New macOS vulnerability, “powerdir,” could lead to unauthorized user data access
https://www.microsoft.com/security/blog/2022/01/10/new-macos-vulnerability-powerdir-could-lead-to-unauthorized-user-data-access/
~
Linux version of AvosLocker ransomware targets VMware ESXi servers
https://www.bleepingcomputer.com/news/security/linux-version-of-avoslocker-ransomware-targets-vmware-esxi-servers/
https://www.microsoft.com/security/blog/2022/01/10/new-macos-vulnerability-powerdir-could-lead-to-unauthorized-user-data-access/
~
Linux version of AvosLocker ransomware targets VMware ESXi servers
https://www.bleepingcomputer.com/news/security/linux-version-of-avoslocker-ransomware-targets-vmware-esxi-servers/
Microsoft News
New macOS vulnerability, “powerdir,” could lead to unauthorized user data access
A new macOS vulnerability, “powerdir,” could allow an attacker to bypass the operating system’s TCC technology and gain unauthorized access to a user’s protected data. We shared our findings with Apple through Coordinated Vulnerability Disclosure (CVD) and…
CVE-2021-45608 | NetUSB RCE Flaw in Millions of End User Routers
https://www.sentinelone.com/labs/cve-2021-45608-netusb-rce-flaw-in-millions-of-end-user-routers/
https://www.sentinelone.com/labs/cve-2021-45608-netusb-rce-flaw-in-millions-of-end-user-routers/
SentinelOne
CVE-2021-45608 | NetUSB RCE Flaw in Millions of End User Routers
SentinelLabs has discovered a high severity flaw in NetUSB which could be remotely exploited to execute code in the kernel.
CVE-2021-20038..42: SonicWall SMA 100 Multiple Vulnerabilities
Over the course of routine security research, Rapid7 researcher Jake Baines discovered and reported five vulnerabilities involving the SonicWall Secure Mobile Access (SMA) 100 series of devices, which includes SMA 200, 210, 400, 410, and 500v. The most serious of these issues can lead to unauthenticated remote code execution (RCE) on affected devices.
https://www.rapid7.com/blog/post/2022/01/11/cve-2021-20038-42-sonicwall-sma-100-multiple-vulnerabilities-fixed-2/
Over the course of routine security research, Rapid7 researcher Jake Baines discovered and reported five vulnerabilities involving the SonicWall Secure Mobile Access (SMA) 100 series of devices, which includes SMA 200, 210, 400, 410, and 500v. The most serious of these issues can lead to unauthenticated remote code execution (RCE) on affected devices.
https://www.rapid7.com/blog/post/2022/01/11/cve-2021-20038-42-sonicwall-sma-100-multiple-vulnerabilities-fixed-2/
Rapid7
CVE-2021-20038..42: SonicWall SMA 100 Multiple Vulnerabilities (FIXED) | Rapid7 Blog
Rapid7 researcher Jake Baines discovered and reported five vulnerabilities involving the SonicWall Secure Mobile Access (SMA) 100 series of devices.
Microsoft January 2022 Patch Tuesday: Six zero-days, over 90 vulnerabilities fixed
Microsoft has released 96 security fixes including updates to address six zero-day vulnerabilities.
https://www.zdnet.com/article/microsoft-january-2022-patch-tuesday-six-zero-days-over-90-vulnerabilities-fixed/
~
SAP Security Patch Day – January 2022
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=596902035
Microsoft has released 96 security fixes including updates to address six zero-day vulnerabilities.
https://www.zdnet.com/article/microsoft-january-2022-patch-tuesday-six-zero-days-over-90-vulnerabilities-fixed/
~
SAP Security Patch Day – January 2022
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=596902035
ZDNet
Microsoft January 2022 Patch Tuesday: Six zero-days, over 90 vulnerabilities fixed
This month's round of security fixes includes patches for publicly-known remote code execution bugs.
New SysJoker Backdoor Targets Windows, Linux, and macOS
Malware targeting multiple operating systems has become no exception in the malware threat landscape. Vermilion Strike, which was documented just last September, is among the latest examples until now
https://www.intezer.com/blog/malware-analysis/new-backdoor-sysjoker/
Malware targeting multiple operating systems has become no exception in the malware threat landscape. Vermilion Strike, which was documented just last September, is among the latest examples until now
https://www.intezer.com/blog/malware-analysis/new-backdoor-sysjoker/
Intezer
New SysJoker Backdoor Targets Windows, Linux, and macOS
Malware targeting multiple operating systems has become no exception in the malware threat landscape. Vermilion Strike, which was documented just last September, is among the latest examples until now. In December 2021, we discovered a new multi-platform…
KNOWN EXPLOITED VULNERABILITIES CATALOG from CISA
https://www.cisa.gov/known-exploited-vulnerabilities-catalog
~
Siemens multiple Vulnerabilities
https://new.siemens.com/global/en/products/services/cert.html#SecurityPublications
~
Night Sky is the latest ransomware targeting corporate networks
https://www.bleepingcomputer.com/news/security/night-sky-is-the-latest-ransomware-targeting-corporate-networks/
~
From User to Domain Admin in (less than) 60 seconds: CVE-2021-42278/CVE-2021-42287
https://www.fortinet.com/blog/threat-research/cve-2021-42278-cve-2021-42287-from-user-to-domain-admin-60-seconds
~
APT35 exploits Log4j vulnerability to distribute new modular PowerShell toolkit
In this article, we share the details of the latest attacks by APT35 exploiting the Log4j vulnerability and analyze their post-exploitation activities including the new modular PowerShell-based framework dubbed CharmPower, used to establish persistence, gather information, and execute commands.
https://research.checkpoint.com/2022/apt35-exploits-log4j-vulnerability-to-distribute-new-modular-powershell-toolkit/
https://www.cisa.gov/known-exploited-vulnerabilities-catalog
~
Siemens multiple Vulnerabilities
https://new.siemens.com/global/en/products/services/cert.html#SecurityPublications
~
Night Sky is the latest ransomware targeting corporate networks
https://www.bleepingcomputer.com/news/security/night-sky-is-the-latest-ransomware-targeting-corporate-networks/
~
From User to Domain Admin in (less than) 60 seconds: CVE-2021-42278/CVE-2021-42287
https://www.fortinet.com/blog/threat-research/cve-2021-42278-cve-2021-42287-from-user-to-domain-admin-60-seconds
~
APT35 exploits Log4j vulnerability to distribute new modular PowerShell toolkit
In this article, we share the details of the latest attacks by APT35 exploiting the Log4j vulnerability and analyze their post-exploitation activities including the new modular PowerShell-based framework dubbed CharmPower, used to establish persistence, gather information, and execute commands.
https://research.checkpoint.com/2022/apt35-exploits-log4j-vulnerability-to-distribute-new-modular-powershell-toolkit/
Cybersecurity and Infrastructure Security Agency CISA
Known Exploited Vulnerabilities Catalog | CISA
For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the…
Bunch of News
~
Attacking RDP from Inside: How we abused named pipes for smart-card hijacking, unauthorized file system access to client machines and more
https://www.cyberark.com/resources/threat-research-blog/attacking-rdp-from-inside
~
IP spoofing bug leaves Django REST applications open to DDoS, password-cracking attacks
https://portswigger.net/daily-swig/ip-spoofing-bug-leaves-django-rest-applications-open-to-ddos-password-cracking-attacks
~
Coming Soon: New Security Update Guide Notification System
https://msrc-blog.microsoft.com/2022/01/11/coming-soon-new-security-update-guide-notification-system/
~
KB5009543 - January 11, 2022 Breaks L2TP VPN Connections
https://www.reddit.com/r/sysadmin/comments/s1oqv8/kb5009543_january_11_2022_breaks_l2tp_vpn/
~
About the security content of iOS 15.2.1 and iPadOS 15.2.1
https://support.apple.com/en-us/HT213043
~
Security Vulnerabilities fixed in Firefox 96
https://www.mozilla.org/en-US/security/advisories/mfsa2022-01/
~
CVE-2021-4204: Linux Kernel eBPF Improper Input Validation Vulnerability
https://www.openwall.com/lists/oss-security/2022/01/11/4
~
January updates causing unexpected reboots on domain controllers
Looks like KB5009557 (2019) and KB5009555 (2022) are causing something to fail on domain controllers, which then keep rebooting every few minutes.
https://www.reddit.com/r/sysadmin/comments/s21ae1/january_updates_causing_unexpected_reboots_on/
~
CVE-2021-3997: Uncontrolled recursion in systemd's systemd-tmpfiles
https://www.openwall.com/lists/oss-security/2022/01/10/2
~
Attacking RDP from Inside: How we abused named pipes for smart-card hijacking, unauthorized file system access to client machines and more
https://www.cyberark.com/resources/threat-research-blog/attacking-rdp-from-inside
~
IP spoofing bug leaves Django REST applications open to DDoS, password-cracking attacks
https://portswigger.net/daily-swig/ip-spoofing-bug-leaves-django-rest-applications-open-to-ddos-password-cracking-attacks
~
Coming Soon: New Security Update Guide Notification System
https://msrc-blog.microsoft.com/2022/01/11/coming-soon-new-security-update-guide-notification-system/
~
KB5009543 - January 11, 2022 Breaks L2TP VPN Connections
https://www.reddit.com/r/sysadmin/comments/s1oqv8/kb5009543_january_11_2022_breaks_l2tp_vpn/
~
About the security content of iOS 15.2.1 and iPadOS 15.2.1
https://support.apple.com/en-us/HT213043
~
Security Vulnerabilities fixed in Firefox 96
https://www.mozilla.org/en-US/security/advisories/mfsa2022-01/
~
CVE-2021-4204: Linux Kernel eBPF Improper Input Validation Vulnerability
https://www.openwall.com/lists/oss-security/2022/01/11/4
~
January updates causing unexpected reboots on domain controllers
Looks like KB5009557 (2019) and KB5009555 (2022) are causing something to fail on domain controllers, which then keep rebooting every few minutes.
https://www.reddit.com/r/sysadmin/comments/s21ae1/january_updates_causing_unexpected_reboots_on/
~
CVE-2021-3997: Uncontrolled recursion in systemd's systemd-tmpfiles
https://www.openwall.com/lists/oss-security/2022/01/10/2
Cyberark
Attacking RDP from Inside: How we abused named pipes for smart-card hijacking, unauthorized file system access to client machines…
In this blog post we are going to discuss the details of a vulnerability in Windows Remote Desktop Services, which we recently uncovered. We reported the vulnerability to Microsoft in a...
Nanocore, Netwire and AsyncRAT spreading campaign uses public cloud infrastructure
In short: Azure, AWS are participants in malicious attacks and the spread of malware software:
PoC
https://blog.talosintelligence.com/2022/01/nanocore-netwire-and-asyncrat-spreading.html
Up
BLD Service
Addresses fro this article will be added to BLD service
What is BLD service - this is light and fast and free malicious prevention service from Sys-Admin, details:
lab.sys-adm.in
In short: Azure, AWS are participants in malicious attacks and the spread of malware software:
PoC
https://blog.talosintelligence.com/2022/01/nanocore-netwire-and-asyncrat-spreading.html
Up
BLD Service
Addresses fro this article will be added to BLD service
What is BLD service - this is light and fast and free malicious prevention service from Sys-Admin, details:
lab.sys-adm.in
Cisco Talos Blog
Nanocore, Netwire and AsyncRAT spreading campaign uses public cloud infrastructure
* Cisco Talos discovered a malicious campaign in October 2021 delivering variants of Nanocore, Netwire and AsyncRATs targeting user's information.
* According to Cisco Secure product telemetry, the victims of this campaign are primarily distributed across…
* According to Cisco Secure product telemetry, the victims of this campaign are primarily distributed across…
Forwarded from Sys-Admin Up (Yevgeniy Goncharov)
~RU
Обновление Simple DNS-TESTER тулзы - BASH Spinner
Прекрасный и простой пример того, как можно анимировать некий прогресс / оживить процесс работы скрипта:
https://github.com/m0zgen/dns-tester/raw/master/docs/test-dns.gif
Теперь во время работы скрипта отображается прокрутка связання с прогрессом проверки доменных имен.
DNS-TESTER - bash скрипт для проверки и вычисления средней скорости ответа DNS серверов указанных в специальном списке
~ EN
Updating Simple DNS-TESTER tools - BASH Spinner added
Take a look at a simple example of how you can animate a certain progress / animate the process of a noscript
Now, while the noscript is running, a scroll appears related to the progress of domain names verification.
DNS-TESTER - bash noscript for testing and high speed response of a DNS server in a special list
Обновление Simple DNS-TESTER тулзы - BASH Spinner
Прекрасный и простой пример того, как можно анимировать некий прогресс / оживить процесс работы скрипта:
https://github.com/m0zgen/dns-tester/raw/master/docs/test-dns.gif
Теперь во время работы скрипта отображается прокрутка связання с прогрессом проверки доменных имен.
DNS-TESTER - bash скрипт для проверки и вычисления средней скорости ответа DNS серверов указанных в специальном списке
~ EN
Updating Simple DNS-TESTER tools - BASH Spinner added
Take a look at a simple example of how you can animate a certain progress / animate the process of a noscript
Now, while the noscript is running, a scroll appears related to the progress of domain names verification.
DNS-TESTER - bash noscript for testing and high speed response of a DNS server in a special list
Hackers Are Compromising Employees of Law and Accounting Firms, Warns eSentire
GootLoader Gang Launches Wide-Spread Cyberattacks Enticing Legal and Accounting Employees to Download Malware
https://www.esentire.com/security-advisories/gootloader-hackers-are-compromising-employees-of-law-firms-and-accounting-agencies-warns-esentire
~
Firefox browser is suddenly failing to load websites [U: Fixed]
https://9to5mac.com/2022/01/13/firefox-browser-suddenly-failing-to-load-websites-this-morning-heres-the-fix/
~
NetworkManager 1.34 Arrives with Better WireGuard Support, Many Improvements
https://9to5linux.com/networkmanager-1-34-arrives-with-better-wireguard-support-many-improvements
~
Windows Server: January 2022 security updates are causing DC boot loop
https://borncity.com/win/2022/01/12/windows-server-januar-2022-sicherheitsupdates-verursachen-boot-schleife/
https://www.reddit.com/r/sysadmin/comments/s24o7k/kb5009624_breaks_hyperv/
GootLoader Gang Launches Wide-Spread Cyberattacks Enticing Legal and Accounting Employees to Download Malware
https://www.esentire.com/security-advisories/gootloader-hackers-are-compromising-employees-of-law-firms-and-accounting-agencies-warns-esentire
~
Firefox browser is suddenly failing to load websites [U: Fixed]
https://9to5mac.com/2022/01/13/firefox-browser-suddenly-failing-to-load-websites-this-morning-heres-the-fix/
~
NetworkManager 1.34 Arrives with Better WireGuard Support, Many Improvements
https://9to5linux.com/networkmanager-1-34-arrives-with-better-wireguard-support-many-improvements
~
Windows Server: January 2022 security updates are causing DC boot loop
https://borncity.com/win/2022/01/12/windows-server-januar-2022-sicherheitsupdates-verursachen-boot-schleife/
https://www.reddit.com/r/sysadmin/comments/s24o7k/kb5009624_breaks_hyperv/
eSentire
GootLoader Hackers Are Compromising Employees of Law and Accounting…
GootLoader Gang Launches Wide-Spread Cyberattacks Enticing Legal and Accounting Employees to Download Malware eSentire , the industry’s leading Managed…
XFS file system vulnerability CVE-2021-4155: what it is and how to fix it
https://www.virtuozzo.com/company/blog/xfs-file-system-vulnerability-cve-2021-4155/
~
BreakingFormation: Orca Security Research Team Discovers AWS CloudFormation Vulnerability
https://orca.security/resources/blog/aws-cloudformation-vulnerability/
~
Linux-Targeted Malware Increases by 35% in 2021: XorDDoS, Mirai and Mozi Most Prevalent
https://www.crowdstrike.com/blog/linux-targeted-malware-increased-by-35-percent-in-2021/
~
CVE-2021-4122: cryptsetup 2.x: decryption through LUKS2 reencryption
https://www.openwall.com/lists/oss-security/2022/01/13/2
~
New Intel chips won't play Blu-ray disks due to SGX deprecation
https://www.bleepingcomputer.com/news/security/new-intel-chips-wont-play-blu-ray-disks-due-to-sgx-deprecation/
~
Ransomware targets Edge users
https://blog.malwarebytes.com/threat-intelligence/2022/01/ransomware-targets-edge-users/
~
EXPLOITING URL PARSING CONFUSION
https://news.1rj.ru/str/sysadm_in_up/995
https://www.virtuozzo.com/company/blog/xfs-file-system-vulnerability-cve-2021-4155/
~
BreakingFormation: Orca Security Research Team Discovers AWS CloudFormation Vulnerability
https://orca.security/resources/blog/aws-cloudformation-vulnerability/
~
Linux-Targeted Malware Increases by 35% in 2021: XorDDoS, Mirai and Mozi Most Prevalent
https://www.crowdstrike.com/blog/linux-targeted-malware-increased-by-35-percent-in-2021/
~
CVE-2021-4122: cryptsetup 2.x: decryption through LUKS2 reencryption
https://www.openwall.com/lists/oss-security/2022/01/13/2
~
New Intel chips won't play Blu-ray disks due to SGX deprecation
https://www.bleepingcomputer.com/news/security/new-intel-chips-wont-play-blu-ray-disks-due-to-sgx-deprecation/
~
Ransomware targets Edge users
https://blog.malwarebytes.com/threat-intelligence/2022/01/ransomware-targets-edge-users/
~
EXPLOITING URL PARSING CONFUSION
https://news.1rj.ru/str/sysadm_in_up/995
Virtuozzo Blog | News & insights for cloud service providers
XFS file system vulnerability CVE-2021-4155: what it is and how to fix it
Virtuozzo R&D team has identified and fixed a vulnerability in the XFS file system, the default file system for #RHEL. Please make sure your Linux environments are safe!
Changes news: Sys-Admin BLD service enabled both 443, 8443 for DoH dns-query ports
Hey, today I'm happy to say that I have new changes on Sys-Admin BLD services, now you can use this DoH service on two different modes:
•
or
•
This is two modes that will work!
How you can setup your browser or another devise for DoH you can read on BLD WIKI page
Notes:
• This mode will be added to Sys-Admin "black-box" service in the next BLD release
• Maybe 8443 mode will be deprecated in the BLD service
Comment from BLD author (@sysadm_in_channel owner):
• If are you thinking about of your privacy or are you think about of security of your devices or networks, try to use open and free BLD service, and you will see the effect of clean internet instantly 🙂
P.S. About of BLD service on Russian - https://news.1rj.ru/str/sysadm_in_up/996
Changes news: Sys-Admin BLD service enabled both 443, 8443 for DoH dns-query ports
Hey, today I'm happy to say that I have new changes on Sys-Admin BLD services, now you can use this DoH service on two different modes:
•
https://bld.sys-adm.in/dns-queryor
•
https://bld.sys-adm.in:8443/dns-queryThis is two modes that will work!
How you can setup your browser or another devise for DoH you can read on BLD WIKI page
Notes:
• This mode will be added to Sys-Admin "black-box" service in the next BLD release
• Maybe 8443 mode will be deprecated in the BLD service
Comment from BLD author (@sysadm_in_channel owner):
• If are you thinking about of your privacy or are you think about of security of your devices or networks, try to use open and free BLD service, and you will see the effect of clean internet instantly 🙂
P.S. About of BLD service on Russian - https://news.1rj.ru/str/sysadm_in_up/996
Sys-Admin InfoSec pinned « Changes news: Sys-Admin BLD service enabled both 443, 8443 for DoH dns-query ports Hey, today I'm happy to say that I have new changes on Sys-Admin BLD services, now you can use this DoH service on two different modes: • https://bld.sys-adm.in/dns-query…»
Oracle Critical Patch Update Pre-Release Announcement - January 2022
https://www.oracle.com/security-alerts/cpujan2022.html
~
Safari 15 IndexedDB Leaks
What is this vulnerability and who is affected? You can test this demo on all affected browsers: Safari 15 on macOS, or any browser on iOS and iPadOS 15
The demo illustrates how any website can learn a visitor's recent and current browsing activity (websites visited in different tabs or windows) using this leak. For visitors, logged into Google services, this demo can also leak Google User IDs and profile pictures.
https://safarileaks.com/
😡 it is work on macOS Monterey 12.2 with Safari 15.3
up
Exploiting IndexedDB API information leaks in Safari 15
https://fingerprintjs.com/blog/indexeddb-api-browser-vulnerability-safari-15/
~
5 Alternative Ways to Change Your DNS Server in Windows 11
https://www.makeuseof.com/windows-11-alternate-ways-change-dns-server-settings/
~
Transferring Selinux Settings To Another System With Semanage
Use the following steps for transferring your custom and verified SELinux settings between RHEL 9-based systems.
https://access.redhat.com/documentation/jajp/red_hat_enterprise_linux/9-beta/html/using_selinux/transferring-selinux-settings-to-another-system-with-semanage_using-selinux
https://www.oracle.com/security-alerts/cpujan2022.html
~
Safari 15 IndexedDB Leaks
What is this vulnerability and who is affected? You can test this demo on all affected browsers: Safari 15 on macOS, or any browser on iOS and iPadOS 15
The demo illustrates how any website can learn a visitor's recent and current browsing activity (websites visited in different tabs or windows) using this leak. For visitors, logged into Google services, this demo can also leak Google User IDs and profile pictures.
https://safarileaks.com/
😡 it is work on macOS Monterey 12.2 with Safari 15.3
up
Exploiting IndexedDB API information leaks in Safari 15
https://fingerprintjs.com/blog/indexeddb-api-browser-vulnerability-safari-15/
~
5 Alternative Ways to Change Your DNS Server in Windows 11
https://www.makeuseof.com/windows-11-alternate-ways-change-dns-server-settings/
~
Transferring Selinux Settings To Another System With Semanage
Use the following steps for transferring your custom and verified SELinux settings between RHEL 9-based systems.
https://access.redhat.com/documentation/jajp/red_hat_enterprise_linux/9-beta/html/using_selinux/transferring-selinux-settings-to-another-system-with-semanage_using-selinux
Safarileaks
Safari 15 IndexedDB Leaks
Information leaks resulting from an IndexedDB same-origin policy violation in WebKit (a browser engine primarily used in Safari, as well as all iOS and iPadOS web browsers).
/ Igor leaving from NGINX
https://www.nginx.com/blog/do-svidaniya-igor-thank-you-for-nginx/
/ Mixed Messages: Busting Box’s MFA Methods
Varonis Threat Labs discovered a way to bypass multi-factor authentication (MFA) for Box accounts that use an SMS code for login verification.
https://www.varonis.com/blog/box-mfa-bypass-sms
P.S. thx for the link dear subscriber ✌️
https://www.nginx.com/blog/do-svidaniya-igor-thank-you-for-nginx/
/ Mixed Messages: Busting Box’s MFA Methods
Varonis Threat Labs discovered a way to bypass multi-factor authentication (MFA) for Box accounts that use an SMS code for login verification.
https://www.varonis.com/blog/box-mfa-bypass-sms
P.S. thx for the link dear subscriber ✌️
/ Linux kernel: Heap buffer overflow in fs_context.c since version 5.1
- https://www.openwall.com/lists/oss-security/2022/01/18/7
- CVE-2022-0185 (demo) - https://github.com/Crusaders-of-Rust/CVE-2022-0185
/ GitHub Actions flaw that allowed code to be approved without review is addressed with new feature rollout
- https://portswigger.net/daily-swig/github-actions-flaw-that-allowed-code-to-be-approved-without-review-is-addressed-with-new-feature-rollout
- https://www.openwall.com/lists/oss-security/2022/01/18/7
- CVE-2022-0185 (demo) - https://github.com/Crusaders-of-Rust/CVE-2022-0185
/ GitHub Actions flaw that allowed code to be approved without review is addressed with new feature rollout
- https://portswigger.net/daily-swig/github-actions-flaw-that-allowed-code-to-be-approved-without-review-is-addressed-with-new-feature-rollout
GitHub
GitHub - Crusaders-of-Rust/CVE-2022-0185: CVE-2022-0185
CVE-2022-0185. Contribute to Crusaders-of-Rust/CVE-2022-0185 development by creating an account on GitHub.
/ Choosing between Ansible's copy and template modules
Ansible's copy and template modules are a great way to get started with automation:
https://www.redhat.com/sysadmin/ansibles-copy-template-modules
/ MAKE YOUR PYTHON CLI TOOLS POP WITH RICH
https://hackaday.com/2022/01/19/make-your-python-cli-tools-pop-with-rich/
/ CVE-2021-45467: CWP CentOS Web Panel – preauth RCE
https://octagon.net/blog/2022/01/22/cve-2021-45467-cwp-centos-web-panel-preauth-rce/
/ Backdoor Found in Themes and Plugins from AccessPress Themes
https://jetpack.com/2022/01/18/backdoor-found-in-themes-and-plugins-from-accesspress-themes/
Ansible's copy and template modules are a great way to get started with automation:
https://www.redhat.com/sysadmin/ansibles-copy-template-modules
/ MAKE YOUR PYTHON CLI TOOLS POP WITH RICH
https://hackaday.com/2022/01/19/make-your-python-cli-tools-pop-with-rich/
/ CVE-2021-45467: CWP CentOS Web Panel – preauth RCE
https://octagon.net/blog/2022/01/22/cve-2021-45467-cwp-centos-web-panel-preauth-rce/
/ Backdoor Found in Themes and Plugins from AccessPress Themes
https://jetpack.com/2022/01/18/backdoor-found-in-themes-and-plugins-from-accesspress-themes/
Redhat
Choosing between Ansible's copy and template modules
When it comes to transferring files to a remote system with Ansible, the copy and template modules are great tools for the job. So many things can be don...
/ How BRATA malware is monitoring your bank account
Now, BRATA has new features, a new BRATA variant started circulating last December
PoC
https://www.cleafy.com/cleafy-labs/how-brata-is-monitoring-your-bank-account
/ Linux Foundation launches Open Source Software Development, Linux, and Git certification
- https://www.edx.org/course/open-sourse-software-development-linux-for-developers
- https://www.edx.org/course/linux-tools-for-developers
- https://www.edx.org/course/git-for-distributed-development
Now, BRATA has new features, a new BRATA variant started circulating last December
PoC
https://www.cleafy.com/cleafy-labs/how-brata-is-monitoring-your-bank-account
/ Linux Foundation launches Open Source Software Development, Linux, and Git certification
- https://www.edx.org/course/open-sourse-software-development-linux-for-developers
- https://www.edx.org/course/linux-tools-for-developers
- https://www.edx.org/course/git-for-distributed-development
Cleafy
How BRATA is monitoring your bank account | Cleafy Labs
The mobile banking malware BRATA keeps evolving. Read here the new Technical Report, which explains in detail how it monitors banks account and how to prevent it.
/ Повышение цен на электричество в Европе никак не повлияют на BLD DNS Service
• BLD+ Мотивация и Причины создания (ru)
/ Energy price increases in Europe will not affect the BLD DNS service in any way
• BLD+ Motivations and Reasons for creation (en)
~~~
How you can use BLD in Browsers, Phones, Routers:
• https://github.com/m0zgen/blocky-listener-daemon/wiki
BLD Project Site:
• https://lab.sys-adm.in
P.S. 👋 if you want to donate you can find donate links, in bottom on lab.sys-adm.in site :)
• BLD+ Мотивация и Причины создания (ru)
/ Energy price increases in Europe will not affect the BLD DNS service in any way
• BLD+ Motivations and Reasons for creation (en)
~~~
How you can use BLD in Browsers, Phones, Routers:
• https://github.com/m0zgen/blocky-listener-daemon/wiki
BLD Project Site:
• https://lab.sys-adm.in
P.S. 👋 if you want to donate you can find donate links, in bottom on lab.sys-adm.in site :)
lab.sys-adm.in
Sys-Admin Laboratory
Open Sys-Admin BLD DNS - Focus on information for free with adblocking and implicit cybersecurity threat prevention.
Watering hole deploys new macOS malware, DazzleSpy, in Asia
https://www.welivesecurity.com/2022/01/25/watering-hole-deploys-new-macos-malware-dazzlespy-asia/
https://www.welivesecurity.com/2022/01/25/watering-hole-deploys-new-macos-malware-dazzlespy-asia/
WeLiveSecurity
Watering hole deploys new macOS malware, DazzleSpy, in Asia
The website of a Hong Kong pro-democracy radio station was compromised to serve a Safari exploit that installed cyberespionage malware on visitors’ Macs.
DTPacker – a .NET Packer with a Curious Password
In this blog, we describe a two-stage commodity .NET packer or downloader which although seeing considerable variety in the first stage, uses a second stage with a fixed password as part of the decoding. The main difference between a packer and a downloader is the location of the payload data which is embedded in the former and downloaded in the latter. DTPacker uses both forms. It is unusual for a piece of malware to be both a packer and downloader. PoC:
https://www.proofpoint.com/us/blog/threat-insight/dtpacker-net-packer-curious-password-1
In this blog, we describe a two-stage commodity .NET packer or downloader which although seeing considerable variety in the first stage, uses a second stage with a fixed password as part of the decoding. The main difference between a packer and a downloader is the location of the payload data which is embedded in the former and downloaded in the latter. DTPacker uses both forms. It is unusual for a piece of malware to be both a packer and downloader. PoC:
https://www.proofpoint.com/us/blog/threat-insight/dtpacker-net-packer-curious-password-1
Proofpoint
DTPacker – a .NET Packer with a Curious Password | Proofpoint US
Key Findings Proofpoint identified a malware packer which researchers have dubbed DTPacker. The payload decoding uses a fixed password containing former U.S. president Donald