/ SMS PVA Services' Use of Infected Android Phones Reveals Flaws in SMS Verification
Certain SMS PVA services allow their customers to create disposable user profiles or register multiple accounts on many popular online platforms. These services can be abused by criminals to conduct fraud or other malicious activities.
Tecnical review:
https://www.trendmicro.com/en_us/research/22/b/sms-pva-services-use-of-infected-android-phones-reveals-flaws-in-sms-verification.html
Certain SMS PVA services allow their customers to create disposable user profiles or register multiple accounts on many popular online platforms. These services can be abused by criminals to conduct fraud or other malicious activities.
Tecnical review:
https://www.trendmicro.com/en_us/research/22/b/sms-pva-services-use-of-infected-android-phones-reveals-flaws-in-sms-verification.html
Trend Micro
SMS PVA Services' Use of Infected Android Phones Reveals Flaws in SMS Verification
/ Qbot and Zerologon Lead To Full Domain Compromise
The threat actors gained initial access to a Windows workstation through the execution of a malicious DLL. The first activity of QBot was seen 5 minutes after the DLL was executed...
Detailed technical review:
https://thedfirreport.com/2022/02/21/qbot-and-zerologon-lead-to-full-domain-compromise/
The threat actors gained initial access to a Windows workstation through the execution of a malicious DLL. The first activity of QBot was seen 5 minutes after the DLL was executed...
Detailed technical review:
https://thedfirreport.com/2022/02/21/qbot-and-zerologon-lead-to-full-domain-compromise/
The DFIR Report
Qbot and Zerologon Lead To Full Domain Compromise
In this intrusion (from November 2021), a threat actor gained its initial foothold in the environment through the use of Qbot (a.k.a. Quakbot/Qakbot) malware. Soon after execution of the Qbot paylo…
/ Linux kernel: heap out of bounds write in nf_dup_netdev.c since 5.4
https://www.openwall.com/lists/oss-security/2022/02/21/2
https://www.openwall.com/lists/oss-security/2022/02/21/2
/ Cobalt Strike Being Distributed to Vulnerable MS-SQL Servers
The ASEC analysis team has recently discovered the distribution of Cobalt Strike targeting MS-SQL servers that are vulnerable to malware attacks.
https://asec.ahnlab.com/en/31811/
The ASEC analysis team has recently discovered the distribution of Cobalt Strike targeting MS-SQL servers that are vulnerable to malware attacks.
https://asec.ahnlab.com/en/31811/
ASEC
Cobalt Strike Being Distributed to Unsecured MS-SQL Servers - ASEC
Cobalt Strike Being Distributed to Unsecured MS-SQL Servers ASEC
/ 6 OpenSSL command options that every sysadmin should know
Look beyond generating certificate signing requests and see how OpenSSL commands can display practical information about certificates:
https://www.redhat.com/sysadmin/6-openssl-commands
Look beyond generating certificate signing requests and see how OpenSSL commands can display practical information about certificates:
https://www.redhat.com/sysadmin/6-openssl-commands
Redhat
6 OpenSSL command options that every sysadmin should know
Transport layer security (TLS) is an important part of any security strategy, and applications beyond web servers increasingly take advantage of the protecti...
Forwarded from Sys-Admin Up (Yevgeniy Goncharov)
Bash Functions in Linux
When writing complex logic in Bash noscripts, it makes sense to group it in reusable functions.
In this quick tutorial, we’re going to take a look at how to define and use Bash functions:
https://www.baeldung.com/linux/bash-functions
When writing complex logic in Bash noscripts, it makes sense to group it in reusable functions.
In this quick tutorial, we’re going to take a look at how to define and use Bash functions:
https://www.baeldung.com/linux/bash-functions
Baeldung on Linux
Bash Functions in Linux | Baeldung on Linux
Learn how to define and use Bash functions
/ Cisco Event Response: February 2022 Semiannual Cisco FXOS and NX-OS Software Security Advisory Bundled Publication
Cisco released its semiannual Cisco FXOS and NX-OS Software Security Advisory Bundled Publication on February 23, 2022. In direct response to customer feedback, Cisco releases bundles of Cisco FXOS and NX-OS Software Security Advisories on the fourth Wednesday of the month in February and August of each calendar year:
https://tools.cisco.com/security/center/viewErp.x?alertId=ERP-74834
Cisco released its semiannual Cisco FXOS and NX-OS Software Security Advisory Bundled Publication on February 23, 2022. In direct response to customer feedback, Cisco releases bundles of Cisco FXOS and NX-OS Software Security Advisories on the fourth Wednesday of the month in February and August of each calendar year:
https://tools.cisco.com/security/center/viewErp.x?alertId=ERP-74834
/ Horde Webmail 5.2.22 - Account Takeover via Email
https://blog.sonarsource.com/horde-webmail-account-takeover-via-email/
https://blog.sonarsource.com/horde-webmail-account-takeover-via-email/
Sonarsource
Horde Webmail 5.2.22 - Account Takeover via Email
We recently discovered a code vulnerability in Horde Webmail that can be used by attackers to take over email accounts by sending a malicious email.
/ New Malware Capable of Controlling Social Media Accounts Infects 5,000+ Machines and is actively being Distributed via Gaming Applications on Microsoft’s Official Store
https://research.checkpoint.com/2022/new-malware-capable-of-controlling-social-media-accounts-infects-5000-machines-and-is-actively-being-distributed-via-gaming-applications-on-microsofts-official-store/
https://research.checkpoint.com/2022/new-malware-capable-of-controlling-social-media-accounts-infects-5000-machines-and-is-actively-being-distributed-via-gaming-applications-on-microsofts-official-store/
Check Point Research
New Malware Capable of Controlling Social Media Accounts Infects 5,000+ Machines and is actively being Distributed via Gaming Applications…
Popular games such as “Temple Run” or “Subway Surfer” were found to be malicious Attackers can use the installed malware as a backdoor in order to gain full control on the victim’s machine Most of the victims are from Sweden, Bulgaria, Russia, Bermuda and…
Update: Blocky installer noscript is updated
Added new features:
* Backup blocky
* Uninstall blocky
* Self checking blocky installation health
Project repository: https://github.com/m0zgen/blocky-installer
Also you can will try to open BLD DNS project from Sys-Adm.in with based on blocky
Be safe ✌️
Added new features:
* Backup blocky
* Uninstall blocky
* Self checking blocky installation health
Project repository: https://github.com/m0zgen/blocky-installer
Also you can will try to open BLD DNS project from Sys-Adm.in with based on blocky
Be safe ✌️
GitHub
GitHub - m0zgen/blocky-installer: 🧩 Install Blocky on to CentOS, Fedora, Debian, Ubuntu Linux
🧩 Install Blocky on to CentOS, Fedora, Debian, Ubuntu Linux - GitHub - m0zgen/blocky-installer: 🧩 Install Blocky on to CentOS, Fedora, Debian, Ubuntu Linux
/ Zabbix - A Case Study of Unsafe Session Storage
https://blog.sonarsource.com/zabbix-case-study-of-unsafe-session-storage
https://blog.sonarsource.com/zabbix-case-study-of-unsafe-session-storage
Sonarsource
Zabbix - A Case Study of Unsafe Session Storage
In this article we discuss the security of client-side session storages and analyze a vulnerable implementation in the IT monitoring solution Zabbix.
/ GitLab Critical Security Release: 14.8.2, 14.7.4, and 14.6.5
GitLab strongly recommend that all GitLab installations be upgraded to one of these versions immediately:
https://about.gitlab.com/releases/2022/02/25/critical-security-release-gitlab-14-8-2-released/
GitLab strongly recommend that all GitLab installations be upgraded to one of these versions immediately:
https://about.gitlab.com/releases/2022/02/25/critical-security-release-gitlab-14-8-2-released/
GitLab
GitLab Critical Security Release: 14.8.2, 14.7.4, and 14.6.5
Learn more about GitLab Critical Security Release: 14.8.2, 14.7.4, and 14.6.5 for GitLab Community Edition (CE) and Enterprise Edition (EE).
/ Windows 11 known issues and notifications
Files might persist after resetting a Windows device...:
https://docs.microsoft.com/en-us/windows/release-health/status-windows-11-21h2
Files might persist after resetting a Windows device...:
https://docs.microsoft.com/en-us/windows/release-health/status-windows-11-21h2
Docs
Windows 11, version 21H2 known issues and notifications
View announcements and review known issues and fixes for Windows 11, version 21H2
/ (RU) Служба безопасности Яндекс Еды сообщила об утечке информации
https://yandex.ru/company/services_news/2022/01-03-2022
(EN) Yandex Food Security Service reported a leak of information
https://yandex.ru/company/services_news/2022/01-03-2022
(EN) Yandex Food Security Service reported a leak of information
Компания Яндекс
Служба безопасности Яндекс Еды сообщила об утечке информации
Служба информационной безопасности Яндекс Еды выявила утечку информации. В результате недобросовестных действий одного из сотрудников в интернете были опубликованы телефоны клиентов и информация об их заказах: состав, время доставки и так далее. Утечка не…
/ JFrog Discloses 5 Memory Corruption Vulnerabilities in PJSIP – A Popular Multimedia Library
PJSIP supplies an API that can be used by IP telephony applications such as VoIP phones and conference applications. It is used today by the world’s most popular communication applications such as WhatsApp and BlueJeans. PJSIP is also used by Asterisk, the ubiquitous open-source PBX (private branch exchange) implementation:
https://jfrog.com/blog/jfrog-discloses-5-memory-corruption-vulnerabilities-in-pjsip-a-popular-multimedia-library/
PJSIP supplies an API that can be used by IP telephony applications such as VoIP phones and conference applications. It is used today by the world’s most popular communication applications such as WhatsApp and BlueJeans. PJSIP is also used by Asterisk, the ubiquitous open-source PBX (private branch exchange) implementation:
https://jfrog.com/blog/jfrog-discloses-5-memory-corruption-vulnerabilities-in-pjsip-a-popular-multimedia-library/
JFrog
JFrog Discloses 5 Memory Corruption Vulnerabilities in PJSIP - A Popular Multimedia Library
Update 03/03/22 – Added clarification about vulnerable applications JFrog’s Security Research team is constantly looking for new and previously unknown security vulnerabilities in popular open-source projects to help improve their security posture. As part…
/ How I Cracked CONTI Ransomware Group’s Leaked Source Code ZIP File
https://medium.com/@whickey000/how-i-cracked-conti-ransomware-groups-leaked-source-code-zip-file-e15d54663a8
https://medium.com/@whickey000/how-i-cracked-conti-ransomware-groups-leaked-source-code-zip-file-e15d54663a8
Medium
How I Cracked CONTI Ransomware Group’s Leaked Source Code ZIP File
Leaker posted full zip with password
/ Daxin: Stealthy Backdoor Designed for Attacks Against Hardened Networks
Daxin is a backdoor that allows the attacker to perform various operations on the infected computer such as reading and writing arbitrary files.
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/daxin-backdoor-espionage
Daxin is a backdoor that allows the attacker to perform various operations on the infected computer such as reading and writing arbitrary files.
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/daxin-backdoor-espionage
Security
Daxin: Stealthy Backdoor Designed for Attacks Against Hardened Networks
Espionage tool is the most advanced piece of malware Symantec researchers have seen from China-linked actors.
/ Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS)
Could allow an authenticated, remote attacker with read/write privileges to the application to write files or execute arbitrary code on the underlying operating system of an affected device as the root user:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-filewrite-87Q5YRk
Could allow an authenticated, remote attacker with read/write privileges to the application to write files or execute arbitrary code on the underlying operating system of an affected device as the root user:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-filewrite-87Q5YRk
Cisco
Cisco Security Advisory: Cisco Expressway Series and Cisco TelePresence Video Communication Server Vulnerabilities
Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker with read/write privileges to the application to write…
News: Open BLD DNS Services Updates and Releases
Hi everybody, at the last few month I updated and improved BLD DNS ecosystem and I want to share this news with you:
- Released few bash/go utils for dns checking/testing:
-- https://github.com/m0zgen/check-dns-servers
-- https://github.com/m0zgen/bld-lookup
-- https://github.com/m0zgen/dns-tester
-- https://github.com/m0zgen/mac-dns
- BLD Update Server sources now available for public:
-- https://github.com/m0zgen/bld-server
- Added new worldwide locations to BLD Infrastructure
- BLD DNS Service infrastructure updated and improved for auto-deployment and fast recovery
- New version BLD Service released
- BLD "black-box" mode will implement to all BLD DNS infrastructure
- BLD Service Page has been updated - https://bld.sys-adm.in
If you haven't tried Open BLD DNS Service yet, then try it, I'm sure you and your friends will like it 🙂
Sys-Admin BLD Project website - https://lab.sys-adm.in
Take you care. Peace ✌️
/ Security Vulnerabilities fixed in Firefox 97.0.2, Firefox ESR 91.6.1, Firefox for Android 97.3.0, and Focus 97.3.0
Update your browser as possible:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-09/
Update your browser as possible:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-09/
Mozilla
Security Vulnerabilities fixed in Firefox 97.0.2, Firefox ESR 91.6.1, Firefox for Android 97.3.0, and Focus 97.3.0
/ Security Notice: NVIDIA Response to Security Incident - March 2022
https://nvidia.custhelp.com/app/answers/detail/a_id/5333
https://nvidia.custhelp.com/app/answers/detail/a_id/5333