/ SRE vs. DevOps vs. Platform Engineering

https://thenewstack.io/sre-vs-devops-vs-platform-engineering/

/ Default setup: A new way to enable GitHub code scanning

https://github.blog/2023-01-09-default-setup-a-new-way-to-enable-github-code-scanning/

/ Zoom Multiple Vulnerabilities

Path traversal, privilege escalation…

Patches:
— https://explore.zoom.us/en/trust/security/security-bulletin/

/ Norton, Avira, Avast and AVG Antivirus for Windows may be susceptible to a Privilege Escalation vulnerability

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4294

/ Cisco Small Business RV016, RV042, RV042G, and RV082 Routers Vulnerabilities

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sbr042-multi-vuln-ej76Pke5

/ Forti Execute unauthorized code or commands

https://www.fortiguard.com/psirt/FG-IR-22-398

/ Microsoft Exchange Server Elevation of Privilege Vulnerability

Released: 8 Nov 2022 Last updated: 15 Dec 2022:

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41080

/ Vulnerability Spotlight: Asus router access, information disclosure, denial of service vulnerabilities discovered

https://blog.talosintelligence.com/vulnerability-spotlight-asus-router-access-information-disclosure-denial-of-service-vulnerabilities-discovered/

/ Linux kernel stack buffer overflow in nftables

https://www.openwall.com/lists/oss-security/2023/01/13/2

1300+ domains are hosting a webpage that impersonates the official AnyDesk website (added to Open BLD)

— https://www.bleepingcomputer.com/news/security/over-1-300-fake-anydesk-sites-push-vidar-info-stealing-malware/

EyeSpy - Spyware Delivered in VPN Installers

https://www.bitdefender.com/blog/labs/eyespy-iranian-spyware-delivered-in-vpn-installers/

/ Decrypted: BianLian Ransomware

The team at Avast has developed a decryptor for the BianLian ransomware and released it for public download. The BianLian ransomware emerged in August 2022:

https://decoded.avast.io/threatresearch/decrypted-bianlian-ransomware/

/ Git security vulnerabilities announced

Git users are encouraged to upgrade to the latest version, especially if they use git archive, work in untrusted repositories, or use Git GUI on Windows

https://github.blog/2023-01-17-git-security-vulnerabilities-announced-2/

Open BLD DNS Updates: Site platform / Web UI
 
I finally got to the Sys-Admin Lab web site UI, I haven't planned interfaces and colors like HTML body background or link colors for a long time, and today I want to introduce you:

• ☀️ Light/ 🌑 Dark themed site
• Multi-language site
• Documentation Wiki space
• Fully migrated from scratch from Vue Nuxt2 > Nuxt3 engine
• More speed from Nitro engine and UI flexability form Bulma framework
• "Thanks" section legend - Who help testing: 💪 and Contribute: ⚡️

Of course, there is still a lot to do, and I don't know how yet, but I am sure that with your help I will be able to go further and develop the project further and more 🙂

• check and see: https://lab.sys-adm.in

/ Vulnerabilities in TP-Link routers

TP-Link and their latest firmware available as of January 11, 2023, have two vulnerabilities DoS, RCE..:

https://kb.cert.org/vuls/id/572615

/ Detecting Fake Events in Azure Sign-in Logs

— https://www.inversecos.com/2023/01/detecting-fake-events-in-azure-sign-in.html

Sudoedit allowing a local attacker to append arbitrary entries to the list of files to process

https://ubuntu.com/security/CVE-2023-22809

P.S. thx for the link @clevergod : ✌️

/ Client-Side SSRF to Google Cloud Project Takeover [Google VRP]

https://blog.geekycat.in/client-side-ssrf-to-google-cloud-project-takeover/

/ Yum! Brands, Inc. announced a ransomware attack

January 18, 2023... that impacted certain information technology systems..:

— Yum! Brands, Inc. announced a ransomware attack
— United States Securities And Exchange Commission Report