/ Zimbra - Attacker managed to upload files into Web Client directory

https://forums.zimbra.org/viewtopic.php?t=71153

/ A vulnerability was found in Zoom Client for Meetings up to 5.11.x on macOS (Unified Communication Software). It has been classified as critical

...debugging port misconfiguration..:

https://vuldb.com/?id.210867

/ Introducing the Fleet Public Preview

I tried it.. Not bad.. not bad:

https://blog.jetbrains.com/fleet/2022/10/introducing-the-fleet-public-preview/

Additional info:

https://www.jetbrains.com/fleet/

/ Microsoft Office 365 Message Encryption Insecure Mode of Operation

https://labs.withsecure.com/advisories/microsoft-office-365-message-encryption-insecure-mode-of-operation

/ Git security vulnerabilities announced

Today, the Git project released new versions to address a pair of security vulnerabilities (CVE-2022-39253, and CVE-2022-39260) that affect versions 2.38 and older. These affect Git’s --local clone optimization and git shell‘s interactive command mode:

https://github.blog/2022-10-18-git-security-vulnerabilities-announced

How We Managed to Abuse a Custom Role User Using CSTI and Stored XSS in Azure Fabric Explorer

https://orca.security/resources/blog/fabrixss-vulnerability-azure-fabric-explorer/

/ New Fully Undetectable PowerShell Backdoor (high-level overview FUD PowerShell backdoor)

In this research report, we will provide a high-level overview of this FUD PowerShell backdoor, including when it first appeared and what it does. We’ll also provide insight into the operations security mistakes made by the threat actor responsible for the tool that we were able to logically exploit to access and decrypt the encrypted C2 commands for each victim. One of the commands is an execution of a full PowerShell code for Active Directory users enumeration and remote desktop enumeration, which probably will be used later in a lateral movement phase…

https://www.safebreach.com/resources/blog/safebreach-labs-researchers-uncover-new-fully-undetectable-powershell-backdoor/

Netlas.io - Discover, Research and Monitor any Assets Available Online
 
Internet intelligence apps that provide accurate technical information on IP addresses, domain names, websites, web applications, IoT devices, and other online assets:

• Web crawler
• Domain names
• DNS lookups
• Whois
• Internet scanner

This service has API and Free "Community" access for registered users:

• Tool: https://app.netlas.io/

/ K30425568: Overview of F5 vulnerabilities (October 2022)

https://support.f5.com/csp/article/K30425568

/ New Scanner For Text4shell

https://blog.silentsignal.eu/2022/10/18/our-new-scanner-for-text4shell/

Additionl info - CVE-2022-42889: Keep Calm and Stop Saying "4Shell”

https://www.rapid7.com/blog/post/2022/10/17/cve-2022-42889-keep-calm-and-stop-saying-4shell/

/ Vulnerability Spotlight: Vulnerabilities in Abode Systems home security kit could allow attacker to take over cameras, remotely disable them

https://blog.talosintelligence.com/2022/10/vuln-spotlight-abode-.html

/ About the security content of iOS 16.1 and iPadOS 16

https://support.apple.com/en-us/HT213489

/ “Dormant Colors”: Live Campaign With Over 1M Data Stealing Extensions Installed

Evil browser extention, technical analysis:

https://guardiosecurity.medium.com/dormant-colors-live-campaign-with-over-1m-data-stealing-extensions-installed-9a9a459b5849

/ Stranger Strings: An exploitable flaw in SQLite

https://blog.trailofbits.com/2022/10/25/sqlite-vulnerability-july-2022-library-api/

/ ClamAV 1.0.0 release candidate now available

many good changes in clamav you can read on official release page:

https://blog.clamav.net/2022/10/clamav-100-release-candidate-now.html

/ Cisco has warned of active exploitation attempts targeting a pair of two-year-old security flaws in the Cisco AnyConnect Secure Mobility Client for Windows.

https://thehackernews.com/2022/10/hackers-actively-exploiting-cisco.html

Thx for the link @novitoll ✌️

Открытые практикумы DevOps, Linux, Networks, Golang (расписание на Ноябрь)
 
• 1 ноября DevOps: Docker-compose и как работает сеть в докере
• 2 ноября Linux: Пользователи в Linux
• 3 ноября Golang: protoc, protoc-плагины: устройство и дебаг
• 8 ноября DevOps: Эпопея миграции ~400 проектов из Swarm в K8s: чему она нас научила
• 9 ноября Linux: Права в Linux
• 10 ноября Networks: QoS. Настройка приоритетов и очередей трафика
• 15 ноября DevOps: Тестирование приложений через rest api
• 16 ноября Linux: Работа в sed
• 17 ноября Networks: Технология NAT: схемы и сценарии использования
• 22 ноября DevOps: REBRAIN & Tele2: Вам (не)нужен ServiceMesh
• 23 ноября Linux: DNS
• 24 ноября Golang: GO против Rust
• 29 ноября DevOps: информация появится позже
• 30 ноября Linux: IPv6, часть 2

Программа практикумов, бесплатная запись, все Здесь.
 

/ The Logging Dead: Two Event Log Vulnerabilities Haunting Windows

https://www.varonis.com/blog/the-logging-dead-two-windows-event-log-vulnerabilities

/ ATTACKING THE SOFTWARE SUPPLY CHAIN WITH A SIMPLE RENAME

video demo included:

https://checkmarx.com/blog/attacking-the-software-supply-chain-with-a-simple-rename/

Open SysConf'22 - Видео докладов конференции
 
Привет, 14 октября в Алматы прошла открытая ИТ конференция Open SysConf'22, сегодня мы рады представить Вам первые видео докладов навшей встречи:

— Open SysConf 2022 - Конференция для общения. Начало/Вступление. Рассказ о нашей конференции в "трех словах".
— Практический опыт с 4G. Сабыржан "novitoll" Тасболатов

Пока остальное видео редактируется/готовится, запасемся немного терпением и конечно же хорошим настроением ✌️

/ Eat What You Kill :: Pre-authenticated Remote Code Execution in VMWare NSX Manager

PoC

https://srcincite.io/blog/2022/10/25/eat-what-you-kill-pre-authenticated-rce-in-vmware-nsx-manager.html