/ AWS's Log4Shell Hot Patch Vulnerable to Container Escape and Privilege Escalation
https://unit42.paloaltonetworks.com/aws-log4shell-hot-patch-vulnerabilities/
https://unit42.paloaltonetworks.com/aws-log4shell-hot-patch-vulnerabilities/
Unit 42
AWS's Log4Shell Hot Patch Vulnerable to Container Escape and Privilege Escalation
We identified severe security issues within AWS Log4Shell hot patch solutions. We provide a root cause analysis and overview of fixes and mitigations.
Forwarded from Sys-Admin Up (Yevgeniy Goncharov)
BLINDING SNORT: BREAKING THE MODBUS OT PREPROCESSOR
https://claroty.com/2022/04/14/blog-research-blinding-snort-breaking-the-modbus-ot-preprocessor/
https://claroty.com/2022/04/14/blog-research-blinding-snort-breaking-the-modbus-ot-preprocessor/
Claroty
Blinding Snort IDS/IPS: Breaking the Modbus OT Preprocessor
Team82 discovered a means by which it could blind the popular Snort intrusion detection and prevention system to malicious packets. Learn more with Claroty.
/ Microsoft Exchange Servers are targetted by Hive ransomware
https://cloud7.news/security/microsoft-exchange-servers-are-targetted-by-hive-ransomware/amp/
https://cloud7.news/security/microsoft-exchange-servers-are-targetted-by-hive-ransomware/amp/
/ Attackers linger on government agency computers before deploying Lockbit ransomware
https://news.sophos.com/en-us/2022/04/12/attackers-linger-on-government-agency-computers-before-deploying-lockbit-ransomware/
https://news.sophos.com/en-us/2022/04/12/attackers-linger-on-government-agency-computers-before-deploying-lockbit-ransomware/
Sophos News
Attackers linger on government agency computers before deploying Lockbit ransomware
Threat actors spent more than five months remotely googling for tools from the target’s machines
/ CVE-2022-21449: Psychic Signatures in Java
It’s hard to overstate the severity of this bug. If you are using ECDSA signatures for any of these security mechanisms, then an attacker can trivially and completely bypass them if your server is running any Java 15, 16, 17, or 18..:
https://neilmadden.blog/2022/04/19/psychic-signatures-in-java/
It’s hard to overstate the severity of this bug. If you are using ECDSA signatures for any of these security mechanisms, then an attacker can trivially and completely bypass them if your server is running any Java 15, 16, 17, or 18..:
https://neilmadden.blog/2022/04/19/psychic-signatures-in-java/
Neil Madden
CVE-2022-21449: Psychic Signatures in Java
The long-running BBC sci-fi show Doctor Who has a recurring plot device where the Doctor manages to get out of trouble by showing an identity card which is actually completely blank. Of course, thi…
/ Exploiting remote code execution within VirusTotal platform in order to gain access to its various scans capabilities
..execute commands remotely within VirusTotal..
https://www.cysrc.com/blog/virus-total-blog
..execute commands remotely within VirusTotal..
https://www.cysrc.com/blog/virus-total-blog
/ Q1 Brand Phishing Report, highlighting the brands that hackers most often imitate to lure people into giving up their personal data
(from checkpoint)
https://blog.checkpoint.com/2022/04/19/social-networks-most-likely-to-be-imitated-by-criminal-groups-with-linkedin-now-accounting-for-half-of-all-phishing-attempts-worldwide/
(from checkpoint)
https://blog.checkpoint.com/2022/04/19/social-networks-most-likely-to-be-imitated-by-criminal-groups-with-linkedin-now-accounting-for-half-of-all-phishing-attempts-worldwide/
Check Point Blog
Brand Phishing Report Q1 2022 - Check Point Blog
Check Point Research issues its Q1 Brand Phishing Report for 2022, highlighting the brands that hackers most often imitate to lure people into giving up their personal data
/ Threat Hunting for Phishing Pages
Phishing can be carried out via social media or the phone, but the term “phishing” is mainly used to describe attacks via email. Phishing emails can reach millions of users directly and are hidden among the many bona fide emails that busy users receive. Additionally, with malicious software such as ransomware, attacks can infiltrate systems and take any action they want. This article will discuss various techniques for catching phishing pages:
https://brandefense.io/threat-hunting-for-phishing-pages/
Phishing can be carried out via social media or the phone, but the term “phishing” is mainly used to describe attacks via email. Phishing emails can reach millions of users directly and are hidden among the many bona fide emails that busy users receive. Additionally, with malicious software such as ransomware, attacks can infiltrate systems and take any action they want. This article will discuss various techniques for catching phishing pages:
https://brandefense.io/threat-hunting-for-phishing-pages/
Brandefense
Threat Hunting For Phishing Pages - Brandefense
Phishing is a type of cybersecurity attack during which threat actors send malicious emails designed to trick people into falling for a scam.
/ NPM allow masquerade a malicious package
npm that allows threat actors to masquerade a malicious package as legitimate and trick unsuspecting developers into installing it
https://blog.aquasec.com/npm-package-planting
npm that allows threat actors to masquerade a malicious package as legitimate and trick unsuspecting developers into installing it
https://blog.aquasec.com/npm-package-planting
Aqua
Package Planting: Are You [Unknowingly] Maintaining Poisoned Packages?
Team Nautilus found a flaw in npm that allows attackers to perform package planting and masquerade a malicious package as legitimate to trick developers
/ Cisco: April 2022 Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication
Cisco released its semiannual Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication on April 27, 2022. In direct response to customer feedback, Cisco releases bundles of Cisco ASA, FMC, and FTD Software Security Advisories on the fourth Wednesday of the month in April and October of each calendar year:
https://tools.cisco.com/security/center/viewErp.x?alertId=ERP-74836
Cisco released its semiannual Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication on April 27, 2022. In direct response to customer feedback, Cisco releases bundles of Cisco ASA, FMC, and FTD Software Security Advisories on the fourth Wednesday of the month in April and October of each calendar year:
https://tools.cisco.com/security/center/viewErp.x?alertId=ERP-74836
/ New elevation of privilege Linux vulnerability, Nimbuspwn
The vulnerabilities can be chained together to gain root privileges on Linux systems, allowing attackers to deploy payloads, like a root backdoor, and perform other malicious actions via arbitrary root code execution:
https://www.microsoft.com/security/blog/2022/04/26/microsoft-finds-new-elevation-of-privilege-linux-vulnerability-nimbuspwn/
The vulnerabilities can be chained together to gain root privileges on Linux systems, allowing attackers to deploy payloads, like a root backdoor, and perform other malicious actions via arbitrary root code execution:
https://www.microsoft.com/security/blog/2022/04/26/microsoft-finds-new-elevation-of-privilege-linux-vulnerability-nimbuspwn/
Microsoft News
Microsoft finds new elevation of privilege Linux vulnerability, Nimbuspwn
Microsoft has discovered several vulnerabilities, collectively referred to as Nimbuspwn, that could be chained together, allowing an attacker to elevate privileges to root on many Linux desktop endpoints. Leveraging Nimbuspwn as a vector for root access could…
/ 2021 Top Routinely Exploited Vulnerabilities
From CISA
https://www.cisa.gov/uscert/ncas/alerts/aa22-117a
From CISA
https://www.cisa.gov/uscert/ncas/alerts/aa22-117a
Forwarded from Sys-Admin Up (Yevgeniy Goncharov)
BLD DNS Один день Из Жизни Флуд Файтинга / One Day from BLD DNS Flood Fighting
Это было обычное утро, обычного выходного дня (после пятницы), ничего не предвещало серого неба, и тут опять...
Познавательно, юмористически описанный пример того, как нужно быстро собраться в кучу и придумать велосипед:
- [ru] - Файтинг с DoS / DDoS флудом нацеленным на BLD DNS
~~~
It was an ordinary morning, an ordinary weekend (after Friday), nothing foreshadowed a gray sky, and then again...
An informative, humorous described example of how to quickly get together and come up with a bicycle...
Это было обычное утро, обычного выходного дня (после пятницы), ничего не предвещало серого неба, и тут опять...
Познавательно, юмористически описанный пример того, как нужно быстро собраться в кучу и придумать велосипед:
- [ru] - Файтинг с DoS / DDoS флудом нацеленным на BLD DNS
~~~
It was an ordinary morning, an ordinary weekend (after Friday), nothing foreshadowed a gray sky, and then again...
An informative, humorous described example of how to quickly get together and come up with a bicycle...
/ Antiviruses hijacked software with Moshen Dragon threat
- Symantec
- TrendMicro
- BitDefender
- McAfee
- Kaspersky
https://www.sentinelone.com/labs/moshen-dragons-triad-and-error-approach-abusing-security-software-to-sideload-plugx-and-shadowpad/
- Symantec
- TrendMicro
- BitDefender
- McAfee
- Kaspersky
https://www.sentinelone.com/labs/moshen-dragons-triad-and-error-approach-abusing-security-software-to-sideload-plugx-and-shadowpad/
SentinelOne
Moshen Dragon’s Triad-and-Error Approach | Abusing Security Software to Sideload PlugX and ShadowPad
Chinese-aligned APT group Moshen Dragon caught sideloading malware through multiple AV products to infect telecoms sector.
/ TLStorm 2 – NanoSSL TLS library misuse leads to vulnerabilities in common switches
Vulnerabilities in the implementation of TLS communications in multiple models of Aruba and Avaya switches
https://www.armis.com/blog/tlstorm-2-nanossl-tls-library-misuse-leads-to-vulnerabilities-in-common-switches/
Vulnerabilities in the implementation of TLS communications in multiple models of Aruba and Avaya switches
https://www.armis.com/blog/tlstorm-2-nanossl-tls-library-misuse-leads-to-vulnerabilities-in-common-switches/
Armis
TLStorm 2 – NanoSSL TLS Library Misuse Leads to Vulnerabilities in Common Switches
NanoSSL TLS library misuse leads to vulnerabilities in common enterprise switches.
Forwarded from Sys-Admin Up (Yevgeniy Goncharov)
awesome-security-hardening
A collection of awesome security hardening guides, best practices, checklists, benchmarks, tools and other resources.
https://github.com/decalage2/awesome-security-hardening
A collection of awesome security hardening guides, best practices, checklists, benchmarks, tools and other resources.
https://github.com/decalage2/awesome-security-hardening
GitHub
GitHub - decalage2/awesome-security-hardening: A collection of awesome security hardening guides, tools and other resources
A collection of awesome security hardening guides, tools and other resources - decalage2/awesome-security-hardening
/ A new secret stash for “fileless” malware
https://securelist.com/a-new-secret-stash-for-fileless-malware/106393/
https://securelist.com/a-new-secret-stash-for-fileless-malware/106393/
Securelist
A new secret stash for “fileless” malware
We observed the technique of putting the shellcode into Windows event logs for the first time “in the wild” during the malicious campaign.
/ Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an attacker to escape from the guest virtual machine (VM) to the host machine, inject commands that execute at the root level, or leak system data from the host to the VM...
Critical
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-NFVIS-MUL-7DySRX9
Critical
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-NFVIS-MUL-7DySRX9
Cisco
Cisco Security Advisory: Cisco Enterprise NFV Infrastructure Software Vulnerabilities
Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an attacker to escape from the guest virtual machine (VM) to the host machine, inject commands that execute at the root level, or leak system data from the host to…
/ Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations
Newst updated document frim NIST
https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-161r1.pdf
Newst updated document frim NIST
https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-161r1.pdf
/ Vulnerabilities in Avast And AVG Put Millions At Risk
https://www.sentinelone.com/labs/vulnerabilities-in-avast-and-avg-put-millions-at-risk/
https://www.sentinelone.com/labs/vulnerabilities-in-avast-and-avg-put-millions-at-risk/
SentinelOne
Vulnerabilities in Avast And AVG Put Millions At Risk
Two high-severity flaws in popular end user security tools allow attackers to elevate privileges and compromise devices.
/ Raspberry Robin gets the worm early
Red Canary is tracking a worm spread by external drives that leverages Windows Installer to reach out to QNAP-associated domains and download a malicious DLL:
https://redcanary.com/blog/raspberry-robin/
Red Canary is tracking a worm spread by external drives that leverages Windows Installer to reach out to QNAP-associated domains and download a malicious DLL:
https://redcanary.com/blog/raspberry-robin/
Red Canary
Raspberry Robin gets the worm early
Raspberry Robin is a worm spread by external drives that leverages Windows Installer to download a malicious DLL.