/ Cisco Email Security Appliance DNS Verification Denial of Service Vulnerability

A vulnerability in the DNS-based Authentication of Named Entities (DANE) email verification component of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-dos-MxZvGtgU

/ Meet Kraken: A New Golang Botnet in Development

Though still under active development, Kraken already features the ability to download and execute secondary payloads, run shell commands, and take screenshots of the victim’s system

https://www.zerofox.com/blog/meet-kraken-a-new-golang-botnet-in-development/

/ Oh Snap! More Lemmings: Local Privilege Escalation Vulnerability Discovered in snap-confine (CVE-2021-44731)

https://blog.qualys.com/vulnerabilities-threat-research/2022/02/17/oh-snap-more-lemmings-local-privilege-escalation-vulnerability-discovered-in-snap-confine-cve-2021-44731

Tutorial: Kubernetes Vulnerability Scanning & Testing With Open Source

https://www.conjur.org/blog/tutorial-kubernetes-vulnerability-scanning-testing-with-open-source/

/ Hackers Attach Malicious .exe Files to Teams Conversations

As this popularity grows, hackers will continue to increase how often they target it as a launchpad for phishing and malware attacks:

https://www.avanan.com/blog/hackers-attach-malicious-.exe-files-to-teams-conversations

/ A Modern Ninja: Evasive Trickbot Attacks Customers of 60 High-Profile Companies

Technical review:

https://research.checkpoint.com/2022/a-modern-ninja-evasive-trickbot-attacks-customers-of-60-high-profile-companies/

/ Critical vulnerabilities in Zabbix Web Frontend allow authentication bypass, code execution on servers

https://portswigger.net/daily-swig/critical-vulnerabilities-in-zabbix-web-frontend-allow-authentication-bypass-code-execution-on-servers

/ Steal Credentials & Bypass 2FA Using noVNC

Steal credentials and bypass 2FA by giving users remote access to your server via an HTML5 VNC client that has a browser running in kiosk mode:

https://mrd0x.com/bypass-2fa-using-novnc

/ Expat 2.4.5 released, includes security fixes

Expat is one of the most widely used software libre XML parsers written in C, precisely C99. It is cross-platform and licensed under the MIT license:

https://blog.hartwork.org/posts/expat-2-4-5-released/

/ ‘Ice phishing’ on the blockchain

There are multiple types of phishing attacks in the web3 world. The technology is still nascent, and new types of attacks may emerge. Some attacks look similar to traditional credential phishing attacks observed on web2, but some are unique to web3:

https://www.microsoft.com/security/blog/2022/02/16/ice-phishing-on-the-blockchain/

/ Microsoft Security Best Practices (365 includes)

https://news.1rj.ru/str/sysadm_in_up/1060

and Docker security tips:

https://www.augmentedmind.de/2022/02/20/optimize-docker-image-security/

/ SMS PVA Services' Use of Infected Android Phones Reveals Flaws in SMS Verification

Certain SMS PVA services allow their customers to create disposable user profiles or register multiple accounts on many popular online platforms. These services can be abused by criminals to conduct fraud or other malicious activities.

Tecnical review:

https://www.trendmicro.com/en_us/research/22/b/sms-pva-services-use-of-infected-android-phones-reveals-flaws-in-sms-verification.html

/ Qbot and Zerologon Lead To Full Domain Compromise

The threat actors gained initial access to a Windows workstation through the execution of a malicious DLL. The first activity of QBot was seen 5 minutes after the DLL was executed...

Detailed technical review:

https://thedfirreport.com/2022/02/21/qbot-and-zerologon-lead-to-full-domain-compromise/

/ Linux kernel: heap out of bounds write in nf_dup_netdev.c since 5.4

https://www.openwall.com/lists/oss-security/2022/02/21/2

/ Cobalt Strike Being Distributed to Vulnerable MS-SQL Servers

The ASEC analysis team has recently discovered the distribution of Cobalt Strike targeting MS-SQL servers that are vulnerable to malware attacks.

https://asec.ahnlab.com/en/31811/

/ 6 OpenSSL command options that every sysadmin should know

Look beyond generating certificate signing requests and see how OpenSSL commands can display practical information about certificates:

https://www.redhat.com/sysadmin/6-openssl-commands

Bash Functions in Linux

When writing complex logic in Bash noscripts, it makes sense to group it in reusable functions.
In this quick tutorial, we’re going to take a look at how to define and use Bash functions:

https://www.baeldung.com/linux/bash-functions

/ Cisco Event Response: February 2022 Semiannual Cisco FXOS and NX-OS Software Security Advisory Bundled Publication

Cisco released its semiannual Cisco FXOS and NX-OS Software Security Advisory Bundled Publication on February 23, 2022. In direct response to customer feedback, Cisco releases bundles of Cisco FXOS and NX-OS Software Security Advisories on the fourth Wednesday of the month in February and August of each calendar year:

https://tools.cisco.com/security/center/viewErp.x?alertId=ERP-74834

/ Horde Webmail 5.2.22 - Account Takeover via Email

https://blog.sonarsource.com/horde-webmail-account-takeover-via-email/

/ New Malware Capable of Controlling Social Media Accounts Infects 5,000+ Machines and is actively being Distributed via Gaming Applications on Microsoft’s Official Store

https://research.checkpoint.com/2022/new-malware-capable-of-controlling-social-media-accounts-infects-5000-machines-and-is-actively-being-distributed-via-gaming-applications-on-microsofts-official-store/

Update: Blocky installer noscript is updated

Added new features:
* Backup blocky
* Uninstall blocky
* Self checking blocky installation health

Project repository: https://github.com/m0zgen/blocky-installer

Also you can will try to open BLD DNS project from Sys-Adm.in with based on blocky

Be safe ✌️