/ Prevent phishing based on domain registrations

Based on Microsoft Defender SmartScreen and Enhanced Phishing Protection:

— https://cloudbrothers.info/en/prevent-phishing-based-domain-registrations/

/ Samba 4.18.0 Available for Download

https://lists.samba.org/archive/samba-announce/2023/000630.html

/ CorePlague: Severe Vulnerabilities in Jenkins Server Lead to RCE

https://blog.aquasec.com/jenkins-server-vulnerabilities

/ Stealing the LIGHTSHOW (Part One)

Analysys of phishing campaign targeting a U.S.-based technology companies... The phishing payloads primarily utilized by UNC2970 are Microsoft Word documents embedded with macros to perform remote-template injection to pull down and execute a payload from a remote command and control (C2). Mandiant has observed UNC2970 tailoring the fake job denoscriptions to specific targets:

https://www.mandiant.com/resources/blog/lightshow-north-korea-unc2970

/ Vulnerability CVE-2023-27532 in a Veeam Backup & Replication component allows an unauthenticated user operating within the backup infrastructure network perimeter to obtain encrypted credentials stored in the configuration database. This may lead to an attacker gaining access to the backup infrastructure hosts:

https://www.veeam.com/kb4424

/ Home Assistant Supervisor security vulnerability

Authentication bypass Supervisor API:

https://www.home-assistant.io/blog/2023/03/08/supervisor-security-disclosure/

/ GoBruteforcer: Golang-Based Botnet Actively Harvests Web Servers

https://unit42.paloaltonetworks.com/gobruteforcer-golang-botnet/

/ Microsoft 365 enumeration, spraying and exfiltration - TeamFiltration in the spotlight

TeamFiltration is self-defined as a cross-platform framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts.

Article, we will look at its capabilities and how we can potentially detect related events in Azure AD and Microsoft 365 logs. While the article focuses on TeamFiltration, the learnings apply to any similar toolset:

— https://guillaumeben.xyz/Microsoft-365-enumeration/

/ YouTube under fire for allegedly gathering children's data

YouTube collects children’s data… Little steps for settings up YouTube Kids for more protect from harmful activitires from media platform:

— https://www.malwarebytes.com/blog/news/2023/03/youtube-under-fire-for-allegedly-gathering-uk-childrens-data

/ Kali Linux 2023.1 Release (Kali Purple & Python Changes)

https://www.kali.org/blog/kali-linux-2023-1-release/

GOAD (Game Of Active Directory) - version 2

GOAD is a pentest active directory LAB project. The purpose of this lab is to give pentesters a vulnerable Active directory environment ready to use to practice usual attack techniques:

-- https://github.com/Orange-Cyberdefense/GOAD

/ Windows SmartScreen Security Feature Bypass Vulnerability

Impact: Security Feature Bypass, CVE-2023-24880

— https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24880

/ Internet Control Message Protocol (ICMP) Remote Code Execution Vulnerability

Impact: Remote Code Execution Max Severity: Critical

— https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23415

P.S. thx for the link for RCE my dear friend ✌️

/ Microsoft Mitigates Outlook Elevation of Privilege Vulnerability

Impacted Products:
All supported versions of Microsoft Outlook for Windows are affected. Other versions of Microsoft Outlook such as Android, iOS, Mac, as well as Outlook on the web and other M365 services are not affected:

— https://msrc.microsoft.com/blog/2023/03/microsoft-mitigates-outlook-elevation-of-privilege-vulnerability/

Намечается новая кибер-конфа в Алматы - AppSecFest
 
Совпало, что я оказался знаком с организаторами данной конфы - это будет апрель 2023, это будет посвящено Application Security и DevSecOps тематикам в РК.

Организаторы обещают:
• Качественный нетворкинг
• 250+ участников
• 8-ми часовую длительность + афтепати
• Стенды от вендоров
• Проходить будет 21 апреля, ТЦ Forum Алматы

Заявки на доклады - appsecfest@astlab.kz, сайт - https://appsecfest.kz

/ Tick APT group compromise of a DLP software developer in East Asia

https://www.welivesecurity.com/2023/03/14/slow-ticking-time-bomb-tick-apt-group-dlp-software-developer-east-asia/

/ Highlights from Git 2.40

Git project just released Git 2.40 with features and bug fixes from over 88 contributors, 30 of them new:

https://github.blog/2023-03-13-highlights-from-git-2-40/

/ Uncovering Windows Events

This post will focus on the process I followed to understand the events the Threat-Intelligence ETW provider logs and how to uncover the underlying mechanisms. One can use a similar process when trying to reverse other manifest-based ETW providers. This post isn’t a deep dive into how ETW works… Not all manifest-based Event Tracing for Windows (ETW) providers that are exposed through Windows are ingested into telemetry sensors/EDR’s:

https://posts.specterops.io/uncovering-windows-events-b4b9db7eac54

/ OpenSSH 9.3 has just been released

With security and another fixes — https://lists.mindrot.org/pipermail/openssh-unix-dev/2023-March/040641.html

Active Directory Cheatsheet with code examples

- internal audit
- port forwarding
- bypass EP
- enumeration
- and etc…

— https://hideandsec.sh/books/cheatsheets-82c/page/active-directory

/ CrowdStrike Discovers First-Ever Dero Cryptojacking Campaign Targeting Kubernetes

https://www.crowdstrike.com/blog/crowdstrike-discovers-first-ever-dero-cryptojacking-campaign-targeting-kubernetes/

/ Multiple Internet to Baseband Remote Code Execution Vulnerabilities in Exynos Modems

https://googleprojectzero.blogspot.com/2023/03/multiple-internet-to-baseband-remote-rce.html