/ Remote Desktop Client Remote Code Execution Vulnerability
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21990
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21990
/ AutoWarp: Critical Cross-Account Vulnerability in Microsoft Azure Automation Service
AutoWarp is a critical vulnerability in the Azure Automation service that allowed unauthorized access to other Azure customer accounts using the service. This attack could mean full control over resources and data belonging to the targeted account, depending on the permissions assigned by the customer:
https://orca.security/resources/blog/autowarp-microsoft-azure-automation-service-vulnerability/
AutoWarp is a critical vulnerability in the Azure Automation service that allowed unauthorized access to other Azure customer accounts using the service. This attack could mean full control over resources and data belonging to the targeted account, depending on the permissions assigned by the customer:
https://orca.security/resources/blog/autowarp-microsoft-azure-automation-service-vulnerability/
Orca Security
AutoWarp: Azure Automation Vulnerability | Orca Research Pod
AutoWarp is a critical vulnerability in Microsoft Azure Automation Service that allows unauthorized access to other customer accounts using the service.
/ Detecting Kerberos Relaying Attacks
In this post, I’ll explain a way to detect these methods and provide you with Microsoft Defender for Endpoint and Sentinel KQL queries:
https://posts.bluraven.io/detecting-kerberos-relaying-e6be66fa647c
In this post, I’ll explain a way to detect these methods and provide you with Microsoft Defender for Endpoint and Sentinel KQL queries:
https://posts.bluraven.io/detecting-kerberos-relaying-e6be66fa647c
Medium
Detecting Kerberos Relaying Attacks
Detecting Kerberos relaying attacks published by cube0x0 (KrbRelay) and by Dirk-jan (krbrelayx)
/ Repeatable Firmware Security Failures: 16 High Impact Vulnerabilities Discovered In HP Devices
https://binarly.io/posts/Repeatable_Firmware_Security_Failures_16_High_Impact_Vulnerabilities_Discovered_in_HP_Devices/index.html
https://binarly.io/posts/Repeatable_Firmware_Security_Failures_16_High_Impact_Vulnerabilities_Discovered_in_HP_Devices/index.html
/ Guidance for CVE-2022-23278 spoofing in Microsoft Defender for Endpoint
Microsoft released a security update to address CVE-2022-23278 in Microsoft Defender for Endpoint. This important class spoofing vulnerability impacts all platforms. We wish to thank Falcon Force for the collaboration on addressing this issue through coordinated vulnerability disclosure:
https://msrc-blog.microsoft.com/2022/03/08/guidance-for-cve-2022-23278-spoofing-in-microsoft-defender-for-endpoint/
Microsoft released a security update to address CVE-2022-23278 in Microsoft Defender for Endpoint. This important class spoofing vulnerability impacts all platforms. We wish to thank Falcon Force for the collaboration on addressing this issue through coordinated vulnerability disclosure:
https://msrc-blog.microsoft.com/2022/03/08/guidance-for-cve-2022-23278-spoofing-in-microsoft-defender-for-endpoint/
/ Multiple vulnerabilites in Siemens products
Siemens ProductCERT discloses the required information necessary for operators to assess the impact of a security vulnerability:
https://new.siemens.com/global/en/products/services/cert.html
Siemens ProductCERT discloses the required information necessary for operators to assess the impact of a security vulnerability:
https://new.siemens.com/global/en/products/services/cert.html
Siemens
Siemens ProductCERT and Siemens CERT
The central expert teams for immediate response to security threats and issues affecting Siemens products, solutions, services, or infrastructure.
/ TLStorm: Three critical vulnerabilities discovered in APC Smart-UPS devices can allow attackers to remotely manipulate the power of millions of enterprise devices.
https://www.armis.com/research/tlstorm/
https://www.armis.com/research/tlstorm/
Armis
TLStorm
Vulnerabilities discovered in APC Smart-UPS devices can expose organizations to remote attack. Explore Armis research on TLStorm.
/ On the Effectiveness of Hardware Mitigations Against Cross-Privilege Spectre-v2 Attacks
https://www.vusec.net/projects/bhi-spectre-bhb/
https://www.vusec.net/projects/bhi-spectre-bhb/
vusec
Branch History Injection - vusec
BHI (or Spectre-BHB) is a revival of cross-privilege Spectre-v2 attacks on modern systems deploying in-hardware defenses. And we have a very neat end-to-end exploit leaking arbitrary kernel memory on modern Intel CPUs to prove it
Forwarded from Sys-Admin Up (Yevgeniy Goncharov)
systemd-homed - service providing portable human-user accounts that are not dependent on current system configuration
https://wiki.archlinux.org/noscript/Systemd-homed
https://wiki.archlinux.org/noscript/Systemd-homed
/ CVE-2022-26143: TP240PhoneHome Reflection/Amplification DDoS Attack Vector
A new reflection/amplification distributed denial-of-service (DDoS) vector with a record-breaking potential amplification ratio of 4,294,967,296:1 has been abused by attackers in the wild to launch multiple high-impact DDoS attacks:
https://www.akamai.com/blog/security/phone-home-ddos-attack-vector
A new reflection/amplification distributed denial-of-service (DDoS) vector with a record-breaking potential amplification ratio of 4,294,967,296:1 has been abused by attackers in the wild to launch multiple high-impact DDoS attacks:
https://www.akamai.com/blog/security/phone-home-ddos-attack-vector
Akamai
Akamai Blog | CVE-2022-26143: TP240PhoneHome Reflection/Amplification DDoS Attack Vector
A new reflection/amplification distributed denial of service (DDoS) vector with a record-breaking potential amplification ratio of 4,294,967,296:1 has been abused by attackers in the wild to launch multiple high-impact DDoS attacks.
Forwarded from Yevgeniy Goncharov
News. Update. Новый сервер в BLD инфраструктуре. Debian is here.
Всем привет, у меня несколько хороших новостей:
1. Нам дали в дар вирутальный сервер с локацией в Алматы, с очень хорошими параметрами. Помощь оказал хостинг, который уже более 10 лет так или иначе по возможности безвозмездно помогает проектам Sys-Adm.in, а я сам лично столько же времени пользуюсь KVM серверами у данного хостера, за что Большое Спасибо (@ruzmat big respect ✌️) по больше бы таких людей и компаний - https://unihost.kz
2. Сервер, согласно роадмапу развития BLD DNS и стремлению освоить что-то новое - конечно же будет на Debian (спасибо @ky3bmu4 за постоянные напоминания о преимуществах Debian). Сегодня этот сервер встанет в строй инфраструктуры BLD DNS. Оказалось ничего сложного нет (я сам был сторонником RHEL с RHCSA - всегда топил за CentOS/Fedora и соответсвенно всегда и везде их использовал) теперь вот что-то новенькое.
3. Все же временное решение на NGINX как прокси форвардер я снова отправляю в топку (уже в третий раз), возможно теперь это будет или собственными руками написанный сервис или это будет какой-нибудь dns прокси.
4. На сайт Sys-Adm.in лаборатории добавится новый раздел с логотипами компаний, которые безвозмездно помогают или будут помогать проекту, со ссылками (или без) на сайты этих компаний, это малое, что могу сделать в знак благодарности.
Кто готов оказать помощь открытому проекту - welcome, количество запросов растет, любая помощь будет полезна (как минмиум фидбек о тестировании).
Для коммерческих же структур, считаю помогать открытм проектам не только престижно, но и полезно (для кармы в том числе).
Всем хоп, PEACE ✌️
Всем привет, у меня несколько хороших новостей:
1. Нам дали в дар вирутальный сервер с локацией в Алматы, с очень хорошими параметрами. Помощь оказал хостинг, который уже более 10 лет так или иначе по возможности безвозмездно помогает проектам Sys-Adm.in, а я сам лично столько же времени пользуюсь KVM серверами у данного хостера, за что Большое Спасибо (@ruzmat big respect ✌️) по больше бы таких людей и компаний - https://unihost.kz
2. Сервер, согласно роадмапу развития BLD DNS и стремлению освоить что-то новое - конечно же будет на Debian (спасибо @ky3bmu4 за постоянные напоминания о преимуществах Debian). Сегодня этот сервер встанет в строй инфраструктуры BLD DNS. Оказалось ничего сложного нет (я сам был сторонником RHEL с RHCSA - всегда топил за CentOS/Fedora и соответсвенно всегда и везде их использовал) теперь вот что-то новенькое.
3. Все же временное решение на NGINX как прокси форвардер я снова отправляю в топку (уже в третий раз), возможно теперь это будет или собственными руками написанный сервис или это будет какой-нибудь dns прокси.
4. На сайт Sys-Adm.in лаборатории добавится новый раздел с логотипами компаний, которые безвозмездно помогают или будут помогать проекту, со ссылками (или без) на сайты этих компаний, это малое, что могу сделать в знак благодарности.
Кто готов оказать помощь открытому проекту - welcome, количество запросов растет, любая помощь будет полезна (как минмиум фидбек о тестировании).
Для коммерческих же структур, считаю помогать открытм проектам не только престижно, но и полезно (для кармы в том числе).
Всем хоп, PEACE ✌️
AbereBot Returns As Escobar
Cyble Research Labs has identified new features in this Aberebot variant, such as stealing data from Google Authenticator and taking the control of compromised device screens using VNC, etc:
https://blog.cyble.com/2022/03/10/aberebot-returns-as-escobar/
Cyble Research Labs has identified new features in this Aberebot variant, such as stealing data from Google Authenticator and taking the control of compromised device screens using VNC, etc:
https://blog.cyble.com/2022/03/10/aberebot-returns-as-escobar/
/ Apple Patching Multiple Vulnerabilities
About the security content of macOS Monterey 12.3
https://support.apple.com/en-us/HT213183
About the security content of macOS Big Sur 11.6.5
https://support.apple.com/en-us/HT213184
About the security content of tvOS 15.4
https://support.apple.com/en-us/HT213186
About the security content of macOS Monterey 12.3
https://support.apple.com/en-us/HT213183
About the security content of macOS Big Sur 11.6.5
https://support.apple.com/en-us/HT213184
About the security content of tvOS 15.4
https://support.apple.com/en-us/HT213186
Apple Support
About the security content of macOS Monterey 12.3
This document describes the security content of macOS Monterey 12.3.
/ WordPress 5.9.2 Security Update Fixes XSS and Prototype Pollution Vulnerabilities
The high-severity issue affects version 5.9.0 and 5.9.1 and allows contributor-level users and above to insert malicious JavaScript into WordPress posts:
https://www.wordfence.com/blog/2022/03/wordpress-5-9-2-security-update-fixes-xss-and-prototype-pollution-vulnerabilities/
The high-severity issue affects version 5.9.0 and 5.9.1 and allows contributor-level users and above to insert malicious JavaScript into WordPress posts:
https://www.wordfence.com/blog/2022/03/wordpress-5-9-2-security-update-fixes-xss-and-prototype-pollution-vulnerabilities/
Wordfence
WordPress 5.9.2 Security Update Fixes XSS and Prototype Pollution Vulnerabilities
Last night, just after 6pm Pacific time, on Thursday March 10, 2022, the WordPress core team released WordPress version 5.9.2, which contains security patches for a high-severity vulnerability as well as two medium-severity issues. The high-severity issue…
/ Youtube Vanced project is now discontinued! Goodbye Vanced
:(
https://xiaomiui.net/youtube-vanced-project-is-now-discontinued-goodbye-vanced-12812/
:(
https://xiaomiui.net/youtube-vanced-project-is-now-discontinued-goodbye-vanced-12812/
xiaomiui
Youtube Vanced project is now discontinued! Goodbye Vanced - Xiaomiui.Net
We are here today to give you bad news unfortunately. Developer team of the YouTube Vanced app, a YouTube premium alternative that has no competition,...
/ Microsoft is testing ads in the Windows 11 File Explorer
https://www.bleepingcomputer.com/news/microsoft/microsoft-is-testing-ads-in-the-windows-11-file-explorer/
https://www.bleepingcomputer.com/news/microsoft/microsoft-is-testing-ads-in-the-windows-11-file-explorer/
BleepingComputer
Microsoft is testing ads in the Windows 11 File Explorer
Microsoft has begun testing promotions for some of its other products in the File Explorer app on devices running its latest Windows 11 Insider build.
/ OpenSSL Security Advisory [15 March
Infinite loop in BN_mod_sqrt() reachable when parsing certificates (CVE-2022-0778)
Since certificate parsing happens prior to verification of the certificate
signature, any process that parses an externally supplied certificate may thus
be subject to a denial of service attack:
https://www.openssl.org/news/secadv/20220315.txt
Infinite loop in BN_mod_sqrt() reachable when parsing certificates (CVE-2022-0778)
Since certificate parsing happens prior to verification of the certificate
signature, any process that parses an externally supplied certificate may thus
be subject to a denial of service attack:
https://www.openssl.org/news/secadv/20220315.txt