/ Detecting Kerberos Relaying Attacks
In this post, I’ll explain a way to detect these methods and provide you with Microsoft Defender for Endpoint and Sentinel KQL queries:
https://posts.bluraven.io/detecting-kerberos-relaying-e6be66fa647c
In this post, I’ll explain a way to detect these methods and provide you with Microsoft Defender for Endpoint and Sentinel KQL queries:
https://posts.bluraven.io/detecting-kerberos-relaying-e6be66fa647c
Medium
Detecting Kerberos Relaying Attacks
Detecting Kerberos relaying attacks published by cube0x0 (KrbRelay) and by Dirk-jan (krbrelayx)
/ Repeatable Firmware Security Failures: 16 High Impact Vulnerabilities Discovered In HP Devices
https://binarly.io/posts/Repeatable_Firmware_Security_Failures_16_High_Impact_Vulnerabilities_Discovered_in_HP_Devices/index.html
https://binarly.io/posts/Repeatable_Firmware_Security_Failures_16_High_Impact_Vulnerabilities_Discovered_in_HP_Devices/index.html
/ Guidance for CVE-2022-23278 spoofing in Microsoft Defender for Endpoint
Microsoft released a security update to address CVE-2022-23278 in Microsoft Defender for Endpoint. This important class spoofing vulnerability impacts all platforms. We wish to thank Falcon Force for the collaboration on addressing this issue through coordinated vulnerability disclosure:
https://msrc-blog.microsoft.com/2022/03/08/guidance-for-cve-2022-23278-spoofing-in-microsoft-defender-for-endpoint/
Microsoft released a security update to address CVE-2022-23278 in Microsoft Defender for Endpoint. This important class spoofing vulnerability impacts all platforms. We wish to thank Falcon Force for the collaboration on addressing this issue through coordinated vulnerability disclosure:
https://msrc-blog.microsoft.com/2022/03/08/guidance-for-cve-2022-23278-spoofing-in-microsoft-defender-for-endpoint/
/ Multiple vulnerabilites in Siemens products
Siemens ProductCERT discloses the required information necessary for operators to assess the impact of a security vulnerability:
https://new.siemens.com/global/en/products/services/cert.html
Siemens ProductCERT discloses the required information necessary for operators to assess the impact of a security vulnerability:
https://new.siemens.com/global/en/products/services/cert.html
Siemens
Siemens ProductCERT and Siemens CERT
The central expert teams for immediate response to security threats and issues affecting Siemens products, solutions, services, or infrastructure.
/ TLStorm: Three critical vulnerabilities discovered in APC Smart-UPS devices can allow attackers to remotely manipulate the power of millions of enterprise devices.
https://www.armis.com/research/tlstorm/
https://www.armis.com/research/tlstorm/
Armis
TLStorm
Vulnerabilities discovered in APC Smart-UPS devices can expose organizations to remote attack. Explore Armis research on TLStorm.
/ On the Effectiveness of Hardware Mitigations Against Cross-Privilege Spectre-v2 Attacks
https://www.vusec.net/projects/bhi-spectre-bhb/
https://www.vusec.net/projects/bhi-spectre-bhb/
vusec
Branch History Injection - vusec
BHI (or Spectre-BHB) is a revival of cross-privilege Spectre-v2 attacks on modern systems deploying in-hardware defenses. And we have a very neat end-to-end exploit leaking arbitrary kernel memory on modern Intel CPUs to prove it
Forwarded from Sys-Admin Up (Yevgeniy Goncharov)
systemd-homed - service providing portable human-user accounts that are not dependent on current system configuration
https://wiki.archlinux.org/noscript/Systemd-homed
https://wiki.archlinux.org/noscript/Systemd-homed
/ CVE-2022-26143: TP240PhoneHome Reflection/Amplification DDoS Attack Vector
A new reflection/amplification distributed denial-of-service (DDoS) vector with a record-breaking potential amplification ratio of 4,294,967,296:1 has been abused by attackers in the wild to launch multiple high-impact DDoS attacks:
https://www.akamai.com/blog/security/phone-home-ddos-attack-vector
A new reflection/amplification distributed denial-of-service (DDoS) vector with a record-breaking potential amplification ratio of 4,294,967,296:1 has been abused by attackers in the wild to launch multiple high-impact DDoS attacks:
https://www.akamai.com/blog/security/phone-home-ddos-attack-vector
Akamai
Akamai Blog | CVE-2022-26143: TP240PhoneHome Reflection/Amplification DDoS Attack Vector
A new reflection/amplification distributed denial of service (DDoS) vector with a record-breaking potential amplification ratio of 4,294,967,296:1 has been abused by attackers in the wild to launch multiple high-impact DDoS attacks.
Forwarded from Yevgeniy Goncharov
News. Update. Новый сервер в BLD инфраструктуре. Debian is here.
Всем привет, у меня несколько хороших новостей:
1. Нам дали в дар вирутальный сервер с локацией в Алматы, с очень хорошими параметрами. Помощь оказал хостинг, который уже более 10 лет так или иначе по возможности безвозмездно помогает проектам Sys-Adm.in, а я сам лично столько же времени пользуюсь KVM серверами у данного хостера, за что Большое Спасибо (@ruzmat big respect ✌️) по больше бы таких людей и компаний - https://unihost.kz
2. Сервер, согласно роадмапу развития BLD DNS и стремлению освоить что-то новое - конечно же будет на Debian (спасибо @ky3bmu4 за постоянные напоминания о преимуществах Debian). Сегодня этот сервер встанет в строй инфраструктуры BLD DNS. Оказалось ничего сложного нет (я сам был сторонником RHEL с RHCSA - всегда топил за CentOS/Fedora и соответсвенно всегда и везде их использовал) теперь вот что-то новенькое.
3. Все же временное решение на NGINX как прокси форвардер я снова отправляю в топку (уже в третий раз), возможно теперь это будет или собственными руками написанный сервис или это будет какой-нибудь dns прокси.
4. На сайт Sys-Adm.in лаборатории добавится новый раздел с логотипами компаний, которые безвозмездно помогают или будут помогать проекту, со ссылками (или без) на сайты этих компаний, это малое, что могу сделать в знак благодарности.
Кто готов оказать помощь открытому проекту - welcome, количество запросов растет, любая помощь будет полезна (как минмиум фидбек о тестировании).
Для коммерческих же структур, считаю помогать открытм проектам не только престижно, но и полезно (для кармы в том числе).
Всем хоп, PEACE ✌️
Всем привет, у меня несколько хороших новостей:
1. Нам дали в дар вирутальный сервер с локацией в Алматы, с очень хорошими параметрами. Помощь оказал хостинг, который уже более 10 лет так или иначе по возможности безвозмездно помогает проектам Sys-Adm.in, а я сам лично столько же времени пользуюсь KVM серверами у данного хостера, за что Большое Спасибо (@ruzmat big respect ✌️) по больше бы таких людей и компаний - https://unihost.kz
2. Сервер, согласно роадмапу развития BLD DNS и стремлению освоить что-то новое - конечно же будет на Debian (спасибо @ky3bmu4 за постоянные напоминания о преимуществах Debian). Сегодня этот сервер встанет в строй инфраструктуры BLD DNS. Оказалось ничего сложного нет (я сам был сторонником RHEL с RHCSA - всегда топил за CentOS/Fedora и соответсвенно всегда и везде их использовал) теперь вот что-то новенькое.
3. Все же временное решение на NGINX как прокси форвардер я снова отправляю в топку (уже в третий раз), возможно теперь это будет или собственными руками написанный сервис или это будет какой-нибудь dns прокси.
4. На сайт Sys-Adm.in лаборатории добавится новый раздел с логотипами компаний, которые безвозмездно помогают или будут помогать проекту, со ссылками (или без) на сайты этих компаний, это малое, что могу сделать в знак благодарности.
Кто готов оказать помощь открытому проекту - welcome, количество запросов растет, любая помощь будет полезна (как минмиум фидбек о тестировании).
Для коммерческих же структур, считаю помогать открытм проектам не только престижно, но и полезно (для кармы в том числе).
Всем хоп, PEACE ✌️
AbereBot Returns As Escobar
Cyble Research Labs has identified new features in this Aberebot variant, such as stealing data from Google Authenticator and taking the control of compromised device screens using VNC, etc:
https://blog.cyble.com/2022/03/10/aberebot-returns-as-escobar/
Cyble Research Labs has identified new features in this Aberebot variant, such as stealing data from Google Authenticator and taking the control of compromised device screens using VNC, etc:
https://blog.cyble.com/2022/03/10/aberebot-returns-as-escobar/
/ Apple Patching Multiple Vulnerabilities
About the security content of macOS Monterey 12.3
https://support.apple.com/en-us/HT213183
About the security content of macOS Big Sur 11.6.5
https://support.apple.com/en-us/HT213184
About the security content of tvOS 15.4
https://support.apple.com/en-us/HT213186
About the security content of macOS Monterey 12.3
https://support.apple.com/en-us/HT213183
About the security content of macOS Big Sur 11.6.5
https://support.apple.com/en-us/HT213184
About the security content of tvOS 15.4
https://support.apple.com/en-us/HT213186
Apple Support
About the security content of macOS Monterey 12.3
This document describes the security content of macOS Monterey 12.3.
/ WordPress 5.9.2 Security Update Fixes XSS and Prototype Pollution Vulnerabilities
The high-severity issue affects version 5.9.0 and 5.9.1 and allows contributor-level users and above to insert malicious JavaScript into WordPress posts:
https://www.wordfence.com/blog/2022/03/wordpress-5-9-2-security-update-fixes-xss-and-prototype-pollution-vulnerabilities/
The high-severity issue affects version 5.9.0 and 5.9.1 and allows contributor-level users and above to insert malicious JavaScript into WordPress posts:
https://www.wordfence.com/blog/2022/03/wordpress-5-9-2-security-update-fixes-xss-and-prototype-pollution-vulnerabilities/
Wordfence
WordPress 5.9.2 Security Update Fixes XSS and Prototype Pollution Vulnerabilities
Last night, just after 6pm Pacific time, on Thursday March 10, 2022, the WordPress core team released WordPress version 5.9.2, which contains security patches for a high-severity vulnerability as well as two medium-severity issues. The high-severity issue…
/ Youtube Vanced project is now discontinued! Goodbye Vanced
:(
https://xiaomiui.net/youtube-vanced-project-is-now-discontinued-goodbye-vanced-12812/
:(
https://xiaomiui.net/youtube-vanced-project-is-now-discontinued-goodbye-vanced-12812/
xiaomiui
Youtube Vanced project is now discontinued! Goodbye Vanced - Xiaomiui.Net
We are here today to give you bad news unfortunately. Developer team of the YouTube Vanced app, a YouTube premium alternative that has no competition,...
/ Microsoft is testing ads in the Windows 11 File Explorer
https://www.bleepingcomputer.com/news/microsoft/microsoft-is-testing-ads-in-the-windows-11-file-explorer/
https://www.bleepingcomputer.com/news/microsoft/microsoft-is-testing-ads-in-the-windows-11-file-explorer/
BleepingComputer
Microsoft is testing ads in the Windows 11 File Explorer
Microsoft has begun testing promotions for some of its other products in the File Explorer app on devices running its latest Windows 11 Insider build.
/ OpenSSL Security Advisory [15 March
Infinite loop in BN_mod_sqrt() reachable when parsing certificates (CVE-2022-0778)
Since certificate parsing happens prior to verification of the certificate
signature, any process that parses an externally supplied certificate may thus
be subject to a denial of service attack:
https://www.openssl.org/news/secadv/20220315.txt
Infinite loop in BN_mod_sqrt() reachable when parsing certificates (CVE-2022-0778)
Since certificate parsing happens prior to verification of the certificate
signature, any process that parses an externally supplied certificate may thus
be subject to a denial of service attack:
https://www.openssl.org/news/secadv/20220315.txt
/ New Threat: B1txor20, A Linux Backdoor Using DNS Tunnel
https://blog.netlab.360.com/b1txor20-use-of-dns-tunneling_en/
https://blog.netlab.360.com/b1txor20-use-of-dns-tunneling_en/
360 Netlab Blog - Network Security Research Lab at 360
New Threat: B1txor20, A Linux Backdoor Using DNS Tunnel
Background
Since the Log4J vulnerability was exposed, we see more and more malware jumped on the wagon, Elknot, Gafgyt, Mirai are all too familiar, on February 9, 2022, 360Netlab's honeypot system captured an unknown ELF file propagating through the Log4J…
Since the Log4J vulnerability was exposed, we see more and more malware jumped on the wagon, Elknot, Gafgyt, Mirai are all too familiar, on February 9, 2022, 360Netlab's honeypot system captured an unknown ELF file propagating through the Log4J…
/ The Discovery and Exploitation of CVE-2022-25636
'''
A few weeks ago, I found and reported CVE-2022-25636 - a heap out of bounds write in the Linux kernel. The bug is exploitable to achieve kernel code execution (via ROP), giving full local privilege escalation, container escape, whatever you want:
'''
https://nickgregory.me/linux/security/2022/03/12/cve-2022-25636/
'''
A few weeks ago, I found and reported CVE-2022-25636 - a heap out of bounds write in the Linux kernel. The bug is exploitable to achieve kernel code execution (via ROP), giving full local privilege escalation, container escape, whatever you want:
'''
https://nickgregory.me/linux/security/2022/03/12/cve-2022-25636/
nickgregory.me
The Discovery and Exploitation of CVE-2022-25636 · Nick Gregory
Security research, programming, and more.
PIA VPN providing special discount for Sys-Adm.in
Hey, several day ago I knew about of PIA VPN service, and was pleasantly surprised:
- Prices (very affordable price)
- Company history (10+ years experience)
- Privacy terms and encrypted data
- and supporting platforms (Linux, Windows, Android/iOS, Smart TV)
- and all software from PIA is open source (official repo)
Ok, I contacted to PIA with question "Can you provide more discount to Sys-Admin Community members/Subscribes" and was again pleasantly surprised - reply from PIA "We are can provide a special discount - 83% OFF + 3 months for free" 🙂
Special discount available - https://privateinternetaccess.com/offer/SALab_qp1tq2bp0