Changes news: Sys-Admin BLD service enabled both 443, 8443 for DoH dns-query ports
Hey, today I'm happy to say that I have new changes on Sys-Admin BLD services, now you can use this DoH service on two different modes:
•
or
•
This is two modes that will work!
How you can setup your browser or another devise for DoH you can read on BLD WIKI page
Notes:
• This mode will be added to Sys-Admin "black-box" service in the next BLD release
• Maybe 8443 mode will be deprecated in the BLD service
Comment from BLD author (@sysadm_in_channel owner):
• If are you thinking about of your privacy or are you think about of security of your devices or networks, try to use open and free BLD service, and you will see the effect of clean internet instantly 🙂
P.S. About of BLD service on Russian - https://news.1rj.ru/str/sysadm_in_up/996
Changes news: Sys-Admin BLD service enabled both 443, 8443 for DoH dns-query ports
Hey, today I'm happy to say that I have new changes on Sys-Admin BLD services, now you can use this DoH service on two different modes:
•
https://bld.sys-adm.in/dns-queryor
•
https://bld.sys-adm.in:8443/dns-queryThis is two modes that will work!
How you can setup your browser or another devise for DoH you can read on BLD WIKI page
Notes:
• This mode will be added to Sys-Admin "black-box" service in the next BLD release
• Maybe 8443 mode will be deprecated in the BLD service
Comment from BLD author (@sysadm_in_channel owner):
• If are you thinking about of your privacy or are you think about of security of your devices or networks, try to use open and free BLD service, and you will see the effect of clean internet instantly 🙂
P.S. About of BLD service on Russian - https://news.1rj.ru/str/sysadm_in_up/996
Sys-Admin InfoSec pinned « Changes news: Sys-Admin BLD service enabled both 443, 8443 for DoH dns-query ports Hey, today I'm happy to say that I have new changes on Sys-Admin BLD services, now you can use this DoH service on two different modes: • https://bld.sys-adm.in/dns-query…»
Oracle Critical Patch Update Pre-Release Announcement - January 2022
https://www.oracle.com/security-alerts/cpujan2022.html
~
Safari 15 IndexedDB Leaks
What is this vulnerability and who is affected? You can test this demo on all affected browsers: Safari 15 on macOS, or any browser on iOS and iPadOS 15
The demo illustrates how any website can learn a visitor's recent and current browsing activity (websites visited in different tabs or windows) using this leak. For visitors, logged into Google services, this demo can also leak Google User IDs and profile pictures.
https://safarileaks.com/
😡 it is work on macOS Monterey 12.2 with Safari 15.3
up
Exploiting IndexedDB API information leaks in Safari 15
https://fingerprintjs.com/blog/indexeddb-api-browser-vulnerability-safari-15/
~
5 Alternative Ways to Change Your DNS Server in Windows 11
https://www.makeuseof.com/windows-11-alternate-ways-change-dns-server-settings/
~
Transferring Selinux Settings To Another System With Semanage
Use the following steps for transferring your custom and verified SELinux settings between RHEL 9-based systems.
https://access.redhat.com/documentation/jajp/red_hat_enterprise_linux/9-beta/html/using_selinux/transferring-selinux-settings-to-another-system-with-semanage_using-selinux
https://www.oracle.com/security-alerts/cpujan2022.html
~
Safari 15 IndexedDB Leaks
What is this vulnerability and who is affected? You can test this demo on all affected browsers: Safari 15 on macOS, or any browser on iOS and iPadOS 15
The demo illustrates how any website can learn a visitor's recent and current browsing activity (websites visited in different tabs or windows) using this leak. For visitors, logged into Google services, this demo can also leak Google User IDs and profile pictures.
https://safarileaks.com/
😡 it is work on macOS Monterey 12.2 with Safari 15.3
up
Exploiting IndexedDB API information leaks in Safari 15
https://fingerprintjs.com/blog/indexeddb-api-browser-vulnerability-safari-15/
~
5 Alternative Ways to Change Your DNS Server in Windows 11
https://www.makeuseof.com/windows-11-alternate-ways-change-dns-server-settings/
~
Transferring Selinux Settings To Another System With Semanage
Use the following steps for transferring your custom and verified SELinux settings between RHEL 9-based systems.
https://access.redhat.com/documentation/jajp/red_hat_enterprise_linux/9-beta/html/using_selinux/transferring-selinux-settings-to-another-system-with-semanage_using-selinux
Safarileaks
Safari 15 IndexedDB Leaks
Information leaks resulting from an IndexedDB same-origin policy violation in WebKit (a browser engine primarily used in Safari, as well as all iOS and iPadOS web browsers).
/ Igor leaving from NGINX
https://www.nginx.com/blog/do-svidaniya-igor-thank-you-for-nginx/
/ Mixed Messages: Busting Box’s MFA Methods
Varonis Threat Labs discovered a way to bypass multi-factor authentication (MFA) for Box accounts that use an SMS code for login verification.
https://www.varonis.com/blog/box-mfa-bypass-sms
P.S. thx for the link dear subscriber ✌️
https://www.nginx.com/blog/do-svidaniya-igor-thank-you-for-nginx/
/ Mixed Messages: Busting Box’s MFA Methods
Varonis Threat Labs discovered a way to bypass multi-factor authentication (MFA) for Box accounts that use an SMS code for login verification.
https://www.varonis.com/blog/box-mfa-bypass-sms
P.S. thx for the link dear subscriber ✌️
/ Linux kernel: Heap buffer overflow in fs_context.c since version 5.1
- https://www.openwall.com/lists/oss-security/2022/01/18/7
- CVE-2022-0185 (demo) - https://github.com/Crusaders-of-Rust/CVE-2022-0185
/ GitHub Actions flaw that allowed code to be approved without review is addressed with new feature rollout
- https://portswigger.net/daily-swig/github-actions-flaw-that-allowed-code-to-be-approved-without-review-is-addressed-with-new-feature-rollout
- https://www.openwall.com/lists/oss-security/2022/01/18/7
- CVE-2022-0185 (demo) - https://github.com/Crusaders-of-Rust/CVE-2022-0185
/ GitHub Actions flaw that allowed code to be approved without review is addressed with new feature rollout
- https://portswigger.net/daily-swig/github-actions-flaw-that-allowed-code-to-be-approved-without-review-is-addressed-with-new-feature-rollout
GitHub
GitHub - Crusaders-of-Rust/CVE-2022-0185: CVE-2022-0185
CVE-2022-0185. Contribute to Crusaders-of-Rust/CVE-2022-0185 development by creating an account on GitHub.
/ Choosing between Ansible's copy and template modules
Ansible's copy and template modules are a great way to get started with automation:
https://www.redhat.com/sysadmin/ansibles-copy-template-modules
/ MAKE YOUR PYTHON CLI TOOLS POP WITH RICH
https://hackaday.com/2022/01/19/make-your-python-cli-tools-pop-with-rich/
/ CVE-2021-45467: CWP CentOS Web Panel – preauth RCE
https://octagon.net/blog/2022/01/22/cve-2021-45467-cwp-centos-web-panel-preauth-rce/
/ Backdoor Found in Themes and Plugins from AccessPress Themes
https://jetpack.com/2022/01/18/backdoor-found-in-themes-and-plugins-from-accesspress-themes/
Ansible's copy and template modules are a great way to get started with automation:
https://www.redhat.com/sysadmin/ansibles-copy-template-modules
/ MAKE YOUR PYTHON CLI TOOLS POP WITH RICH
https://hackaday.com/2022/01/19/make-your-python-cli-tools-pop-with-rich/
/ CVE-2021-45467: CWP CentOS Web Panel – preauth RCE
https://octagon.net/blog/2022/01/22/cve-2021-45467-cwp-centos-web-panel-preauth-rce/
/ Backdoor Found in Themes and Plugins from AccessPress Themes
https://jetpack.com/2022/01/18/backdoor-found-in-themes-and-plugins-from-accesspress-themes/
Redhat
Choosing between Ansible's copy and template modules
When it comes to transferring files to a remote system with Ansible, the copy and template modules are great tools for the job. So many things can be don...
/ How BRATA malware is monitoring your bank account
Now, BRATA has new features, a new BRATA variant started circulating last December
PoC
https://www.cleafy.com/cleafy-labs/how-brata-is-monitoring-your-bank-account
/ Linux Foundation launches Open Source Software Development, Linux, and Git certification
- https://www.edx.org/course/open-sourse-software-development-linux-for-developers
- https://www.edx.org/course/linux-tools-for-developers
- https://www.edx.org/course/git-for-distributed-development
Now, BRATA has new features, a new BRATA variant started circulating last December
PoC
https://www.cleafy.com/cleafy-labs/how-brata-is-monitoring-your-bank-account
/ Linux Foundation launches Open Source Software Development, Linux, and Git certification
- https://www.edx.org/course/open-sourse-software-development-linux-for-developers
- https://www.edx.org/course/linux-tools-for-developers
- https://www.edx.org/course/git-for-distributed-development
Cleafy
How BRATA is monitoring your bank account | Cleafy Labs
The mobile banking malware BRATA keeps evolving. Read here the new Technical Report, which explains in detail how it monitors banks account and how to prevent it.
/ Повышение цен на электричество в Европе никак не повлияют на BLD DNS Service
• BLD+ Мотивация и Причины создания (ru)
/ Energy price increases in Europe will not affect the BLD DNS service in any way
• BLD+ Motivations and Reasons for creation (en)
~~~
How you can use BLD in Browsers, Phones, Routers:
• https://github.com/m0zgen/blocky-listener-daemon/wiki
BLD Project Site:
• https://lab.sys-adm.in
P.S. 👋 if you want to donate you can find donate links, in bottom on lab.sys-adm.in site :)
• BLD+ Мотивация и Причины создания (ru)
/ Energy price increases in Europe will not affect the BLD DNS service in any way
• BLD+ Motivations and Reasons for creation (en)
~~~
How you can use BLD in Browsers, Phones, Routers:
• https://github.com/m0zgen/blocky-listener-daemon/wiki
BLD Project Site:
• https://lab.sys-adm.in
P.S. 👋 if you want to donate you can find donate links, in bottom on lab.sys-adm.in site :)
lab.sys-adm.in
Sys-Admin Laboratory
Open Sys-Admin BLD DNS - Focus on information for free with adblocking and implicit cybersecurity threat prevention.
Watering hole deploys new macOS malware, DazzleSpy, in Asia
https://www.welivesecurity.com/2022/01/25/watering-hole-deploys-new-macos-malware-dazzlespy-asia/
https://www.welivesecurity.com/2022/01/25/watering-hole-deploys-new-macos-malware-dazzlespy-asia/
WeLiveSecurity
Watering hole deploys new macOS malware, DazzleSpy, in Asia
The website of a Hong Kong pro-democracy radio station was compromised to serve a Safari exploit that installed cyberespionage malware on visitors’ Macs.
DTPacker – a .NET Packer with a Curious Password
In this blog, we describe a two-stage commodity .NET packer or downloader which although seeing considerable variety in the first stage, uses a second stage with a fixed password as part of the decoding. The main difference between a packer and a downloader is the location of the payload data which is embedded in the former and downloaded in the latter. DTPacker uses both forms. It is unusual for a piece of malware to be both a packer and downloader. PoC:
https://www.proofpoint.com/us/blog/threat-insight/dtpacker-net-packer-curious-password-1
In this blog, we describe a two-stage commodity .NET packer or downloader which although seeing considerable variety in the first stage, uses a second stage with a fixed password as part of the decoding. The main difference between a packer and a downloader is the location of the payload data which is embedded in the former and downloaded in the latter. DTPacker uses both forms. It is unusual for a piece of malware to be both a packer and downloader. PoC:
https://www.proofpoint.com/us/blog/threat-insight/dtpacker-net-packer-curious-password-1
Proofpoint
DTPacker – a .NET Packer with a Curious Password | Proofpoint US
Key Findings Proofpoint identified a malware packer which researchers have dubbed DTPacker. The payload decoding uses a fixed password containing former U.S. president Donald
PwnKit: Local Privilege Escalation Vulnerability Discovered in polkit’s pkexec (CVE-2021-4034)
Memory corruption vulnerability in polkit’s pkexec, a SUID-root program that is installed by default on every major Linux distribution. This easily exploited vulnerability allows any unprivileged user to gain full root privileges on a vulnerable host by exploiting this vulnerability in its default configuration.
PoC
https://blog.qualys.com/vulnerabilities-threat-research/2022/01/25/pwnkit-local-privilege-escalation-vulnerability-discovered-in-polkits-pkexec-cve-2021-4034
Memory corruption vulnerability in polkit’s pkexec, a SUID-root program that is installed by default on every major Linux distribution. This easily exploited vulnerability allows any unprivileged user to gain full root privileges on a vulnerable host by exploiting this vulnerability in its default configuration.
PoC
https://blog.qualys.com/vulnerabilities-threat-research/2022/01/25/pwnkit-local-privilege-escalation-vulnerability-discovered-in-polkits-pkexec-cve-2021-4034
Qualys
CVE-2021-4034: How PwnKit Exploits Polkit’s pkexec | Qualys
CVE-2021-4034, a PwnKit vulnerability, lets unprivileged users gain root access via pkexec. Explore its impact and how to mitigate the risk.
Ransoms Demanded for Hijacked Instagram Accounts
An extensive phishing campaign has targeted corporate Instagram accounts since approximately August 2021. The threat actors demand ransoms from the victims to restore access..
How it works:
https://www.secureworks.com/blog/ransoms-demanded-for-hijacked-instagram-accounts
An extensive phishing campaign has targeted corporate Instagram accounts since approximately August 2021. The threat actors demand ransoms from the victims to restore access..
How it works:
https://www.secureworks.com/blog/ransoms-demanded-for-hijacked-instagram-accounts
Secureworks
Ransoms Demanded for Hijacked Instagram Accounts
Learn how a phishing campaign hijacked corporate Instagram accounts and popular individual influencers then extorted ransom payments.
TrickBot Bolsters Layered Defenses to Prevent Injection Research
PoC
https://securityintelligence.com/posts/trickbot-bolsters-layered-defenses-prevent-injection/
PoC
https://securityintelligence.com/posts/trickbot-bolsters-layered-defenses-prevent-injection/
Security Intelligence
TrickBot Bolsters Layered Defenses to Prevent Injection Research
The cyber crime gang that operates the TrickBot Trojan has been escalating activity. See how it operates in 'beautified' code.
Sys-Admin InfoSec
Oracle Critical Patch Update Pre-Release Announcement - January 2022 https://www.oracle.com/security-alerts/cpujan2022.html ~ Safari 15 IndexedDB Leaks What is this vulnerability and who is affected? You can test this demo on all affected browsers: Safari…
Apple released Safari patch:
https://support.apple.com/en-us/HT213058
https://support.apple.com/en-us/HT213058
Apple Support
About the security content of Safari 15.3
This document describes the security content of Safari 15.3.
CVE-2022-0185 – What does the newest kernel exploit mean for Kubernetes users and how to detect it?
https://www.armosec.io/blog/cve-2022-0185-kubernetes-users/
Exploit
This repo contains demo exploits for CVE-2022-0185
https://github.com/Crusaders-of-Rust/CVE-2022-0185
https://www.armosec.io/blog/cve-2022-0185-kubernetes-users/
Exploit
This repo contains demo exploits for CVE-2022-0185
https://github.com/Crusaders-of-Rust/CVE-2022-0185
ARMO
What the newest kernel exploit - CVE-2022-0185 - mean for Kubernetes?
In the last few days, Linux maintainers disclosed a broadly available Linux kernel vulnerability - CVE-2022-0185- what does it mean for Kubernetes?
Forwarded from Sys-Admin Up (Yevgeniy Goncharov)
8 ways to speed up your Ansible playbooks
https://www.redhat.com/sysadmin/faster-ansible-playbook-execution
https://www.redhat.com/sysadmin/faster-ansible-playbook-execution
Redhat
8 ways to speed up your Ansible playbooks
Ansible is a simple and powerful open source automation tool that can streamline many of your IT infrastructure operations. You can automate simple tasks lik...
Forwarded from Sys-Admin Up (Yevgeniy Goncharov)
Active Directory Certificate Services (AD CS): weaponizing the ESC7 attack
New vectors in different engagements throughout the last months, mainly to escalate and keep the acquired privileges. In this context, the techniques labeled as ESC1 and ESC8 were the most used, being the attacks most well documented on the internet due to their effectiveness.
https://www.blackarrow.net/adcs-weaponizing-esc7-attack/
New vectors in different engagements throughout the last months, mainly to escalate and keep the acquired privileges. In this context, the techniques labeled as ESC1 and ESC8 were the most used, being the attacks most well documented on the internet due to their effectiveness.
https://www.blackarrow.net/adcs-weaponizing-esc7-attack/
Tarlogic Security
BlackArrow - Offensive security services
BlackArrow is the offensive and defensive security services division of Tarlogic Security. A team of high level professionals
Financially Motivated Mobile Scamware Exceeds 100M Installations
https://blog.zimperium.com/dark-herring-android-scamware-exceeds-100m-installations/
https://blog.zimperium.com/dark-herring-android-scamware-exceeds-100m-installations/
Zimperium
Financially Motivated Mobile Scamware Exceeds 100M Installations - Zimperium
Research by Aazim Bill SE Yaswant and Nipun Gupta While some financially motivated scams may seem simple on the surface, the truth of the matter is that
Forwarded from Yevgeniy Goncharov
News: Анонс нового анонса сервиса Sys-Admin BLD
Yo! Всем приветы! Ближайший месяц планирую сделать апдейт Сервиса Sys-Admin BLD
Напомню, что с недавних пор к набору сервисов BLD “Black-Box”, BLD “Open” прибавился BLD+
В рамках проекта BLD+ планирую сделать апдейт BLD с добавлением новых фич.функциональности итак текущий BLD из себя представляет:
- Main если хотите Core - стек всего BLD и несет в себе прежде всего блокировку малвари, рамсовари, фишинга и рекламы
- Добавится Main+Children/Family - Удобно будет блокировать всякую шляпу у детей, типа сайтов порно и игр типа ROBLOX
- Добавится Main+Office - Удобно для корпоратов и офисов, здесь будет блокировка всяких сайтов типа - знакомств
- Добавится Main+Children+Office - Включает все из вышеприведенного, полезно может быть для учебных учреждений
Как это будет рбаотать, на сайт добавится специальный конструктор, где пользователь сам себе выберет или создаст нужный DoH профиль, который будет иметь примерный вид:
-
или
-
Скопирует, вставит в браузер или роутер. Done!
P.S. О самом проекте можно прочитать и подключить здесь - https://lab.sys-adm.in/
Yo! Всем приветы! Ближайший месяц планирую сделать апдейт Сервиса Sys-Admin BLD
Напомню, что с недавних пор к набору сервисов BLD “Black-Box”, BLD “Open” прибавился BLD+
В рамках проекта BLD+ планирую сделать апдейт BLD с добавлением новых фич.функциональности итак текущий BLD из себя представляет:
- Main если хотите Core - стек всего BLD и несет в себе прежде всего блокировку малвари, рамсовари, фишинга и рекламы
- Добавится Main+Children/Family - Удобно будет блокировать всякую шляпу у детей, типа сайтов порно и игр типа ROBLOX
- Добавится Main+Office - Удобно для корпоратов и офисов, здесь будет блокировка всяких сайтов типа - знакомств
- Добавится Main+Children+Office - Включает все из вышеприведенного, полезно может быть для учебных учреждений
Как это будет рбаотать, на сайт добавится специальный конструктор, где пользователь сам себе выберет или создаст нужный DoH профиль, который будет иметь примерный вид:
-
https://bld.sys-adm.in/childrenили
-
https://bld.sys-adm.in/all Скопирует, вставит в браузер или роутер. Done!
P.S. О самом проекте можно прочитать и подключить здесь - https://lab.sys-adm.in/