Forwarded from Yevgeniy Goncharov
News. Update. Новый сервер в BLD инфраструктуре. Debian is here.
Всем привет, у меня несколько хороших новостей:
1. Нам дали в дар вирутальный сервер с локацией в Алматы, с очень хорошими параметрами. Помощь оказал хостинг, который уже более 10 лет так или иначе по возможности безвозмездно помогает проектам Sys-Adm.in, а я сам лично столько же времени пользуюсь KVM серверами у данного хостера, за что Большое Спасибо (@ruzmat big respect ✌️) по больше бы таких людей и компаний - https://unihost.kz
2. Сервер, согласно роадмапу развития BLD DNS и стремлению освоить что-то новое - конечно же будет на Debian (спасибо @ky3bmu4 за постоянные напоминания о преимуществах Debian). Сегодня этот сервер встанет в строй инфраструктуры BLD DNS. Оказалось ничего сложного нет (я сам был сторонником RHEL с RHCSA - всегда топил за CentOS/Fedora и соответсвенно всегда и везде их использовал) теперь вот что-то новенькое.
3. Все же временное решение на NGINX как прокси форвардер я снова отправляю в топку (уже в третий раз), возможно теперь это будет или собственными руками написанный сервис или это будет какой-нибудь dns прокси.
4. На сайт Sys-Adm.in лаборатории добавится новый раздел с логотипами компаний, которые безвозмездно помогают или будут помогать проекту, со ссылками (или без) на сайты этих компаний, это малое, что могу сделать в знак благодарности.
Кто готов оказать помощь открытому проекту - welcome, количество запросов растет, любая помощь будет полезна (как минмиум фидбек о тестировании).
Для коммерческих же структур, считаю помогать открытм проектам не только престижно, но и полезно (для кармы в том числе).
Всем хоп, PEACE ✌️
Всем привет, у меня несколько хороших новостей:
1. Нам дали в дар вирутальный сервер с локацией в Алматы, с очень хорошими параметрами. Помощь оказал хостинг, который уже более 10 лет так или иначе по возможности безвозмездно помогает проектам Sys-Adm.in, а я сам лично столько же времени пользуюсь KVM серверами у данного хостера, за что Большое Спасибо (@ruzmat big respect ✌️) по больше бы таких людей и компаний - https://unihost.kz
2. Сервер, согласно роадмапу развития BLD DNS и стремлению освоить что-то новое - конечно же будет на Debian (спасибо @ky3bmu4 за постоянные напоминания о преимуществах Debian). Сегодня этот сервер встанет в строй инфраструктуры BLD DNS. Оказалось ничего сложного нет (я сам был сторонником RHEL с RHCSA - всегда топил за CentOS/Fedora и соответсвенно всегда и везде их использовал) теперь вот что-то новенькое.
3. Все же временное решение на NGINX как прокси форвардер я снова отправляю в топку (уже в третий раз), возможно теперь это будет или собственными руками написанный сервис или это будет какой-нибудь dns прокси.
4. На сайт Sys-Adm.in лаборатории добавится новый раздел с логотипами компаний, которые безвозмездно помогают или будут помогать проекту, со ссылками (или без) на сайты этих компаний, это малое, что могу сделать в знак благодарности.
Кто готов оказать помощь открытому проекту - welcome, количество запросов растет, любая помощь будет полезна (как минмиум фидбек о тестировании).
Для коммерческих же структур, считаю помогать открытм проектам не только престижно, но и полезно (для кармы в том числе).
Всем хоп, PEACE ✌️
AbereBot Returns As Escobar
Cyble Research Labs has identified new features in this Aberebot variant, such as stealing data from Google Authenticator and taking the control of compromised device screens using VNC, etc:
https://blog.cyble.com/2022/03/10/aberebot-returns-as-escobar/
Cyble Research Labs has identified new features in this Aberebot variant, such as stealing data from Google Authenticator and taking the control of compromised device screens using VNC, etc:
https://blog.cyble.com/2022/03/10/aberebot-returns-as-escobar/
/ Apple Patching Multiple Vulnerabilities
About the security content of macOS Monterey 12.3
https://support.apple.com/en-us/HT213183
About the security content of macOS Big Sur 11.6.5
https://support.apple.com/en-us/HT213184
About the security content of tvOS 15.4
https://support.apple.com/en-us/HT213186
About the security content of macOS Monterey 12.3
https://support.apple.com/en-us/HT213183
About the security content of macOS Big Sur 11.6.5
https://support.apple.com/en-us/HT213184
About the security content of tvOS 15.4
https://support.apple.com/en-us/HT213186
Apple Support
About the security content of macOS Monterey 12.3
This document describes the security content of macOS Monterey 12.3.
/ WordPress 5.9.2 Security Update Fixes XSS and Prototype Pollution Vulnerabilities
The high-severity issue affects version 5.9.0 and 5.9.1 and allows contributor-level users and above to insert malicious JavaScript into WordPress posts:
https://www.wordfence.com/blog/2022/03/wordpress-5-9-2-security-update-fixes-xss-and-prototype-pollution-vulnerabilities/
The high-severity issue affects version 5.9.0 and 5.9.1 and allows contributor-level users and above to insert malicious JavaScript into WordPress posts:
https://www.wordfence.com/blog/2022/03/wordpress-5-9-2-security-update-fixes-xss-and-prototype-pollution-vulnerabilities/
Wordfence
WordPress 5.9.2 Security Update Fixes XSS and Prototype Pollution Vulnerabilities
Last night, just after 6pm Pacific time, on Thursday March 10, 2022, the WordPress core team released WordPress version 5.9.2, which contains security patches for a high-severity vulnerability as well as two medium-severity issues. The high-severity issue…
/ Youtube Vanced project is now discontinued! Goodbye Vanced
:(
https://xiaomiui.net/youtube-vanced-project-is-now-discontinued-goodbye-vanced-12812/
:(
https://xiaomiui.net/youtube-vanced-project-is-now-discontinued-goodbye-vanced-12812/
xiaomiui
Youtube Vanced project is now discontinued! Goodbye Vanced - Xiaomiui.Net
We are here today to give you bad news unfortunately. Developer team of the YouTube Vanced app, a YouTube premium alternative that has no competition,...
/ Microsoft is testing ads in the Windows 11 File Explorer
https://www.bleepingcomputer.com/news/microsoft/microsoft-is-testing-ads-in-the-windows-11-file-explorer/
https://www.bleepingcomputer.com/news/microsoft/microsoft-is-testing-ads-in-the-windows-11-file-explorer/
BleepingComputer
Microsoft is testing ads in the Windows 11 File Explorer
Microsoft has begun testing promotions for some of its other products in the File Explorer app on devices running its latest Windows 11 Insider build.
/ OpenSSL Security Advisory [15 March
Infinite loop in BN_mod_sqrt() reachable when parsing certificates (CVE-2022-0778)
Since certificate parsing happens prior to verification of the certificate
signature, any process that parses an externally supplied certificate may thus
be subject to a denial of service attack:
https://www.openssl.org/news/secadv/20220315.txt
Infinite loop in BN_mod_sqrt() reachable when parsing certificates (CVE-2022-0778)
Since certificate parsing happens prior to verification of the certificate
signature, any process that parses an externally supplied certificate may thus
be subject to a denial of service attack:
https://www.openssl.org/news/secadv/20220315.txt
/ New Threat: B1txor20, A Linux Backdoor Using DNS Tunnel
https://blog.netlab.360.com/b1txor20-use-of-dns-tunneling_en/
https://blog.netlab.360.com/b1txor20-use-of-dns-tunneling_en/
360 Netlab Blog - Network Security Research Lab at 360
New Threat: B1txor20, A Linux Backdoor Using DNS Tunnel
Background
Since the Log4J vulnerability was exposed, we see more and more malware jumped on the wagon, Elknot, Gafgyt, Mirai are all too familiar, on February 9, 2022, 360Netlab's honeypot system captured an unknown ELF file propagating through the Log4J…
Since the Log4J vulnerability was exposed, we see more and more malware jumped on the wagon, Elknot, Gafgyt, Mirai are all too familiar, on February 9, 2022, 360Netlab's honeypot system captured an unknown ELF file propagating through the Log4J…
/ The Discovery and Exploitation of CVE-2022-25636
'''
A few weeks ago, I found and reported CVE-2022-25636 - a heap out of bounds write in the Linux kernel. The bug is exploitable to achieve kernel code execution (via ROP), giving full local privilege escalation, container escape, whatever you want:
'''
https://nickgregory.me/linux/security/2022/03/12/cve-2022-25636/
'''
A few weeks ago, I found and reported CVE-2022-25636 - a heap out of bounds write in the Linux kernel. The bug is exploitable to achieve kernel code execution (via ROP), giving full local privilege escalation, container escape, whatever you want:
'''
https://nickgregory.me/linux/security/2022/03/12/cve-2022-25636/
nickgregory.me
The Discovery and Exploitation of CVE-2022-25636 · Nick Gregory
Security research, programming, and more.
PIA VPN providing special discount for Sys-Adm.in
Hey, several day ago I knew about of PIA VPN service, and was pleasantly surprised:
- Prices (very affordable price)
- Company history (10+ years experience)
- Privacy terms and encrypted data
- and supporting platforms (Linux, Windows, Android/iOS, Smart TV)
- and all software from PIA is open source (official repo)
Ok, I contacted to PIA with question "Can you provide more discount to Sys-Admin Community members/Subscribes" and was again pleasantly surprised - reply from PIA "We are can provide a special discount - 83% OFF + 3 months for free" 🙂
Special discount available - https://privateinternetaccess.com/offer/SALab_qp1tq2bp0
/ CVE-2022-0742: Remote Denial of Service on Linux Kernel >=5.13
Flooding icmp6 messages of type 130 or 131 is enough to exploit a memory leak in the kernel and cause the host to go out-of-memory. The volume of traffic doesn't need to be particularly high:
https://www.openwall.com/lists/oss-security/2022/03/15/3
Flooding icmp6 messages of type 130 or 131 is enough to exploit a memory leak in the kernel and cause the host to go out-of-memory. The volume of traffic doesn't need to be particularly high:
https://www.openwall.com/lists/oss-security/2022/03/15/3
/ Node.js security: Parse Server remote code execution vulnerability resolved
https://portswigger.net/daily-swig/node-js-security-parse-server-remote-code-execution-vulnerability-resolved
https://portswigger.net/daily-swig/node-js-security-parse-server-remote-code-execution-vulnerability-resolved
The Daily Swig | Cybersecurity news and views
Node.js security: Parse Server remote code execution vulnerability resolved
GitHub has awarded the bug a severity score of 10 – the highest available
/ New Threat: B1txor20, A Linux Backdoor Using DNS Tunnel
https://blog.netlab.360.com/b1txor20-use-of-dns-tunneling_en/
https://blog.netlab.360.com/b1txor20-use-of-dns-tunneling_en/
360 Netlab Blog - Network Security Research Lab at 360
New Threat: B1txor20, A Linux Backdoor Using DNS Tunnel
Background
Since the Log4J vulnerability was exposed, we see more and more malware jumped on the wagon, Elknot, Gafgyt, Mirai are all too familiar, on February 9, 2022, 360Netlab's honeypot system captured an unknown ELF file propagating through the Log4J…
Since the Log4J vulnerability was exposed, we see more and more malware jumped on the wagon, Elknot, Gafgyt, Mirai are all too familiar, on February 9, 2022, 360Netlab's honeypot system captured an unknown ELF file propagating through the Log4J…
Veeam Backup & Replication vulnerabilities
Multiple vulnerabilities (CVE-2022-26500, CVE-2022-26501) in Veeam Backup & Replication allow executing malicious code remotely without authentication.
https://www.veeam.com/kb4288
Multiple vulnerabilities (CVE-2022-26500, CVE-2022-26501) in Veeam Backup & Replication allow executing malicious code remotely without authentication.
https://www.veeam.com/kb4288
Veeam Software
KB4288: CVE-2022-26500 | CVE-2022-26501
Multiple vulnerabilities (CVE-2022-26500, CVE-2022-26501) in Veeam Backup & Replication allow executing malicious code remotely without authentication. This may lead to gaining control over the target system.
New OpenVpn Relase with some vulnerability fixes
The OpenVPN community project team is proud to release OpenVPN 2.5.6. This is mostly a bugfix release including one security fix ("Disallow multiple deferred authentication plug-ins.", CVE: 2022-0547):
https://openvpn.net/community-downloads/
The OpenVPN community project team is proud to release OpenVPN 2.5.6. This is mostly a bugfix release including one security fix ("Disallow multiple deferred authentication plug-ins.", CVE: 2022-0547):
https://openvpn.net/community-downloads/
OpenVPN
Open Source Community | OpenVPN
OpenVPN has many developers and contributors from OpenVPN Inc. and from the broader OpenVPN community.
Открытые практикумы DevOps и Linux by Rebrain (22 и 23 Марта)
Docker-compose и как работает сеть в докере
• Наводим порядок в работе с контейнерами
• Как могут взаимодействовать контейнеры между собой и как нам здесь поможет сеть?
• Сажаем контейнеры на бочку с порохом и смотрим как это взлетит
• 22 Марта 19.00 МСК. Детали
• Амир Гайфуллин - 12 лет в IT и 3 года в DevOps.
Linux by Rebrain: RAID-массивы
• RAID-массивы: виды, особенности.
• Как подобрать тип RAID-массива?
• Актуальны ли сегодня аппаратные RAID-контроллеры?
• Работа с mdadm.
• 23 Марта 20.00 МСК. Детали
• Андрей Буранов - Специалист по UNIX-системам в компании Mail.Ru Group.
#free #webinar #dnt #ru
/ New Ransomware Family Identified: LokiLocker RaaS Targets Windows Systems
Technical review:
https://blogs.blackberry.com/en/2022/03/lokilocker-ransomware
Technical review:
https://blogs.blackberry.com/en/2022/03/lokilocker-ransomware
BlackBerry
New Ransomware Family Identified: LokiLocker RaaS Targets Windows Systems
BlackBerry Threat Intelligence has identified a new Ransomware-as-a-Service (Raas) family, and tracked its lineage to its probable beta stage release.
/ Increase In Malware Sightings on GoDaddy Managed Hosting
https://www.wordfence.com/blog/2022/03/increase-in-malware-sightings-on-godaddy-managed-hosting/
https://www.wordfence.com/blog/2022/03/increase-in-malware-sightings-on-godaddy-managed-hosting/
Wordfence
Increase In Malware Sightings on GoDaddy Managed Hosting
Today, March 15, 2022, The Wordfence Incident Response team alerted our Threat Intelligence team to an increase in infected websites hosted on GoDaddy’s Managed WordPress service, which includes MediaTemple, tsoHost, 123Reg, Domain Factory, Heart Internet…
/ Have Your Cake and Eat it Too? An Overview of UNC2891
The Mandiant Advanced Practices team previously published a threat research blog post that provided an overview of UNC1945 operations where the actor compromised managed services providers to gain access to targets in the financial and professional consulting industries.
Since that time, Mandiant has investigated and attributed several intrusions to a threat cluster we believe has a nexus to this actor, currently being tracked as UNC2891. Through these investigations, Mandiant has discovered additional techniques, malware, and utilities being used by UNC2891 alongside those previously observed in use by UNC1945…
Tecnical review
https://www.mandiant.com/resources/unc2891-overview
The Mandiant Advanced Practices team previously published a threat research blog post that provided an overview of UNC1945 operations where the actor compromised managed services providers to gain access to targets in the financial and professional consulting industries.
Since that time, Mandiant has investigated and attributed several intrusions to a threat cluster we believe has a nexus to this actor, currently being tracked as UNC2891. Through these investigations, Mandiant has discovered additional techniques, malware, and utilities being used by UNC2891 alongside those previously observed in use by UNC1945…
Tecnical review
https://www.mandiant.com/resources/unc2891-overview
Google Cloud Blog
Live off the Land? How About Bringing Your Own Island? An Overview of UNC1945 | Mandiant | Google Cloud Blog