShell toolkit

In this article, we share the details of the latest attacks by APT35 exploiting the Log4j vulnerability and analyze their post-exploitation activities including the new modular PowerShell-based framework dubbed CharmPower, used to establish persistence, gather information, and execute commands.

https://research.checkpoint.com/2022/apt35-exploits-log4j-vulnerability-to-distribute-new-modular-powershell-toolkit/