/ GitLab Critical Security Release: 14.8.2, 14.7.4, and 14.6.5

GitLab strongly recommend that all GitLab installations be upgraded to one of these versions immediately:

https://about.gitlab.com/releases/2022/02/25/critical-security-release-gitlab-14-8-2-released/

/ Windows 11 known issues and notifications

Files might persist after resetting a Windows device...:

https://docs.microsoft.com/en-us/windows/release-health/status-windows-11-21h2

/ (RU) Служба безопасности Яндекс Еды сообщила об утечке информации

https://yandex.ru/company/services_news/2022/01-03-2022

(EN) Yandex Food Security Service reported a leak of information

/ JFrog Discloses 5 Memory Corruption Vulnerabilities in PJSIP – A Popular Multimedia Library

PJSIP supplies an API that can be used by IP telephony applications such as VoIP phones and conference applications. It is used today by the world’s most popular communication applications such as WhatsApp and BlueJeans. PJSIP is also used by Asterisk, the ubiquitous open-source PBX (private branch exchange) implementation:

https://jfrog.com/blog/jfrog-discloses-5-memory-corruption-vulnerabilities-in-pjsip-a-popular-multimedia-library/

/ How I Cracked CONTI Ransomware Group’s Leaked Source Code ZIP File

https://medium.com/@whickey000/how-i-cracked-conti-ransomware-groups-leaked-source-code-zip-file-e15d54663a8

/ Daxin: Stealthy Backdoor Designed for Attacks Against Hardened Networks

Daxin is a backdoor that allows the attacker to perform various operations on the infected computer such as reading and writing arbitrary files.

https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/daxin-backdoor-espionage

/ Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS)

Could allow an authenticated, remote attacker with read/write privileges to the application to write files or execute arbitrary code on the underlying operating system of an affected device as the root user:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-filewrite-87Q5YRk

 
News: Open BLD DNS Services Updates and Releases

Hi everybody, at the last few month I updated and improved BLD DNS ecosystem and I want to share this news with you:

- Released few bash/go utils for dns checking/testing:
-- https://github.com/m0zgen/check-dns-servers
-- https://github.com/m0zgen/bld-lookup
-- https://github.com/m0zgen/dns-tester
-- https://github.com/m0zgen/mac-dns

- BLD Update Server sources now available for public:
-- https://github.com/m0zgen/bld-server

- Added new worldwide locations to BLD Infrastructure
- BLD DNS Service infrastructure updated and improved for auto-deployment and fast recovery
- New version BLD Service released
- BLD "black-box" mode will implement to all BLD DNS infrastructure
- BLD Service Page has been updated - https://bld.sys-adm.in

If you haven't tried Open BLD DNS Service yet, then try it, I'm sure you and your friends will like it 🙂

Sys-Admin BLD Project website - https://lab.sys-adm.in

Take you care. Peace ✌️
 

/ Security Vulnerabilities fixed in Firefox 97.0.2, Firefox ESR 91.6.1, Firefox for Android 97.3.0, and Focus 97.3.0

Update your browser as possible:

https://www.mozilla.org/en-US/security/advisories/mfsa2022-09/

/ Security Notice: NVIDIA Response to Security Incident - March 2022

https://nvidia.custhelp.com/app/answers/detail/a_id/5333

/ New Linux Vulnerability CVE-2022-0492 Affecting Cgroups: Can Containers Escape?

https://unit42.paloaltonetworks.com/cve-2022-0492-cgroups/

/ CVE-2022-0847: Linux kernel: overwriting read-only files

https://www.openwall.com/lists/oss-security/2022/03/07/1

/ TCP Middlebox Reflection: Coming to a DDoS Near You

https://www.akamai.com/blog/security/tcp-middlebox-reflection

/ RagnarLocker Ransomware Indicators of Compromise

https://www.ic3.gov/Media/News/2022/220307.pdf

/ Remote Desktop Client Remote Code Execution Vulnerability

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21990

/ AutoWarp: Critical Cross-Account Vulnerability in Microsoft Azure Automation Service

AutoWarp is a critical vulnerability in the Azure Automation service that allowed unauthorized access to other Azure customer accounts using the service. This attack could mean full control over resources and data belonging to the targeted account, depending on the permissions assigned by the customer:

https://orca.security/resources/blog/autowarp-microsoft-azure-automation-service-vulnerability/

/ Detecting Kerberos Relaying Attacks

In this post, I’ll explain a way to detect these methods and provide you with Microsoft Defender for Endpoint and Sentinel KQL queries:

https://posts.bluraven.io/detecting-kerberos-relaying-e6be66fa647c

/ Repeatable Firmware Security Failures: 16 High Impact Vulnerabilities Discovered In HP Devices

https://binarly.io/posts/Repeatable_Firmware_Security_Failures_16_High_Impact_Vulnerabilities_Discovered_in_HP_Devices/index.html

/ Guidance for CVE-2022-23278 spoofing in Microsoft Defender for Endpoint

Microsoft released a security update to address CVE-2022-23278 in Microsoft Defender for Endpoint. This important class spoofing vulnerability impacts all platforms. We wish to thank Falcon Force for the collaboration on addressing this issue through coordinated vulnerability disclosure:

https://msrc-blog.microsoft.com/2022/03/08/guidance-for-cve-2022-23278-spoofing-in-microsoft-defender-for-endpoint/

/ Multiple vulnerabilites in Siemens products

Siemens ProductCERT discloses the required information necessary for operators to assess the impact of a security vulnerability:

https://new.siemens.com/global/en/products/services/cert.html