/ Dirty bug in HAProxy's headers processing, and that, when properly exploited, this bug allows to build an HTTP content smuggling attack

HAProxy Security Update (CVE-2023-25725)

https://www.mail-archive.com/haproxy@formilux.org/msg43229.html

/ GoDaddy > GoHacked

Official statement on recent website redirect issues:

https://aboutus.godaddy.net/newsroom/company-news/news-details/2023/Statement-on-recent-website-redirect-issues/default.aspx

/ Trellix Advanced Research Center Discovers a New Privilege Escalation Bug Class on macOS and iOS

https://www.trellix.com/en-us/about/newsroom/stories/research/trellix-advanced-research-center-discovers-a-new-privilege-escalation-bug-class-on-macos-and-ios.html

/ QR code generator My QR Code leaks users’ login data and addresses

https://www.hackread.com/qr-code-generator-my-qr-code-data-leak/

/ VMware Carbon Black App Control updates address an injection vulnerability (CVE-2023-20858)

Hight

https://www.vmware.com/security/advisories/VMSA-2023-0004.html

/ VMware ESXi 7.0 Update 3k Release Notes

Critical patch

https://docs.vmware.com/en/VMware-vSphere/7.0/rn/vsphere-esxi-70u3k-release-notes.html#resolvedissues

/ CISA Adds Three Known Exploited Vulnerabilities to Catalog

..These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise..:

https://www.cisa.gov/uscert/ncas/current-activity/2023/02/21/cisa-adds-three-known-exploited-vulnerabilities-catalog

/ Analysis of the WinorDLL64 payload

WinorDLL64 payload serves as a backdoor that most notably acquires extensive system information, provides means for file manipulation, such as exfiltrating, overwriting, and removing files, and executes additional commands..:

https://www.welivesecurity.com/2023/02/23/winordll64-backdoor-vast-lazarus-arsenal/

/ Evasive cryptojacking malware targeting macOS found lurking in pirated applications

https://www.jamf.com/blog/cryptojacking-macos-malware-discovered-by-jamf-threat-labs/

/ Bypassing Akamai’s Web Application Firewall Using an Injected Content-Encoding Header

https://www.praetorian.com/blog/using-crlf-injection-to-bypass-akamai-web-app-firewall/

/ How NPM Packages Were Used to Spread Phishing Links

https://checkmarx.com/blog/how-npm-packages-were-used-to-spread-phishing-links/

Extract clear text passwords from Okta

— https://github.com/authomize/okta_scim_attack_tool

/ Researchers find hidden vulnerabilities in hundreds of Docker containers

..a note about not trusting containers from docker hub..:

— https://www.helpnetsecurity.com/2023/02/23/hidden-vulnerabilities-docker-containers/

/ New WhiteSnake Stealer Offered for Sale Via MaaS Model

A Stealer Capable of Targeting Both Windows and Linux Users..

— https://blog.cyble.com/2023/02/24/new-whitesnake-stealer-offered-for-sale-via-maas-model/

/ Malicious (and fake) ChatGPT client for Windows

Cybercriminals are distributing a Trojan stealer under the guise of a ChatGPT desktop client for Windows. We delve into the details and ways to protect yourself.

— https://www.kaspersky.com/blog/chatgpt-stealer-win-client/47274/

/ EXFILTRATOR-22 – An Emerging Post-Exploitation Framework

Preliminary analysis of a new post- exploitation framework called EXFILTRATOR-22 a.k.a. EX-22.
Research with MITRE mapping:

— https://www.cyfirma.com/outofband/exfiltrator-22-an-emerging-post-exploitation-framework/

Linux System Checker Script Tool

Linux System Checker Tool Script it is a bash noscript which can show system info, system load info, test disk speed I/O, show free space and more... System Checker can checks and shows Linux system info like as:

▫️ System Information
▫️ CPU and Memory Information
▫️ Boot Information
▫️ Mount and HDD IO Info
▫️ Top 5 memory and CPU usage processes
▫️ Speedtest
▫️ Defined Systemd Units Services State
▫️ Logged/Process users info
▫️ Listen ports
▫️ Running systemd units as list/tree
▫️ Unowned files

- [en]: Linux System Checker
- [ru]: Скрипт проверки Linux

Тест на Observability: Мониторинг, Логирование, Трейсинг
 
Оценить свои навыки в отношении построения систем оповещений, мониторинга и логирования, таких как Prometheus, Grafana, ELK, Apache kafka, etc. можно попробовать при помощи теста к онлайн-курсу "Observability: мониторинг, логирование, трейсинг"

Админ Linux, DevOps или разработчик должен грамотно управлять бесчисленным множеством серверов, при помощи теста можно проверить себя и посмотреть какие observability тематики предлагает курс.

Как результат можно будет:
— оценить свои навыки
— занять место по спец. цене
— получить доступ к демо-занятиям курса

Детали здесь: https://otus.pw/I3On/
 

/ Introducing a big update to Windows 11 making the everyday easier including bringing the new AI-powered Bing to the taskbar

— MS Blog Article

/ BlackLotus UEFI bootkit

The first in-the-wild UEFI bootkit bypassing UEFI Secure Boot on fully updated UEFI systems is now a reality:

— https://www.welivesecurity.com/2023/03/01/blacklotus-uefi-bootkit-myth-confirmed/

/ Iron Tiger’s SysUpdate Reappears, Adds Linux Targeting

Detail the update that advanced persistent threat (APT) group Iron Tiger made on the custom malware family SysUpdate. In this version, we also found components that enable the malware to compromise Linux systems:

https://www.trendmicro.com/en_us/research/23/c/iron-tiger-sysupdate-adds-linux-targeting.html