Forwarded from Sys-Admin Up (Yevgeniy Goncharov)
R4IoT: When Ransomware Meets IoT and OT
Next-generation ransomware report:
https://www.forescout.com/resources/r4iot-next-generation-ransomware-report
Next-generation ransomware report:
https://www.forescout.com/resources/r4iot-next-generation-ransomware-report
Open BLD DNS Updating News: Pre-release BLD, Debian migration and Alerting infrastructure
I'm happy to present BLD DNS pre-release services already in production. What's new:
🚀 Speedup:
• Cache and updating process of additional blocking lists, was improved
• Improved memory handling. Redis cluster added.
• Improved DNS prefetching process
🛸 Security:
• Fully removed support olders TLS versions
• All code depenses (include vulnerabilities fixes) was updated
• Added cross check server availability with alerts
• All BLD servers has A statuses in SSLLABS
• All BLD servers divided to specified categories
• Added notifications (alerts) to Telegram Bot
🪚 Stability:
• Added additional systemd timers for watching BLD services statuses
• Added DNS tracking service and automatic restart of BLD services
🚜 Migration:
• All migration (from distro to distro) processes 90% automated
• All CentOS servers deprecated and changed to Debian 🎉
🛰 Today, the BLD infrastructure has 10 servers located around the world 🎈🎈🎉
BLD works without agents or any additional tools, but you can use secure and clean Internet in/on:
• Browsers (Chrome, Brave, Firefox, Edge and etc)
• Mobile devices (Android, iOS)
• Computers or networks (Primaty/Secondary DNS)
If you not tried BLD DNS - get more details on official BLD site:
• https://lab.sys-adm.in
#free #bld #sys-admin #sevices
I'm happy to present BLD DNS pre-release services already in production. What's new:
🚀 Speedup:
• Cache and updating process of additional blocking lists, was improved
• Improved memory handling. Redis cluster added.
• Improved DNS prefetching process
🛸 Security:
• Fully removed support olders TLS versions
• All code depenses (include vulnerabilities fixes) was updated
• Added cross check server availability with alerts
• All BLD servers has A statuses in SSLLABS
• All BLD servers divided to specified categories
• Added notifications (alerts) to Telegram Bot
🪚 Stability:
• Added additional systemd timers for watching BLD services statuses
• Added DNS tracking service and automatic restart of BLD services
🚜 Migration:
• All migration (from distro to distro) processes 90% automated
• All CentOS servers deprecated and changed to Debian 🎉
🛰 Today, the BLD infrastructure has 10 servers located around the world 🎈🎈🎉
BLD works without agents or any additional tools, but you can use secure and clean Internet in/on:
• Browsers (Chrome, Brave, Firefox, Edge and etc)
• Mobile devices (Android, iOS)
• Computers or networks (Primaty/Secondary DNS)
If you not tried BLD DNS - get more details on official BLD site:
• https://lab.sys-adm.in
#free #bld #sys-admin #sevices
Sys-Admin InfoSec pinned «Open BLD DNS Updating News: Pre-release BLD, Debian migration and Alerting infrastructure I'm happy to present BLD DNS pre-release services already in production. What's new: 🚀 Speedup: • Cache and updating process of additional blocking lists, was improved…»
2022-MS-Vulnerability-Report.pdf
1.3 MB
/ Microsoft Vulnerabilities Report 2022
Historically, the report has delivered a holistic annual view of the vulnerabilities within Microsoft’s platforms and products, and has established an
undeniable business case for the importance of removing admin rights to reduce risk…
Historically, the report has delivered a holistic annual view of the vulnerabilities within Microsoft’s platforms and products, and has established an
undeniable business case for the importance of removing admin rights to reduce risk…
Forwarded from Sys-Admin Up (Yevgeniy Goncharov)
Confluence Server and Data Center - CVE-2022-26134 - Critical severity unauthenticated remote code execution vulnerability
https://confluence.atlassian.com/doc/confluence-security-advisory-2022-06-02-1130377146.html
https://confluence.atlassian.com/doc/confluence-security-advisory-2022-06-02-1130377146.html
/ Technical Advisory – Multiple Vulnerabilities in U-Boot (CVE-2022-30790, CVE-2022-30552)
U-boot is a popular boot loader for embedded systems with implementations for a large number of architectures and prominent in most Linux based embedded systems such as ChromeOS and Android Devices:
https://research.nccgroup.com/2022/06/03/technical-advisory-multiple-vulnerabilities-in-u-boot-cve-2022-30790-cve-2022-30552/
U-boot is a popular boot loader for embedded systems with implementations for a large number of architectures and prominent in most Linux based embedded systems such as ChromeOS and Android Devices:
https://research.nccgroup.com/2022/06/03/technical-advisory-multiple-vulnerabilities-in-u-boot-cve-2022-30790-cve-2022-30552/
/ 7 Top Trends in Cybersecurity for 2022 from Gartner
https://www.gartner.com/en/articles/7-top-trends-in-cybersecurity-for-2022
https://www.gartner.com/en/articles/7-top-trends-in-cybersecurity-for-2022
Gartner
7 Top Trends in Cybersecurity for 2022
Security and risk executives face a critical juncture in 2022, as the digital footprint of organizations expands and centralized cybersecurity control becomes obsolete. Discover the 7️⃣ top trends in #Cybersecurity from @Gartner_IT. #GartnerSEC
/ What is DNSCrypt
DNSCrypt is a protocol that encrypts, authenticates and optionally anonymizes communications between a DNS client and a DNS resolver. It prevents DNS spoofing. It uses cryptographic signatures to verify that responses originate from the chosen DNS resolver and haven’t been tampered with.
It is an open specification, with free and open source reference implementations, and it is not affiliated with any company nor organization:
https://dnscrypt.info/
DNSCrypt is a protocol that encrypts, authenticates and optionally anonymizes communications between a DNS client and a DNS resolver. It prevents DNS spoofing. It uses cryptographic signatures to verify that responses originate from the chosen DNS resolver and haven’t been tampered with.
It is an open specification, with free and open source reference implementations, and it is not affiliated with any company nor organization:
https://dnscrypt.info/
DNSCrypt
DNSCrypt version 2 - Official Project Home Page
New home of the DNSCrypt project, now implementing multiple protocols to improve DNS security. Download official DNSCrypt & DoH servers and clients here.
/ Использование офисных документов в кибератаках
статистика вредоносных вложений в почтовом трафике и не только:
https://securelist.ru/malicious-office-documents-in-cyber-attacks/105158/
статистика вредоносных вложений в почтовом трафике и не только:
https://securelist.ru/malicious-office-documents-in-cyber-attacks/105158/
securelist.ru
Вредоносные офисные документы в почтовых рассылках
В марте 2022 резко возросло количество рассылок с вредоносными офисными документами. Приводим статистику по срабатываниям почтовых компонентов наших защитных решений и общую информацию об атаках с использованием документов.
/ Multiple vulnerabilities in Zyxel zysh
zysh vulnerabilities research:
https://security.humanativaspa.it/multiple-vulnerabilities-in-zyxel-zysh/
zysh vulnerabilities research:
https://security.humanativaspa.it/multiple-vulnerabilities-in-zyxel-zysh/
hn security
Multiple vulnerabilities in Zyxel zysh - hn security
“We live on a placid island […]
Forwarded from Sys-Admin Up (Yevgeniy Goncharov)
⚙️ Monitor.sh - Script for checking systemd unit status
monitor.sh can run custom noscript / action if unit has stopped or running statuses, examples:
or
or just:
add this noscript to cron and if your systemd unit will be stopped or disabled, monitor.sh will enable and will try tu restart targeted systemd unit…
* https://github.com/m0zgen/monitor
monitor.sh can run custom noscript / action if unit has stopped or running statuses, examples:
./monitor.sh -u sshd -a "/path/to/action-noscript/action.sh"or
./monitor.sh -u multipathd -r -a "/usr/local/sbin/test.sh"or just:
./monitor.sh -u multipathd -radd this noscript to cron and if your systemd unit will be stopped or disabled, monitor.sh will enable and will try tu restart targeted systemd unit…
* https://github.com/m0zgen/monitor
GitHub
GitHub - m0zgen/monitor: ⚙️ Monitor.sh - Script for checking systemd unit status
⚙️ Monitor.sh - Script for checking systemd unit status - m0zgen/monitor
/ Ransomware The True Cost to Business
A Global Study on Ransomware Business Impact report:
https://www.cybereason.com/hubfs/dam/collateral/reports/Ransomware-The-True-Cost-to-Business-2022.pdf
A Global Study on Ransomware Business Impact report:
https://www.cybereason.com/hubfs/dam/collateral/reports/Ransomware-The-True-Cost-to-Business-2022.pdf
Forwarded from Sys-Admin Up (Yevgeniy Goncharov)
Этика и психология индивидуума айтишного и не только. Риторика.
- В начале было слово. Слово - это поступок. Говоря слова и собирая их в предложения, абзацы - следи за собой ибо ты совершаешь поступки.
- Воля, дух - их как бы нет как органов, но их можно тренировать, развивать и использовать это в своей жизни.
- Совокупность разных качеств образует образ - личность, эксперта или тряпку и болтуна.
Нравственность и мораль, а так же жизненный опыт, аспекты слова и духа и много чего еще образуют еще одну сущность, дисциплину - этика…
Далее о наборе различных компетенций формирующих поведение и отношение к жизни, самомы себе и окружающим:
- https://sys-adm.in/live/983-etika-i-psikhologiya-individuuma-ajtishnogo-i-ne-tolko-ritorika.html
- В начале было слово. Слово - это поступок. Говоря слова и собирая их в предложения, абзацы - следи за собой ибо ты совершаешь поступки.
- Воля, дух - их как бы нет как органов, но их можно тренировать, развивать и использовать это в своей жизни.
- Совокупность разных качеств образует образ - личность, эксперта или тряпку и болтуна.
Нравственность и мораль, а так же жизненный опыт, аспекты слова и духа и много чего еще образуют еще одну сущность, дисциплину - этика…
Далее о наборе различных компетенций формирующих поведение и отношение к жизни, самомы себе и окружающим:
- https://sys-adm.in/live/983-etika-i-psikhologiya-individuuma-ajtishnogo-i-ne-tolko-ritorika.html
lab.sys-adm.in
Sys-Admin Laboratory
Open Sys-Admin BLD DNS - Focus on information for free with adblocking and implicit cybersecurity threat prevention.
/ Symbiote: A New, Nearly-Impossible-to-Detect Linux Threat
https://blogs.blackberry.com/en/2022/06/symbiote-a-new-nearly-impossible-to-detect-linux-threat
And:
https://www.intezer.com/blog/research/new-linux-threat-symbiote/
https://blogs.blackberry.com/en/2022/06/symbiote-a-new-nearly-impossible-to-detect-linux-threat
And:
https://www.intezer.com/blog/research/new-linux-threat-symbiote/
BlackBerry
Symbiote: A New, Nearly-Impossible-to-Detect Linux Threat
There's a new, nearly-impossible-to-detect Linux threat that may be hiding in your running processes. Learn more about "Symbiote," discovered via new joint research by Intezer and BlackBerry.
/ Apache HTTP Server 2.4 vulnerabilities fixes
This page lists all security vulnerabilities fixed in released versions of Apache HTTP Server 2.4
https://httpd.apache.org/security/vulnerabilities_24.html
This page lists all security vulnerabilities fixed in released versions of Apache HTTP Server 2.4
https://httpd.apache.org/security/vulnerabilities_24.html
httpd.apache.org
Apache HTTP Server 2.4 vulnerabilities - The Apache HTTP Server Project
/ firejail: local root exploit reachable via --join logic
(CVE-2022-31214)
https://www.openwall.com/lists/oss-security/2022/06/08/10
Exploit:
https://www.openwall.com/lists/oss-security/2022/06/08/10/1
(CVE-2022-31214)
https://www.openwall.com/lists/oss-security/2022/06/08/10
Exploit:
https://www.openwall.com/lists/oss-security/2022/06/08/10/1
/ Atom and will archive all projects under the organization on December 15, 2022
There was a good editor(
https://github.blog/2022-06-08-sunsetting-atom/
There was a good editor(
https://github.blog/2022-06-08-sunsetting-atom/
The GitHub Blog
Sunsetting Atom
We are archiving Atom and all projects under the Atom organization for an official sunset on December 15, 2022.
/ Drupal core - Moderately critical - Third-party libraries - SA-CORE-2022-011
https://www.drupal.org/sa-core-2022-011
https://www.drupal.org/sa-core-2022-011
Drupal.org
Drupal core - Moderately critical - Third-party libraries - SA-CORE-2022-011
Updated 22:00 UTC 2022-06-10: Added steps to update without drupal/core-recommended. Drupal uses the third-party Guzzle library for handling HTTP requests and responses to external services. Guzzle has released two security advisories: Failure to strip the…
/ FIREFOX AND CHROME ARE SQUARING OFF OVER AD-BLOCKER EXTENSIONS
...
THE SAME FEATURE CAN BE USED MALICIOUSLY TO HIJACK USERS’ LOGIN CREDENTIALS OR INSERT EXTRA ADS INTO WEB PAGES
...
https://www.theverge.com/2022/6/10/23131029/mozilla-ad-blocking-firefox-google-chrome-privacy-manifest-v3-web-request
P.S. Sys-Admin Open BLD Service does not use browser extantions or etc, it is encrypted malisious/tracking/ad DNS blocking service which support many popular browsers, mobile devices, routers, OSs, details : https://lab.sys-adm.in
...
THE SAME FEATURE CAN BE USED MALICIOUSLY TO HIJACK USERS’ LOGIN CREDENTIALS OR INSERT EXTRA ADS INTO WEB PAGES
...
https://www.theverge.com/2022/6/10/23131029/mozilla-ad-blocking-firefox-google-chrome-privacy-manifest-v3-web-request
P.S. Sys-Admin Open BLD Service does not use browser extantions or etc, it is encrypted malisious/tracking/ad DNS blocking service which support many popular browsers, mobile devices, routers, OSs, details : https://lab.sys-adm.in
The Verge
Firefox and Chrome are squaring off over ad blocker extensions
A browser privacy showdown has been brewing for a while.
/ Apple M1 PACMAN attack
PACMAN is a novel hardware attack that can bypass Pointer Authentication (PAC) on the Apple M1 CPU. We present the following contributions:
- A new way of thinking about compounding threat models in the Spectre age.
- Reverse engineered details of the M1 memory hierarchy.
- A hardware attack to forge kernel PACs from userspace on M1.
Details:
* https://pacmanattack.com/
PACMAN is a novel hardware attack that can bypass Pointer Authentication (PAC) on the Apple M1 CPU. We present the following contributions:
- A new way of thinking about compounding threat models in the Spectre age.
- Reverse engineered details of the M1 memory hierarchy.
- A hardware attack to forge kernel PACs from userspace on M1.
Details:
* https://pacmanattack.com/
PACMAN
PACMAN: Attacking ARM Pointer Authentication with Speculative Execution