/ Linux kernel: Heap buffer overflow in fs_context.c since version 5.1

- https://www.openwall.com/lists/oss-security/2022/01/18/7
- CVE-2022-0185 (demo) - https://github.com/Crusaders-of-Rust/CVE-2022-0185

/ GitHub Actions flaw that allowed code to be approved without review is addressed with new feature rollout

- https://portswigger.net/daily-swig/github-actions-flaw-that-allowed-code-to-be-approved-without-review-is-addressed-with-new-feature-rollout

/ Choosing between Ansible's copy and template modules

Ansible's copy and template modules are a great way to get started with automation:

https://www.redhat.com/sysadmin/ansibles-copy-template-modules

/ MAKE YOUR PYTHON CLI TOOLS POP WITH RICH

https://hackaday.com/2022/01/19/make-your-python-cli-tools-pop-with-rich/

/ CVE-2021-45467: CWP CentOS Web Panel – preauth RCE

https://octagon.net/blog/2022/01/22/cve-2021-45467-cwp-centos-web-panel-preauth-rce/

/ Backdoor Found in Themes and Plugins from AccessPress Themes

https://jetpack.com/2022/01/18/backdoor-found-in-themes-and-plugins-from-accesspress-themes/

/ How BRATA malware is monitoring your bank account

Now, BRATA has new features, a new BRATA variant started circulating last December

PoC

https://www.cleafy.com/cleafy-labs/how-brata-is-monitoring-your-bank-account

/ Linux Foundation launches Open Source Software Development, Linux, and Git certification

- https://www.edx.org/course/open-sourse-software-development-linux-for-developers
- https://www.edx.org/course/linux-tools-for-developers
- https://www.edx.org/course/git-for-distributed-development

/ Повышение цен на электричество в Европе никак не повлияют на BLD DNS Service

• BLD+ Мотивация и Причины создания (ru)

/ Energy price increases in Europe will not affect the BLD DNS service in any way

• BLD+ Motivations and Reasons for creation (en)

~~~

How you can use BLD in Browsers, Phones, Routers:
• https://github.com/m0zgen/blocky-listener-daemon/wiki

BLD Project Site:
• https://lab.sys-adm.in

P.S. 👋 if you want to donate you can find donate links, in bottom on lab.sys-adm.in site :)

Watering hole deploys new macOS malware, DazzleSpy, in Asia

https://www.welivesecurity.com/2022/01/25/watering-hole-deploys-new-macos-malware-dazzlespy-asia/

DTPacker – a .NET Packer with a Curious Password

In this blog, we describe a two-stage commodity .NET packer or downloader which although seeing considerable variety in the first stage, uses a second stage with a fixed password as part of the decoding. The main difference between a packer and a downloader is the location of the payload data which is embedded in the former and downloaded in the latter. DTPacker uses both forms. It is unusual for a piece of malware to be both a packer and downloader. PoC:

https://www.proofpoint.com/us/blog/threat-insight/dtpacker-net-packer-curious-password-1

PwnKit: Local Privilege Escalation Vulnerability Discovered in polkit’s pkexec (CVE-2021-4034)

Memory corruption vulnerability in polkit’s pkexec, a SUID-root program that is installed by default on every major Linux distribution. This easily exploited vulnerability allows any unprivileged user to gain full root privileges on a vulnerable host by exploiting this vulnerability in its default configuration.

PoC

https://blog.qualys.com/vulnerabilities-threat-research/2022/01/25/pwnkit-local-privilege-escalation-vulnerability-discovered-in-polkits-pkexec-cve-2021-4034

Ransoms Demanded for Hijacked Instagram Accounts

An extensive phishing campaign has targeted corporate Instagram accounts since approximately August 2021. The threat actors demand ransoms from the victims to restore access..

How it works:

https://www.secureworks.com/blog/ransoms-demanded-for-hijacked-instagram-accounts

Hacking the Apple Webcam (again)

https://www.ryanpickren.com/safari-uxss

TrickBot Bolsters Layered Defenses to Prevent Injection Research

PoC

https://securityintelligence.com/posts/trickbot-bolsters-layered-defenses-prevent-injection/

Apple released Safari patch:
https://support.apple.com/en-us/HT213058

CVE-2022-0185 – What does the newest kernel exploit mean for Kubernetes users and how to detect it?

https://www.armosec.io/blog/cve-2022-0185-kubernetes-users/

Exploit

This repo contains demo exploits for CVE-2022-0185

https://github.com/Crusaders-of-Rust/CVE-2022-0185

SonicWall SMA-100 Unauth RCE Exploit (CVE-2021-20038)

https://github.com/jbaines-r7/badblood

Active Directory Certificate Services (AD CS): weaponizing the ESC7 attack

New vectors in different engagements throughout the last months, mainly to escalate and keep the acquired privileges. In this context, the techniques labeled as ESC1 and ESC8 were the most used, being the attacks most well documented on the internet due to their effectiveness.

https://www.blackarrow.net/adcs-weaponizing-esc7-attack/

News: Анонс нового анонса сервиса Sys-Admin BLD

Yo! Всем приветы! Ближайший месяц планирую сделать апдейт Сервиса Sys-Admin BLD

Напомню, что с недавних пор к набору сервисов BLD “Black-Box”, BLD “Open” прибавился BLD+

В рамках проекта BLD+ планирую сделать апдейт BLD с добавлением новых фич.функциональности итак текущий BLD из себя представляет:
- Main если хотите Core - стек всего BLD и несет в себе прежде всего блокировку малвари, рамсовари, фишинга и рекламы
- Добавится Main+Children/Family - Удобно будет блокировать всякую шляпу у детей, типа сайтов порно и игр типа ROBLOX
- Добавится Main+Office - Удобно для корпоратов и офисов, здесь будет блокировка всяких сайтов типа - знакомств
- Добавится Main+Children+Office -  Включает все из вышеприведенного, полезно может быть для учебных учреждений

Как это будет рбаотать, на сайт добавится специальный конструктор, где пользователь сам себе выберет или создаст нужный DoH профиль, который будет иметь примерный вид:
- https://bld.sys-adm.in/children
или
- https://bld.sys-adm.in/all

Скопирует, вставит в браузер или роутер. Done!

P.S. О самом проекте можно прочитать и подключить здесь - https://lab.sys-adm.in/

NEW THREAT CAMPAIGN IDENTIFIED: ASYNCRAT INTRODUCES A NEW DELIVERY TECHNIQUE

Through a simple email phishing tactic with an html attachment, threat attackers are delivering AsyncRAT (a remote access trojan) designed to remotely monitor and control its infected computers through a secure, encrypted connection:

https://blog.morphisec.com/asyncrat-new-delivery-technique-new-threat-campaign

Linux kernel: use-after-free of user namespace on shm and mqueue destruction

Exploiting this issue for privilege escalation requires the availability
of unprivileged user namespaces.

https://www.openwall.com/lists/oss-security/2022/01/29/1

/ North Korea’s Lazarus APT leverages Windows Update client, GitHub in latest campaign

https://blog.malwarebytes.com/threat-intelligence/2022/01/north-koreas-lazarus-apt-leverages-windows-update-client-github-in-latest-campaign/

/ Abusing Microsoft Office Using Malicious Web Archive Files

https://www.netskope.com/blog/abusing-microsoft-office-using-malicious-web-archive-files