/ Malware Abuses Microsoft IIS Feature to Establish Backdoor
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/frebniis-malware-iis
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/frebniis-malware-iis
Security
Frebniis: New Malware Abuses Microsoft IIS Feature to Establish Backdoor
Malware injects malicious code into Failed Request Event Buffering module in order to monitor HTTP requests from attacker.
/ Account Takeover Vulnerability in a Popular Package, Affecting 1000+ Organizations
illustria’s research team finds a popular npm package with nearly 4 million weekly downloads, vulnerable to account takeover attack..:
https://blog.illustria.io/illustria-discovers-account-takeover-vulnerability-in-a-popular-package-affecting-1000-8aaaf61ebfc4?gi=10ee34fdeff8
illustria’s research team finds a popular npm package with nearly 4 million weekly downloads, vulnerable to account takeover attack..:
https://blog.illustria.io/illustria-discovers-account-takeover-vulnerability-in-a-popular-package-affecting-1000-8aaaf61ebfc4?gi=10ee34fdeff8
Medium
illustria Discovers Account Takeover Vulnerability in a Popular Package, Affecting 1000+ Organizations
illustria’s research team finds a popular npm package with nearly 4 million weekly downloads, vulnerable to account takeover attack.
/ Dirty bug in HAProxy's headers processing, and that, when properly exploited, this bug allows to build an HTTP content smuggling attack
HAProxy Security Update (CVE-2023-25725)
https://www.mail-archive.com/haproxy@formilux.org/msg43229.html
HAProxy Security Update (CVE-2023-25725)
https://www.mail-archive.com/haproxy@formilux.org/msg43229.html
/ GoDaddy > GoHacked
Official statement on recent website redirect issues:
https://aboutus.godaddy.net/newsroom/company-news/news-details/2023/Statement-on-recent-website-redirect-issues/default.aspx
Official statement on recent website redirect issues:
https://aboutus.godaddy.net/newsroom/company-news/news-details/2023/Statement-on-recent-website-redirect-issues/default.aspx
aboutus.godaddy.net
Statement on recent website redirect issues
In early December 2022, we started receiving a small number of customer complaints about their websites being intermittently redirected. Upon receiving these complaints, we investigated and found that the intermittent redirects were happening on seemingly…
/ Trellix Advanced Research Center Discovers a New Privilege Escalation Bug Class on macOS and iOS
https://www.trellix.com/en-us/about/newsroom/stories/research/trellix-advanced-research-center-discovers-a-new-privilege-escalation-bug-class-on-macos-and-ios.html
https://www.trellix.com/en-us/about/newsroom/stories/research/trellix-advanced-research-center-discovers-a-new-privilege-escalation-bug-class-on-macos-and-ios.html
Trellix
Trellix Advanced Research Center Discovers a New Privilege Escalation Bug Class on macOS and iOS
The Trellix Advanced Research Center vulnerability team has discovered a large new class of bugs that allow bypassing code signing to execute arbitrary code in the context of several platform applications, leading to escalation of privileges and sandbox escape…
/ QR code generator My QR Code leaks users’ login data and addresses
https://www.hackread.com/qr-code-generator-my-qr-code-data-leak/
https://www.hackread.com/qr-code-generator-my-qr-code-data-leak/
Hackread
QR code generator My QR Code leaks users’ login data and addresses
MyQRcode, a popular Sofia, Bulgaria-based QR code generator website, is leaking the personal data of its users. Read more for details!
/ VMware Carbon Black App Control updates address an injection vulnerability (CVE-2023-20858)
Hight
https://www.vmware.com/security/advisories/VMSA-2023-0004.html
Hight
https://www.vmware.com/security/advisories/VMSA-2023-0004.html
/ VMware ESXi 7.0 Update 3k Release Notes
Critical patch
https://docs.vmware.com/en/VMware-vSphere/7.0/rn/vsphere-esxi-70u3k-release-notes.html#resolvedissues
Critical patch
https://docs.vmware.com/en/VMware-vSphere/7.0/rn/vsphere-esxi-70u3k-release-notes.html#resolvedissues
/ CISA Adds Three Known Exploited Vulnerabilities to Catalog
..These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise..:
https://www.cisa.gov/uscert/ncas/current-activity/2023/02/21/cisa-adds-three-known-exploited-vulnerabilities-catalog
..These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise..:
https://www.cisa.gov/uscert/ncas/current-activity/2023/02/21/cisa-adds-three-known-exploited-vulnerabilities-catalog
/ Analysis of the WinorDLL64 payload
WinorDLL64 payload serves as a backdoor that most notably acquires extensive system information, provides means for file manipulation, such as exfiltrating, overwriting, and removing files, and executes additional commands..:
https://www.welivesecurity.com/2023/02/23/winordll64-backdoor-vast-lazarus-arsenal/
WinorDLL64 payload serves as a backdoor that most notably acquires extensive system information, provides means for file manipulation, such as exfiltrating, overwriting, and removing files, and executes additional commands..:
https://www.welivesecurity.com/2023/02/23/winordll64-backdoor-vast-lazarus-arsenal/
WeLiveSecurity
WinorDLL64: A backdoor from the vast Lazarus arsenal?
ESET researchers uncover the WinorDLL64 backdoor, one of the payloads of the Wslink downloader and probably part of Lazarus' arsenal.
/ Evasive cryptojacking malware targeting macOS found lurking in pirated applications
https://www.jamf.com/blog/cryptojacking-macos-malware-discovered-by-jamf-threat-labs/
https://www.jamf.com/blog/cryptojacking-macos-malware-discovered-by-jamf-threat-labs/
Jamf
Beware of macOS cryptojacking malware.
You may have heard about the cryptojacking malware on macOS. Read about a new one spotted by Jamf Threat Labs.
/ Bypassing Akamai’s Web Application Firewall Using an Injected Content-Encoding Header
https://www.praetorian.com/blog/using-crlf-injection-to-bypass-akamai-web-app-firewall/
https://www.praetorian.com/blog/using-crlf-injection-to-bypass-akamai-web-app-firewall/
/ How NPM Packages Were Used to Spread Phishing Links
https://checkmarx.com/blog/how-npm-packages-were-used-to-spread-phishing-links/
https://checkmarx.com/blog/how-npm-packages-were-used-to-spread-phishing-links/
Checkmarx
How NPM Packages Were Used to Spread Phishing Links
On Monday, 20th of February, Checkmarx Labs discovered an anomaly in the NPM ecosystem when we cross-referenced new information with our databases. Clusters of packages had been published in large quantities to the NPM package manager.
/ Researchers find hidden vulnerabilities in hundreds of Docker containers
..a note about not trusting containers from docker hub..:
— https://www.helpnetsecurity.com/2023/02/23/hidden-vulnerabilities-docker-containers/
..a note about not trusting containers from docker hub..:
— https://www.helpnetsecurity.com/2023/02/23/hidden-vulnerabilities-docker-containers/
Help Net Security
Researchers find hidden vulnerabilities in hundreds of Docker containers
Rezilion uncovered the presence of hundreds of Docker containers containing vulnerabilities undetected by vulnerability scanners.
/ New WhiteSnake Stealer Offered for Sale Via MaaS Model
A Stealer Capable of Targeting Both Windows and Linux Users..
— https://blog.cyble.com/2023/02/24/new-whitesnake-stealer-offered-for-sale-via-maas-model/
A Stealer Capable of Targeting Both Windows and Linux Users..
— https://blog.cyble.com/2023/02/24/new-whitesnake-stealer-offered-for-sale-via-maas-model/
Cyble
Cyble - New WhiteSnake Stealer Offered For Sale Via MaaS Model
Cyble Research & Intelligence Labs analyzes WhiteSnake, a new Information Stealer targeting Windows and Linux users via the MaaS model.
/ Malicious (and fake) ChatGPT client for Windows
Cybercriminals are distributing a Trojan stealer under the guise of a ChatGPT desktop client for Windows. We delve into the details and ways to protect yourself.
— https://www.kaspersky.com/blog/chatgpt-stealer-win-client/47274/
Cybercriminals are distributing a Trojan stealer under the guise of a ChatGPT desktop client for Windows. We delve into the details and ways to protect yourself.
— https://www.kaspersky.com/blog/chatgpt-stealer-win-client/47274/
Kaspersky
"Fobo" Trojan distributed as ChatGPT client for Windows
Attackers are distributing malware disguised as a ChatGPT desktop client for Windows offering “precreated accounts”
/ EXFILTRATOR-22 – An Emerging Post-Exploitation Framework
Preliminary analysis of a new post- exploitation framework called EXFILTRATOR-22 a.k.a. EX-22.
Research with MITRE mapping:
— https://www.cyfirma.com/outofband/exfiltrator-22-an-emerging-post-exploitation-framework/
Preliminary analysis of a new post- exploitation framework called EXFILTRATOR-22 a.k.a. EX-22.
Research with MITRE mapping:
— https://www.cyfirma.com/outofband/exfiltrator-22-an-emerging-post-exploitation-framework/
CYFIRMA
EXFILTRATOR-22 - An Emerging Post-Exploitation Framework - CYFIRMA
Executive Summary The CYFIRMA Research team has provided a preliminary analysis of a new post- exploitation framework called EXFILTRATOR-22 a.k.a....
Forwarded from Sys-Admin Up (Yevgeniy Goncharov)
Linux System Checker Script Tool
Linux System Checker Tool Script it is a bash noscript which can show system info, system load info, test disk speed I/O, show free space and more... System Checker can checks and shows Linux system info like as:
▫️ System Information
▫️ CPU and Memory Information
▫️ Boot Information
▫️ Mount and HDD IO Info
▫️ Top 5 memory and CPU usage processes
▫️ Speedtest
▫️ Defined Systemd Units Services State
▫️ Logged/Process users info
▫️ Listen ports
▫️ Running systemd units as list/tree
▫️ Unowned files
- [en]: Linux System Checker
- [ru]: Скрипт проверки Linux
Linux System Checker Tool Script it is a bash noscript which can show system info, system load info, test disk speed I/O, show free space and more... System Checker can checks and shows Linux system info like as:
▫️ System Information
▫️ CPU and Memory Information
▫️ Boot Information
▫️ Mount and HDD IO Info
▫️ Top 5 memory and CPU usage processes
▫️ Speedtest
▫️ Defined Systemd Units Services State
▫️ Logged/Process users info
▫️ Listen ports
▫️ Running systemd units as list/tree
▫️ Unowned files
- [en]: Linux System Checker
- [ru]: Скрипт проверки Linux
Тест на Observability: Мониторинг, Логирование, Трейсинг
Оценить свои навыки в отношении построения систем оповещений, мониторинга и логирования, таких как Prometheus, Grafana, ELK, Apache kafka, etc. можно попробовать при помощи теста к онлайн-курсу "Observability: мониторинг, логирование, трейсинг"
Админ Linux, DevOps или разработчик должен грамотно управлять бесчисленным множеством серверов, при помощи теста можно проверить себя и посмотреть какие observability тематики предлагает курс.
Как результат можно будет:
— оценить свои навыки
— занять место по спец. цене
— получить доступ к демо-занятиям курса
Детали здесь: https://otus.pw/I3On/
Оценить свои навыки в отношении построения систем оповещений, мониторинга и логирования, таких как Prometheus, Grafana, ELK, Apache kafka, etc. можно попробовать при помощи теста к онлайн-курсу "Observability: мониторинг, логирование, трейсинг"
Админ Linux, DevOps или разработчик должен грамотно управлять бесчисленным множеством серверов, при помощи теста можно проверить себя и посмотреть какие observability тематики предлагает курс.
Как результат можно будет:
— оценить свои навыки
— занять место по спец. цене
— получить доступ к демо-занятиям курса
Детали здесь: https://otus.pw/I3On/