/ Apple released multiple security pathces for *OS

* About the security content of macOS Monterey 12.5. Details.
* About the security content of macOS Big Sur 11.6.8. Details.
* About the security content of Security Update 2022-005 Catalina. Details.

/ Atlassian Multiple Products Security Advisory - CVE-2022-26136, CVE-2022-26137

* Summary of Vulnerabilities

Open SysConf 22 да прибудет с нами сила!
 
Йоу! Внезапно. Нежданно не гаданно (как всегда) мы решили оффлайнутся в нашем любимом формате на Open SysConf 22:

Предварительные вводные Open SysConf 22:
• Первичный контекст конференции - Открытая конференция ИТ/ИБ/..OPS направлений
• Вторичный контекст конференции - Спорт, развитие, личностный рост, мотивация
• Тип встречи - оффлайн, вопросы с трансляцией/записью обсуждаются (об этом позже)
• Дата встречи - Октябрь, 2022г. Примерно середина месяца (об этом позже)
• Место - в процессе определения, но ясно одно, локация г.Алматы.

И конечно доклады, общение, знакомство, новые знания, мотивация и как результат личностный и профессиональный рост 🌱

Концепции:
• Без коммерции или коммерческого бэкграунда
• Открытость и бесплатность
• Свободный вход и участие
• Помощь и обеспечение - добровольное, донаты.

Заценить конфу и темы прошлогодней конференции:
• https://sysconf.io

Помни дорогой друг - Делиться своими знаниями и опытом это не только нужно - это необходимо.

Всем Peace ✌️
 

/ Unauthenticated SQL injection vulnerability in SonicWall GMS

https://www.cybersecurity-help.cz/vdb/SB2022072213

/ VMware ESXi TCP/IP Memory Corruption Remote Code Execution Vulnerability

https://www.zerodayinitiative.com/advisories/ZDI-22-1021/

P.S. Thx dear subscriber for the link ✌️

Boundary tool - Identity-based access for zero trust security

* https://www.boundaryproject.io/

/ Untangling KNOTWEED: European private-sector offensive actor using 0-day exploits

https://www.microsoft.com/security/blog/2022/07/27/untangling-knotweed-european-private-sector-offensive-actor-using-0-day-exploits/

Samba 4.16.4, 4.15.9 and 4.14.14 Security Releases are available for Download

These are Security Releases in order to address CVE-2022-2031, CVE-2022-32742, CVE-2022-32744, CVE-2022-32745 and CVE-2022-32746.

https://www.samba.org/samba/latest_news.html#4.16.4

Old cat, new tricks, bad habits

An analysis of Charming Kitten’s new tools and OPSEC errors

The Telegram grabber tool is written in C++ and uses the open source Telegram Database Library (TDLib), a cross-platform Telegram client typically used to create custom apps for the platform... and many another interesting research info..:

https://www.pwc.com/gx/en/issues/cybersecurity/cyber-threat-intelligence/old-cat-new-tricks.html

System Administrator Appreciation Day

Be Strong, Be Healthy, Be Smart ✌️

/ Vulnerability in Dahua’s ONVIF Implementation Threatens IP Camera Security

https://www.nozominetworks.com/blog/vulnerability-in-dahua-s-onvif-implementation-threatens-ip-camera-security/

/ Living Off Windows Defender | LockBit Ransomware Sideloads Cobalt Strike Through Microsoft Security Tool

https://www.sentinelone.com/blog/living-off-windows-defender-lockbit-ransomware-sideloads-cobalt-strike-through-microsoft-security-tool/

/ DNS settings to avoid email spoofing and phishing for unused domain

https://www.cyberciti.biz/security/dns-settings-to-avoid-email-spoofing-and-phishing-for-unused-domain/

/ Multiple vulnerabilities were privately reported to VMware. (critical)

Patches are available to remediate these vulnerabilities in affected VMware products:

https://www.vmware.com/security/advisories/VMSA-2022-0021.html

/ CVE-2022-29154: Rsync client-side arbitrary file write vulnerability

https://www.openwall.com/lists/oss-security/2022/08/02/1

/ XSS vulnerabilities in Google Cloud, Google Play could lead to account hijacks

Article does not has any tecnical analysys, but has discovering information:

https://portswigger.net/daily-swig/xss-vulnerabilities-in-google-cloud-google-play-could-lead-to-account-hijacks

/ GitLab plans to delete dormant projects in free accounts

🙁

https://www.theregister.com/2022/08/04/gitlab_data_retention_policy

/ Hijacking email with Cloudflare Email Routing
…
Cloudflare Email Routing was in closed beta back when I discovered this vulnerability, with only a few domains having been granted access. Sadly, I was not invited to the party, so I was simply going to have to crash it instead.
…

https://albertpedersen.com/blog/hijacking-email-with-cloudflare-email-routing/

Fourteen Ways to Read the PID for the Local Security Authority Subsystem Service (LSASS)

Process enumeration is necessary prior to injecting shellcode or dumping memory. Threat actors tend to favour using CreateToolhelp32Snapshot with Process32First and Process32Next to gather a list of running processes. And if they’re a bit more tech-savvy, they’ll use the NtQuerySystemInformation system call directly.

Although this post will focus on obtaining a PID specifically for LSASS, the methods described here can be adapted to resolve PIDs for any process. Some of these are well known and have been discussed before, but there’s also a few new ones that many readers won’t be familiar with…

* https://www.mdsec.co.uk/2022/08/fourteen-ways-to-read-the-pid-for-the-local-security-authority-subsystem-service-lsass/