Forwarded from Sys-Admin Up (Yevgeniy Goncharov)
1300+ domains are hosting a webpage that impersonates the official AnyDesk website (added to Open BLD)
— https://www.bleepingcomputer.com/news/security/over-1-300-fake-anydesk-sites-push-vidar-info-stealing-malware/
— https://www.bleepingcomputer.com/news/security/over-1-300-fake-anydesk-sites-push-vidar-info-stealing-malware/
lab.sys-adm.in
Sys-Admin Laboratory
Open Sys-Admin BLD DNS - Focus on information for free with adblocking and implicit cybersecurity threat prevention.
Forwarded from Sys-Admin Up (Yevgeniy Goncharov)
Bitdefender-PR-Whitepaper-EyeSpyVPN-creat625-en-EN.pdf
8.6 MB
EyeSpy - Spyware Delivered in VPN Installers
https://www.bitdefender.com/blog/labs/eyespy-iranian-spyware-delivered-in-vpn-installers/
https://www.bitdefender.com/blog/labs/eyespy-iranian-spyware-delivered-in-vpn-installers/
/ Decrypted: BianLian Ransomware
The team at Avast has developed a decryptor for the BianLian ransomware and released it for public download. The BianLian ransomware emerged in August 2022:
https://decoded.avast.io/threatresearch/decrypted-bianlian-ransomware/
The team at Avast has developed a decryptor for the BianLian ransomware and released it for public download. The BianLian ransomware emerged in August 2022:
https://decoded.avast.io/threatresearch/decrypted-bianlian-ransomware/
Avast Threat Labs
Decrypted: BianLian Ransomware - Avast Threat Labs
The team at Avast has developed a decryptor for the BianLian ransomware and released it for public download. The BianLian ransomware emerged in August 2022, performing targeted attacks in various industries, such as the media and entertainment, manufacturing…
/ Git security vulnerabilities announced
Git users are encouraged to upgrade to the latest version, especially if they use
https://github.blog/2023-01-17-git-security-vulnerabilities-announced-2/
Git users are encouraged to upgrade to the latest version, especially if they use
git archive, work in untrusted repositories, or use Git GUI on Windowshttps://github.blog/2023-01-17-git-security-vulnerabilities-announced-2/
The GitHub Blog
Git security vulnerabilities announced
Git users are encouraged to upgrade to the latest version, especially if they use `git archive`, work in untrusted repositories, or use Git GUI on Windows.
Open BLD DNS Updates: Site platform / Web UI
I finally got to the Sys-Admin Lab web site UI, I haven't planned interfaces and colors like HTML body background or link colors for a long time, and today I want to introduce you:
• ☀️ Light/ 🌑 Dark themed site
• Multi-language site
• Documentation Wiki space
• Fully migrated from scratch from Vue Nuxt2 > Nuxt3 engine
• More speed from Nitro engine and UI flexability form Bulma framework
• "Thanks" section legend - Who help testing: 💪 and Contribute: ⚡️
Of course, there is still a lot to do, and I don't know how yet, but I am sure that with your help I will be able to go further and develop the project further and more 🙂
• check and see: https://lab.sys-adm.in
I finally got to the Sys-Admin Lab web site UI, I haven't planned interfaces and colors like HTML body background or link colors for a long time, and today I want to introduce you:
• ☀️ Light/ 🌑 Dark themed site
• Multi-language site
• Documentation Wiki space
• Fully migrated from scratch from Vue Nuxt2 > Nuxt3 engine
• More speed from Nitro engine and UI flexability form Bulma framework
• "Thanks" section legend - Who help testing: 💪 and Contribute: ⚡️
Of course, there is still a lot to do, and I don't know how yet, but I am sure that with your help I will be able to go further and develop the project further and more 🙂
• check and see: https://lab.sys-adm.in
/ Vulnerabilities in TP-Link routers
TP-Link and their latest firmware available as of January 11, 2023, have two vulnerabilities DoS, RCE..:
https://kb.cert.org/vuls/id/572615
TP-Link and their latest firmware available as of January 11, 2023, have two vulnerabilities DoS, RCE..:
https://kb.cert.org/vuls/id/572615
kb.cert.org
CERT/CC Vulnerability Note VU#572615
Vulnerabilities in TP-Link routers, WR710N-V1-151022 and Archer C5 V2
/ Detecting Fake Events in Azure Sign-in Logs
— https://www.inversecos.com/2023/01/detecting-fake-events-in-azure-sign-in.html
— https://www.inversecos.com/2023/01/detecting-fake-events-in-azure-sign-in.html
Inversecos
Detecting Fake Events in Azure Sign-in Logs
Forwarded from Sys-Admin Up (Yevgeniy Goncharov)
Sudoedit allowing a local attacker to append arbitrary entries to the list of files to process
https://ubuntu.com/security/CVE-2023-22809
P.S. thx for the link @clevergod : ✌️
https://ubuntu.com/security/CVE-2023-22809
P.S. thx for the link @clevergod : ✌️
Ubuntu
CVE-2023-22809 | Ubuntu
Ubuntu is an open source software operating system that runs from the desktop, to the cloud, to all your internet connected things.
/ Client-Side SSRF to Google Cloud Project Takeover [Google VRP]
https://blog.geekycat.in/client-side-ssrf-to-google-cloud-project-takeover/
https://blog.geekycat.in/client-side-ssrf-to-google-cloud-project-takeover/
/ Yum! Brands, Inc. announced a ransomware attack
January 18, 2023... that impacted certain information technology systems..:
— Yum! Brands, Inc. announced a ransomware attack
— United States Securities And Exchange Commission Report
January 18, 2023... that impacted certain information technology systems..:
— Yum! Brands, Inc. announced a ransomware attack
— United States Securities And Exchange Commission Report
/ Threat Actors Exploiting FortiOS Vulnerability (CVE-2022-42475)
https://www.mandiant.com/resources/blog/chinese-actors-exploit-fortios-flaw
https://www.mandiant.com/resources/blog/chinese-actors-exploit-fortios-flaw
Google Cloud Blog
Suspected Chinese Threat Actors Exploiting FortiOS Vulnerability (CVE-2022-42475) | Mandiant | Google Cloud Blog
Forwarded from Sys-Admin Up (Yevgeniy Goncharov)
После запуска Open BLD сервиса я стал замечать некоторые "странности" переходящие в закономерности со стороны различных инстанций. Сегодня прилетела блокировка Sys-Admin Форума от РКН.
Осведомленность об ИТ и InfoSec, безопасность и помощь советами в решении технических проблем - это наше кредо на протяжении более 10 лет.
Разные инстанции производили разные "санкционные" действия направленные на мою учетную запись - ну и ладно, жил и проживу без всяких там "инстаграмов".
В итоге я решил сделать небольшую заметку о своих наблюдениях под названием "Бан или совпадение?”:
— https://lab.sys-adm.in/ru/blog/implicit-ban-bld-author
Осведомленность об ИТ и InfoSec, безопасность и помощь советами в решении технических проблем - это наше кредо на протяжении более 10 лет.
Разные инстанции производили разные "санкционные" действия направленные на мою учетную запись - ну и ладно, жил и проживу без всяких там "инстаграмов".
В итоге я решил сделать небольшую заметку о своих наблюдениях под названием "Бан или совпадение?”:
— https://lab.sys-adm.in/ru/blog/implicit-ban-bld-author
/ VMware vRealize Log Insight Directory Traversal Vulnerability
https://www.vmware.com/security/advisories/VMSA-2023-0001.html
https://www.vmware.com/security/advisories/VMSA-2023-0001.html
/ Pwning the all Google phone with a non-Google bug
https://github.blog/2023-01-23-pwning-the-all-google-phone-with-a-non-google-bug/
https://github.blog/2023-01-23-pwning-the-all-google-phone-with-a-non-google-bug/
The GitHub Blog
Pwning the all Google phone with a non-Google bug
It turns out that the first “all Google” phone includes a non-Google bug. Learn about the details of CVE-2022-38181, a vulnerability in the Arm Mali GPU. Join me on my journey through reporting the vulnerability to the Android security team, and the exploit…
Бесплатный курс "Защита облачной инфраструктуры"
Защита облачной инфраструктуры - 1 час теории и 5 часов практики от архитекторов команды Yandex Cloud где можно будет примерить на себя роль системного администратора интернет-магазина и научиться:
• защищать облачную инфраструктуру от сетевых атак;
• настраивать аутентификацию пользователей с помощью федерации удостоверений;
• создавать систему мониторинга событий безопасности.
Курс подойдёт всем, кто уже работает в облаке или только задумывается об этом, может быть полезен специалистам отвечающим за ИБ компании, инженерам DevOps или SRE и разработчикам, которые интересуются вопросами ИБ
Детали здесь
Защита облачной инфраструктуры - 1 час теории и 5 часов практики от архитекторов команды Yandex Cloud где можно будет примерить на себя роль системного администратора интернет-магазина и научиться:
• защищать облачную инфраструктуру от сетевых атак;
• настраивать аутентификацию пользователей с помощью федерации удостоверений;
• создавать систему мониторинга событий безопасности.
Курс подойдёт всем, кто уже работает в облаке или только задумывается об этом, может быть полезен специалистам отвечающим за ИБ компании, инженерам DevOps или SRE и разработчикам, которые интересуются вопросами ИБ
Детали здесь
/ Zyxel security advisory for DoS vulnerability of switches
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-dos-vulnerability-of-switches
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-dos-vulnerability-of-switches
Zyxel
Zyxel security advisory for DoS vulnerability of switches | Zyxel Networks
CVE: CVE-2022-43393 Summary Zyxel has released patches for some switches affected by a denial-of-service (DoS) vulnerability. Users are advised to install them for optimal protection. What is the vulnerability? An improper check for unusual or exceptional…
/ Yandex repo was leaked. Official confirmation.
https://habr.com/ru/news/t/712902/
Ref:
YANDEX SERVICES SOURCE CODE LEAK
https://arseniyshestakov.com/2023/01/26/yandex-services-source-code-leak/
https://habr.com/ru/news/t/712902/
Ref:
YANDEX SERVICES SOURCE CODE LEAK
https://arseniyshestakov.com/2023/01/26/yandex-services-source-code-leak/
Хабр
«Яндекс» подтвердил публикацию старых исходных кодов части проектов из внутреннего репозитория
«Яндекс» подтвердил Хабру публикацию старых исходных кодов части проектов из внутреннего репозитория. Хакеры выложили архив в открытый доступ и утверждают, что в июле 2022 года скачали исходные коды...
/ Realtek SDK Vulnerability Attacks Highlight IoT Supply Chain Threats
https://unit42.paloaltonetworks.com/realtek-sdk-vulnerability/
https://unit42.paloaltonetworks.com/realtek-sdk-vulnerability/
Unit 42
Realtek SDK Vulnerability Attacks Highlight IoT Supply Chain Threats
We observed a recent spate of supply chain attacks attempting to exploit CVE-2021-35394, affecting IoT devices with chipsets made by Realtek.
/ Exploiting a Critical Spoofing Vulnerability in Windows CryptoAPI
https://www.akamai.com/blog/security-research/exploiting-critical-spoofing-vulnerability-microsoft-cryptoapi
https://www.akamai.com/blog/security-research/exploiting-critical-spoofing-vulnerability-microsoft-cryptoapi
Akamai
Exploiting a Critical Spoofing Vulnerability in Windows CryptoAPI | Akamai
Akamai researchers have analyzed a critical vulnerability in Microsoft's CryptoAPI that would allow an attacker to masquerade as a legitimate entity.