~RU
Обновление Simple DNS-TESTER тулзы - BASH Spinner

Прекрасный и простой пример того, как можно анимировать некий прогресс / оживить процесс работы скрипта:
https://github.com/m0zgen/dns-tester/raw/master/docs/test-dns.gif

Теперь во время работы скрипта отображается прокрутка связання с прогрессом проверки доменных имен.

DNS-TESTER - bash скрипт для проверки и вычисления средней скорости ответа DNS серверов указанных в специальном списке

~ EN
Updating Simple DNS-TESTER tools - BASH Spinner added

Take a look at a simple example of how you can animate a certain progress / animate the process of a noscript

Now, while the noscript is running, a scroll appears related to the progress of domain names verification.

DNS-TESTER - bash noscript for testing and high speed response of a DNS server in a special list

Hackers Are Compromising Employees of Law and Accounting Firms, Warns eSentire

GootLoader Gang Launches Wide-Spread Cyberattacks Enticing Legal and Accounting Employees to Download Malware

https://www.esentire.com/security-advisories/gootloader-hackers-are-compromising-employees-of-law-firms-and-accounting-agencies-warns-esentire

~
Firefox browser is suddenly failing to load websites [U: Fixed]

https://9to5mac.com/2022/01/13/firefox-browser-suddenly-failing-to-load-websites-this-morning-heres-the-fix/

~
NetworkManager 1.34 Arrives with Better WireGuard Support, Many Improvements

https://9to5linux.com/networkmanager-1-34-arrives-with-better-wireguard-support-many-improvements

~
Windows Server: January 2022 security updates are causing DC boot loop

https://borncity.com/win/2022/01/12/windows-server-januar-2022-sicherheitsupdates-verursachen-boot-schleife/
https://www.reddit.com/r/sysadmin/comments/s24o7k/kb5009624_breaks_hyperv/

XFS file system vulnerability CVE-2021-4155: what it is and how to fix it

https://www.virtuozzo.com/company/blog/xfs-file-system-vulnerability-cve-2021-4155/

~
BreakingFormation: Orca Security Research Team Discovers AWS CloudFormation Vulnerability

https://orca.security/resources/blog/aws-cloudformation-vulnerability/

~
Linux-Targeted Malware Increases by 35% in 2021: XorDDoS, Mirai and Mozi Most Prevalent

https://www.crowdstrike.com/blog/linux-targeted-malware-increased-by-35-percent-in-2021/

~
CVE-2021-4122: cryptsetup 2.x: decryption through LUKS2 reencryption

https://www.openwall.com/lists/oss-security/2022/01/13/2

~
New Intel chips won't play Blu-ray disks due to SGX deprecation

https://www.bleepingcomputer.com/news/security/new-intel-chips-wont-play-blu-ray-disks-due-to-sgx-deprecation/

~
Ransomware targets Edge users

https://blog.malwarebytes.com/threat-intelligence/2022/01/ransomware-targets-edge-users/

~
EXPLOITING URL PARSING CONFUSION

https://news.1rj.ru/str/sysadm_in_up/995

‌
Changes news: Sys-Admin BLD service enabled both 443, 8443 for DoH dns-query ports

Hey, today I'm happy to say that I have new changes on Sys-Admin BLD services, now you can use this DoH service on two different modes:

• https://bld.sys-adm.in/dns-query
or
• https://bld.sys-adm.in:8443/dns-query

This is two modes that will work!

How you can setup your browser or another devise for DoH you can read on BLD WIKI page

Notes:
• This mode will be added to Sys-Admin "black-box" service in the next BLD release
• Maybe 8443 mode will be deprecated in the BLD service

Comment from BLD author (@sysadm_in_channel owner):
• If are you thinking about of your privacy or are you think about of security of your devices or networks, try to use open and free BLD service, and you will see the effect of clean internet instantly 🙂

P.S. About of BLD service on Russian - https://news.1rj.ru/str/sysadm_in_up/996

Oracle Critical Patch Update Pre-Release Announcement - January 2022

https://www.oracle.com/security-alerts/cpujan2022.html

~
Safari 15 IndexedDB Leaks

What is this vulnerability and who is affected? You can test this demo on all affected browsers: Safari 15 on macOS, or any browser on iOS and iPadOS 15

The demo illustrates how any website can learn a visitor's recent and current browsing activity (websites visited in different tabs or windows) using this leak. For visitors, logged into Google services, this demo can also leak Google User IDs and profile pictures.

https://safarileaks.com/

😡 it is work on macOS Monterey 12.2 with Safari 15.3

up

Exploiting IndexedDB API information leaks in Safari 15
https://fingerprintjs.com/blog/indexeddb-api-browser-vulnerability-safari-15/

~
5 Alternative Ways to Change Your DNS Server in Windows 11

https://www.makeuseof.com/windows-11-alternate-ways-change-dns-server-settings/

~
Transferring Selinux Settings To Another System With Semanage

Use the following steps for transferring your custom and verified SELinux settings between RHEL 9-based systems.

https://access.redhat.com/documentation/jajp/red_hat_enterprise_linux/9-beta/html/using_selinux/transferring-selinux-settings-to-another-system-with-semanage_using-selinux

/ Igor leaving from NGINX

https://www.nginx.com/blog/do-svidaniya-igor-thank-you-for-nginx/

/ Mixed Messages: Busting Box’s MFA Methods

Varonis Threat Labs discovered a way to bypass multi-factor authentication (MFA) for Box accounts that use an SMS code for login verification.

https://www.varonis.com/blog/box-mfa-bypass-sms

P.S. thx for the link dear subscriber ✌️

/ Linux kernel: Heap buffer overflow in fs_context.c since version 5.1

- https://www.openwall.com/lists/oss-security/2022/01/18/7
- CVE-2022-0185 (demo) - https://github.com/Crusaders-of-Rust/CVE-2022-0185

/ GitHub Actions flaw that allowed code to be approved without review is addressed with new feature rollout

- https://portswigger.net/daily-swig/github-actions-flaw-that-allowed-code-to-be-approved-without-review-is-addressed-with-new-feature-rollout

/ Choosing between Ansible's copy and template modules

Ansible's copy and template modules are a great way to get started with automation:

https://www.redhat.com/sysadmin/ansibles-copy-template-modules

/ MAKE YOUR PYTHON CLI TOOLS POP WITH RICH

https://hackaday.com/2022/01/19/make-your-python-cli-tools-pop-with-rich/

/ CVE-2021-45467: CWP CentOS Web Panel – preauth RCE

https://octagon.net/blog/2022/01/22/cve-2021-45467-cwp-centos-web-panel-preauth-rce/

/ Backdoor Found in Themes and Plugins from AccessPress Themes

https://jetpack.com/2022/01/18/backdoor-found-in-themes-and-plugins-from-accesspress-themes/

/ How BRATA malware is monitoring your bank account

Now, BRATA has new features, a new BRATA variant started circulating last December

PoC

https://www.cleafy.com/cleafy-labs/how-brata-is-monitoring-your-bank-account

/ Linux Foundation launches Open Source Software Development, Linux, and Git certification

- https://www.edx.org/course/open-sourse-software-development-linux-for-developers
- https://www.edx.org/course/linux-tools-for-developers
- https://www.edx.org/course/git-for-distributed-development

/ Повышение цен на электричество в Европе никак не повлияют на BLD DNS Service

• BLD+ Мотивация и Причины создания (ru)

/ Energy price increases in Europe will not affect the BLD DNS service in any way

• BLD+ Motivations and Reasons for creation (en)

~~~

How you can use BLD in Browsers, Phones, Routers:
• https://github.com/m0zgen/blocky-listener-daemon/wiki

BLD Project Site:
• https://lab.sys-adm.in

P.S. 👋 if you want to donate you can find donate links, in bottom on lab.sys-adm.in site :)

Watering hole deploys new macOS malware, DazzleSpy, in Asia

https://www.welivesecurity.com/2022/01/25/watering-hole-deploys-new-macos-malware-dazzlespy-asia/

DTPacker – a .NET Packer with a Curious Password

In this blog, we describe a two-stage commodity .NET packer or downloader which although seeing considerable variety in the first stage, uses a second stage with a fixed password as part of the decoding. The main difference between a packer and a downloader is the location of the payload data which is embedded in the former and downloaded in the latter. DTPacker uses both forms. It is unusual for a piece of malware to be both a packer and downloader. PoC:

https://www.proofpoint.com/us/blog/threat-insight/dtpacker-net-packer-curious-password-1

PwnKit: Local Privilege Escalation Vulnerability Discovered in polkit’s pkexec (CVE-2021-4034)

Memory corruption vulnerability in polkit’s pkexec, a SUID-root program that is installed by default on every major Linux distribution. This easily exploited vulnerability allows any unprivileged user to gain full root privileges on a vulnerable host by exploiting this vulnerability in its default configuration.

PoC

https://blog.qualys.com/vulnerabilities-threat-research/2022/01/25/pwnkit-local-privilege-escalation-vulnerability-discovered-in-polkits-pkexec-cve-2021-4034

Ransoms Demanded for Hijacked Instagram Accounts

An extensive phishing campaign has targeted corporate Instagram accounts since approximately August 2021. The threat actors demand ransoms from the victims to restore access..

How it works:

https://www.secureworks.com/blog/ransoms-demanded-for-hijacked-instagram-accounts

Hacking the Apple Webcam (again)

https://www.ryanpickren.com/safari-uxss

TrickBot Bolsters Layered Defenses to Prevent Injection Research

PoC

https://securityintelligence.com/posts/trickbot-bolsters-layered-defenses-prevent-injection/

Apple released Safari patch:
https://support.apple.com/en-us/HT213058

CVE-2022-0185 – What does the newest kernel exploit mean for Kubernetes users and how to detect it?

https://www.armosec.io/blog/cve-2022-0185-kubernetes-users/

Exploit

This repo contains demo exploits for CVE-2022-0185

https://github.com/Crusaders-of-Rust/CVE-2022-0185

SonicWall SMA-100 Unauth RCE Exploit (CVE-2021-20038)

https://github.com/jbaines-r7/badblood