/ Expat 2.4.5 released, includes security fixes

Expat is one of the most widely used software libre XML parsers written in C, precisely C99. It is cross-platform and licensed under the MIT license:

https://blog.hartwork.org/posts/expat-2-4-5-released/

/ ‘Ice phishing’ on the blockchain

There are multiple types of phishing attacks in the web3 world. The technology is still nascent, and new types of attacks may emerge. Some attacks look similar to traditional credential phishing attacks observed on web2, but some are unique to web3:

https://www.microsoft.com/security/blog/2022/02/16/ice-phishing-on-the-blockchain/

/ Microsoft Security Best Practices (365 includes)

https://news.1rj.ru/str/sysadm_in_up/1060

and Docker security tips:

https://www.augmentedmind.de/2022/02/20/optimize-docker-image-security/

/ SMS PVA Services' Use of Infected Android Phones Reveals Flaws in SMS Verification

Certain SMS PVA services allow their customers to create disposable user profiles or register multiple accounts on many popular online platforms. These services can be abused by criminals to conduct fraud or other malicious activities.

Tecnical review:

https://www.trendmicro.com/en_us/research/22/b/sms-pva-services-use-of-infected-android-phones-reveals-flaws-in-sms-verification.html

/ Qbot and Zerologon Lead To Full Domain Compromise

The threat actors gained initial access to a Windows workstation through the execution of a malicious DLL. The first activity of QBot was seen 5 minutes after the DLL was executed...

Detailed technical review:

https://thedfirreport.com/2022/02/21/qbot-and-zerologon-lead-to-full-domain-compromise/

/ Linux kernel: heap out of bounds write in nf_dup_netdev.c since 5.4

https://www.openwall.com/lists/oss-security/2022/02/21/2

/ Cobalt Strike Being Distributed to Vulnerable MS-SQL Servers

The ASEC analysis team has recently discovered the distribution of Cobalt Strike targeting MS-SQL servers that are vulnerable to malware attacks.

https://asec.ahnlab.com/en/31811/

/ 6 OpenSSL command options that every sysadmin should know

Look beyond generating certificate signing requests and see how OpenSSL commands can display practical information about certificates:

https://www.redhat.com/sysadmin/6-openssl-commands

Bash Functions in Linux

When writing complex logic in Bash noscripts, it makes sense to group it in reusable functions.
In this quick tutorial, we’re going to take a look at how to define and use Bash functions:

https://www.baeldung.com/linux/bash-functions

/ Cisco Event Response: February 2022 Semiannual Cisco FXOS and NX-OS Software Security Advisory Bundled Publication

Cisco released its semiannual Cisco FXOS and NX-OS Software Security Advisory Bundled Publication on February 23, 2022. In direct response to customer feedback, Cisco releases bundles of Cisco FXOS and NX-OS Software Security Advisories on the fourth Wednesday of the month in February and August of each calendar year:

https://tools.cisco.com/security/center/viewErp.x?alertId=ERP-74834

/ Horde Webmail 5.2.22 - Account Takeover via Email

https://blog.sonarsource.com/horde-webmail-account-takeover-via-email/

/ New Malware Capable of Controlling Social Media Accounts Infects 5,000+ Machines and is actively being Distributed via Gaming Applications on Microsoft’s Official Store

https://research.checkpoint.com/2022/new-malware-capable-of-controlling-social-media-accounts-infects-5000-machines-and-is-actively-being-distributed-via-gaming-applications-on-microsofts-official-store/

Update: Blocky installer noscript is updated

Added new features:
* Backup blocky
* Uninstall blocky
* Self checking blocky installation health

Project repository: https://github.com/m0zgen/blocky-installer

Also you can will try to open BLD DNS project from Sys-Adm.in with based on blocky

Be safe ✌️

/ Zabbix - A Case Study of Unsafe Session Storage

https://blog.sonarsource.com/zabbix-case-study-of-unsafe-session-storage

/ GitLab Critical Security Release: 14.8.2, 14.7.4, and 14.6.5

GitLab strongly recommend that all GitLab installations be upgraded to one of these versions immediately:

https://about.gitlab.com/releases/2022/02/25/critical-security-release-gitlab-14-8-2-released/

/ Windows 11 known issues and notifications

Files might persist after resetting a Windows device...:

https://docs.microsoft.com/en-us/windows/release-health/status-windows-11-21h2

/ (RU) Служба безопасности Яндекс Еды сообщила об утечке информации

https://yandex.ru/company/services_news/2022/01-03-2022

(EN) Yandex Food Security Service reported a leak of information

/ JFrog Discloses 5 Memory Corruption Vulnerabilities in PJSIP – A Popular Multimedia Library

PJSIP supplies an API that can be used by IP telephony applications such as VoIP phones and conference applications. It is used today by the world’s most popular communication applications such as WhatsApp and BlueJeans. PJSIP is also used by Asterisk, the ubiquitous open-source PBX (private branch exchange) implementation:

https://jfrog.com/blog/jfrog-discloses-5-memory-corruption-vulnerabilities-in-pjsip-a-popular-multimedia-library/

/ How I Cracked CONTI Ransomware Group’s Leaked Source Code ZIP File

https://medium.com/@whickey000/how-i-cracked-conti-ransomware-groups-leaked-source-code-zip-file-e15d54663a8

/ Daxin: Stealthy Backdoor Designed for Attacks Against Hardened Networks

Daxin is a backdoor that allows the attacker to perform various operations on the infected computer such as reading and writing arbitrary files.

https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/daxin-backdoor-espionage

/ Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS)

Could allow an authenticated, remote attacker with read/write privileges to the application to write files or execute arbitrary code on the underlying operating system of an affected device as the root user:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-filewrite-87Q5YRk