Open BLD DNS: Our supporter is UptimeRobot
 
Hey, UptimeRobot it is a very good solution for on-line monitoring tasks. I'm using UptimeRobot over than 10 years for monitoring tasks by:
- Ping availability my Blog and Forum
- HTTP(S) availability and SSL expiry reminders
- Port(s) availability for Open BLD services
- Keyword checking on web-pages

Free plan allow using UptimeRobot with 5 min. interval with notifications to email.

Now, UptimeRobot helps to Open BLD Project to reduce checking intervals to 1 min and now you can checking Open BLD status on:
• https://bld-status.sys-adm.in page.

On my own behalf, I express my deep gratitude to the UptimeRobot service, now the availability and stability of the Open BLD service has more monitoring than it was.
 
You can try / help to Open BLD DNS project through official BLD Project site:
* https://lab.sys-adm.in

/ DNS-over-HTTP/3 in Android

To help keep Android users’ DNS queries private, Android supports encrypted DNS. In addition to existing support for DNS-over-TLS, Android now supports DNS-over-HTTP/3 which has a number of improvements over DNS-over-TLS.

Announce from Google:

https://security.googleblog.com/2022/07/dns-over-http3-in-android.html

/ Luna and Black Basta — new ransomware for Windows, Linux and ESXi

Luna: brand-new ransomware written in Rust, Black Basta is a relatively new ransomware variant written in C++ which first came to light in February 2022…

Technical analysis:

https://securelist.com/luna-black-basta-ransomware/106950/

/ Apple released multiple security pathces for *OS

* About the security content of macOS Monterey 12.5. Details.
* About the security content of macOS Big Sur 11.6.8. Details.
* About the security content of Security Update 2022-005 Catalina. Details.

/ Atlassian Multiple Products Security Advisory - CVE-2022-26136, CVE-2022-26137

* Summary of Vulnerabilities

Open SysConf 22 да прибудет с нами сила!
 
Йоу! Внезапно. Нежданно не гаданно (как всегда) мы решили оффлайнутся в нашем любимом формате на Open SysConf 22:

Предварительные вводные Open SysConf 22:
• Первичный контекст конференции - Открытая конференция ИТ/ИБ/..OPS направлений
• Вторичный контекст конференции - Спорт, развитие, личностный рост, мотивация
• Тип встречи - оффлайн, вопросы с трансляцией/записью обсуждаются (об этом позже)
• Дата встречи - Октябрь, 2022г. Примерно середина месяца (об этом позже)
• Место - в процессе определения, но ясно одно, локация г.Алматы.

И конечно доклады, общение, знакомство, новые знания, мотивация и как результат личностный и профессиональный рост 🌱

Концепции:
• Без коммерции или коммерческого бэкграунда
• Открытость и бесплатность
• Свободный вход и участие
• Помощь и обеспечение - добровольное, донаты.

Заценить конфу и темы прошлогодней конференции:
• https://sysconf.io

Помни дорогой друг - Делиться своими знаниями и опытом это не только нужно - это необходимо.

Всем Peace ✌️
 

/ Unauthenticated SQL injection vulnerability in SonicWall GMS

https://www.cybersecurity-help.cz/vdb/SB2022072213

/ VMware ESXi TCP/IP Memory Corruption Remote Code Execution Vulnerability

https://www.zerodayinitiative.com/advisories/ZDI-22-1021/

P.S. Thx dear subscriber for the link ✌️

Boundary tool - Identity-based access for zero trust security

* https://www.boundaryproject.io/

/ Untangling KNOTWEED: European private-sector offensive actor using 0-day exploits

https://www.microsoft.com/security/blog/2022/07/27/untangling-knotweed-european-private-sector-offensive-actor-using-0-day-exploits/

Samba 4.16.4, 4.15.9 and 4.14.14 Security Releases are available for Download

These are Security Releases in order to address CVE-2022-2031, CVE-2022-32742, CVE-2022-32744, CVE-2022-32745 and CVE-2022-32746.

https://www.samba.org/samba/latest_news.html#4.16.4

Old cat, new tricks, bad habits

An analysis of Charming Kitten’s new tools and OPSEC errors

The Telegram grabber tool is written in C++ and uses the open source Telegram Database Library (TDLib), a cross-platform Telegram client typically used to create custom apps for the platform... and many another interesting research info..:

https://www.pwc.com/gx/en/issues/cybersecurity/cyber-threat-intelligence/old-cat-new-tricks.html

System Administrator Appreciation Day

Be Strong, Be Healthy, Be Smart ✌️

/ Vulnerability in Dahua’s ONVIF Implementation Threatens IP Camera Security

https://www.nozominetworks.com/blog/vulnerability-in-dahua-s-onvif-implementation-threatens-ip-camera-security/

/ Living Off Windows Defender | LockBit Ransomware Sideloads Cobalt Strike Through Microsoft Security Tool

https://www.sentinelone.com/blog/living-off-windows-defender-lockbit-ransomware-sideloads-cobalt-strike-through-microsoft-security-tool/

/ DNS settings to avoid email spoofing and phishing for unused domain

https://www.cyberciti.biz/security/dns-settings-to-avoid-email-spoofing-and-phishing-for-unused-domain/

/ Multiple vulnerabilities were privately reported to VMware. (critical)

Patches are available to remediate these vulnerabilities in affected VMware products:

https://www.vmware.com/security/advisories/VMSA-2022-0021.html

/ CVE-2022-29154: Rsync client-side arbitrary file write vulnerability

https://www.openwall.com/lists/oss-security/2022/08/02/1

/ XSS vulnerabilities in Google Cloud, Google Play could lead to account hijacks

Article does not has any tecnical analysys, but has discovering information:

https://portswigger.net/daily-swig/xss-vulnerabilities-in-google-cloud-google-play-could-lead-to-account-hijacks

/ GitLab plans to delete dormant projects in free accounts

🙁

https://www.theregister.com/2022/08/04/gitlab_data_retention_policy