/ Multiple vulnerabilities were privately reported to VMware. Patches are available to remediate these vulnerabilities in affected VMware products (critical)

https://www.vmware.com/security/advisories/VMSA-2022-0021.html

/ Cisco Small Business RV Series Routers Vulnerabilities

Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition on an affected device:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-mult-vuln-CbVp4SUR

/ dnsdist: implement own rate-limiting function

Dnsdist is a highly DNS-, DoS- and abuse-aware loadbalancer. Its goal in life is to route traffic to the best server, delivering top performance to legitimate users while shunting or blocking abusive traffic.

Fully LUA & Redis integrated solition with code examples:

* Part 1 - https://blog.mrpk.info/posts/dnsdist-implement-own-rate-limiting-function/
* Part 2 - https://blog.mrpk.info/posts/dnsdist-implement-own-rate-limiting-function-part2/

/ HiddenAds malware affects 1M+ users and hides on the Google Play Store

* Research from McAfee

P.S. Malware domain already blocked in Open BLD service

SQUIP: Exploiting the Scheduler Queue Contention Side Channel

In this paper, we present the SQUIP attack, the first side-channel attack on scheduler queues. With SQUIP, we measure the precise degree of Scheduler Queue Usage (i.e., occupancy) via Interference Probing. We show that this occupancy level measurement works on microarchitectures of different vendors, namely the Apple M1, AMD Zen 2 and Zen 3…

/ The mechanics of a sophisticated phishing scam and how we stopped it

Message from CF: Yesterday, August 8, 2022, Twilio shared that they’d been compromised by a targeted phishing attack. Around the same time as Twilio was attacked, we saw an attack with very similar characteristics also targeting Cloudflare’s employees. While individual employees did fall for the phishing messages, we were able to thwart the attack through our own use of Cloudflare One products, and physical security keys issued to every employee that are required to access all our applications..

IOCs from CF:
* https://blog.cloudflare.com/2022-07-sms-phishing-attacks/

/ Thread actors breached Cisco systems in May and stole gigabytes of information from Cisco..

Cisco Talos shares insights related to recent cyber attack on Cisco

https://blog.talosintelligence.com/2022/08/recent-cyber-attack.html

Cisco Event Response: Corporate Network Security Incident details:

https://tools.cisco.com/security/center/resources/corp_network_security_incident

/ Browser-Powered Desync Attacks: A New Frontier in HTTP Request Smuggling

https://portswigger.net/research/browser-powered-desync-attacks

MicroK8s

https://microk8s.io/

Hacking Zyxel IP cameras to gain a root shell

TLDR - Do not buy, do not use, and remove all of these devices from service immediately (IPC-3605N and the model IPC-4605N). They are so miserably insecure it took me less than a day of effort to develop a utility to remotely compromise any of them. Keep reading if you want to know how… (from Author)

Technical analysys:

http://www.hydrogen18.com/blog/hacking-zyxel-ip-cameras-pt-1.html

Open SysConf 2022 Уже в Октябре!
 
Привет, мы готовим новую - четвертую ежегодную встречу Open SysConf'22.

Уже точно есть:
— Три доклада
— Собрано половина бюджета
— Место, дата и время встречи
- Обновленный сайт sysconf.io

Обычно у большинства людей обстоятельства складываются таким образом, что вечно что-то мешает заняться спортом, сделать доклад, поучаствовать в конфе, мешают обычно работа, откладывание за завтра и тп и тд...

Собраться, поделиться знаниями, найти время для себя - это то, что нужно действительно сделать здесь и сейчас (и в Октябре)! Расправь плечи дорогой друг, подними голову и ступай смело вперед:

- https://sysconf.io
- 14 Октября, с 11:00 до 20:00, Алматы.

Зал большой, места хватит всем! Все нужные ссылки, ты найдешь на сайте. Peace ✌️.
 

/ ONE BOOTLOADER TO LOAD THEM ALL

These vulnerabilities could be used by an attacker to easily evade Secure Boot protections and compromise the integrity of the boot process; enabling the attacker to modify the operating system as it loads, install backdoors, and disable operating system security controls:

https://eclypsium.com/2022/08/11/vulnerable-bootloaders-2022

CVE-2022-30216 - Authentication coercion of the Windows “Server” service
 
The Server service (also called LanmanServer) is a Windows service that is responsible for the management of SMB shares. Shares are resources — files, printers, and directory trees — that are made accessible over the network by a Common Internet File System server. Essentially, network shares allow users to utilize other devices on the network to perform various daily tasks.

The Server service allows a remote machine to create, configure, query, and delete shares through RPC over a named pipe (\\pipe\srvsvc). For the remainder of this post, we will refer to the service as srvsvc.

A vulnerability in srvsvc is impactful because the service provides core functionality and therefore runs by default on every Windows machine.

• Details

/ Remote Code Execution on Element Desktop Application using Node Integration in Sub Frames Bypass - CVE-2022-23597

During our Electron Desktop Application hacking frenzy, Pew informed me on Discord about a Desktop Application called Element in which he was able to insert an external iframe. We began examining the Element source code, which is public here, and eventually succeeded in Remote Code Execution…

Dig into the details of the bug:

* https://blog.electrovolt.io/posts/element-rce/

/ About the security content of iOS 15.6.1 and iPadOS 15.6.1

kernel, webkit:

https://support.apple.com/en-us/HT213412

/ Impact to DigitalOcean customers resulting from Mailchimp security incident

After attack to Mailchimp service (malicious actors are increasingly deploying an array of sophisticated phishing and social engineering tactics targeting data and information from crypto-related companies), DO released “impact” document about of this attack, impacting to DO customers and what did they learn for this situation… in short: - “we need more secure.. bla bla..” 😄

Article potentially can be useful for some people from security management staff:

* https://www.digitalocean.com/blog/digitalocean-response-to-mailchimp-security-incident

/ Cisco Secure Web Appliance Privilege Escalation Vulnerability (high)

A vulnerability in the web management interface of Cisco AsyncOS for Cisco Secure Web Appliance, formerly Cisco Web Security Appliance (WSA), could allow an authenticated, remote attacker to perform a command injection and elevate privileges to root:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wsa-prv-esc-8PdRU8t8

Open BLD DNS Updating News (August’22): New BLD release, New tools and more
 
- 100% migration to KeyDB from Redis
- Automated upgrading target distros according Open BLD DNS roles (BLD infra has several BLD servers roles)
- Added Open API IP location reflector (see link below) on the S-A Lab site
- Ansible roles optimized with common variables
- BLD Server update server can merge downloaded lists without comments (plain lists)
- UptimeRobot helped to Open BLD, now you can review status page: bld-status.sys-adm.in

Note: UptimeRobot supported Open BLD DNS Project. I’m using UptimeRobot more than 10 years, it is a very useful and stable uptime monitoring service, details

Tools:
• install-redis.sh
• install-keydb.sh
• redis-to-keydb.sh
• lib.sh
• monit2telegram.sh - local IP detection fuctionallity added to this fork
• ip reflector
• bld server

Deprecation notice:
• ⚠️ 8443 port will be disabled in the next release. Please switch your DoH to 443

Open BLD DNS Site:
• EN - https://lab.sys-adm.in/en
• RU - https://lab.sys-adm.in/ru