/ Threat Hunting for Phishing Pages

Phishing can be carried out via social media or the phone, but the term “phishing” is mainly used to describe attacks via email. Phishing emails can reach millions of users directly and are hidden among the many bona fide emails that busy users receive. Additionally, with malicious software such as ransomware, attacks can infiltrate systems and take any action they want. This article will discuss various techniques for catching phishing pages:

https://brandefense.io/threat-hunting-for-phishing-pages/

/ NPM allow masquerade a malicious package

npm that allows threat actors to masquerade a malicious package as legitimate and trick unsuspecting developers into installing it

https://blog.aquasec.com/npm-package-planting

/ Cisco: April 2022 Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication

Cisco released its semiannual Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication on April 27, 2022. In direct response to customer feedback, Cisco releases bundles of Cisco ASA, FMC, and FTD Software Security Advisories on the fourth Wednesday of the month in April and October of each calendar year:

https://tools.cisco.com/security/center/viewErp.x?alertId=ERP-74836

/ New elevation of privilege Linux vulnerability, Nimbuspwn

The vulnerabilities can be chained together to gain root privileges on Linux systems, allowing attackers to deploy payloads, like a root backdoor, and perform other malicious actions via arbitrary root code execution:

https://www.microsoft.com/security/blog/2022/04/26/microsoft-finds-new-elevation-of-privilege-linux-vulnerability-nimbuspwn/

/ 2021 Top Routinely Exploited Vulnerabilities

From CISA

https://www.cisa.gov/uscert/ncas/alerts/aa22-117a

BLD DNS Один день Из Жизни Флуд Файтинга / One Day from BLD DNS Flood Fighting
 
Это было обычное утро, обычного выходного дня (после пятницы), ничего не предвещало серого неба, и тут опять...

Познавательно, юмористически описанный пример того, как нужно быстро собраться в кучу и придумать велосипед:

- [ru] - Файтинг с DoS / DDoS флудом нацеленным на BLD DNS

~~~

It was an ordinary morning, an ordinary weekend (after Friday), nothing foreshadowed a gray sky, and then again...

An informative, humorous described example of how to quickly get together and come up with a bicycle...

/ Antiviruses hijacked software with Moshen Dragon threat

- Symantec
- TrendMicro
- BitDefender
- McAfee
- Kaspersky

https://www.sentinelone.com/labs/moshen-dragons-triad-and-error-approach-abusing-security-software-to-sideload-plugx-and-shadowpad/

/ TLStorm 2 – NanoSSL TLS library misuse leads to vulnerabilities in common switches

Vulnerabilities in the implementation of TLS communications in multiple models of Aruba and Avaya switches

https://www.armis.com/blog/tlstorm-2-nanossl-tls-library-misuse-leads-to-vulnerabilities-in-common-switches/

awesome-security-hardening

A collection of awesome security hardening guides, best practices, checklists, benchmarks, tools and other resources.

https://github.com/decalage2/awesome-security-hardening

/ A new secret stash for “fileless” malware

https://securelist.com/a-new-secret-stash-for-fileless-malware/106393/

/ Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an attacker to escape from the guest virtual machine (VM) to the host machine, inject commands that execute at the root level, or leak system data from the host to the VM...

Critical

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-NFVIS-MUL-7DySRX9

/ Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations

Newst updated document frim NIST

https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-161r1.pdf

/ Vulnerabilities in Avast And AVG Put Millions At Risk

https://www.sentinelone.com/labs/vulnerabilities-in-avast-and-avg-put-millions-at-risk/

/ Raspberry Robin gets the worm early

Red Canary is tracking a worm spread by external drives that leverages Windows Installer to reach out to QNAP-associated domains and download a malicious DLL:

https://redcanary.com/blog/raspberry-robin/

BLD DNS Project Status Update (May 2022)
 
At the this Q2 2022, BLD has some good updates and news!

🪴 BLD Service updates

- Anti-flood Security Implementations and Improvements
- Optimized Debian based distros will change CentOS based
- Regex-supporting implementation
- New overlimits regulations and improvement performance
- Current month num of requests to BLD DNS 10M+ exceeded and the infrastructure withstood such a load, despite the minimal configuration of virtual servers 🥳
- BLD Project Site updates (Adaptive support for mobile devices, Multilingual support: EN, RU, BLD how to setup instructions: EN, RU )

🧩 New servers, resources and locations

At the last few months BLD infrastructure was updated:
- GoHost.kz - Nur-Sultan Server
- Unihost.kz - Almaty Server
- X-RDP - Monreal Server

🤝 BLD receive some supporting from:
- G-Core Labs - Cloud resources
- JetBrains - Open source license to BLD project

⚠️ Deprecation/Changing notises
- ! doh.sys-adm.in will be deprecated, please change your settings to bld.sys-adm.in
 

/ Microsoft Windows LSA Spoofing vulneravility

Windows LSA spoofing vulnerability provides a opprtunity for attackers to authenticate to domain controllers

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26925

/ Security Advisory: Insufficient Tenant Separation in Azure Synapse Service

https://orca.security/resources/blog/azure-synapse-analytics-security-advisory/

/ Announcing Fedora Linux 36

https://fedoramagazine.org/announcing-fedora-36/

 
Сегодня в Алматы состоится сходка нескольких ИТ-комьюнити с докладами и не только (Lenore Pub, 19:00)

Движуху двигают r0crewKZ совместно с SolveChat, будет куча докладов (и я там тоже буду)

1. Александр Ошлаков - "Пишем код в функциональном стиле. Как и главное Зачем"
2. Евгения Цыбренко - "Гибридные Криптобиржи: взгляд изнутри"
3. Thatskriptkid - "Решаем андроид крякми с помощью IDA"
4. novitoll - "gnuradio: Eins, zwei (G), Polizei, Drei (G), vier (G), Grenadier, Fünf (G)?"
5. Sh3lldon - Патчинг bin, elf и pe файлов с гидрой
6. sysadmin "Аваренесс о неявных превентивных сервисах"

Бесплатно, без стрима, без записи.

Не забываем подтягиваться в Lenore Pub к 19:00 ✌️
#free #meetup #ru
 

HR головного мозга или что не так с рынком поиска трудовых резервов

Периодически поглядываю на рынок труда, как с точки зрения работодателя, так и с точки зрения соискателя.

Последнее время, метаморфоза типов, видов, способов трудового взаимодействия претерпела значительные, но почему то не совсем видимые и даже порой неочевидные вещи (для вполне очевидных вещей) - для конечных пользователей рынка, будь то HR или соискатель.

Возможно нижесказанное, есть ни что иное, как субъективный взгляд со своей (моей) колокольни, но что действительно вырисовывается из общей картины хочется зафиксировать в этом артикле..:

- [HR головного мозга](https://sys-adm.in/live/978-hr-golovnogo-mozga-ili-chto-ne-tak-s-rynkom-poiska-trudovykh-rezervov.html)

#ru #blog #reflections

/ Massive WordPress JavaScript Injection Campaign Redirects to Ads

https://blog.sucuri.net/2022/05/massive-wordpress-javanoscript-injection-campaign-redirects-to-ads.html