OrBit: New Undetected Linux Threat Uses Unique Hijack of Execution Flow
In this blog we will provide a deep technical analysis of a new and fully undetected Linux threat we named OrBit..:
https://www.intezer.com/blog/incident-response/orbit-new-undetected-linux-threat
P.S. Thx @Anykey76 ✌️
In this blog we will provide a deep technical analysis of a new and fully undetected Linux threat we named OrBit..:
https://www.intezer.com/blog/incident-response/orbit-new-undetected-linux-threat
P.S. Thx @Anykey76 ✌️
Intezer
OrBit: New Undetected Linux Threat Uses Unique Hijack of Execution Flow
OrBit is a new Linux malware that hijacks the execution flow, evading and gaining persistence to get remote access and steal information.
/ MS Windows Autopatch has arrived
Autopatch helps streamline updating... Anounce:
https://techcommunity.microsoft.com/t5/windows-it-pro-blog/windows-autopatch-has-arrived/ba-p/3570119
Autopatch helps streamline updating... Anounce:
https://techcommunity.microsoft.com/t5/windows-it-pro-blog/windows-autopatch-has-arrived/ba-p/3570119
TECHCOMMUNITY.MICROSOFT.COM
Windows Autopatch has arrived! | Microsoft Community Hub
See how Windows Autopatch can optimize update management for your organization.
/ From cookie theft to BEC: Attackers use AiTM phishing sites as entry point to further financial fraud
https://www.microsoft.com/security/blog/2022/07/12/from-cookie-theft-to-bec-attackers-use-aitm-phishing-sites-as-entry-point-to-further-financial-fraud/
https://www.microsoft.com/security/blog/2022/07/12/from-cookie-theft-to-bec-attackers-use-aitm-phishing-sites-as-entry-point-to-further-financial-fraud/
Microsoft News
From cookie theft to BEC: Attackers use AiTM phishing sites as entry point to further financial fraud
A large-scale phishing campaign that attempted to target over 10,000 organizations since September 2021 used adversary-in-the-middle (AiTM) phishing sites to steal passwords, hijack a user’s sign-in session, and skip the authentication process, even if the…
/ SAP Security Patch Day July 2022: Three Applications in Focus
https://onapsis.com/blog/sap-security-patch-day-july-2022-three-applications-focus
https://onapsis.com/blog/sap-security-patch-day-july-2022-three-applications-focus
Onapsis
SAP Security Patch Day July 2022: Three Applications in Focus
Get the latest insights from Onapsis on the July 2022 SAP Security Notes. Find out about high priority notes and stay protected.
/ Lenovo Notebook BIOS Vulnerabilities
https://support.lenovo.com/kz/kk/product_security/ps500500-lenovo-notebook-bios-vulnerabilities
https://support.lenovo.com/kz/kk/product_security/ps500500-lenovo-notebook-bios-vulnerabilities
/ Uncovering a macOS App Sandbox escape vulnerability: A deep dive into CVE-2022-26706
MS uncovered a vulnerability in macOS that could allow specially crafted codes to escape the App Sandbox and run unrestricted on the system. MS shared these findings with Apple through Coordinated Vulnerability Disclosure (CVD) via Microsoft Security Vulnerability Research (MSVR) in October 2021. A fix for this vulnerability, now identified as CVE-2022-26706, was included in the security updates released by Apple on May 16, 2022. Microsoft shares the vulnerability disclosure credit with another researcher, Arsenii Kostromin (0x3c3e), who discovered a similar technique independently.
* Article
/ From cookie theft to BEC: Attackers use AiTM phishing sites as entry point to further financial fraud
A large-scale phishing campaign that used adversary-in-the-middle (AiTM) phishing sites stole passwords, hijacked a user’s sign-in session, and skipped the authentication process even if the user had enabled multifactor authentication (MFA)..:
* Article
MS uncovered a vulnerability in macOS that could allow specially crafted codes to escape the App Sandbox and run unrestricted on the system. MS shared these findings with Apple through Coordinated Vulnerability Disclosure (CVD) via Microsoft Security Vulnerability Research (MSVR) in October 2021. A fix for this vulnerability, now identified as CVE-2022-26706, was included in the security updates released by Apple on May 16, 2022. Microsoft shares the vulnerability disclosure credit with another researcher, Arsenii Kostromin (0x3c3e), who discovered a similar technique independently.
* Article
/ From cookie theft to BEC: Attackers use AiTM phishing sites as entry point to further financial fraud
A large-scale phishing campaign that used adversary-in-the-middle (AiTM) phishing sites stole passwords, hijacked a user’s sign-in session, and skipped the authentication process even if the user had enabled multifactor authentication (MFA)..:
* Article
/ The Kit That Wants It All: Scam Mimics PayPal’s Known Security Measures
https://www.akamai.com/blog/security/paypal-phishing-scam-mimics-known-security-measures
https://www.akamai.com/blog/security/paypal-phishing-scam-mimics-known-security-measures
Akamai
Akamai Blog | The Kit That Wants It All: Scam Mimics PayPal’s Known Security Measures
Identity theft affects millions of people every year. See this piece on a scam purporting to be PayPal in an effort to gain total identity theft.
/ Unpacking Cloud-Based Cryptocurrency Miners That Abuse GitHub Actions and Azure Virtual Machines
https://www.trendmicro.com/en_us/research/22/g/unpacking-cloud-based-cryptocurrency-miners-that-abuse-github-ac.html
https://www.trendmicro.com/en_us/research/22/g/unpacking-cloud-based-cryptocurrency-miners-that-abuse-github-ac.html
Trend Micro
Unpacking Cloud-Based Cryptocurrency Miners That Abuse GitHub Actions and Azure Virtual Machines
We investigate cloud-based cryptocurrency miners that leverage GitHub Actions and Azure virtual machines, including the cloud infrastructure and vulnerabilities that malicious actors exploit for easy monetary gain.
Forwarded from Sys-Admin Up (Yevgeniy Goncharov)
Targeted Deanonymization via the Cache Side Channel: Attacks and Defenses
https://github.com/leakuidatorplusteam/artifacts
https://github.com/leakuidatorplusteam/artifacts
GitHub
GitHub - leakuidatorplusteam/artifacts: The Paper Artifact Availability
The Paper Artifact Availability. Contribute to leakuidatorplusteam/artifacts development by creating an account on GitHub.
/ 20 years of payment processing problems
Electronic payment systems have existed on the Internet for a long time, and some bugs in them are twenty years old. We’ve found critical vulnerabilities allowing us to steal money and drive up the balance. Today we will analyze typical implementations of payment processing and related security issues…
https://bo0om.ru/20-years-of-payment-processing-problems-en
Electronic payment systems have existed on the Internet for a long time, and some bugs in them are twenty years old. We’ve found critical vulnerabilities allowing us to steal money and drive up the balance. Today we will analyze typical implementations of payment processing and related security issues…
https://bo0om.ru/20-years-of-payment-processing-problems-en
/ A look at the CloudMensis macOS spyware
CloudMensis is malware for macOS developed in Objective-C. Samples we analyzed are compiled for both Intel and Apple silicon architectures..:
* Technical analysis
CloudMensis is malware for macOS developed in Objective-C. Samples we analyzed are compiled for both Intel and Apple silicon architectures..:
* Technical analysis
WeLiveSecurity
I see what you did there: A look at the CloudMensis macOS spyware
ESET uncovers CloudMensis, a macOS backdoor that spies on users of Mac devices and communicates with its operators via public cloud storage services.
Forwarded from Sys-Admin Up (Yevgeniy Goncharov)
AppFlowy.IO - The Open Source Alternative To Notion
You are in charge of your data and customizations.
Documentation:
* https://appflowy.gitbook.io/docs/essential-documentation/contribute-to-appflowy
Official site:
* https://www.appflowy.io
GitHub:
* https://github.com/AppFlowy-IO/appflowy
#need_ro_research
You are in charge of your data and customizations.
Documentation:
* https://appflowy.gitbook.io/docs/essential-documentation/contribute-to-appflowy
Official site:
* https://www.appflowy.io
GitHub:
* https://github.com/AppFlowy-IO/appflowy
#need_ro_research
AppFlowy
AppFlowy is the AI collaborative workspace where you achieve more without losing control of your data
Open BLD DNS: Our supporter is UptimeRobot
Hey, UptimeRobot it is a very good solution for on-line monitoring tasks. I'm using UptimeRobot over than 10 years for monitoring tasks by:
- Ping availability my Blog and Forum
- HTTP(S) availability and SSL expiry reminders
- Port(s) availability for Open BLD services
- Keyword checking on web-pages
Free plan allow using UptimeRobot with 5 min. interval with notifications to email.
Now, UptimeRobot helps to Open BLD Project to reduce checking intervals to 1 min and now you can checking Open BLD status on:
• https://bld-status.sys-adm.in page.
On my own behalf, I express my deep gratitude to the UptimeRobot service, now the availability and stability of the Open BLD service has more monitoring than it was.
You can try / help to Open BLD DNS project through official BLD Project site:
* https://lab.sys-adm.in
Hey, UptimeRobot it is a very good solution for on-line monitoring tasks. I'm using UptimeRobot over than 10 years for monitoring tasks by:
- Ping availability my Blog and Forum
- HTTP(S) availability and SSL expiry reminders
- Port(s) availability for Open BLD services
- Keyword checking on web-pages
Free plan allow using UptimeRobot with 5 min. interval with notifications to email.
Now, UptimeRobot helps to Open BLD Project to reduce checking intervals to 1 min and now you can checking Open BLD status on:
• https://bld-status.sys-adm.in page.
On my own behalf, I express my deep gratitude to the UptimeRobot service, now the availability and stability of the Open BLD service has more monitoring than it was.
You can try / help to Open BLD DNS project through official BLD Project site:
* https://lab.sys-adm.in
/ DNS-over-HTTP/3 in Android
To help keep Android users’ DNS queries private, Android supports encrypted DNS. In addition to existing support for DNS-over-TLS, Android now supports DNS-over-HTTP/3 which has a number of improvements over DNS-over-TLS.
Announce from Google:
https://security.googleblog.com/2022/07/dns-over-http3-in-android.html
To help keep Android users’ DNS queries private, Android supports encrypted DNS. In addition to existing support for DNS-over-TLS, Android now supports DNS-over-HTTP/3 which has a number of improvements over DNS-over-TLS.
Announce from Google:
https://security.googleblog.com/2022/07/dns-over-http3-in-android.html
Google Online Security Blog
DNS-over-HTTP/3 in Android
Posted by Matthew Maurer and Mike Yu, Android team To help keep Android users’ DNS queries private, Android supports encrypted DNS. I...
/ Luna and Black Basta — new ransomware for Windows, Linux and ESXi
Luna: brand-new ransomware written in Rust, Black Basta is a relatively new ransomware variant written in C++ which first came to light in February 2022…
Technical analysis:
https://securelist.com/luna-black-basta-ransomware/106950/
Luna: brand-new ransomware written in Rust, Black Basta is a relatively new ransomware variant written in C++ which first came to light in February 2022…
Technical analysis:
https://securelist.com/luna-black-basta-ransomware/106950/
Securelist
Kaspersky report on Luna and Black Basta ransomware
This report discusses new ransomware, that targets Windows, Linux and ESXi systems: Luna written in Rust and Black Basta.
/ Apple released multiple security pathces for *OS
* About the security content of macOS Monterey 12.5. Details.
* About the security content of macOS Big Sur 11.6.8. Details.
* About the security content of Security Update 2022-005 Catalina. Details.
* About the security content of macOS Monterey 12.5. Details.
* About the security content of macOS Big Sur 11.6.8. Details.
* About the security content of Security Update 2022-005 Catalina. Details.
Apple Support
About the security content of macOS Monterey 12.5
This document describes the security content of macOS Monterey 12.5.
/ Atlassian Multiple Products Security Advisory - CVE-2022-26136, CVE-2022-26137
* Summary of Vulnerabilities
* Summary of Vulnerabilities
Open SysConf 22 да прибудет с нами сила!
Йоу! Внезапно. Нежданно не гаданно (как всегда) мы решили оффлайнутся в нашем любимом формате на Open SysConf 22:
Предварительные вводные Open SysConf 22:
• Первичный контекст конференции - Открытая конференция ИТ/ИБ/..OPS направлений
• Вторичный контекст конференции - Спорт, развитие, личностный рост, мотивация
• Тип встречи - оффлайн, вопросы с трансляцией/записью обсуждаются (об этом позже)
• Дата встречи - Октябрь, 2022г. Примерно середина месяца (об этом позже)
• Место - в процессе определения, но ясно одно, локация г.Алматы.
И конечно доклады, общение, знакомство, новые знания, мотивация и как результат личностный и профессиональный рост 🌱
Концепции:
• Без коммерции или коммерческого бэкграунда
• Открытость и бесплатность
• Свободный вход и участие
• Помощь и обеспечение - добровольное, донаты.
Заценить конфу и темы прошлогодней конференции:
• https://sysconf.io
Помни дорогой друг - Делиться своими знаниями и опытом это не только нужно - это необходимо.
Всем Peace ✌️
Йоу! Внезапно. Нежданно не гаданно (как всегда) мы решили оффлайнутся в нашем любимом формате на Open SysConf 22:
Предварительные вводные Open SysConf 22:
• Первичный контекст конференции - Открытая конференция ИТ/ИБ/..OPS направлений
• Вторичный контекст конференции - Спорт, развитие, личностный рост, мотивация
• Тип встречи - оффлайн, вопросы с трансляцией/записью обсуждаются (об этом позже)
• Дата встречи - Октябрь, 2022г. Примерно середина месяца (об этом позже)
• Место - в процессе определения, но ясно одно, локация г.Алматы.
И конечно доклады, общение, знакомство, новые знания, мотивация и как результат личностный и профессиональный рост 🌱
Концепции:
• Без коммерции или коммерческого бэкграунда
• Открытость и бесплатность
• Свободный вход и участие
• Помощь и обеспечение - добровольное, донаты.
Заценить конфу и темы прошлогодней конференции:
• https://sysconf.io
Помни дорогой друг - Делиться своими знаниями и опытом это не только нужно - это необходимо.
Всем Peace ✌️
/ Unauthenticated SQL injection vulnerability in SonicWall GMS
https://www.cybersecurity-help.cz/vdb/SB2022072213
https://www.cybersecurity-help.cz/vdb/SB2022072213
www.cybersecurity-help.cz
Unauthenticated SQL injection vulnerability in SonicWall GMS
The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.