/ Protecting Against Malicious Use of Remote Monitoring and Management Software
alert from CISA
https://www.cisa.gov/uscert/ncas/alerts/aa23-025a
alert from CISA
https://www.cisa.gov/uscert/ncas/alerts/aa23-025a
/ Protect Your Exchange Servers
guideline:
https://techcommunity.microsoft.com/t5/exchange-team-blog/protect-your-exchange-servers/ba-p/3726001
guideline:
https://techcommunity.microsoft.com/t5/exchange-team-blog/protect-your-exchange-servers/ba-p/3726001
TECHCOMMUNITY.MICROSOFT.COM
Protect Your Exchange Servers | Microsoft Community Hub
We’ve said it before, we’re saying it now, and we’ll keeping saying it: it is critical to keep your Exchange servers updated.
/ Bitwarden Phishing Targeted by Google Ads
https://community.bitwarden.com/t/phishing-website-bitwardenlogin-com/49704
https://community.bitwarden.com/t/phishing-website-bitwardenlogin-com/49704
Bitwarden Community Forums
Phishing website bitwardenlogin.com
Hi all, I found this phishing website https://bitwardenlogin.com/ yesterday, trying to impersonate vault.bitwarden.com. I’ve created a “Report Abuse” ticket with the domain registrar (Tocows Domain). Perhaps someone from the compliance team at Bitwarden…
/ PlugX Malware Hidden in Your USB Devices?
https://unit42.paloaltonetworks.com/plugx-variants-in-usbs/
https://unit42.paloaltonetworks.com/plugx-variants-in-usbs/
Unit 42
Chinese PlugX Malware Hidden in Your USB Devices?
PlugX remains an active threat. A newly discovered variant infects USB devices and a similar variant makes copies of PDF and Microsoft Word files.
/ Action needed for GitHub Desktop and Atom users
...unauthorized access to GitHub Desktop and Atom (compromised repos):
https://github.blog/2023-01-30-action-needed-for-github-desktop-and-atom-users/
...unauthorized access to GitHub Desktop and Atom (compromised repos):
https://github.blog/2023-01-30-action-needed-for-github-desktop-and-atom-users/
The GitHub Blog
Action needed for GitHub Desktop and Atom users
Update to the latest version of Desktop and previous version of Atom before February 2.
/ Vulnerability in QTS and QuTS hero
A vulnerability has been reported to affect QNAP devices running QTS 5.0.1 and QuTS hero h5.0.1. If exploited, this vulnerability allows remote attackers to inject malicious code.
https://www.qnap.com/en/security-advisory/qsa-23-01
A vulnerability has been reported to affect QNAP devices running QTS 5.0.1 and QuTS hero h5.0.1. If exploited, this vulnerability allows remote attackers to inject malicious code.
https://www.qnap.com/en/security-advisory/qsa-23-01
QNAP Systems, Inc. - Network Attached Storage (NAS)
Vulnerability in QTS and QuTS hero - Security Advisory
QNAP designs and delivers high-quality network attached storage (NAS) and professional network video recorder (NVR) solutions to users from home, SOHO to small, medium businesses.
Forwarded from Sys-Admin Up (Yevgeniy Goncharov)
The Dangerous Consequences of Threat Actors Abusing Microsoft’s “Verified Publisher” Status
https://www.proofpoint.com/us/blog/cloud-security/dangerous-consequences-threat-actors-abusing-microsofts-verified-publisher
https://www.proofpoint.com/us/blog/cloud-security/dangerous-consequences-threat-actors-abusing-microsofts-verified-publisher
Proofpoint
Abused Microsoft Verified App - Threat Uncovered | Proofpoint US
Threat actors are abusing Microsoft's verified apps to deploy malicious campaigns. Learn about the impersonated publisher verifications and how to remediate risks.
Открытые практикумы DevOps, Linux, Networks, Golang (расписание на Февраль)
• 2 февраля Networks: ТСР и пропускная способность
• 7 февраля DevOps: Сквозное логирование с использованием транзакционных логов
• 8 февраля Linux: Базовые команды - 2
• 9 февраля Networks: Multicast, часть 3
• 13 февраля TeamLead: Документирование по Agile
• 14 февраля DevOps: Анализ скорости загрузки сайтов
• 15 февраля Linux: LVM - 2
• 16 февраля Golang: Организация асинхронных приложений
• 16 февраля Networks: Мониторинг и управление устройствами по протоколу SNMP
• 20 февраля TeamLead: Как тимлиду уйти в отпуск и продолжить эффективно управлять командой
• 21 февраля DevOps: Ansible 101
• 22 февраля Linux: Пакеты RPM и DEB
• 27 февраля TeamLead: Оптимизируем время команды
• 28 февраля DevOps: Основной алгоритм траблшутинга
Программа практикумов, бесплатная запись, все Здесь
• 2 февраля Networks: ТСР и пропускная способность
• 7 февраля DevOps: Сквозное логирование с использованием транзакционных логов
• 8 февраля Linux: Базовые команды - 2
• 9 февраля Networks: Multicast, часть 3
• 13 февраля TeamLead: Документирование по Agile
• 14 февраля DevOps: Анализ скорости загрузки сайтов
• 15 февраля Linux: LVM - 2
• 16 февраля Golang: Организация асинхронных приложений
• 16 февраля Networks: Мониторинг и управление устройствами по протоколу SNMP
• 20 февраля TeamLead: Как тимлиду уйти в отпуск и продолжить эффективно управлять командой
• 21 февраля DevOps: Ansible 101
• 22 февраля Linux: Пакеты RPM и DEB
• 27 февраля TeamLead: Оптимизируем время команды
• 28 февраля DevOps: Основной алгоритм траблшутинга
Программа практикумов, бесплатная запись, все Здесь
postimg.cc
telegram cloud photo size 2 5393486520498899931 y — Postimages
/ HeadCrab: A Novel State-of-the-Art Redis Malware in a Global Campaign
https://blog.aquasec.com/headcrab-attacks-servers-worldwide-with-novel-state-of-art-redis-malware
https://blog.aquasec.com/headcrab-attacks-servers-worldwide-with-novel-state-of-art-redis-malware
Aqua
HeadCrab: A Novel State-of-the-Art Redis Malware in a Global Campaign
Aqua Nautilus uncovers threat actor HeadCrab has created an advanced malicious Redis framework that has compromised over 1200 servers and how to protect yourself
/ Serious security hole plugged in infosec tool binwalk
https://portswigger.net/daily-swig/serious-security-hole-plugged-in-infosec-tool-binwalk
https://portswigger.net/daily-swig/serious-security-hole-plugged-in-infosec-tool-binwalk
The Daily Swig | Cybersecurity news and views
Serious security hole plugged in infosec tool binwalk
Path traversals could ‘void reverse engineering efforts and tamper with evidence collected’
/ Microsoft DART ransomware approach and best practices
This article describes how DART handles ransomware attacks for Microsoft customers so that you can consider applying elements of their approach and best practices for your own security operations playbook
— https://learn.microsoft.com/en-us/security/compass/incident-response-playbook-dart-ransomware-approach
This article describes how DART handles ransomware attacks for Microsoft customers so that you can consider applying elements of their approach and best practices for your own security operations playbook
— https://learn.microsoft.com/en-us/security/compass/incident-response-playbook-dart-ransomware-approach
Docs
Microsoft Incident Response ransomware approach and best practices
Understand how Microsoft Incident Response responds to ransomware attacks and their recommendations for containment and post-incident activities.
/ Hacking into Toyota’s global supplier management network
https://eaton-works.com/2023/02/06/toyota-gspims-hack/
https://eaton-works.com/2023/02/06/toyota-gspims-hack/
Eaton-Works
Hacking into Toyota’s global supplier management network
Inside an exploit that allowed logging in to Toyota’s GSPIMS application as any user, including system admins.
/ Cl0p Ransomware Targets Linux Systems with Flawed Encryption | Decryptor Available
https://www.sentinelone.com/labs/cl0p-ransomware-targets-linux-systems-with-flawed-encryption-decryptor-available/
https://www.sentinelone.com/labs/cl0p-ransomware-targets-linux-systems-with-flawed-encryption-decryptor-available/
SentinelOne
Cl0p Ransomware Targets Linux Systems with Flawed Encryption | Decryptor Available
An in-the-wild ELF variant of Cl0p ransomware shows the gang is looking beyond traditional Windows targets.
/ OpenSSL Security Advisory [7th February]
Severity: High
There is a type confusion vulnerability relating to X.400 address processing
inside an X.509 GeneralName.
https://www.openssl.org/news/secadv/20230207.txt
Severity: High
There is a type confusion vulnerability relating to X.400 address processing
inside an X.509 GeneralName.
https://www.openssl.org/news/secadv/20230207.txt
Forwarded from Sys-Admin Up (Yevgeniy Goncharov)
ESXiArgs-Recover is a tool to allow organizations to attempt recovery of virtual machines affected by the ESXiArgs ransomware attacks:
https://github.com/cisagov/ESXiArgs-Recover
https://github.com/cisagov/ESXiArgs-Recover
GitHub
GitHub - cisagov/ESXiArgs-Recover: A tool to recover from ESXiArgs ransomware
A tool to recover from ESXiArgs ransomware. Contribute to cisagov/ESXiArgs-Recover development by creating an account on GitHub.
THREAT_ALERT_GootLoader_Large_payload_leading_to_compromise_BLOG.pdf
8.9 MB
/ THREAT ALERT: GootLoader - SEO Poisoning and Large Payloads Leading to Compromise
Full deep dive analyses
Full deep dive analyses
Forwarded from Sys-Admin Up (Yevgeniy Goncharov)
Bash noscripting - DNS Tester Tool
DNS Tester Tool can test speed response for IP addresses from list and collect and show speed statistics in terminal:
— IP address
— Average response
— Minimal time of response
— Maximum time of response
• [en] - https://lab.sys-adm.in/blog/tool-dns-tester
• [ru] - https://lab.sys-adm.in/ru/blog/tool-dns-tester
DNS Tester Tool can test speed response for IP addresses from list and collect and show speed statistics in terminal:
— IP address
— Average response
— Minimal time of response
— Maximum time of response
• [en] - https://lab.sys-adm.in/blog/tool-dns-tester
• [ru] - https://lab.sys-adm.in/ru/blog/tool-dns-tester
/ High Vulnerability – Dahua – CVE-2022-30564
Redinent Researchers discovered unauthorised device timestamp modification vulnerability in Dahua products.
— https://www.redinent.com/blog/dahua-cve-2022-30564/
Redinent Researchers discovered unauthorised device timestamp modification vulnerability in Dahua products.
— https://www.redinent.com/blog/dahua-cve-2022-30564/
/ Reddit was hacked
Reddit systems were hacked as a result of a sophisticated and highly-targeted phishing attack. They gained access to some internal documents, code, and some internal business systems..:
https://www.reddit.com/r/reddit/comments/10y427y/we_had_a_security_incident_heres_what_we_know/
Reddit systems were hacked as a result of a sophisticated and highly-targeted phishing attack. They gained access to some internal documents, code, and some internal business systems..:
https://www.reddit.com/r/reddit/comments/10y427y/we_had_a_security_incident_heres_what_we_know/
Reddit
From the reddit community on Reddit
Explore this post and more from the reddit community