Exploring extensions of dependency confusion attacks via npm package aliasing
Dependency confusion attacks are a form of open source supply chain security attacks in which an attacker exploits how package managers install dependencies. In a prior post, we explored how to detect and prevent dependency confusion attacks on npm to maintain supply chain security:
https://snyk.io/blog/exploring-extensions-of-dependency-confusion-attacks-via-npm-package-aliasing/
Dependency confusion attacks are a form of open source supply chain security attacks in which an attacker exploits how package managers install dependencies. In a prior post, we explored how to detect and prevent dependency confusion attacks on npm to maintain supply chain security:
https://snyk.io/blog/exploring-extensions-of-dependency-confusion-attacks-via-npm-package-aliasing/
Snyk
Detect and prevent dependency confusion attacks on npm to maintain supply chain security | Snyk
Learn about dependency confusion attacks, how they manifest for JavaScript and Node.js developers working in the npm ecosystem, and how to prevent them.
Windows DNS Server Remote Code Execution Vulnerability
CVE-2022-21984 (important update)
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21984
CVE-2022-21984 (important update)
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21984
NGINX - If is Evil... when used in location context
(EN) Directive if has problems when used in location context, in some cases it doesn’t do what you expect but something completely different instead. In some cases it even segfaults. It’s generally a good idea to avoid it if possible.
(RU) Директива if - у нее есть проблемы при использовании в контексте локаций, в некоторых случаях эта директива делает не то, что ожидается, а нечто совершенно другое.
На оф. сайте рекомендуют избегать этой директивы, если это возможно. А ты знал? Я нет - сюрприз 😄
https://www.nginx.com/resources/wiki/start/topics/depth/ifisevil/
(EN) Directive if has problems when used in location context, in some cases it doesn’t do what you expect but something completely different instead. In some cases it even segfaults. It’s generally a good idea to avoid it if possible.
(RU) Директива if - у нее есть проблемы при использовании в контексте локаций, в некоторых случаях эта директива делает не то, что ожидается, а нечто совершенно другое.
На оф. сайте рекомендуют избегать этой директивы, если это возможно. А ты знал? Я нет - сюрприз 😄
https://www.nginx.com/resources/wiki/start/topics/depth/ifisevil/
F5, Inc.
Welcome to F5 NGINX
NGINX is part of F5, and all previous NGINX.com links now redirect to content on F5.com. Don't worry, we still have all your needs covered to navigate to the pages you're looking for.
/ Attackers Disguise RedLine Stealer as a Windows 11 Upgrade
Threat actors are always looking for topical lures to socially engineer victims into infecting systems. We recently analyzed one such lure, namely a fake Windows 11 installer.
https://threatresearch.ext.hp.com/redline-stealer-disguised-as-a-windows-11-upgrade/
Threat actors are always looking for topical lures to socially engineer victims into infecting systems. We recently analyzed one such lure, namely a fake Windows 11 installer.
https://threatresearch.ext.hp.com/redline-stealer-disguised-as-a-windows-11-upgrade/
HP Wolf Security
Attackers Disguise RedLine Stealer as a Windows 11 Upgrade | HP Wolf Security
Don’t let cyber threats get the best of you. Read our post, Attackers Disguise RedLine Stealer as a Windows 11 Upgrade, to learn more about cyber threats and cyber security.
/ Most Common Antivirus Evasion and Bypass Techniques
The following are some of the most prevalent methods used by hackers to avoid antivirus detection:
https://www.socinvestigation.com/most-common-antivirus-evasion-and-bypass-techniques/
Additional article - Top 10 web hacking techniques of 2021
..the latest iteration of our annual community-powered effort to identify the most significant web security research released in the last year:
https://portswigger.net/research/top-10-web-hacking-techniques-of-2021
The following are some of the most prevalent methods used by hackers to avoid antivirus detection:
https://www.socinvestigation.com/most-common-antivirus-evasion-and-bypass-techniques/
Additional article - Top 10 web hacking techniques of 2021
..the latest iteration of our annual community-powered effort to identify the most significant web security research released in the last year:
https://portswigger.net/research/top-10-web-hacking-techniques-of-2021
Forwarded from Sys-Admin Up (Yevgeniy Goncharov)
StackScraper - Capturing sensitive data using real-time stack scanning against a remote process
tool to show how much data can be extracted from a running process without requiring any injection techniques
https://www.x86matthew.com/view_post?id=stack_scraper
tool to show how much data can be extracted from a running process without requiring any injection techniques
https://www.x86matthew.com/view_post?id=stack_scraper
/ NaturalFreshMall: a mass store hack
More than 350 ecommerce stores infected with malware in a single day. Magento under attack..:
https://sansec.io/research/naturalfreshmall-mass-hack
And another article from the same category - Critical Vulnerabilities in PHP Everywhere Allow Remote Code Execution
https://www.wordfence.com/blog/2022/02/critical-vulnerabilities-in-php-everywhere-allow-remote-code-execution/
More than 350 ecommerce stores infected with malware in a single day. Magento under attack..:
https://sansec.io/research/naturalfreshmall-mass-hack
And another article from the same category - Critical Vulnerabilities in PHP Everywhere Allow Remote Code Execution
https://www.wordfence.com/blog/2022/02/critical-vulnerabilities-in-php-everywhere-allow-remote-code-execution/
Sansec
NaturalFreshMall: a Magento Mass Hack
An investigative report by Sansec researchers on how one vulnerable Magento extension leads to a mass web store attack, with Magecart attackers using natural...
/ About the security content of iOS 15.3.1 and iPadOS 15.3.1
WebKit. Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited
https://support.apple.com/en-us/HT213093
WebKit. Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited
https://support.apple.com/en-us/HT213093
Apple Support
About the security content of iOS 15.3.1 and iPadOS 15.3.1
This document describes the security content of iOS 15.3.1 and iPadOS 15.3.1.
/ A walk through Project Zero metrics
https://googleprojectzero.blogspot.com/2022/02/a-walk-through-project-zero-metrics.html
https://googleprojectzero.blogspot.com/2022/02/a-walk-through-project-zero-metrics.html
Blogspot
A walk through Project Zero metrics
Posted by Ryan Schoen, Project Zero tl;dr In 2021, vendors took an average of 52 days to fix security vulnerabilities reported from Projec...
/ Security updates available for Adobe Commerce APSB22-12
Adobe has released security updates for Adobe Commerce and Magento Open Source. These updates resolve a vulnerability rated critical. Successful exploitation could lead to arbitrary code execution:
https://support.magento.com/hc/en-us/articles/4426353041293-Security-updates-available-for-Adobe-Commerce-APSB22-12
Adobe has released security updates for Adobe Commerce and Magento Open Source. These updates resolve a vulnerability rated critical. Successful exploitation could lead to arbitrary code execution:
https://support.magento.com/hc/en-us/articles/4426353041293-Security-updates-available-for-Adobe-Commerce-APSB22-12
Adobe
Adobe Experience League
Experience League: Adobe's customers learn, connect, and grow on a personalized path to success.
/ Simple analysys weaponized PDFs in phishing attacks
https://securityaffairs.co/wordpress/127946/hacking/analyzing-phishing-attacks-pdfs.html
P.S. Phishing domain already blocked in BLD Service
https://securityaffairs.co/wordpress/127946/hacking/analyzing-phishing-attacks-pdfs.html
P.S. Phishing domain already blocked in BLD Service
Security Affairs
Analyzing Phishing attacks that use malicious PDFs
Cybersecurity researchers Zoziel Pinto Freire analyzed the use of weaponized PDFs in phishing attacks
/ 2021 Year End Report Vulnerability QuickView
https://pages.riskbasedsecurity.com/hubfs/Reports/2021/2021%20Year%20End%20Vulnerability%20QuickView%20Report.pdf
https://pages.riskbasedsecurity.com/hubfs/Reports/2021/2021%20Year%20End%20Vulnerability%20QuickView%20Report.pdf
Flashpoint
Homepage
Flashpoint empowers the world’s leading organizations with the best data for threat intelligence to protect people, places, and assets.
Apple releases security updates for macOS Big Sur and Catalina following macOS 12.2.1
https://support.apple.com/en-us/HT201222
and another post from the same category - Google relesed security updates for Chrome browser:
https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop_14.html
https://support.apple.com/en-us/HT201222
and another post from the same category - Google relesed security updates for Chrome browser:
https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop_14.html
Apple Support
Apple security releases
This document lists security updates and Rapid Security Responses for Apple software.
Forwarded from Sys-Admin Up (Yevgeniy Goncharov)
master_librarian
A simple tool to audit Linux system libraries to find public security vulnerabilities.
https://github.com/CoolerVoid/master_librarian
A simple tool to audit Linux system libraries to find public security vulnerabilities.
https://github.com/CoolerVoid/master_librarian
/ Indicators of Compromise Associated with BlackByte Ransomware
Technical details, mitigations. This joint Cybersecurity Advisory was developed by the Federal Bureau of Investigation (FBI) and the U.S. Secret Service (USSS) to provide information on BlackByte ransomware.
https://www.ic3.gov/Media/News/2022/220211.pdf
Technical details, mitigations. This joint Cybersecurity Advisory was developed by the Federal Bureau of Investigation (FBI) and the U.S. Secret Service (USSS) to provide information on BlackByte ransomware.
https://www.ic3.gov/Media/News/2022/220211.pdf
/ Windows RDP Event IDs Cheatsheet
It is becoming more and more common for bad actors to manipulate or clear the security event logs on compromised machines, and sometimes RDP sessions don’t even register as just a type 10 logon, depending on the circumstance. RDP activities will leave events in several different logs as action is taken and various processes are involved.
https://www.socinvestigation.com/windows-rdp-event-ids-cheatsheet/
It is becoming more and more common for bad actors to manipulate or clear the security event logs on compromised machines, and sometimes RDP sessions don’t even register as just a type 10 logon, depending on the circumstance. RDP activities will leave events in several different logs as action is taken and various processes are involved.
https://www.socinvestigation.com/windows-rdp-event-ids-cheatsheet/
Security Investigation - Be the first to investigate
Windows RDP Event IDs Cheatsheet - Security Investigation
It is becoming more and more common for bad actors to manipulate or clear the security event logs on compromised machines, and sometimes RDP sessions don’t even register as just a type 10 logon, depending on the circumstance. RDP activities will leave events…
Critical. VMware ESXi, Workstation, and Fusion updates address multiple security vulnerabilities (CVE-2021-22040, CVE-2021-22041, CVE-2021-22042, CVE-2021-22043, CVE-2021-22050)
https://www.vmware.com/security/advisories/VMSA-2022-0004.html
https://www.vmware.com/security/advisories/VMSA-2022-0004.html
/ Vulnerable Exchange server hit by Squirrelwaffle and financial fraud
While Squirrelwaffle leveraged Exchange to spread malspam through hijacked email threads, one thread was spirited away by attackers to trick the target into a money transfer.
The Sophos Rapid Response team recently investigated an incident where the Squirrelwaffle malware loader was used in conjunction with the ProxyLogon and ProxyShell exploits to target an unpatched Microsoft Exchange server:
https://news.sophos.com/en-us/2022/02/15/vulnerable-exchange-server-hit-by-squirrelwaffle-and-financial-fraud/
While Squirrelwaffle leveraged Exchange to spread malspam through hijacked email threads, one thread was spirited away by attackers to trick the target into a money transfer.
The Sophos Rapid Response team recently investigated an incident where the Squirrelwaffle malware loader was used in conjunction with the ProxyLogon and ProxyShell exploits to target an unpatched Microsoft Exchange server:
https://news.sophos.com/en-us/2022/02/15/vulnerable-exchange-server-hit-by-squirrelwaffle-and-financial-fraud/
Sophos News
Vulnerable Exchange server hit by Squirrelwaffle and financial fraud
While Squirrelwaffle leveraged Exchange to spread malspam through hijacked email threads, one thread was spirited away by attackers to trick the target into a money transfer
/ MyloBot 2022 – Evasive botnet that just sends extortion emails?
https://blog.minerva-labs.com/mylobot-2022-so-many-evasive-techniques-just-to-send-extortion-emails
https://blog.minerva-labs.com/mylobot-2022-so-many-evasive-techniques-just-to-send-extortion-emails