/ Daxin: Stealthy Backdoor Designed for Attacks Against Hardened Networks
Daxin is a backdoor that allows the attacker to perform various operations on the infected computer such as reading and writing arbitrary files.
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/daxin-backdoor-espionage
Daxin is a backdoor that allows the attacker to perform various operations on the infected computer such as reading and writing arbitrary files.
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/daxin-backdoor-espionage
Security
Daxin: Stealthy Backdoor Designed for Attacks Against Hardened Networks
Espionage tool is the most advanced piece of malware Symantec researchers have seen from China-linked actors.
/ Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS)
Could allow an authenticated, remote attacker with read/write privileges to the application to write files or execute arbitrary code on the underlying operating system of an affected device as the root user:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-filewrite-87Q5YRk
Could allow an authenticated, remote attacker with read/write privileges to the application to write files or execute arbitrary code on the underlying operating system of an affected device as the root user:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-filewrite-87Q5YRk
Cisco
Cisco Security Advisory: Cisco Expressway Series and Cisco TelePresence Video Communication Server Vulnerabilities
Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker with read/write privileges to the application to write…
News: Open BLD DNS Services Updates and Releases
Hi everybody, at the last few month I updated and improved BLD DNS ecosystem and I want to share this news with you:
- Released few bash/go utils for dns checking/testing:
-- https://github.com/m0zgen/check-dns-servers
-- https://github.com/m0zgen/bld-lookup
-- https://github.com/m0zgen/dns-tester
-- https://github.com/m0zgen/mac-dns
- BLD Update Server sources now available for public:
-- https://github.com/m0zgen/bld-server
- Added new worldwide locations to BLD Infrastructure
- BLD DNS Service infrastructure updated and improved for auto-deployment and fast recovery
- New version BLD Service released
- BLD "black-box" mode will implement to all BLD DNS infrastructure
- BLD Service Page has been updated - https://bld.sys-adm.in
If you haven't tried Open BLD DNS Service yet, then try it, I'm sure you and your friends will like it 🙂
Sys-Admin BLD Project website - https://lab.sys-adm.in
Take you care. Peace ✌️
/ Security Vulnerabilities fixed in Firefox 97.0.2, Firefox ESR 91.6.1, Firefox for Android 97.3.0, and Focus 97.3.0
Update your browser as possible:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-09/
Update your browser as possible:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-09/
Mozilla
Security Vulnerabilities fixed in Firefox 97.0.2, Firefox ESR 91.6.1, Firefox for Android 97.3.0, and Focus 97.3.0
/ Security Notice: NVIDIA Response to Security Incident - March 2022
https://nvidia.custhelp.com/app/answers/detail/a_id/5333
https://nvidia.custhelp.com/app/answers/detail/a_id/5333
/ New Linux Vulnerability CVE-2022-0492 Affecting Cgroups: Can Containers Escape?
https://unit42.paloaltonetworks.com/cve-2022-0492-cgroups/
https://unit42.paloaltonetworks.com/cve-2022-0492-cgroups/
Unit 42
New Linux Vulnerability CVE-2022-0492 Affecting Cgroups: Can Containers Escape?
CVE-2022-0492 is the third recent kernel vulnerability that allows malicious containers to escape. We offer root cause analysis and mitigations.
/ CVE-2022-0847: Linux kernel: overwriting read-only files
https://www.openwall.com/lists/oss-security/2022/03/07/1
https://www.openwall.com/lists/oss-security/2022/03/07/1
/ TCP Middlebox Reflection: Coming to a DDoS Near You
https://www.akamai.com/blog/security/tcp-middlebox-reflection
https://www.akamai.com/blog/security/tcp-middlebox-reflection
Akamai
TCP Middlebox Reflection: Coming to a DDoS Near You | Akamai
Over the past week, Akamai Security Researchers have detected and analyzed a series of TCP reflection attacks, peaking at 11 Gbps at 1.5 Mpps, that were leveled against Akamai customers. The attack, amplified with a technique called TCP Middlebox Reflection…
Forwarded from Sys-Admin Up (Yevgeniy Goncharov)
45 Fun (and Unique) Python Project Ideas for Easy Learning
https://www.dataquest.io/blog/python-projects-for-beginners/
https://www.dataquest.io/blog/python-projects-for-beginners/
Dataquest
Python Projects: 60+ Ideas for Beginners to Advanced (2025)
Building Python projects is the ultimate learning tool. Here are over 60 Python project ideas for beginners and beyond you can tackle today.
/ Remote Desktop Client Remote Code Execution Vulnerability
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21990
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21990
/ AutoWarp: Critical Cross-Account Vulnerability in Microsoft Azure Automation Service
AutoWarp is a critical vulnerability in the Azure Automation service that allowed unauthorized access to other Azure customer accounts using the service. This attack could mean full control over resources and data belonging to the targeted account, depending on the permissions assigned by the customer:
https://orca.security/resources/blog/autowarp-microsoft-azure-automation-service-vulnerability/
AutoWarp is a critical vulnerability in the Azure Automation service that allowed unauthorized access to other Azure customer accounts using the service. This attack could mean full control over resources and data belonging to the targeted account, depending on the permissions assigned by the customer:
https://orca.security/resources/blog/autowarp-microsoft-azure-automation-service-vulnerability/
Orca Security
AutoWarp: Azure Automation Vulnerability | Orca Research Pod
AutoWarp is a critical vulnerability in Microsoft Azure Automation Service that allows unauthorized access to other customer accounts using the service.
/ Detecting Kerberos Relaying Attacks
In this post, I’ll explain a way to detect these methods and provide you with Microsoft Defender for Endpoint and Sentinel KQL queries:
https://posts.bluraven.io/detecting-kerberos-relaying-e6be66fa647c
In this post, I’ll explain a way to detect these methods and provide you with Microsoft Defender for Endpoint and Sentinel KQL queries:
https://posts.bluraven.io/detecting-kerberos-relaying-e6be66fa647c
Medium
Detecting Kerberos Relaying Attacks
Detecting Kerberos relaying attacks published by cube0x0 (KrbRelay) and by Dirk-jan (krbrelayx)
/ Repeatable Firmware Security Failures: 16 High Impact Vulnerabilities Discovered In HP Devices
https://binarly.io/posts/Repeatable_Firmware_Security_Failures_16_High_Impact_Vulnerabilities_Discovered_in_HP_Devices/index.html
https://binarly.io/posts/Repeatable_Firmware_Security_Failures_16_High_Impact_Vulnerabilities_Discovered_in_HP_Devices/index.html
/ Guidance for CVE-2022-23278 spoofing in Microsoft Defender for Endpoint
Microsoft released a security update to address CVE-2022-23278 in Microsoft Defender for Endpoint. This important class spoofing vulnerability impacts all platforms. We wish to thank Falcon Force for the collaboration on addressing this issue through coordinated vulnerability disclosure:
https://msrc-blog.microsoft.com/2022/03/08/guidance-for-cve-2022-23278-spoofing-in-microsoft-defender-for-endpoint/
Microsoft released a security update to address CVE-2022-23278 in Microsoft Defender for Endpoint. This important class spoofing vulnerability impacts all platforms. We wish to thank Falcon Force for the collaboration on addressing this issue through coordinated vulnerability disclosure:
https://msrc-blog.microsoft.com/2022/03/08/guidance-for-cve-2022-23278-spoofing-in-microsoft-defender-for-endpoint/
/ Multiple vulnerabilites in Siemens products
Siemens ProductCERT discloses the required information necessary for operators to assess the impact of a security vulnerability:
https://new.siemens.com/global/en/products/services/cert.html
Siemens ProductCERT discloses the required information necessary for operators to assess the impact of a security vulnerability:
https://new.siemens.com/global/en/products/services/cert.html
Siemens
Siemens ProductCERT and Siemens CERT
The central expert teams for immediate response to security threats and issues affecting Siemens products, solutions, services, or infrastructure.
/ TLStorm: Three critical vulnerabilities discovered in APC Smart-UPS devices can allow attackers to remotely manipulate the power of millions of enterprise devices.
https://www.armis.com/research/tlstorm/
https://www.armis.com/research/tlstorm/
Armis
TLStorm
Vulnerabilities discovered in APC Smart-UPS devices can expose organizations to remote attack. Explore Armis research on TLStorm.
/ On the Effectiveness of Hardware Mitigations Against Cross-Privilege Spectre-v2 Attacks
https://www.vusec.net/projects/bhi-spectre-bhb/
https://www.vusec.net/projects/bhi-spectre-bhb/
vusec
Branch History Injection - vusec
BHI (or Spectre-BHB) is a revival of cross-privilege Spectre-v2 attacks on modern systems deploying in-hardware defenses. And we have a very neat end-to-end exploit leaking arbitrary kernel memory on modern Intel CPUs to prove it
Forwarded from Sys-Admin Up (Yevgeniy Goncharov)
systemd-homed - service providing portable human-user accounts that are not dependent on current system configuration
https://wiki.archlinux.org/noscript/Systemd-homed
https://wiki.archlinux.org/noscript/Systemd-homed
/ CVE-2022-26143: TP240PhoneHome Reflection/Amplification DDoS Attack Vector
A new reflection/amplification distributed denial-of-service (DDoS) vector with a record-breaking potential amplification ratio of 4,294,967,296:1 has been abused by attackers in the wild to launch multiple high-impact DDoS attacks:
https://www.akamai.com/blog/security/phone-home-ddos-attack-vector
A new reflection/amplification distributed denial-of-service (DDoS) vector with a record-breaking potential amplification ratio of 4,294,967,296:1 has been abused by attackers in the wild to launch multiple high-impact DDoS attacks:
https://www.akamai.com/blog/security/phone-home-ddos-attack-vector
Akamai
Akamai Blog | CVE-2022-26143: TP240PhoneHome Reflection/Amplification DDoS Attack Vector
A new reflection/amplification distributed denial of service (DDoS) vector with a record-breaking potential amplification ratio of 4,294,967,296:1 has been abused by attackers in the wild to launch multiple high-impact DDoS attacks.