/ Azure DNS Private Resolver
Is a new service that enables customers to query Azure DNS private zones from an on-premises environment and vice versa without deploying VM-based DNS servers. This new service is fully-managed in Azure and in public preview:
https://www.infoq.com/news/2022/05/azure-dns-private-resolver/
Is a new service that enables customers to query Azure DNS private zones from an on-premises environment and vice versa without deploying VM-based DNS servers. This new service is fully-managed in Azure and in public preview:
https://www.infoq.com/news/2022/05/azure-dns-private-resolver/
InfoQ
Microsoft Releases Azure DNS Private Resolver in Public Preview
Azure DNS Private Resolver is a new service that enables customers to query Azure DNS private zones from an on-premises environment and vice versa without deploying VM-based DNS servers. This new service is fully-managed in Azure and in public preview.
/ Malware Campaign Targets InfoSec Community: Threat Actor Uses Fake Proof Of Concept To Deliver Cobalt-Strike Beacon
It is a something new :
https://blog.cyble.com/2022/05/20/malware-campaign-targets-infosec-community-threat-actor-uses-fake-proof-of-concept-to-deliver-cobalt-strike-beacon/
It is a something new :
https://blog.cyble.com/2022/05/20/malware-campaign-targets-infosec-community-threat-actor-uses-fake-proof-of-concept-to-deliver-cobalt-strike-beacon/
Cyble
Malware Targets InfoSec: Fake PoC Delivers Cobalt Strike
It becomes essential for the Infosec Community members to check the credibility of sources before downloading any proof of concept.
/ New Research Paper: Pre-hijacking Attacks on Web User Accounts
https://msrc-blog.microsoft.com/2022/05/23/pre-hijacking-attacks/
https://msrc-blog.microsoft.com/2022/05/23/pre-hijacking-attacks/
/ New Linux-Based Ransomware Cheerscrypt Targets ESXi Devices
Cheerscrypt, a new ransomware family, that has been targeting a customer’s ESXi server used to manage VMware files.
In the past, ESXi servers were also attacked by other known ransomware families such as LockBit, Hive, and RansomEXX as an efficient way to infect many computers with ransomware
- Link to PoC article
Cheerscrypt, a new ransomware family, that has been targeting a customer’s ESXi server used to manage VMware files.
In the past, ESXi servers were also attacked by other known ransomware families such as LockBit, Hive, and RansomEXX as an efficient way to infect many computers with ransomware
- Link to PoC article
Trend Micro
New Linux-Based Ransomware Cheerscrypt Targets ESXi Devices
New findings showed that Cheerscrypt, a new Linux-based ransomware variant that compromises ESXi servers, was derived from the leaked Babuk source code. We discuss our analysis in this report.
Forwarded from Sys-Admin Up (Yevgeniy Goncharov)
Ads by Microsoft on DuckDuckGo Private Search
https://help.duckduckgo.com/duckduckgo-help-pages/company/ads-by-microsoft-on-duckduckgo-private-search/
https://help.duckduckgo.com/duckduckgo-help-pages/company/ads-by-microsoft-on-duckduckgo-private-search/
Duckduckgo
Ads By Microsoft on DuckDuckGo Private Search - DuckDuckGo Help Pages
DuckDuckGo doesn’t track you. That’s the DuckDuckGo privacy policy in a nutshell.
/ Serious security vulnerability in Tails 5.0
https://tails.boum.org/security/prototype_pollution/index.en.html
https://tails.boum.org/security/prototype_pollution/index.en.html
Sys-Admin InfoSec
Сегодня в Алматы состоится сходка нескольких ИТ-комьюнити с докладами и не только (Lenore Pub, 19:00) Движуху двигают r0crewKZ совместно с SolveChat, будет куча докладов (и я там тоже буду) 1. Александр Ошлаков - "Пишем код в функциональном стиле. Как…
Сегодня. Продолжение. Астана. BurgerShop, в 18:00.
1. SCAM STORIES 🌀 Morty
2. Трюки обхода AV-движков в разработке малварей. Примеры шифрования шеллкода 🌀 catv
3. 2G GSM, 4G LTE, 5G NR 🌀 novitoll
4. Attacking software developers 🌀 Thatskriptkid
Бесплатно, без записи, без стрима.
P.S. Парням докладчикам - удачи ✊ Присутствущим понимания, терпения, внимания. 😉
1. SCAM STORIES 🌀 Morty
2. Трюки обхода AV-движков в разработке малварей. Примеры шифрования шеллкода 🌀 catv
3. 2G GSM, 4G LTE, 5G NR 🌀 novitoll
4. Attacking software developers 🌀 Thatskriptkid
Бесплатно, без записи, без стрима.
P.S. Парням докладчикам - удачи ✊ Присутствущим понимания, терпения, внимания. 😉
Forwarded from Sys-Admin Up (Yevgeniy Goncharov)
/ Zero to hero: save your org from cyber-attack with a zero trust model
simple conceptual
https://specopssoft.com/blog/zero-trust-model-save-your-org-from-cyber-attack/
simple conceptual
https://specopssoft.com/blog/zero-trust-model-save-your-org-from-cyber-attack/
/ POC for CVE-2022-22972 affecting VMware Workspace ONE, vIDM, and vRealize Automation 7.6.
https://github.com/horizon3ai/CVE-2022-22972
https://github.com/horizon3ai/CVE-2022-22972
GitHub
GitHub - horizon3ai/CVE-2022-22972
Contribute to horizon3ai/CVE-2022-22972 development by creating an account on GitHub.
Forwarded from Sys-Admin Up (Yevgeniy Goncharov)
/ High-severity vulnerabilities in a mobile framework owned by mce Systems
mce Systems used by multiple large mobile service providers in pre-installed Android System apps that potentially exposed users to remote (albeit complex) or local attacks..:
http://www.microsoft.com/security/blog/2022/05/27/android-apps-with-millions-of-downloads-exposed-to-high-severity-vulnerabilities/
mce Systems used by multiple large mobile service providers in pre-installed Android System apps that potentially exposed users to remote (albeit complex) or local attacks..:
http://www.microsoft.com/security/blog/2022/05/27/android-apps-with-millions-of-downloads-exposed-to-high-severity-vulnerabilities/
Microsoft News
Android apps with millions of downloads exposed to high-severity vulnerabilities
Microsoft uncovered high-severity vulnerabilities in a mobile framework used by multiple large mobile service providers in pre-installed Android System apps that potentially exposed users to remote or local attacks.
/ GhostTouch: Targeted Attacks on Touchscreens without Physical Touch
* https://www.usenix.org/conference/usenixsecurity22/presentation/wang-kai
* https://www.usenix.org/conference/usenixsecurity22/presentation/wang-kai
/ Follina — a Microsoft Office code execution vulnerability
* https://doublepulsar.com/follina-a-microsoft-office-code-execution-vulnerability-1a47fce5629e
* https://doublepulsar.com/follina-a-microsoft-office-code-execution-vulnerability-1a47fce5629e
Medium
Follina — a Microsoft Office code execution vulnerability
Two days ago, Nao_sec identified an odd looking Word document in the wild, uploaded from an IP address in Belarus:
/ Compromised US Academic Credentials Identified Across Various Public and Dark Web Forums
FBI warns
* https://www.ic3.gov/Media/News/2022/220526.pdf
FBI warns
* https://www.ic3.gov/Media/News/2022/220526.pdf
/ Linux Kernel use-after-free write in netfilter
A use-after-free write vulnerability was identified within the netfilter subsystem
which can be exploited to achieve privilege escalation to root:
https://www.openwall.com/lists/oss-security/2022/05/31/1
A use-after-free write vulnerability was identified within the netfilter subsystem
which can be exploited to achieve privilege escalation to root:
https://www.openwall.com/lists/oss-security/2022/05/31/1
Sys-Admin InfoSec
/ Follina — a Microsoft Office code execution vulnerability * https://doublepulsar.com/follina-a-microsoft-office-code-execution-vulnerability-1a47fce5629e
GitHub
GitHub - chvancooten/follina.py: POC to replicate the full 'Follina' Office RCE vulnerability for testing purposes
POC to replicate the full 'Follina' Office RCE vulnerability for testing purposes - chvancooten/follina.py
/ Horde Webmail - Remote Code Execution via Email
https://blog.sonarsource.com/horde-webmail-rce-via-email/
https://blog.sonarsource.com/horde-webmail-rce-via-email/
Sonarsource
Horde Webmail - Remote Code Execution via Email
We discovered vulnerabilities in Horde Webmail that allow an attacker to execute arbitrary code on Horde instances by having a victim open an email
/ Over 3.6 million exposed MySQL servers on IPv4 and IPv6
https://www.shadowserver.org/news/over-3-6m-exposed-mysql-servers-on-ipv4-and-ipv6/
https://www.shadowserver.org/news/over-3-6m-exposed-mysql-servers-on-ipv4-and-ipv6/
www.shadowserver.org
Over 3.6 million exposed MySQL servers on IPv4 and IPv6 | The Shadowserver Foundation
We have recently began scanning for accessible MySQL server instances on port 3306/TCP. These are instances that respond to our MySQL connection request with a Server Greeting. Surprisingly to us, we found around 2.3M IPv4 addresses responding with such…
/ Vulnerability within the UNISOC baseband opens mobile phones communications to remote hacker attacks
https://research.checkpoint.com/2022/vulnerability-within-the-unisoc-baseband/
https://research.checkpoint.com/2022/vulnerability-within-the-unisoc-baseband/
Check Point Research
Vulnerability within the UNISOC baseband opens mobile phones communications to remote hacker attacks - Check Point Research
Introduction Do you remember push-button telephones? Many of them were based on chips from Spreadtrum Communications Inc., a Chinese chip manufacturer founded in 2001. In 2011, over half of all phones in China were powered by Spreadtrum chips. In 2018, Spreadtrum…
/ New Windows Search zero-day added to Microsoft protocol nightmare
https://www.bleepingcomputer.com/news/security/new-windows-search-zero-day-added-to-microsoft-protocol-nightmare/
https://www.bleepingcomputer.com/news/security/new-windows-search-zero-day-added-to-microsoft-protocol-nightmare/
BleepingComputer
New Windows Search zero-day added to Microsoft protocol nightmare
A new Windows Search zero-day vulnerability can be used to automatically open a search window containing remotely-hosted malware executables simply by launching a Word document.