/ Cl0p Ransomware Targets Linux Systems with Flawed Encryption | Decryptor Available
https://www.sentinelone.com/labs/cl0p-ransomware-targets-linux-systems-with-flawed-encryption-decryptor-available/
https://www.sentinelone.com/labs/cl0p-ransomware-targets-linux-systems-with-flawed-encryption-decryptor-available/
SentinelOne
Cl0p Ransomware Targets Linux Systems with Flawed Encryption | Decryptor Available
An in-the-wild ELF variant of Cl0p ransomware shows the gang is looking beyond traditional Windows targets.
/ OpenSSL Security Advisory [7th February]
Severity: High
There is a type confusion vulnerability relating to X.400 address processing
inside an X.509 GeneralName.
https://www.openssl.org/news/secadv/20230207.txt
Severity: High
There is a type confusion vulnerability relating to X.400 address processing
inside an X.509 GeneralName.
https://www.openssl.org/news/secadv/20230207.txt
Forwarded from Sys-Admin Up (Yevgeniy Goncharov)
ESXiArgs-Recover is a tool to allow organizations to attempt recovery of virtual machines affected by the ESXiArgs ransomware attacks:
https://github.com/cisagov/ESXiArgs-Recover
https://github.com/cisagov/ESXiArgs-Recover
GitHub
GitHub - cisagov/ESXiArgs-Recover: A tool to recover from ESXiArgs ransomware
A tool to recover from ESXiArgs ransomware. Contribute to cisagov/ESXiArgs-Recover development by creating an account on GitHub.
THREAT_ALERT_GootLoader_Large_payload_leading_to_compromise_BLOG.pdf
8.9 MB
/ THREAT ALERT: GootLoader - SEO Poisoning and Large Payloads Leading to Compromise
Full deep dive analyses
Full deep dive analyses
Forwarded from Sys-Admin Up (Yevgeniy Goncharov)
Bash noscripting - DNS Tester Tool
DNS Tester Tool can test speed response for IP addresses from list and collect and show speed statistics in terminal:
— IP address
— Average response
— Minimal time of response
— Maximum time of response
• [en] - https://lab.sys-adm.in/blog/tool-dns-tester
• [ru] - https://lab.sys-adm.in/ru/blog/tool-dns-tester
DNS Tester Tool can test speed response for IP addresses from list and collect and show speed statistics in terminal:
— IP address
— Average response
— Minimal time of response
— Maximum time of response
• [en] - https://lab.sys-adm.in/blog/tool-dns-tester
• [ru] - https://lab.sys-adm.in/ru/blog/tool-dns-tester
/ High Vulnerability – Dahua – CVE-2022-30564
Redinent Researchers discovered unauthorised device timestamp modification vulnerability in Dahua products.
— https://www.redinent.com/blog/dahua-cve-2022-30564/
Redinent Researchers discovered unauthorised device timestamp modification vulnerability in Dahua products.
— https://www.redinent.com/blog/dahua-cve-2022-30564/
/ Reddit was hacked
Reddit systems were hacked as a result of a sophisticated and highly-targeted phishing attack. They gained access to some internal documents, code, and some internal business systems..:
https://www.reddit.com/r/reddit/comments/10y427y/we_had_a_security_incident_heres_what_we_know/
Reddit systems were hacked as a result of a sophisticated and highly-targeted phishing attack. They gained access to some internal documents, code, and some internal business systems..:
https://www.reddit.com/r/reddit/comments/10y427y/we_had_a_security_incident_heres_what_we_know/
Reddit
From the reddit community on Reddit
Explore this post and more from the reddit community
/ Globalping CLI
This CLI tool provide access a global network of probes without leaving console. In short: this tool allow use
Tool supplied in docker, or pre-builded packages, or own build binary which can build with Go. Repo:
— https://github.com/jsdelivr/globalping-cli
Tis project has API, which can try on link: https://api.globalping.io/demo/
This CLI tool provide access a global network of probes without leaving console. In short: this tool allow use
ping from different regions from the world, example:globalping ping lab.sys-adm.in --from "Paris"Tool supplied in docker, or pre-builded packages, or own build binary which can build with Go. Repo:
— https://github.com/jsdelivr/globalping-cli
Tis project has API, which can try on link: https://api.globalping.io/demo/
/ Fool’s Gold: dissecting a fake gold market pig-butchering scam
Scammers use counterfeit bank website, hijacked legitimate app to defraud and steal identifying information:
https://news.sophos.com/en-us/2023/02/13/fools-gold-dissecting-a-fake-gold-market-pig-butchering-scam/
Scammers use counterfeit bank website, hijacked legitimate app to defraud and steal identifying information:
https://news.sophos.com/en-us/2023/02/13/fools-gold-dissecting-a-fake-gold-market-pig-butchering-scam/
Sophos News
Fool’s Gold: dissecting a fake gold market pig-butchering scam
Scammers use counterfeit bank website, hijacked legitimate app to defraud and steal identifying information.
/ iOS, iPadOS, macOS, and Safari Under Attack with New Zero-Day
CVE-2023-23529 - bug in the WebKit browser engine that could be activated when processing maliciously crafted web content, culminating in arbitrary code execution:
— macOS: https://support.apple.com/en-us/HT213633
— iOS: https://support.apple.com/en-us/HT213635
— Safari: https://support.apple.com/en-us/HT213638
CVE-2023-23529 - bug in the WebKit browser engine that could be activated when processing maliciously crafted web content, culminating in arbitrary code execution:
— macOS: https://support.apple.com/en-us/HT213633
— iOS: https://support.apple.com/en-us/HT213635
— Safari: https://support.apple.com/en-us/HT213638
Apple Support
About the security content of macOS Ventura 13.2.1
This document describes the security content of macOS Ventura 13.2.1.
/ Crypto Wallet Address Replacement Attack
https://blog.phylum.io/phylum-discovers-revived-crypto-wallet-address-replacement-attack
https://blog.phylum.io/phylum-discovers-revived-crypto-wallet-address-replacement-attack
Phylum Research | Software Supply Chain Security
Phylum Discovers Revived Crypto Wallet Address Replacement Attack
Phylum discovers over 451 unique malicious packages targeting popular PyPI packages like Selenium.
Forwarded from Sys-Admin Up (Yevgeniy Goncharov)
/ Windows Graphics Component Remote Code Execution Vulnerability
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21823
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21823
/ VMware ESXi 8.0b Release Notes
https://docs.vmware.com/en/VMware-vSphere/8.0/rn/vsphere-esxi-80b-release-notes/index.html
https://docs.vmware.com/en/VMware-vSphere/8.0/rn/vsphere-esxi-80b-release-notes/index.html
/ Android launches yet another way to spy on users with “Privacy Sandbox” beta
https://arstechnica.com/gadgets/2023/02/googles-privacy-sandbox-advertising-system-arrives-on-android-in-beta/
https://arstechnica.com/gadgets/2023/02/googles-privacy-sandbox-advertising-system-arrives-on-android-in-beta/
Ars Technica
Android launches yet another way to spy on users with “Privacy Sandbox” beta
Rather than match iOS's tracking limits, Google built an additional tracking system.
/ Citrix Releases Security Updates for Workspace Apps, Virtual Apps and Desktops
Emergency note from CISA:
https://www.cisa.gov/uscert/ncas/current-activity/2023/02/14/citrix-releases-security-updates-workspace-apps-virtual-apps-and
Emergency note from CISA:
https://www.cisa.gov/uscert/ncas/current-activity/2023/02/14/citrix-releases-security-updates-workspace-apps-virtual-apps-and
/ Remote code execution flaw patched in Apache Kafka
https://portswigger.net/daily-swig/remote-code-execution-flaw-patched-in-apache-kafka
https://portswigger.net/daily-swig/remote-code-execution-flaw-patched-in-apache-kafka
The Daily Swig | Cybersecurity news and views
Remote code execution flaw patched in Apache Kafka
Possible RCE and denial-of-service issue discovered in Kafka Connect
/ ClamAV fixed a possible remote code execution vulnerability
https://blog.clamav.net/2023/02/clamav-01038-01052-and-101-patch.html
https://blog.clamav.net/2023/02/clamav-01038-01052-and-101-patch.html
blog.clamav.net
ClamAV 0.103.8, 0.105.2 and 1.0.1 patch versions published
Today, we are releasing the following critical patch versions for ClamAV: 0.103.8 0.105.2 1.0.1 ClamAV 0.104 has reached end-of-life accord...
/ Hijack Explorer Context Menu for Persistence & Fun
Learn how I hijacked the explorer context menu to execute my beacon at each right click on a file/folder:
— https://ristbs.github.io/2023/02/15/hijack-explorer-context-menu-for-persistence-and-fun.html
Learn how I hijacked the explorer context menu to execute my beacon at each right click on a file/folder:
— https://ristbs.github.io/2023/02/15/hijack-explorer-context-menu-for-persistence-and-fun.html
ristbs’s blog
Hijack Explorer Context Menu for Persistence & Fun
Learn how I hijacked the explorer context menu to execute my beacon at each right click on a file/folder.
/ Atlassian Data Leak 🤦
Atlassian has confirmed that a breach at a "third-party vendor" caused a recent leak of company data and that their network and customer information..:
https://www.bleepingcomputer.com/news/security/atlassian-says-recent-data-leak-stems-from-third-party-vendor-hack/
Atlassian has confirmed that a breach at a "third-party vendor" caused a recent leak of company data and that their network and customer information..:
https://www.bleepingcomputer.com/news/security/atlassian-says-recent-data-leak-stems-from-third-party-vendor-hack/
BleepingComputer
Atlassian data leak caused by stolen employee credentials
Atlassian has confirmed that a breach at a third-party vendor caused a recent leak of company data and that their network and customer information is secure.