Sys-Admin InfoSec pinned «Конференция для общения Open SysConf'22 - Видео и Благодарности Рад презентовать вам полный набор обработанного и нарезанного видео докладов нашей четвертой открытой конференции Open SysConf'22 Благодаря всеобщим действиям, тех кто принимал участие в докладах…»
Открытые практикумы DevOps, Linux, Networks и Golang by Rebrain (Декабрь 2022)
• 1 декабря Networks: Multicast. Часть 1
• 6 декабря DevOps: Запуск веб-сервера Nginx в Docker
• 7 декабря Linux: От MBR к GPT
• 8 декабря Networks: Разбираемся с API MikroTik RouterOS
• 13 декабря DevOps: Единый подход к ведению проектов и управлению CI/CD в крупном enterprise
• 14 декабря Linux: Файловые системы
• 15 декабря Golang: Совместимы ли SOLID и Go?
• 20 декабря DevOps: Подходы к автоматизации внутреннего ЦОДа
• 21 декабря Linux: Собеседование системного администратора
• 22 декабря Networks: Multicast. Часть 2
• 27 декабря DevOps: IT-Quiz
• 28 декабря Linux: DNSSEC: цифровые подписи для доменов
• 29 декабря Golang: Интеграционные тесты на го
Программа практикумов, бесплатная запись, все Здесь
• 1 декабря Networks: Multicast. Часть 1
• 6 декабря DevOps: Запуск веб-сервера Nginx в Docker
• 7 декабря Linux: От MBR к GPT
• 8 декабря Networks: Разбираемся с API MikroTik RouterOS
• 13 декабря DevOps: Единый подход к ведению проектов и управлению CI/CD в крупном enterprise
• 14 декабря Linux: Файловые системы
• 15 декабря Golang: Совместимы ли SOLID и Go?
• 20 декабря DevOps: Подходы к автоматизации внутреннего ЦОДа
• 21 декабря Linux: Собеседование системного администратора
• 22 декабря Networks: Multicast. Часть 2
• 27 декабря DevOps: IT-Quiz
• 28 декабря Linux: DNSSEC: цифровые подписи для доменов
• 29 декабря Golang: Интеграционные тесты на го
Программа практикумов, бесплатная запись, все Здесь
/ CyRC Vulnerability Advisory: Remote code execution vulnerabilities in mouse and keyboard apps
Synpsys RCE:
https://www.synopsys.com/blogs/software-security/cyrc-advisory-remote-code-execution-vulnerabilities-mouse-keyboard-apps/
Synpsys RCE:
https://www.synopsys.com/blogs/software-security/cyrc-advisory-remote-code-execution-vulnerabilities-mouse-keyboard-apps/
Blackduck
CyRC Advisory: Mouse & Keyboard App Vulnerabilities | Black Duck Blog
Discover CyRC's advisory on remote code execution vulnerabilities in popular mouse and keyboard apps and understand their potential impact.
/ Security Bulletin: NVIDIA GPU Display Driver - November 2022
- https://nvidia.custhelp.com/app/answers/detail/a_id/5415
- https://nvidia.custhelp.com/app/answers/detail/a_id/5415
/ Snapd Race Condition Vulnerability in snap-confine’s must_mkdir_and_open_with_perms() (CVE-2022-3328)
https://blog.qualys.com/vulnerabilities-threat-research/2022/11/30/race-condition-in-snap-confines-must_mkdir_and_open_with_perms-cve-2022-3328
https://blog.qualys.com/vulnerabilities-threat-research/2022/11/30/race-condition-in-snap-confines-must_mkdir_and_open_with_perms-cve-2022-3328
Qualys
Snapd Race Condition Vulnerability in snap-confine’s must_mkdir_and_open_with_perms() (CVE-2022-3328) | Qualys
The Qualys Threat Research Unit (TRU) has discovered a new vulnerability in snap-confine function on Linux operating systems, a SUID-root program installed by default on Ubuntu.
/ StopRansomware: Cuba Ransomware
indicators of compromise from CISA:
https://us-cert.cisa.gov/ncas/alerts/aa22-335a
indicators of compromise from CISA:
https://us-cert.cisa.gov/ncas/alerts/aa22-335a
/ IBM Cloud Databases for PostgreSQL was affected by a security vulnerability
https://www.ibm.com/support/pages/ibm-cloud-databases-postgresql-was-affected-security-vulnerability
https://www.ibm.com/support/pages/ibm-cloud-databases-postgresql-was-affected-security-vulnerability
/ DuckLogs – New Malware Strain Spotted In The Wild
https://blog.cyble.com/2022/12/01/ducklogs-new-malware-strain-spotted-in-the-wild/
https://blog.cyble.com/2022/12/01/ducklogs-new-malware-strain-spotted-in-the-wild/
Cyble
Cyble - DuckLogs - New Malware Strain Spotted In The Wild
Cyble analyzes DuckLogs - a new Malware-as-a-Service that provides sophisticated malware features to Threat Actors at a relatively low price.
/ Discovered new BYOF technique to cryptomining with PRoot
https://sysdig.com/blog/proot-post-explotation-cryptomining/
https://sysdig.com/blog/proot-post-explotation-cryptomining/
Sysdig
Discovered new BYOF technique to cryptomining with PRoot | Sysdig
Sysdig TRT recently discovered threat actors leveraging an OSS tool called PRoot to expand their operations to multiple Linux distributions.
Обзор точки доступа Zyxel NebulaFlex Pro WAX630S: возможности и управление с помощью облачного сервиса Nebula - текст + видео (6 мин).
iXBT.com
Обзор точки доступа Zyxel NebulaFlex Pro WAX630S: возможности и управление с помощью облачного сервиса Nebula
Эта двухдиапазонная точка доступа ориентирована на бизнес-применения, основная область ее использования — разветвленные сети крупных предприятий и организаций, а главная задача — обеспечить общую повышенную пропускную способность для совокупности клиентов…
/ Kali Linux 2022.4 Release (Azure, Social & Kali NetHunter Pro)
https://www.kali.org/blog/kali-linux-2022-4-release/
https://www.kali.org/blog/kali-linux-2022-4-release/
Kali Linux
Kali Linux 2022.4 Release (Azure, Social & Kali NetHunter Pro) | Kali Linux Blog
Before the year is over, we thought it was best to get the final 2022 release out. Today we are publishing Kali Linux 2022.4. This is ready for immediate download or updating existing installations.
A summary of the changelog since August’s 2022.3 release:…
A summary of the changelog since August’s 2022.3 release:…
/ Exposed Remote Desktop Protocol Actively Targeted By Threat Actors To Deploy Ransomware
https://blog.cyble.com/2022/12/02/exposed-remote-desktop-protocol-actively-targeted-by-threat-actors-to-deploy-ransomware/
https://blog.cyble.com/2022/12/02/exposed-remote-desktop-protocol-actively-targeted-by-threat-actors-to-deploy-ransomware/
Cyble
Exposed RDP Actively Targeted By Threat Actors To Deploy Ransomware
Exposed RDP (Remote Desktop Protocol) is being actively targeted by cybercriminals to deploy ransomware. Learn how to secure your RDP access and protect your systems from these attacks.
/ Zerobot – New Go-Based Botnet Campaign Targets Multiple Vulnerabilities
https://www.fortinet.com/blog/threat-research/zerobot-new-go-based-botnet-campaign-targets-multiple-vulnerabilities
https://www.fortinet.com/blog/threat-research/zerobot-new-go-based-botnet-campaign-targets-multiple-vulnerabilities
Fortinet Blog
Zerobot – New Go-Based Botnet Campaign Targets Multiple Vulnerabilities
FortiGuardLabs examines a botnet known as Zerobot written in the Go language targeting IoT vulnerabilities. Read our blog to learn about how it evolves, including self-replication, attacks for diff…
/ Android Security Bulletin—December 2022
https://source.android.com/docs/security/bulletin/2022-12-01
https://source.android.com/docs/security/bulletin/2022-12-01
/ Passwordless Authentication - Access Your Bitwarden Web Vault Without a Password
https://bitwarden.com/blog/passwordless-authentication-access-your-bitwarden-web-vault-without-a-password
https://bitwarden.com/blog/passwordless-authentication-access-your-bitwarden-web-vault-without-a-password
Bitwarden
Access your Bitwarden vault without a password | Bitwarden
Logging into your Bitwarden vault just got easier! A new passwordless experience enables you to access your Bitwarden vault with another device.
Forwarded from Sys-Admin Up (Yevgeniy Goncharov)
Turning EDRs to Malicious Wipers Using 0-day Exploits
https://www.blackhat.com/eu-22/briefings/schedule/index.html#aikido-turning-edrs-to-malicious-wipers-using--day-exploits-29336
https://www.blackhat.com/eu-22/briefings/schedule/index.html#aikido-turning-edrs-to-malicious-wipers-using--day-exploits-29336
Blackhat
Black Hat Europe 2022
/ Cisco IP Phone 7800 and 8800 Series Cisco Discovery Protocol Stack Overflow Vulnerability
...could allow an unauthenticated, adjacent attacker to cause a stack overflow on an affected device:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipp-oobwrite-8cMF5r7U
...could allow an unauthenticated, adjacent attacker to cause a stack overflow on an affected device:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipp-oobwrite-8cMF5r7U
Cisco
Cisco Security Advisory: Cisco IP Phone 7800 and 8800 Series Cisco Discovery Protocol Stack Overflow Vulnerability
A vulnerability in the Cisco Discovery Protocol processing feature of Cisco IP Phone 7800 and 8800 Series firmware could allow an unauthenticated, adjacent attacker to cause a stack overflow on an affected device.
This vulnerability is due to insufficient…
This vulnerability is due to insufficient…
/ Abusing JSON-Based SQL to Bypass WAF
…Our bypass worked against WAFs sold by five leading vendors: Palo Alto Networks, Amazon Web Services, Cloudflare, F5, and Imperva. All five have been notified and have updated their products to support JSON syntax in their SQL injection inspection process…
https://claroty.com/team82/research/js-on-security-off-abusing-json-based-sql-to-bypass-waf
…Our bypass worked against WAFs sold by five leading vendors: Palo Alto Networks, Amazon Web Services, Cloudflare, F5, and Imperva. All five have been notified and have updated their products to support JSON syntax in their SQL injection inspection process…
https://claroty.com/team82/research/js-on-security-off-abusing-json-based-sql-to-bypass-waf
Claroty
{JS-ON: Security-OFF}: Abusing JSON-Based SQL to Bypass WAF
Team82 developed a generic web application firewall bypass exploiting a lack of JSON syntax support in leading vendors' SQL injection like AWS and Imperva WAF.
/ FortiOS - heap-based buffer overflow in sslvpnd
Impact Execute unauthorized code or commands:
https://www.fortiguard.com/psirt/FG-IR-22-398
Impact Execute unauthorized code or commands:
https://www.fortiguard.com/psirt/FG-IR-22-398
FortiGuard Labs
PSIRT | FortiGuard Labs
None
/ A Custom Python Backdoor for VMWare ESXi Servers
https://blogs.juniper.net/en-us/threat-research/a-custom-python-backdoor-for-vmware-esxi-servers
https://blogs.juniper.net/en-us/threat-research/a-custom-python-backdoor-for-vmware-esxi-servers
Juniper Networks
A Custom Python Backdoor for VMWare ESXi Servers
Juniper Threat Labs analyzes a backdoor installed on a compromised VMware ESXi server that can execute arbitrary commands and launch reverse shells.
/ Windows SmartScreen Security Feature Bypass Vulnerability
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-44698
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-44698