/ Security updates available for Adobe Commerce APSB22-12

Adobe has released security updates for Adobe Commerce and Magento Open Source. These updates resolve a vulnerability rated critical. Successful exploitation could lead to arbitrary code execution:

https://support.magento.com/hc/en-us/articles/4426353041293-Security-updates-available-for-Adobe-Commerce-APSB22-12

/ Simple analysys weaponized PDFs in phishing attacks

https://securityaffairs.co/wordpress/127946/hacking/analyzing-phishing-attacks-pdfs.html

P.S. Phishing domain already blocked in BLD Service

/ 2021 Year End Report Vulnerability QuickView

https://pages.riskbasedsecurity.com/hubfs/Reports/2021/2021%20Year%20End%20Vulnerability%20QuickView%20Report.pdf

Apple releases security updates for macOS Big Sur and Catalina following macOS 12.2.1

https://support.apple.com/en-us/HT201222

and another post from the same category - Google relesed security updates for Chrome browser:

https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop_14.html

Zabbix 6.0 LTS

https://www.zabbix.com/ru/whats_new_6_0

master_librarian

A simple tool to audit Linux system libraries to find public security vulnerabilities.

https://github.com/CoolerVoid/master_librarian

/ Indicators of Compromise Associated with BlackByte Ransomware

Technical details, mitigations. This joint Cybersecurity Advisory was developed by the Federal Bureau of Investigation (FBI) and the U.S. Secret Service (USSS) to provide information on BlackByte ransomware.

https://www.ic3.gov/Media/News/2022/220211.pdf

/ Windows RDP Event IDs Cheatsheet

It is becoming more and more common for bad actors to manipulate or clear the security event logs on compromised machines, and sometimes RDP sessions don’t even register as just a type 10 logon, depending on the circumstance. RDP activities will leave events in several different logs as action is taken and various processes are involved.

https://www.socinvestigation.com/windows-rdp-event-ids-cheatsheet/

Critical. VMware ESXi, Workstation, and Fusion updates address multiple security vulnerabilities (CVE-2021-22040, CVE-2021-22041, CVE-2021-22042, CVE-2021-22043, CVE-2021-22050)

https://www.vmware.com/security/advisories/VMSA-2022-0004.html

/ Vulnerable Exchange server hit by Squirrelwaffle and financial fraud

While Squirrelwaffle leveraged Exchange to spread malspam through hijacked email threads, one thread was spirited away by attackers to trick the target into a money transfer.

The Sophos Rapid Response team recently investigated an incident where the Squirrelwaffle malware loader was used in conjunction with the ProxyLogon and ProxyShell exploits to target an unpatched Microsoft Exchange server:

https://news.sophos.com/en-us/2022/02/15/vulnerable-exchange-server-hit-by-squirrelwaffle-and-financial-fraud/

/ MyloBot 2022 – Evasive botnet that just sends extortion emails?

https://blog.minerva-labs.com/mylobot-2022-so-many-evasive-techniques-just-to-send-extortion-emails

/ How can I synchronize DNS RPZ firewall policies across multiple DNS servers?

In DNS RPZ, the DNS firewall policy rule set is stored in a DNS zone which is maintained and synchronized using the same tools and methods as for any other DNS zone.

https://kb.isc.org/docs/aa-00518

/ A primer on DCSync attack and detection

Active directory is a backbone of almost all the organizations. It helps the IT team to manage the systems, users, policies etc, centrally across the complete network. Since it is integral part of the organization, it open's multiple opportunity for the attackers to leverage the features of active directory and abuse them for malicious intent. We will look at one such feature known as Active Directory Replication in this post.

https://www.alteredsecurity.com/post/a-primer-on-dcsync-attack-and-detection

/ Cisco Email Security Appliance DNS Verification Denial of Service Vulnerability

A vulnerability in the DNS-based Authentication of Named Entities (DANE) email verification component of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-dos-MxZvGtgU

/ Meet Kraken: A New Golang Botnet in Development

Though still under active development, Kraken already features the ability to download and execute secondary payloads, run shell commands, and take screenshots of the victim’s system

https://www.zerofox.com/blog/meet-kraken-a-new-golang-botnet-in-development/

/ Oh Snap! More Lemmings: Local Privilege Escalation Vulnerability Discovered in snap-confine (CVE-2021-44731)

https://blog.qualys.com/vulnerabilities-threat-research/2022/02/17/oh-snap-more-lemmings-local-privilege-escalation-vulnerability-discovered-in-snap-confine-cve-2021-44731

Tutorial: Kubernetes Vulnerability Scanning & Testing With Open Source

https://www.conjur.org/blog/tutorial-kubernetes-vulnerability-scanning-testing-with-open-source/

/ Hackers Attach Malicious .exe Files to Teams Conversations

As this popularity grows, hackers will continue to increase how often they target it as a launchpad for phishing and malware attacks:

https://www.avanan.com/blog/hackers-attach-malicious-.exe-files-to-teams-conversations

/ A Modern Ninja: Evasive Trickbot Attacks Customers of 60 High-Profile Companies

Technical review:

https://research.checkpoint.com/2022/a-modern-ninja-evasive-trickbot-attacks-customers-of-60-high-profile-companies/

/ Critical vulnerabilities in Zabbix Web Frontend allow authentication bypass, code execution on servers

https://portswigger.net/daily-swig/critical-vulnerabilities-in-zabbix-web-frontend-allow-authentication-bypass-code-execution-on-servers

/ Steal Credentials & Bypass 2FA Using noVNC

Steal credentials and bypass 2FA by giving users remote access to your server via an HTML5 VNC client that has a browser running in kiosk mode:

https://mrd0x.com/bypass-2fa-using-novnc