/ Microsoft Mitigates Outlook Elevation of Privilege Vulnerability
Impacted Products:
All supported versions of Microsoft Outlook for Windows are affected. Other versions of Microsoft Outlook such as Android, iOS, Mac, as well as Outlook on the web and other M365 services are not affected:
— https://msrc.microsoft.com/blog/2023/03/microsoft-mitigates-outlook-elevation-of-privilege-vulnerability/
Impacted Products:
All supported versions of Microsoft Outlook for Windows are affected. Other versions of Microsoft Outlook such as Android, iOS, Mac, as well as Outlook on the web and other M365 services are not affected:
— https://msrc.microsoft.com/blog/2023/03/microsoft-mitigates-outlook-elevation-of-privilege-vulnerability/
Намечается новая кибер-конфа в Алматы - AppSecFest
Совпало, что я оказался знаком с организаторами данной конфы - это будет апрель 2023, это будет посвящено Application Security и DevSecOps тематикам в РК.
Организаторы обещают:
• Качественный нетворкинг
• 250+ участников
• 8-ми часовую длительность + афтепати
• Стенды от вендоров
• Проходить будет 21 апреля, ТЦ Forum Алматы
Заявки на доклады - appsecfest@astlab.kz, сайт - https://appsecfest.kz
Совпало, что я оказался знаком с организаторами данной конфы - это будет апрель 2023, это будет посвящено Application Security и DevSecOps тематикам в РК.
Организаторы обещают:
• Качественный нетворкинг
• 250+ участников
• 8-ми часовую длительность + афтепати
• Стенды от вендоров
• Проходить будет 21 апреля, ТЦ Forum Алматы
Заявки на доклады - appsecfest@astlab.kz, сайт - https://appsecfest.kz
/ Tick APT group compromise of a DLP software developer in East Asia
https://www.welivesecurity.com/2023/03/14/slow-ticking-time-bomb-tick-apt-group-dlp-software-developer-east-asia/
https://www.welivesecurity.com/2023/03/14/slow-ticking-time-bomb-tick-apt-group-dlp-software-developer-east-asia/
WeLiveSecurity
The slow Tick‑ing time bomb: Tick APT group compromise of a DLP software developer in East Asia
ESET Research uncovers a campaign by APT group Tick against a data-loss prevention company in East Asia and find a previously unreported tool used by Tick
/ Highlights from Git 2.40
Git project just released Git 2.40 with features and bug fixes from over 88 contributors, 30 of them new:
https://github.blog/2023-03-13-highlights-from-git-2-40/
Git project just released Git 2.40 with features and bug fixes from over 88 contributors, 30 of them new:
https://github.blog/2023-03-13-highlights-from-git-2-40/
The GitHub Blog
Highlights from Git 2.40
The first Git release of the year is here! Take a look at some of our highlights on what's new in Git 2.40.
/ Uncovering Windows Events
This post will focus on the process I followed to understand the events the Threat-Intelligence ETW provider logs and how to uncover the underlying mechanisms. One can use a similar process when trying to reverse other manifest-based ETW providers. This post isn’t a deep dive into how ETW works… Not all manifest-based Event Tracing for Windows (ETW) providers that are exposed through Windows are ingested into telemetry sensors/EDR’s:
https://posts.specterops.io/uncovering-windows-events-b4b9db7eac54
This post will focus on the process I followed to understand the events the Threat-Intelligence ETW provider logs and how to uncover the underlying mechanisms. One can use a similar process when trying to reverse other manifest-based ETW providers. This post isn’t a deep dive into how ETW works… Not all manifest-based Event Tracing for Windows (ETW) providers that are exposed through Windows are ingested into telemetry sensors/EDR’s:
https://posts.specterops.io/uncovering-windows-events-b4b9db7eac54
Medium
Uncovering Windows Events
Threat Intelligence ETW
/ OpenSSH 9.3 has just been released
With security and another fixes — https://lists.mindrot.org/pipermail/openssh-unix-dev/2023-March/040641.html
With security and another fixes — https://lists.mindrot.org/pipermail/openssh-unix-dev/2023-March/040641.html
Forwarded from Sys-Admin Up (Yevgeniy Goncharov)
Active Directory Cheatsheet with code examples
- internal audit
- port forwarding
- bypass EP
- enumeration
- and etc…
— https://hideandsec.sh/books/cheatsheets-82c/page/active-directory
- internal audit
- port forwarding
- bypass EP
- enumeration
- and etc…
— https://hideandsec.sh/books/cheatsheets-82c/page/active-directory
hideandsec.sh
Active Directory | HideAndSec
This cheatsheet is built from numerous papers, GitHub repos and GitBook, blogs, HTB boxes and labs,...
/ CrowdStrike Discovers First-Ever Dero Cryptojacking Campaign Targeting Kubernetes
https://www.crowdstrike.com/blog/crowdstrike-discovers-first-ever-dero-cryptojacking-campaign-targeting-kubernetes/
https://www.crowdstrike.com/blog/crowdstrike-discovers-first-ever-dero-cryptojacking-campaign-targeting-kubernetes/
CrowdStrike.com
CrowdStrike Discovers First-Ever Dero Cryptojacking Campaign Targeting Kubernetes
The Dero cryptojacking operation locates Kubernetes clusters with anonymous access enabled on a Kubernetes API and listens on non-standard ports accessible from the internet.
/ Multiple Internet to Baseband Remote Code Execution Vulnerabilities in Exynos Modems
https://googleprojectzero.blogspot.com/2023/03/multiple-internet-to-baseband-remote-rce.html
https://googleprojectzero.blogspot.com/2023/03/multiple-internet-to-baseband-remote-rce.html
Blogspot
Multiple Internet to Baseband Remote Code Execution Vulnerabilities in Exynos Modems
Posted by Tim Willis, Project Zero In late 2022 and early 2023, Project Zero reported eighteen 0-day vulnerabilities in Exynos Modems...
/ How to defences via the Win Registry from OneNote Malware
— https://www.huntress.com/blog/addressing-initial-access
— https://www.huntress.com/blog/addressing-initial-access
Huntress
Addressing Initial Access | Huntress
Series of blog posts that share the breadth and depth of Huntress’ experience to assist others in reducing their attack surface, and inhibiting or even obviating cyber attacks.
/ KB5025175: Updating the WinRE partition on deployed devices to address security vulnerabilities in CVE-2022-41099
PatchWinREScript_2004plus.ps1 (Recommended)
This noscript is for Windows 10, version 2004 and later versions, including Windows 11:
-- https://support.microsoft.com/en-us/topic/kb5025175-updating-the-winre-partition-on-deployed-devices-to-address-security-vulnerabilities-in-cve-2022-41099-ba6621fa-5a9f-48f1-9ca3-e13eb56fb589
PatchWinREScript_2004plus.ps1 (Recommended)
This noscript is for Windows 10, version 2004 and later versions, including Windows 11:
-- https://support.microsoft.com/en-us/topic/kb5025175-updating-the-winre-partition-on-deployed-devices-to-address-security-vulnerabilities-in-cve-2022-41099-ba6621fa-5a9f-48f1-9ca3-e13eb56fb589
/ (Ab)using Adobe Acrobat Sign to distribute malware
https://blog.avast.com/adobe-acrobat-sign-malware
https://blog.avast.com/adobe-acrobat-sign-malware
Avast
(Ab)using Adobe Acrobat Sign to distribute malware
Adobe offers a cloud service to sign documents online called Acrobat Sign that allows registered users to send a document signature request to anyone. Here's how cybercriminals are taking advantage of this tool.
Good News and New Changes in Sys-Admin Open BLD ecosystem
lab.sys-adm.in - it's AD/Malicious-free Open BLD DNS secure service, today I happy present for you/us few good news:
New security concepts
🐕 Security - Open BLD ecosystem fundamentally changed preventing/attacking mitigation mechanisms, now Sys-Admin Open BLD infrastructure has centralized automated hacking IP mitigation system
☀️ Updates - With open Sys-Admin activities now we are have two new instruments which can change security protection prism which based on open source tools/instruments…
🐌 Speed - Extremely improved speed for collecting/merging/compressing and deploying block/allow lists from Internet
Results
🌵 Cactusd Server, which writen from scratch on GoLang - fully replace BLD-Server update service
🧘 ip2drop replaced fail2ban in Open BLD ecosystem
🥋 All servers has new firewall settings and improvements
Deprecations
♻️ BLD-Server will deprecated and excluded from Sys-Admin activities/supporting in future (thanks nodejs which was fundament for this service)
Welcome
👋 I'm looking for talent, experts, programmers and just good and positive people for code-review, feedback, suggestions and etc - Welcome 🤜🤛
lab.sys-adm.in - it's AD/Malicious-free Open BLD DNS secure service, today I happy present for you/us few good news:
New security concepts
🐕 Security - Open BLD ecosystem fundamentally changed preventing/attacking mitigation mechanisms, now Sys-Admin Open BLD infrastructure has centralized automated hacking IP mitigation system
☀️ Updates - With open Sys-Admin activities now we are have two new instruments which can change security protection prism which based on open source tools/instruments…
🐌 Speed - Extremely improved speed for collecting/merging/compressing and deploying block/allow lists from Internet
Results
🌵 Cactusd Server, which writen from scratch on GoLang - fully replace BLD-Server update service
🧘 ip2drop replaced fail2ban in Open BLD ecosystem
🥋 All servers has new firewall settings and improvements
Deprecations
♻️ BLD-Server will deprecated and excluded from Sys-Admin activities/supporting in future (thanks nodejs which was fundament for this service)
⚰Welcome
👋 I'm looking for talent, experts, programmers and just good and positive people for code-review, feedback, suggestions and etc - Welcome 🤜🤛
Sys-Admin InfoSec pinned «Good News and New Changes in Sys-Admin Open BLD ecosystem lab.sys-adm.in - it's AD/Malicious-free Open BLD DNS secure service, today I happy present for you/us few good news: New security concepts 🐕 Security - Open BLD ecosystem fundamentally changed …»
/ Attackers are starting to target .NET developers with malicious-code NuGet packages
https://jfrog.com/blog/attackers-are-starting-to-target-net-developers-with-malicious-code-nuget-packages/
https://jfrog.com/blog/attackers-are-starting-to-target-net-developers-with-malicious-code-nuget-packages/
JFrog
Attackers are starting to target .NET developers with malicious-code NuGet packages
Update 2023-03-21 – We’ve talked with members of the NuGet team and they had already detected and removed the malicious packages in question. Malicious packages are often spread by the open source NPM and PyPI package repositories, with few other repositories…
/ Cisco Event Response: March 2023 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication
— https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-74842
— https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-74842
ESF_IDENTITY_AND_ACCESS_MANAGEMENT_RECOMMENDED_BEST_PRACTICES_FOR.PDF
1 MB
/ New guidance for identity and access management (IAM) from CISA and NSA for Administrators
/ “FakeGPT” #2: Open-Source Turned Malicious in Another Variant of the Facebook Account-Stealer Chrome Extension
https://labs.guard.io/fakegpt-2-open-source-turned-malicious-in-another-variant-of-the-facebook-account-stealer-d00ef9883d61
https://labs.guard.io/fakegpt-2-open-source-turned-malicious-in-another-variant-of-the-facebook-account-stealer-d00ef9883d61
Medium
“FakeGPT” #2: Open-Source Turned Malicious in Another Variant of the Facebook Account-Stealer Chrome Extension
By Nati Tal (Guardio Labs)
/ GitHub changed RSA SSH - need update locally
how to update key and why did they do it:
— https://github.blog/2023-03-23-we-updated-our-rsa-ssh-host-key/
how to update key and why did they do it:
— https://github.blog/2023-03-23-we-updated-our-rsa-ssh-host-key/
The GitHub Blog
We updated our RSA SSH host key
At approximately 05:00 UTC on March 24, out of an abundance of caution, we replaced our RSA SSH host key used to secure Git operations for GitHub.com.
/ Apache OpenOffice documents can contain links that call internal macros with arbitrary arguments..
CVE-2022-47502
https://www.cve.org/CVERecord?id=CVE-2022-47502
CVE-2022-47502
https://www.cve.org/CVERecord?id=CVE-2022-47502