/ Discovered new BYOF technique to cryptomining with PRoot
https://sysdig.com/blog/proot-post-explotation-cryptomining/
https://sysdig.com/blog/proot-post-explotation-cryptomining/
Sysdig
Discovered new BYOF technique to cryptomining with PRoot | Sysdig
Sysdig TRT recently discovered threat actors leveraging an OSS tool called PRoot to expand their operations to multiple Linux distributions.
Обзор точки доступа Zyxel NebulaFlex Pro WAX630S: возможности и управление с помощью облачного сервиса Nebula - текст + видео (6 мин).
iXBT.com
Обзор точки доступа Zyxel NebulaFlex Pro WAX630S: возможности и управление с помощью облачного сервиса Nebula
Эта двухдиапазонная точка доступа ориентирована на бизнес-применения, основная область ее использования — разветвленные сети крупных предприятий и организаций, а главная задача — обеспечить общую повышенную пропускную способность для совокупности клиентов…
/ Kali Linux 2022.4 Release (Azure, Social & Kali NetHunter Pro)
https://www.kali.org/blog/kali-linux-2022-4-release/
https://www.kali.org/blog/kali-linux-2022-4-release/
Kali Linux
Kali Linux 2022.4 Release (Azure, Social & Kali NetHunter Pro) | Kali Linux Blog
Before the year is over, we thought it was best to get the final 2022 release out. Today we are publishing Kali Linux 2022.4. This is ready for immediate download or updating existing installations.
A summary of the changelog since August’s 2022.3 release:…
A summary of the changelog since August’s 2022.3 release:…
/ Exposed Remote Desktop Protocol Actively Targeted By Threat Actors To Deploy Ransomware
https://blog.cyble.com/2022/12/02/exposed-remote-desktop-protocol-actively-targeted-by-threat-actors-to-deploy-ransomware/
https://blog.cyble.com/2022/12/02/exposed-remote-desktop-protocol-actively-targeted-by-threat-actors-to-deploy-ransomware/
Cyble
Exposed RDP Actively Targeted By Threat Actors To Deploy Ransomware
Exposed RDP (Remote Desktop Protocol) is being actively targeted by cybercriminals to deploy ransomware. Learn how to secure your RDP access and protect your systems from these attacks.
/ Zerobot – New Go-Based Botnet Campaign Targets Multiple Vulnerabilities
https://www.fortinet.com/blog/threat-research/zerobot-new-go-based-botnet-campaign-targets-multiple-vulnerabilities
https://www.fortinet.com/blog/threat-research/zerobot-new-go-based-botnet-campaign-targets-multiple-vulnerabilities
Fortinet Blog
Zerobot – New Go-Based Botnet Campaign Targets Multiple Vulnerabilities
FortiGuardLabs examines a botnet known as Zerobot written in the Go language targeting IoT vulnerabilities. Read our blog to learn about how it evolves, including self-replication, attacks for diff…
/ Android Security Bulletin—December 2022
https://source.android.com/docs/security/bulletin/2022-12-01
https://source.android.com/docs/security/bulletin/2022-12-01
/ Passwordless Authentication - Access Your Bitwarden Web Vault Without a Password
https://bitwarden.com/blog/passwordless-authentication-access-your-bitwarden-web-vault-without-a-password
https://bitwarden.com/blog/passwordless-authentication-access-your-bitwarden-web-vault-without-a-password
Bitwarden
Access your Bitwarden vault without a password | Bitwarden
Logging into your Bitwarden vault just got easier! A new passwordless experience enables you to access your Bitwarden vault with another device.
Forwarded from Sys-Admin Up (Yevgeniy Goncharov)
Turning EDRs to Malicious Wipers Using 0-day Exploits
https://www.blackhat.com/eu-22/briefings/schedule/index.html#aikido-turning-edrs-to-malicious-wipers-using--day-exploits-29336
https://www.blackhat.com/eu-22/briefings/schedule/index.html#aikido-turning-edrs-to-malicious-wipers-using--day-exploits-29336
Blackhat
Black Hat Europe 2022
/ Cisco IP Phone 7800 and 8800 Series Cisco Discovery Protocol Stack Overflow Vulnerability
...could allow an unauthenticated, adjacent attacker to cause a stack overflow on an affected device:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipp-oobwrite-8cMF5r7U
...could allow an unauthenticated, adjacent attacker to cause a stack overflow on an affected device:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipp-oobwrite-8cMF5r7U
Cisco
Cisco Security Advisory: Cisco IP Phone 7800 and 8800 Series Cisco Discovery Protocol Stack Overflow Vulnerability
A vulnerability in the Cisco Discovery Protocol processing feature of Cisco IP Phone 7800 and 8800 Series firmware could allow an unauthenticated, adjacent attacker to cause a stack overflow on an affected device.
This vulnerability is due to insufficient…
This vulnerability is due to insufficient…
/ Abusing JSON-Based SQL to Bypass WAF
…Our bypass worked against WAFs sold by five leading vendors: Palo Alto Networks, Amazon Web Services, Cloudflare, F5, and Imperva. All five have been notified and have updated their products to support JSON syntax in their SQL injection inspection process…
https://claroty.com/team82/research/js-on-security-off-abusing-json-based-sql-to-bypass-waf
…Our bypass worked against WAFs sold by five leading vendors: Palo Alto Networks, Amazon Web Services, Cloudflare, F5, and Imperva. All five have been notified and have updated their products to support JSON syntax in their SQL injection inspection process…
https://claroty.com/team82/research/js-on-security-off-abusing-json-based-sql-to-bypass-waf
Claroty
{JS-ON: Security-OFF}: Abusing JSON-Based SQL to Bypass WAF
Team82 developed a generic web application firewall bypass exploiting a lack of JSON syntax support in leading vendors' SQL injection like AWS and Imperva WAF.
/ FortiOS - heap-based buffer overflow in sslvpnd
Impact Execute unauthorized code or commands:
https://www.fortiguard.com/psirt/FG-IR-22-398
Impact Execute unauthorized code or commands:
https://www.fortiguard.com/psirt/FG-IR-22-398
FortiGuard Labs
PSIRT | FortiGuard Labs
None
/ A Custom Python Backdoor for VMWare ESXi Servers
https://blogs.juniper.net/en-us/threat-research/a-custom-python-backdoor-for-vmware-esxi-servers
https://blogs.juniper.net/en-us/threat-research/a-custom-python-backdoor-for-vmware-esxi-servers
Juniper Networks
A Custom Python Backdoor for VMWare ESXi Servers
Juniper Threat Labs analyzes a backdoor installed on a compromised VMware ESXi server that can execute arbitrary commands and launch reverse shells.
/ Windows SmartScreen Security Feature Bypass Vulnerability
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-44698
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-44698
Open BLD DNS has emergency maintenance mode for next ~10 min, don’t worry
up
Done ✅
up
Done ✅
/ Solemnly Swear My Driver Is Up to No Good: Hunting for Attestation Signed Malware
— The malicious drivers are signed directly by Microsoft and identifying the original software vendor requires inspecting the signature with code
— Several distinct malware families, associated with distinct threat actors, have been signed with this process
…
One: https://www.mandiant.com/resources/blog/hunting-attestation-signed-malware
Two: https://www.sentinelone.com/labs/driving-through-defenses-targeted-attacks-leverage-signed-malicious-microsoft-drivers/
— The malicious drivers are signed directly by Microsoft and identifying the original software vendor requires inspecting the signature with code
— Several distinct malware families, associated with distinct threat actors, have been signed with this process
…
One: https://www.mandiant.com/resources/blog/hunting-attestation-signed-malware
Two: https://www.sentinelone.com/labs/driving-through-defenses-targeted-attacks-leverage-signed-malicious-microsoft-drivers/
Google Cloud Blog
I Solemnly Swear My Driver Is Up to No Good: Hunting for Attestation Signed Malware | Mandiant | Google Cloud Blog
/ IIS modules: The evolution of web shells and how to detect them
https://www.microsoft.com/en-us/security/blog/2022/12/12/iis-modules-the-evolution-of-web-shells-and-how-to-detect-them/
https://www.microsoft.com/en-us/security/blog/2022/12/12/iis-modules-the-evolution-of-web-shells-and-how-to-detect-them/
/ HTML smugglers turn to SVG images
HTML smuggling is a technique attackers use to hide an encoded malicious noscript within an HTML email attachment or webpage..:
https://blog.talosintelligence.com/html-smugglers-turn-to-noscript-images/
HTML smuggling is a technique attackers use to hide an encoded malicious noscript within an HTML email attachment or webpage..:
https://blog.talosintelligence.com/html-smugglers-turn-to-noscript-images/
Cisco Talos Blog
HTML smugglers turn to SVG images
* HTML smuggling is a technique attackers use to hide an encoded malicious noscript within an HTML email attachment or webpage.
* Once a victim receives the email and opens the attachment, their browser decodes and runs the noscript, which then assembles a malicious…
* Once a victim receives the email and opens the attachment, their browser decodes and runs the noscript, which then assembles a malicious…
Открытый практикум DevOps by Rebrain: Dockerfile
Программа:
• Создание простейшего Dockerfile в три строки
• Разбор оптимального алгоритма создания Dockerfile (в т.ч. multistage)
• Научимся создавать минимальный docker image
• 20 Декабря (Вторник) в 19:00 по МСК. Детали
Программа:
• Создание простейшего Dockerfile в три строки
• Разбор оптимального алгоритма создания Dockerfile (в т.ч. multistage)
• Научимся создавать минимальный docker image
• 20 Декабря (Вторник) в 19:00 по МСК. Детали
/ Linux Kernel: UAF in Bluetooth L2CAP Handshake
https://www.openwall.com/lists/oss-security/2022/12/14/7
https://www.openwall.com/lists/oss-security/2022/12/14/7
/ OpenVAS - based free online scanner
Yesterday I found helpful online tool - nmap, cve and etc online scanner, free for 10 time scans in month, this is can be enouth for personal/own ASV scans:
https://hostedscan.com/scans
Yesterday I found helpful online tool - nmap, cve and etc online scanner, free for 10 time scans in month, this is can be enouth for personal/own ASV scans:
https://hostedscan.com/scans
/ How to Detect Malicious OAuth Device Code Phishing
Here’s a quick TL;DR of the attack – in short, an attacker generates a user code and sends it to a victim in a phishing email. The user is then tricked into inputting the code into a Microsoft owned verification link. Upon success, the attacker can fetch both the user’s refresh and access token. This allows the attacker access to the user account:
https://www.inversecos.com/2022/12/how-to-detect-malicious-oauth-device.html
Here’s a quick TL;DR of the attack – in short, an attacker generates a user code and sends it to a victim in a phishing email. The user is then tricked into inputting the code into a Microsoft owned verification link. Upon success, the attacker can fetch both the user’s refresh and access token. This allows the attacker access to the user account:
https://www.inversecos.com/2022/12/how-to-detect-malicious-oauth-device.html
Inversecos
How to Detect Malicious OAuth Device Code Phishing