/ Vulnerability Spotlight: Multiple memory corruption vulnerabilities in NVIDIA GPU driver
https://blog.talosintelligence.com/2022/05/vuln-spotlight-nvidia-driver-memory.html
https://blog.talosintelligence.com/2022/05/vuln-spotlight-nvidia-driver-memory.html
Cisco Talos Blog
Vulnerability Spotlight: Multiple memory corruption vulnerabilities in NVIDIA GPU driver
Piotr Bania of Cisco Talos discovered these vulnerabilities.
Cisco Talos recently discovered four vulnerabilities in the NVIDIA D3D10 driver for graphics cards that could allow an attacker to corrupt memory and write arbitrary memory on the card.
NVIDIA…
Cisco Talos recently discovered four vulnerabilities in the NVIDIA D3D10 driver for graphics cards that could allow an attacker to corrupt memory and write arbitrary memory on the card.
NVIDIA…
/ Interactive Phishing: Using Chatbot-like Web Applications to Harvest Information
https://www.trustwave.com/media/18693/capture3.png
https://www.trustwave.com/media/18693/capture3.png
/ Rise in XorDdos: A deeper look at the stealthy DDoS malware targeting Linux devices
https://www.microsoft.com/security/blog/2022/05/19/rise-in-xorddos-a-deeper-look-at-the-stealthy-ddos-malware-targeting-linux-devices/
https://www.microsoft.com/security/blog/2022/05/19/rise-in-xorddos-a-deeper-look-at-the-stealthy-ddos-malware-targeting-linux-devices/
Microsoft News
Rise in XorDdos: A deeper look at the stealthy DDoS malware targeting Linux devices
Observing a 254% increase in activity over the last six months from a versatile Linux trojan called XorDdos, the Microsoft 365 Defender research team provides in-depth analysis into this stealthy malware's capabilities and key infection signs.
/ CVE-2022-1729: race condition in Linux perf subsystem leads to local privilege escalation
https://www.openwall.com/lists/oss-security/2022/05/20/2
https://www.openwall.com/lists/oss-security/2022/05/20/2
/ Cisco IOS XR Software Health Check Open Port Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-redis-ABJyE5xK#fs
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-redis-ABJyE5xK#fs
Cisco
Cisco Security Advisory: Cisco IOS XR Software Health Check Open Port Vulnerability
A vulnerability in the health check RPM of Cisco IOS XR Software could allow an unauthenticated, remote attacker to access the Redis instance that is running within the NOSi container.
This vulnerability exists because the health check RPM opens TCP port…
This vulnerability exists because the health check RPM opens TCP port…
/ Azure DNS Private Resolver
Is a new service that enables customers to query Azure DNS private zones from an on-premises environment and vice versa without deploying VM-based DNS servers. This new service is fully-managed in Azure and in public preview:
https://www.infoq.com/news/2022/05/azure-dns-private-resolver/
Is a new service that enables customers to query Azure DNS private zones from an on-premises environment and vice versa without deploying VM-based DNS servers. This new service is fully-managed in Azure and in public preview:
https://www.infoq.com/news/2022/05/azure-dns-private-resolver/
InfoQ
Microsoft Releases Azure DNS Private Resolver in Public Preview
Azure DNS Private Resolver is a new service that enables customers to query Azure DNS private zones from an on-premises environment and vice versa without deploying VM-based DNS servers. This new service is fully-managed in Azure and in public preview.
/ Malware Campaign Targets InfoSec Community: Threat Actor Uses Fake Proof Of Concept To Deliver Cobalt-Strike Beacon
It is a something new :
https://blog.cyble.com/2022/05/20/malware-campaign-targets-infosec-community-threat-actor-uses-fake-proof-of-concept-to-deliver-cobalt-strike-beacon/
It is a something new :
https://blog.cyble.com/2022/05/20/malware-campaign-targets-infosec-community-threat-actor-uses-fake-proof-of-concept-to-deliver-cobalt-strike-beacon/
Cyble
Malware Targets InfoSec: Fake PoC Delivers Cobalt Strike
It becomes essential for the Infosec Community members to check the credibility of sources before downloading any proof of concept.
/ New Research Paper: Pre-hijacking Attacks on Web User Accounts
https://msrc-blog.microsoft.com/2022/05/23/pre-hijacking-attacks/
https://msrc-blog.microsoft.com/2022/05/23/pre-hijacking-attacks/
/ New Linux-Based Ransomware Cheerscrypt Targets ESXi Devices
Cheerscrypt, a new ransomware family, that has been targeting a customer’s ESXi server used to manage VMware files.
In the past, ESXi servers were also attacked by other known ransomware families such as LockBit, Hive, and RansomEXX as an efficient way to infect many computers with ransomware
- Link to PoC article
Cheerscrypt, a new ransomware family, that has been targeting a customer’s ESXi server used to manage VMware files.
In the past, ESXi servers were also attacked by other known ransomware families such as LockBit, Hive, and RansomEXX as an efficient way to infect many computers with ransomware
- Link to PoC article
Trend Micro
New Linux-Based Ransomware Cheerscrypt Targets ESXi Devices
New findings showed that Cheerscrypt, a new Linux-based ransomware variant that compromises ESXi servers, was derived from the leaked Babuk source code. We discuss our analysis in this report.
Forwarded from Sys-Admin Up (Yevgeniy Goncharov)
Ads by Microsoft on DuckDuckGo Private Search
https://help.duckduckgo.com/duckduckgo-help-pages/company/ads-by-microsoft-on-duckduckgo-private-search/
https://help.duckduckgo.com/duckduckgo-help-pages/company/ads-by-microsoft-on-duckduckgo-private-search/
Duckduckgo
Ads By Microsoft on DuckDuckGo Private Search - DuckDuckGo Help Pages
DuckDuckGo doesn’t track you. That’s the DuckDuckGo privacy policy in a nutshell.
/ Serious security vulnerability in Tails 5.0
https://tails.boum.org/security/prototype_pollution/index.en.html
https://tails.boum.org/security/prototype_pollution/index.en.html
Sys-Admin InfoSec
Сегодня в Алматы состоится сходка нескольких ИТ-комьюнити с докладами и не только (Lenore Pub, 19:00) Движуху двигают r0crewKZ совместно с SolveChat, будет куча докладов (и я там тоже буду) 1. Александр Ошлаков - "Пишем код в функциональном стиле. Как…
Сегодня. Продолжение. Астана. BurgerShop, в 18:00.
1. SCAM STORIES 🌀 Morty
2. Трюки обхода AV-движков в разработке малварей. Примеры шифрования шеллкода 🌀 catv
3. 2G GSM, 4G LTE, 5G NR 🌀 novitoll
4. Attacking software developers 🌀 Thatskriptkid
Бесплатно, без записи, без стрима.
P.S. Парням докладчикам - удачи ✊ Присутствущим понимания, терпения, внимания. 😉
1. SCAM STORIES 🌀 Morty
2. Трюки обхода AV-движков в разработке малварей. Примеры шифрования шеллкода 🌀 catv
3. 2G GSM, 4G LTE, 5G NR 🌀 novitoll
4. Attacking software developers 🌀 Thatskriptkid
Бесплатно, без записи, без стрима.
P.S. Парням докладчикам - удачи ✊ Присутствущим понимания, терпения, внимания. 😉
Forwarded from Sys-Admin Up (Yevgeniy Goncharov)
/ Zero to hero: save your org from cyber-attack with a zero trust model
simple conceptual
https://specopssoft.com/blog/zero-trust-model-save-your-org-from-cyber-attack/
simple conceptual
https://specopssoft.com/blog/zero-trust-model-save-your-org-from-cyber-attack/
/ POC for CVE-2022-22972 affecting VMware Workspace ONE, vIDM, and vRealize Automation 7.6.
https://github.com/horizon3ai/CVE-2022-22972
https://github.com/horizon3ai/CVE-2022-22972
GitHub
GitHub - horizon3ai/CVE-2022-22972
Contribute to horizon3ai/CVE-2022-22972 development by creating an account on GitHub.
Forwarded from Sys-Admin Up (Yevgeniy Goncharov)
/ High-severity vulnerabilities in a mobile framework owned by mce Systems
mce Systems used by multiple large mobile service providers in pre-installed Android System apps that potentially exposed users to remote (albeit complex) or local attacks..:
http://www.microsoft.com/security/blog/2022/05/27/android-apps-with-millions-of-downloads-exposed-to-high-severity-vulnerabilities/
mce Systems used by multiple large mobile service providers in pre-installed Android System apps that potentially exposed users to remote (albeit complex) or local attacks..:
http://www.microsoft.com/security/blog/2022/05/27/android-apps-with-millions-of-downloads-exposed-to-high-severity-vulnerabilities/
Microsoft News
Android apps with millions of downloads exposed to high-severity vulnerabilities
Microsoft uncovered high-severity vulnerabilities in a mobile framework used by multiple large mobile service providers in pre-installed Android System apps that potentially exposed users to remote or local attacks.
/ GhostTouch: Targeted Attacks on Touchscreens without Physical Touch
* https://www.usenix.org/conference/usenixsecurity22/presentation/wang-kai
* https://www.usenix.org/conference/usenixsecurity22/presentation/wang-kai
/ Follina — a Microsoft Office code execution vulnerability
* https://doublepulsar.com/follina-a-microsoft-office-code-execution-vulnerability-1a47fce5629e
* https://doublepulsar.com/follina-a-microsoft-office-code-execution-vulnerability-1a47fce5629e
Medium
Follina — a Microsoft Office code execution vulnerability
Two days ago, Nao_sec identified an odd looking Word document in the wild, uploaded from an IP address in Belarus:
/ Compromised US Academic Credentials Identified Across Various Public and Dark Web Forums
FBI warns
* https://www.ic3.gov/Media/News/2022/220526.pdf
FBI warns
* https://www.ic3.gov/Media/News/2022/220526.pdf
/ Linux Kernel use-after-free write in netfilter
A use-after-free write vulnerability was identified within the netfilter subsystem
which can be exploited to achieve privilege escalation to root:
https://www.openwall.com/lists/oss-security/2022/05/31/1
A use-after-free write vulnerability was identified within the netfilter subsystem
which can be exploited to achieve privilege escalation to root:
https://www.openwall.com/lists/oss-security/2022/05/31/1