/ Increase In Malware Sightings on GoDaddy Managed Hosting

https://www.wordfence.com/blog/2022/03/increase-in-malware-sightings-on-godaddy-managed-hosting/

/ Have Your Cake and Eat it Too? An Overview of UNC2891

The Mandiant Advanced Practices team previously published a threat research blog post that provided an overview of UNC1945 operations where the actor compromised managed services providers to gain access to targets in the financial and professional consulting industries.
Since that time, Mandiant has investigated and attributed several intrusions to a threat cluster we believe has a nexus to this actor, currently being tracked as UNC2891. Through these investigations, Mandiant has discovered additional techniques, malware, and utilities being used by UNC2891 alongside those previously observed in use by UNC1945…

Tecnical review

https://www.mandiant.com/resources/unc2891-overview

/ Use dynamic IP addresses through Cloudflare

Some hosting providers dynamically update their customer’s IP addresses. These customers must then update the new origin server IPs in their Cloudflare DNS

https://developers.cloudflare.com/dns/manage-dns-records/how-to/managing-dynamic-ip-addresses/

/ Gh0stCringe RAT Being Distributed to Vulnerable Database Servers

The ASEC analysis team is constantly monitoring malware distributed to vulnerable database servers (MS-SQL, MySQL servers). This blog will explain the RAT malware named Gh0stCringe:

https://asec.ahnlab.com/en/32572/

Note: DNS Proxy Mechanism updated on BLD DNS

Maybe as you know BLD DNS works on few ports in DoH mode - 443, 8443

You can use any of these ports in your browsers or devices, but I want to note you about how these modes work:

- 443 it is a native BLD service
- 8443 is is a reverse proxy (nginx or can be another service/mechanism)

⚡️ if you notice that some mode is not working properly, immediately as possible let me know about it - @sysadminkz

Example: How to setup Customised DNS your browser.

Settings > Privacy and security > Security > Use secure DNS > Customised:
- https://bld.sys-adm.in/dns-query
or
- https://bld.sys-adm.in:8443/dns-query

See details here (Firefox, Chrome, Brave, Edge):
- https://github.com/m0zgen/blocky-listener-daemon/wiki

/ dompdf security alert: RCE vulnerability found in popular PHP PDF library

https://snyk.io/blog/security-alert-php-pdf-library-dompdf-rce/

/ Cyclops Blink Sets Sights on Asus Routers

https://www.trendmicro.com/en_us/research/22/c/cyclops-blink-sets-sights-on-asus-routers--.html

RouterOS Scanner

Forensics tool for Mikrotik devices. Search for suspicious properties and weak security points that need to be fixed on the router:

https://github.com/microsoft/routeros-scanner

/ Browser In The Browser (BITB) Attack

https://mrd0x.com/browser-in-the-browser-phishing-attack/

/ Serpent, No Swiping! New Backdoor Targets French Entities with Unique Attack Chain

https://www.proofpoint.com/us/blog/threat-insight/serpent-no-swiping-new-backdoor-targets-french-entities-unique-attack-chain

How to use the Emsisoft Decryptor for Diavol

https://www.emsisoft.com/ransomware-decryption-tools/howtos/emsisoft_howto_diavol.pdf

 
BLD DNS: One more server received as a gift from X-rdp.co

Hey, several days ago I published post (En denoscription) about the new server that was added to the BLD DNS infrastructure.

Today, I glad to present to you new server provided for BLD DNS from X-RDP.CO, located in Canada, I am really very happy, now I tested this server and want to present to you some information about of him:

- Speedtest - Download 940Mbps / Upload 236Mbps
- Storage IO - Write 1.1GB/s / Read7.1 GB/s
- CPU - AMD EPYC, 2395 MHz, KVM (AMD-V), 5 CPU Cores, 2 GB RAM

This server provided minimum on one year, I hope this service will bring a lot of benefits to the users of the service.

And I have another news - I requested from x-rdp.co discount coupon code and now I glad to present yo you
- Code: SYS10
- Discoint: 10%

I want to express my gratitude to the hosting, thank you, success to you and prosperity!

Take you care and safety. PEACE ✌️

P.S. BLD DNS Project site: https://lab.sys-adm.in

#bld #dns #thanks

/ Spyware dubbed Facestealer infects 100,000+ Google Play users

https://blog.pradeo.com/spyware-facestealer-google-play

/ Certain HP Print Products, Digital Sending Products – Potential remote code execution and buffer overflow

https://support.hp.com/us-en/document/ish_5948778-5949142-16/hpsbpi03780

/ Deadbolt Ransomware is Back

QNAP uder attack:

https://censys.wpengine.com/deadbolt-ransomware-is-back/

/ Repeatable Failures: AMI UsbRt - Six Years Later, Firmware Attack Vector Still Affect Millions Of Enterprise Devices

Binarly Research Team Coordinates Patching of Dell BIOS Code Execution Vulnerabilities

https://binarly.io/posts/AMI_UsbRt_Repeatable_Failures_A_6_year_old_attack_vector_still_affecting_millions_of_enterprise_devices/index.html

/ Storm Cloud on the Horizon: GIMMICK Malware Strikes at macOS

https://www.volexity.com/blog/2022/03/22/storm-cloud-on-the-horizon-gimmick-malware-strikes-at-macos/

/ Mēris and TrickBot standing on the shoulders of giants

Mikrotik under attack:

https://decoded.avast.io/martinhron/meris-and-trickbot-standing-on-the-shoulders-of-giants/

Red Canary’s 2022 Threat Detection Report

Based on in-depth analysis of over 30,000 confirmed threats detected across our customers’ environments, this research arms security leaders and their teams with actionable insight into the threats we observe, techniques adversaries most commonly leverage, and trends that help you understand what is changing and why. This is our most expansive report to date, but our intention remains the same: The Threat Detection Report exists to help you understand and detect threats

/ Ramsomware encryption speed rating

https://www.splunk.com/en_us/blog/security/gone-in-52-seconds-and-42-minutes-a-comparative-analysis-of-ransomware-encryption-speed.html