/ (Ab)using Adobe Acrobat Sign to distribute malware
https://blog.avast.com/adobe-acrobat-sign-malware
https://blog.avast.com/adobe-acrobat-sign-malware
Avast
(Ab)using Adobe Acrobat Sign to distribute malware
Adobe offers a cloud service to sign documents online called Acrobat Sign that allows registered users to send a document signature request to anyone. Here's how cybercriminals are taking advantage of this tool.
Good News and New Changes in Sys-Admin Open BLD ecosystem
lab.sys-adm.in - it's AD/Malicious-free Open BLD DNS secure service, today I happy present for you/us few good news:
New security concepts
🐕 Security - Open BLD ecosystem fundamentally changed preventing/attacking mitigation mechanisms, now Sys-Admin Open BLD infrastructure has centralized automated hacking IP mitigation system
☀️ Updates - With open Sys-Admin activities now we are have two new instruments which can change security protection prism which based on open source tools/instruments…
🐌 Speed - Extremely improved speed for collecting/merging/compressing and deploying block/allow lists from Internet
Results
🌵 Cactusd Server, which writen from scratch on GoLang - fully replace BLD-Server update service
🧘 ip2drop replaced fail2ban in Open BLD ecosystem
🥋 All servers has new firewall settings and improvements
Deprecations
♻️ BLD-Server will deprecated and excluded from Sys-Admin activities/supporting in future (thanks nodejs which was fundament for this service)
Welcome
👋 I'm looking for talent, experts, programmers and just good and positive people for code-review, feedback, suggestions and etc - Welcome 🤜🤛
lab.sys-adm.in - it's AD/Malicious-free Open BLD DNS secure service, today I happy present for you/us few good news:
New security concepts
🐕 Security - Open BLD ecosystem fundamentally changed preventing/attacking mitigation mechanisms, now Sys-Admin Open BLD infrastructure has centralized automated hacking IP mitigation system
☀️ Updates - With open Sys-Admin activities now we are have two new instruments which can change security protection prism which based on open source tools/instruments…
🐌 Speed - Extremely improved speed for collecting/merging/compressing and deploying block/allow lists from Internet
Results
🌵 Cactusd Server, which writen from scratch on GoLang - fully replace BLD-Server update service
🧘 ip2drop replaced fail2ban in Open BLD ecosystem
🥋 All servers has new firewall settings and improvements
Deprecations
♻️ BLD-Server will deprecated and excluded from Sys-Admin activities/supporting in future (thanks nodejs which was fundament for this service)
⚰Welcome
👋 I'm looking for talent, experts, programmers and just good and positive people for code-review, feedback, suggestions and etc - Welcome 🤜🤛
Sys-Admin InfoSec pinned «Good News and New Changes in Sys-Admin Open BLD ecosystem lab.sys-adm.in - it's AD/Malicious-free Open BLD DNS secure service, today I happy present for you/us few good news: New security concepts 🐕 Security - Open BLD ecosystem fundamentally changed …»
/ Attackers are starting to target .NET developers with malicious-code NuGet packages
https://jfrog.com/blog/attackers-are-starting-to-target-net-developers-with-malicious-code-nuget-packages/
https://jfrog.com/blog/attackers-are-starting-to-target-net-developers-with-malicious-code-nuget-packages/
JFrog
Attackers are starting to target .NET developers with malicious-code NuGet packages
Update 2023-03-21 – We’ve talked with members of the NuGet team and they had already detected and removed the malicious packages in question. Malicious packages are often spread by the open source NPM and PyPI package repositories, with few other repositories…
/ Cisco Event Response: March 2023 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication
— https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-74842
— https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-74842
ESF_IDENTITY_AND_ACCESS_MANAGEMENT_RECOMMENDED_BEST_PRACTICES_FOR.PDF
1 MB
/ New guidance for identity and access management (IAM) from CISA and NSA for Administrators
/ “FakeGPT” #2: Open-Source Turned Malicious in Another Variant of the Facebook Account-Stealer Chrome Extension
https://labs.guard.io/fakegpt-2-open-source-turned-malicious-in-another-variant-of-the-facebook-account-stealer-d00ef9883d61
https://labs.guard.io/fakegpt-2-open-source-turned-malicious-in-another-variant-of-the-facebook-account-stealer-d00ef9883d61
Medium
“FakeGPT” #2: Open-Source Turned Malicious in Another Variant of the Facebook Account-Stealer Chrome Extension
By Nati Tal (Guardio Labs)
/ GitHub changed RSA SSH - need update locally
how to update key and why did they do it:
— https://github.blog/2023-03-23-we-updated-our-rsa-ssh-host-key/
how to update key and why did they do it:
— https://github.blog/2023-03-23-we-updated-our-rsa-ssh-host-key/
The GitHub Blog
We updated our RSA SSH host key
At approximately 05:00 UTC on March 24, out of an abundance of caution, we replaced our RSA SSH host key used to secure Git operations for GitHub.com.
/ Apache OpenOffice documents can contain links that call internal macros with arbitrary arguments..
CVE-2022-47502
https://www.cve.org/CVERecord?id=CVE-2022-47502
CVE-2022-47502
https://www.cve.org/CVERecord?id=CVE-2022-47502
/ Nginxpwner is a simple tool to look for common Nginx misconfigurations and vulnerabilities
https://github.com/stark0de/nginxpwner
https://github.com/stark0de/nginxpwner
GitHub
GitHub - stark0de/nginxpwner: Nginxpwner is a simple tool to look for common Nginx misconfigurations and vulnerabilities.
Nginxpwner is a simple tool to look for common Nginx misconfigurations and vulnerabilities. - stark0de/nginxpwner
/ Shining Light on Dark Power: Yet Another Ransomware Gang
Another day, another ransomware gang. The Dark Power ransomware gang is new on the block, and is trying to make a name for itself..:
https://www.trellix.com/en-us/about/newsroom/stories/research/shining-light-on-dark-power.html
Another day, another ransomware gang. The Dark Power ransomware gang is new on the block, and is trying to make a name for itself..:
https://www.trellix.com/en-us/about/newsroom/stories/research/shining-light-on-dark-power.html
Trellix
Shining Light on Dark Power: Yet Another Ransomware Gang
Another day, another ransomware gang. The Dark Power ransomware gang is new on the block, and is trying to make a name for itself. This blog dives into the specifics of the ransomware used by the gang, as well as some information regarding their victim naming…
🌵 New Cactusd Release - v.0.1.7
Cactusd currently has multiple uses - download > aggregate > compress and sort and then merge to one block and allow domain/IP lists from Internet and finally publish lists in own embeded web server.
Now I want to present new few features:
- Upload server (as example: you can upload own IP lists from servers manually or with ip2drop.py to Cactusd which will merge and publish tis lists as
- Now you can view size for published files on web server
- Now Cactusd can configure and ping remote servers with different ports (like as 53, 443, 853 and etc)
- Ping status results displayed on Cactusd web page
- Cactusd written on Go and now you cant simple implement cactusd binary in to systemd unit service
- https://github.com/m0zgen/cactusd
Cactusd currently has multiple uses - download > aggregate > compress and sort and then merge to one block and allow domain/IP lists from Internet and finally publish lists in own embeded web server.
Now I want to present new few features:
- Upload server (as example: you can upload own IP lists from servers manually or with ip2drop.py to Cactusd which will merge and publish tis lists as
dropped_ip.txt list)- Now you can view size for published files on web server
- Now Cactusd can configure and ping remote servers with different ports (like as 53, 443, 853 and etc)
- Ping status results displayed on Cactusd web page
- Cactusd written on Go and now you cant simple implement cactusd binary in to systemd unit service
- https://github.com/m0zgen/cactusd
/ Malicious Actors Use Unicode Support in Python to Evade Detection
-- https://blog.phylum.io/malicious-actors-use-unicode-support-in-python-to-evade-detection
-- https://blog.phylum.io/malicious-actors-use-unicode-support-in-python-to-evade-detection
Phylum Research | Software Supply Chain Security
Malicious Actors Use Unicode Support in Python to Evade Detection
Phylum uncovers a threat actor taking advantage of how the Python interpreter handles Unicode to obfuscate their malware.
/ Microsoft Mitigates Outlook Elevation of Privilege Vulnerability
March 23, 2023 update:
— https://msrc.microsoft.com/blog/2023/03/microsoft-mitigates-outlook-elevation-of-privilege-vulnerability/
March 23, 2023 update:
— https://msrc.microsoft.com/blog/2023/03/microsoft-mitigates-outlook-elevation-of-privilege-vulnerability/
Forwarded from Sys-Admin Up (Yevgeniy Goncharov)
MacStealer: New macOS-based Stealer Malware Identified
https://www.uptycs.com/blog/macstealer-command-and-control-c2-malware
https://www.uptycs.com/blog/macstealer-command-and-control-c2-malware
Uptycs
MacStealer: New MacOS-based Stealer Malware Identified
Protect your Mac from the new MacStealer malware identified by Uptycs. Learn how it extracts sensitive information and spreads via Telegram.
Forwarded from Sys-Admin Up (Yevgeniy Goncharov)
Malware AV/VM evasion - part 14: encrypt/decrypt payload via A5/1. Bypass Kaspersky AV. Simple C++ example.
This post is the result of research on try to evasion AV engines via encrypting payload with another function: GSM A5/1 algorithm:
— https://cocomelonc.github.io/malware/2023/03/24/malware-av-evasion-14.html
This post is the result of research on try to evasion AV engines via encrypting payload with another function: GSM A5/1 algorithm:
— https://cocomelonc.github.io/malware/2023/03/24/malware-av-evasion-14.html
/ March 20 ChatGPT outage: Here’s what happened
An update on our findings, the actions we’ve taken, and technical details of the bug:
https://openai.com/blog/march-20-chatgpt-outage
An update on our findings, the actions we’ve taken, and technical details of the bug:
https://openai.com/blog/march-20-chatgpt-outage
Openai
March 20 ChatGPT outage: Here’s what happened
An update on our findings, the actions we’ve taken, and technical details of the bug.
GitHub Actions extension for VS Code
GitHub announced workflow extension:
— https://github.blog/2023-03-28-announcing-the-github-actions-extension-for-vs-code/
GitHub announced workflow extension:
— https://github.blog/2023-03-28-announcing-the-github-actions-extension-for-vs-code/
The GitHub Blog
Announcing the GitHub Actions extension for VS Code
Today, we’re excited to announce the release of the public beta of the official GitHub Actions VS Code extension, which provides support for authoring and editing workflows and helps you manage workflow runs without leaving your IDE.
/ Spyware vendors use 0-days and n-days against popular platforms
Your missed parcel included 0-days (CVE-2022-42856; CVE-2022-4135)...
iOS, Android, Samsung Internet Browser..:
https://blog.google/threat-analysis-group/spyware-vendors-use-0-days-and-n-days-against-popular-platforms/
Your missed parcel included 0-days (CVE-2022-42856; CVE-2022-4135)...
iOS, Android, Samsung Internet Browser..:
https://blog.google/threat-analysis-group/spyware-vendors-use-0-days-and-n-days-against-popular-platforms/
Google
Spyware vendors use 0-days and n-days against popular platforms
Google’s Threat Analysis Group (TAG) tracks actors involved in information operations (IO), government backed attacks and financially motivated abuse. For years, TAG has…
/ BingBang: The AAD misconfiguration that led to Bing.com results manipulation and account takeover explained
— https://www.wiz.io/blog/azure-active-directory-bing-misconfiguration
— https://www.wiz.io/blog/azure-active-directory-bing-misconfiguration
wiz.io
BingBang: AAD misconfiguration led to Bing.com results manipulation and account takeover | Wiz Blog
How Wiz Research found a common misconfiguration in Azure Active Directory that compromised multiple Microsoft applications, including a Bing management portal