/ FortiOS - heap-based buffer overflow in sslvpnd
Impact Execute unauthorized code or commands:
https://www.fortiguard.com/psirt/FG-IR-22-398
Impact Execute unauthorized code or commands:
https://www.fortiguard.com/psirt/FG-IR-22-398
FortiGuard Labs
PSIRT | FortiGuard Labs
None
/ A Custom Python Backdoor for VMWare ESXi Servers
https://blogs.juniper.net/en-us/threat-research/a-custom-python-backdoor-for-vmware-esxi-servers
https://blogs.juniper.net/en-us/threat-research/a-custom-python-backdoor-for-vmware-esxi-servers
Juniper Networks
A Custom Python Backdoor for VMWare ESXi Servers
Juniper Threat Labs analyzes a backdoor installed on a compromised VMware ESXi server that can execute arbitrary commands and launch reverse shells.
/ Windows SmartScreen Security Feature Bypass Vulnerability
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-44698
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-44698
Open BLD DNS has emergency maintenance mode for next ~10 min, don’t worry
up
Done ✅
up
Done ✅
/ Solemnly Swear My Driver Is Up to No Good: Hunting for Attestation Signed Malware
— The malicious drivers are signed directly by Microsoft and identifying the original software vendor requires inspecting the signature with code
— Several distinct malware families, associated with distinct threat actors, have been signed with this process
…
One: https://www.mandiant.com/resources/blog/hunting-attestation-signed-malware
Two: https://www.sentinelone.com/labs/driving-through-defenses-targeted-attacks-leverage-signed-malicious-microsoft-drivers/
— The malicious drivers are signed directly by Microsoft and identifying the original software vendor requires inspecting the signature with code
— Several distinct malware families, associated with distinct threat actors, have been signed with this process
…
One: https://www.mandiant.com/resources/blog/hunting-attestation-signed-malware
Two: https://www.sentinelone.com/labs/driving-through-defenses-targeted-attacks-leverage-signed-malicious-microsoft-drivers/
Google Cloud Blog
I Solemnly Swear My Driver Is Up to No Good: Hunting for Attestation Signed Malware | Mandiant | Google Cloud Blog
/ IIS modules: The evolution of web shells and how to detect them
https://www.microsoft.com/en-us/security/blog/2022/12/12/iis-modules-the-evolution-of-web-shells-and-how-to-detect-them/
https://www.microsoft.com/en-us/security/blog/2022/12/12/iis-modules-the-evolution-of-web-shells-and-how-to-detect-them/
/ HTML smugglers turn to SVG images
HTML smuggling is a technique attackers use to hide an encoded malicious noscript within an HTML email attachment or webpage..:
https://blog.talosintelligence.com/html-smugglers-turn-to-noscript-images/
HTML smuggling is a technique attackers use to hide an encoded malicious noscript within an HTML email attachment or webpage..:
https://blog.talosintelligence.com/html-smugglers-turn-to-noscript-images/
Cisco Talos Blog
HTML smugglers turn to SVG images
* HTML smuggling is a technique attackers use to hide an encoded malicious noscript within an HTML email attachment or webpage.
* Once a victim receives the email and opens the attachment, their browser decodes and runs the noscript, which then assembles a malicious…
* Once a victim receives the email and opens the attachment, their browser decodes and runs the noscript, which then assembles a malicious…
Открытый практикум DevOps by Rebrain: Dockerfile
Программа:
• Создание простейшего Dockerfile в три строки
• Разбор оптимального алгоритма создания Dockerfile (в т.ч. multistage)
• Научимся создавать минимальный docker image
• 20 Декабря (Вторник) в 19:00 по МСК. Детали
Программа:
• Создание простейшего Dockerfile в три строки
• Разбор оптимального алгоритма создания Dockerfile (в т.ч. multistage)
• Научимся создавать минимальный docker image
• 20 Декабря (Вторник) в 19:00 по МСК. Детали
/ Linux Kernel: UAF in Bluetooth L2CAP Handshake
https://www.openwall.com/lists/oss-security/2022/12/14/7
https://www.openwall.com/lists/oss-security/2022/12/14/7
/ OpenVAS - based free online scanner
Yesterday I found helpful online tool - nmap, cve and etc online scanner, free for 10 time scans in month, this is can be enouth for personal/own ASV scans:
https://hostedscan.com/scans
Yesterday I found helpful online tool - nmap, cve and etc online scanner, free for 10 time scans in month, this is can be enouth for personal/own ASV scans:
https://hostedscan.com/scans
/ How to Detect Malicious OAuth Device Code Phishing
Here’s a quick TL;DR of the attack – in short, an attacker generates a user code and sends it to a victim in a phishing email. The user is then tricked into inputting the code into a Microsoft owned verification link. Upon success, the attacker can fetch both the user’s refresh and access token. This allows the attacker access to the user account:
https://www.inversecos.com/2022/12/how-to-detect-malicious-oauth-device.html
Here’s a quick TL;DR of the attack – in short, an attacker generates a user code and sends it to a victim in a phishing email. The user is then tricked into inputting the code into a Microsoft owned verification link. Upon success, the attacker can fetch both the user’s refresh and access token. This allows the attacker access to the user account:
https://www.inversecos.com/2022/12/how-to-detect-malicious-oauth-device.html
Inversecos
How to Detect Malicious OAuth Device Code Phishing
/ MCCrash: Cross-platform DDoS botnet targets private Minecraft servers
Attackers update malware to target additional operating systems, ranging from PCs to IoT devices, growing their infrastructure rapidly..🤗
https://www.microsoft.com/en-us/security/blog/2022/12/15/mccrash-cross-platform-ddos-botnet-targets-private-minecraft-servers/
Attackers update malware to target additional operating systems, ranging from PCs to IoT devices, growing their infrastructure rapidly..🤗
https://www.microsoft.com/en-us/security/blog/2022/12/15/mccrash-cross-platform-ddos-botnet-targets-private-minecraft-servers/
Microsoft News
MCCrash: Cross-platform DDoS botnet targets private Minecraft servers
The Microsoft Defender for IoT research team analyzed a cross-platform botnet that infects both Windows and Linux systems from PCs to IoT devices, to launch distributed denial of service (DDoS) attacks against private Minecraft servers.
/ Backdoor Targets FreePBX Asterisk Management Portal
https://blog.sucuri.net/2022/12/backdoor-targets-freepbx-asterisk-management-portal.html
https://blog.sucuri.net/2022/12/backdoor-targets-freepbx-asterisk-management-portal.html
Sucuri Blog
Backdoor Targets FreePBX Asterisk Management Portal
Learn about a simple piece of malware targeting FreePBX Asterisk Management portal which allows attackers to backdoor a site and modify the website’s .htaccess file
/ Leaked a secret? Check your GitHub alerts…for free
https://github.blog/2022-12-15-leaked-a-secret-check-your-github-alerts-for-free/
https://github.blog/2022-12-15-leaked-a-secret-check-your-github-alerts-for-free/
The GitHub Blog
Leaked a secret? Check your GitHub alerts...for free
GitHub now allows you to track any leaked secrets in your public repository, for free. With secret scanning alerts, you can track and action on leaked secrets directly within GitHub.
/ Veeam Backup & Replication allow executing malicious code remotely without authentication. This may lead to gaining control over the target system
https://www.veeam.com/kb4288
https://www.veeam.com/kb4288
Veeam Software
KB4288: CVE-2022-26500 | CVE-2022-26501
Multiple vulnerabilities (CVE-2022-26500, CVE-2022-26501) in Veeam Backup & Replication allow executing malicious code remotely without authentication. This may lead to gaining control over the target system.
/ New Samba security release available
This is the latest stable release of the Samba 4.17 release series.
It also contains security changes in order to address the following defects:
https://www.samba.org/samba/history/samba-4.17.4.html
This is the latest stable release of the Samba 4.17 release series.
It also contains security changes in order to address the following defects:
https://www.samba.org/samba/history/samba-4.17.4.html
/ VMware ESXi, Workstation, and Fusion updates address a heap out-of-bounds write vulnerability (CVE-2022-31705)
https://www.vmware.com/security/advisories/VMSA-2022-0033.html
https://www.vmware.com/security/advisories/VMSA-2022-0033.html
Open BLD DNS Service: December/End of the year 2022. Update News.
Open BLD DNS Service - it is a free DoH / DoT / DNS project for blocking trackers, telemetry, advertising, malware with support TLS v1.2/v1.3.
🌱 New Services Added
❇ Adaptive Open BLD Service - A-BLD
❇ A-BLD service can be convenient for most Open BLD users
❇ New donation service added
🧘 Infra Improvements/Updates/Fixes
❇ New BLD build released and deployed
❇ Updated HTTP header for BLD serves to: Open BLD Server
❇ Added HTTPS root redirect from BLD to LAB site
❇ Updated & Optimized BLD caching infrastructure mechanisms
❇ Optimized on-line stability & balancing
❇ Now in most maintenance cases it is not affect endpoint BLD service users
❇ Optimized automation deplyment routines
❇ Fixed Firefox OCSP STAPLE issue/Fixed caching break issues
🧩 New Open BLD Project micro-tools
❇ Check-reboot, Get-Log, Bld-agregator, Alertmanager installer, Timestamp converter
❇ Updated: https://github.com/m0zgen/dns-tester
❇ Updated: https://github.com/m0zgen/check-dns-servers
🤝 The Open BLD DoH service is mentioned
❇ Curl project (https://github.com/curl/curl/wiki/DNS-over-HTTPS) (thx for contribute ✌️)
❇ AlternativeTo (https://alternativeto.net/software/open-bld-dns/)
🏂 Setup/How to use Open BLD DNS
❇ How to setup Open BLD DNS in Browses, OSs and etc: https://lab.sys-adm.in
❇ Donation service: https://donorbox.org/open-bld-dns-donation
Open BLD DNS Service - it is a free DoH / DoT / DNS project for blocking trackers, telemetry, advertising, malware with support TLS v1.2/v1.3.
🌱 New Services Added
❇ Adaptive Open BLD Service - A-BLD
❇ A-BLD service can be convenient for most Open BLD users
❇ New donation service added
🧘 Infra Improvements/Updates/Fixes
❇ New BLD build released and deployed
❇ Updated HTTP header for BLD serves to: Open BLD Server
❇ Added HTTPS root redirect from BLD to LAB site
❇ Updated & Optimized BLD caching infrastructure mechanisms
❇ Optimized on-line stability & balancing
❇ Now in most maintenance cases it is not affect endpoint BLD service users
❇ Optimized automation deplyment routines
❇ Fixed Firefox OCSP STAPLE issue/Fixed caching break issues
🧩 New Open BLD Project micro-tools
❇ Check-reboot, Get-Log, Bld-agregator, Alertmanager installer, Timestamp converter
❇ Updated: https://github.com/m0zgen/dns-tester
❇ Updated: https://github.com/m0zgen/check-dns-servers
🤝 The Open BLD DoH service is mentioned
❇ Curl project (https://github.com/curl/curl/wiki/DNS-over-HTTPS) (thx for contribute ✌️)
❇ AlternativeTo (https://alternativeto.net/software/open-bld-dns/)
🏂 Setup/How to use Open BLD DNS
❇ How to setup Open BLD DNS in Browses, OSs and etc: https://lab.sys-adm.in
❇ Donation service: https://donorbox.org/open-bld-dns-donation
/ Gatekeeper’s Achilles heel: Unearthing a macOS vulnerability
https://www.microsoft.com/en-us/security/blog/2022/12/19/gatekeepers-achilles-heel-unearthing-a-macos-vulnerability/
https://www.microsoft.com/en-us/security/blog/2022/12/19/gatekeepers-achilles-heel-unearthing-a-macos-vulnerability/
Microsoft News
Gatekeeper’s Achilles heel: Unearthing a macOS vulnerability
Microsoft discovered a vulnerability in macOS, referred to as “Achilles”, allowing attackers to bypass application execution restrictions enforced by the Gatekeeper security mechanism.
/ Basic Authentication Deprecation in Exchange Online
https://techcommunity.microsoft.com/t5/exchange-team-blog/basic-authentication-deprecation-in-exchange-online-time-s-up/ba-p/3695312
https://techcommunity.microsoft.com/t5/exchange-team-blog/basic-authentication-deprecation-in-exchange-online-time-s-up/ba-p/3695312
TECHCOMMUNITY.MICROSOFT.COM
Basic Authentication Deprecation in Exchange Online – Time’s Up | Microsoft Community Hub
In early January 2023, we will permanently turn off Basic auth for multiple protocols for many Exchange Online tenants.