Открытые практикумы DevOps, Linux, Networks, Golang (расписание на Февраль)
 
• 2 февраля Networks: ТСР и пропускная способность
• 7 февраля DevOps: Сквозное логирование с использованием транзакционных логов
• 8 февраля Linux: Базовые команды - 2
• 9 февраля Networks: Multicast, часть 3
• 13 февраля TeamLead: Документирование по Agile
• 14 февраля DevOps: Анализ скорости загрузки сайтов
• 15 февраля Linux: LVM - 2
• 16 февраля Golang: Организация асинхронных приложений
• 16 февраля Networks: Мониторинг и управление устройствами по протоколу SNMP
• 20 февраля TeamLead: Как тимлиду уйти в отпуск и продолжить эффективно управлять командой
• 21 февраля DevOps: Ansible 101
• 22 февраля Linux: Пакеты RPM и DEB
• 27 февраля TeamLead: Оптимизируем время команды
• 28 февраля DevOps: Основной алгоритм траблшутинга

Программа практикумов, бесплатная запись, все Здесь

/ HeadCrab: A Novel State-of-the-Art Redis Malware in a Global Campaign

https://blog.aquasec.com/headcrab-attacks-servers-worldwide-with-novel-state-of-art-redis-malware

/ Serious security hole plugged in infosec tool binwalk

https://portswigger.net/daily-swig/serious-security-hole-plugged-in-infosec-tool-binwalk

/ Microsoft DART ransomware approach and best practices

This article describes how DART handles ransomware attacks for Microsoft customers so that you can consider applying elements of their approach and best practices for your own security operations playbook

— https://learn.microsoft.com/en-us/security/compass/incident-response-playbook-dart-ransomware-approach

/ OpenSSH 9.2 was released on 2023-02-02

https://www.openssh.com/txt/release-9.2

/ Hacking into Toyota’s global supplier management network

https://eaton-works.com/2023/02/06/toyota-gspims-hack/

/ Cl0p Ransomware Targets Linux Systems with Flawed Encryption | Decryptor Available

https://www.sentinelone.com/labs/cl0p-ransomware-targets-linux-systems-with-flawed-encryption-decryptor-available/

/ OpenSSL Security Advisory [7th February]

Severity: High

There is a type confusion vulnerability relating to X.400 address processing
inside an X.509 GeneralName.

https://www.openssl.org/news/secadv/20230207.txt

ESXiArgs-Recover is a tool to allow organizations to attempt recovery of virtual machines affected by the ESXiArgs ransomware attacks:

https://github.com/cisagov/ESXiArgs-Recover

/ THREAT ALERT: GootLoader - SEO Poisoning and Large Payloads Leading to Compromise

Full deep dive analyses

Bash noscripting - DNS Tester Tool

DNS Tester Tool can test speed response for IP addresses from list and collect and show speed statistics in terminal:

— IP address
— Average response
— Minimal time of response
— Maximum time of response

• [en] - https://lab.sys-adm.in/blog/tool-dns-tester
• [ru] - https://lab.sys-adm.in/ru/blog/tool-dns-tester

/ High Vulnerability – Dahua – CVE-2022-30564

Redinent Researchers discovered unauthorised device timestamp modification vulnerability in Dahua products.

— https://www.redinent.com/blog/dahua-cve-2022-30564/

/ Reddit was hacked

Reddit systems were hacked as a result of a sophisticated and highly-targeted phishing attack. They gained access to some internal documents, code, and some internal business systems..:

https://www.reddit.com/r/reddit/comments/10y427y/we_had_a_security_incident_heres_what_we_know/

/ Globalping CLI

This CLI tool provide access a global network of probes without leaving console. In short: this tool allow use ping from different regions from the world, example:

globalping ping lab.sys-adm.in --from "Paris"

Tool supplied in docker, or pre-builded packages, or own build binary which can build with Go. Repo:

— https://github.com/jsdelivr/globalping-cli

Tis project has API, which can try on link: https://api.globalping.io/demo/

/ Fool’s Gold: dissecting a fake gold market pig-butchering scam

Scammers use counterfeit bank website, hijacked legitimate app to defraud and steal identifying information:

https://news.sophos.com/en-us/2023/02/13/fools-gold-dissecting-a-fake-gold-market-pig-butchering-scam/

/ iOS, iPadOS, macOS, and Safari Under Attack with New Zero-Day

CVE-2023-23529 - bug in the WebKit browser engine that could be activated when processing maliciously crafted web content, culminating in arbitrary code execution:

— macOS: https://support.apple.com/en-us/HT213633
— iOS: https://support.apple.com/en-us/HT213635
— Safari: https://support.apple.com/en-us/HT213638

/ Crypto Wallet Address Replacement Attack

https://blog.phylum.io/phylum-discovers-revived-crypto-wallet-address-replacement-attack

Network Pentesting MindMap

— https://github.com/c4s73r/NetworkNightmare

/ Windows Graphics Component Remote Code Execution Vulnerability

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21823

/ VMware ESXi 8.0b Release Notes

https://docs.vmware.com/en/VMware-vSphere/8.0/rn/vsphere-esxi-80b-release-notes/index.html

/ Android launches yet another way to spy on users with “Privacy Sandbox” beta

https://arstechnica.com/gadgets/2023/02/googles-privacy-sandbox-advertising-system-arrives-on-android-in-beta/