/ Nginxpwner is a simple tool to look for common Nginx misconfigurations and vulnerabilities

https://github.com/stark0de/nginxpwner

/ Shining Light on Dark Power: Yet Another Ransomware Gang

Another day, another ransomware gang. The Dark Power ransomware gang is new on the block, and is trying to make a name for itself..:

https://www.trellix.com/en-us/about/newsroom/stories/research/shining-light-on-dark-power.html

🌵 New Cactusd Release - v.0.1.7
 
Cactusd currently has multiple uses - download > aggregate > compress and sort and then merge to one block and allow domain/IP lists from Internet and finally publish lists in own embeded web server.

Now I want to present new few features:
- Upload server (as example: you can upload own IP lists from servers manually or with ip2drop.py to Cactusd which will merge and publish tis lists as dropped_ip.txt list)
- Now you can view size for published files on web server
- Now Cactusd can configure and ping remote servers with different ports (like as 53, 443, 853 and etc)
- Ping status results displayed on Cactusd web page
- Cactusd written on Go and now you cant simple implement cactusd binary in to systemd unit service

- https://github.com/m0zgen/cactusd

/ Malicious Actors Use Unicode Support in Python to Evade Detection

-- https://blog.phylum.io/malicious-actors-use-unicode-support-in-python-to-evade-detection

/ Microsoft Mitigates Outlook Elevation of Privilege Vulnerability

March 23, 2023 update:

— https://msrc.microsoft.com/blog/2023/03/microsoft-mitigates-outlook-elevation-of-privilege-vulnerability/

MacStealer: New macOS-based Stealer Malware Identified

https://www.uptycs.com/blog/macstealer-command-and-control-c2-malware

Malware AV/VM evasion - part 14: encrypt/decrypt payload via A5/1. Bypass Kaspersky AV. Simple C++ example.

This post is the result of research on try to evasion AV engines via encrypting payload with another function: GSM A5/1 algorithm:

— https://cocomelonc.github.io/malware/2023/03/24/malware-av-evasion-14.html

/ March 20 ChatGPT outage: Here’s what happened

An update on our findings, the actions we’ve taken, and technical details of the bug:

https://openai.com/blog/march-20-chatgpt-outage

GitHub Actions extension for VS Code

GitHub announced workflow extension:

— https://github.blog/2023-03-28-announcing-the-github-actions-extension-for-vs-code/

/ Spyware vendors use 0-days and n-days against popular platforms

Your missed parcel included 0-days (CVE-2022-42856; CVE-2022-4135)...

iOS, Android, Samsung Internet Browser..:

https://blog.google/threat-analysis-group/spyware-vendors-use-0-days-and-n-days-against-popular-platforms/

/ BingBang: The AAD misconfiguration that led to Bing.com results manipulation and account takeover explained

— https://www.wiz.io/blog/azure-active-directory-bing-misconfiguration

/ Super FabriXss: From XSS to an RCE in Azure Service Fabric Explorer by Abusing an Event Tab Cluster Toggle (CVE-2023-23383)

Super FabriXss (CVE-2023-23383) is a dangerous Cross-Site Scripting (XSS) vulnerability discovered by the Orca Research Pod that affects Azure Service Fabric Explorer (SFX). This vulnerability enables unauthenticated remote attackers to execute code on a container hosted on a Service Fabric node:

— https://orca.security/resources/blog/super-fabrixss-azure-vulnerability/

After Happy Backup Day (31 March)

▫️ Make backups
▫️ Make them automatic
▫️ Make sure they work

.. and will be happy 🏆🎉🧘

/ Moobot Strikes Again - Targeting Cacti And RealTek Vulnerabilities

— https://www.fortinet.com/blog/threat-research/moobot-strikes-again-targeting-cacti-and-realtek-vulnerabilities

AppSecFest - Осталось меньше месяца (21 апреля)
 
• The Evolution of Software Supply Chain Attacks Summary (En)
• От SDLC к Secure SDLC: актуальные вопросы о безопасной разработке
• Как без выделенных ресурсов построить систему управления ИБ, соответствующую SOC2
• Как собрать AppSec-отдел с нуля без смс и регистрации
• DevSecOps пайплайн на опенсорс инструментах
• Задача поиска точек ввода данных (DEP) при динамическом анализе современных веб-приложений
• Концепции Incident Management в процессах DevSecOps

Отдельно хочется сказать о докладе:
• Построение процессов безопасности в финтехе в США
• Докладчик Михаил Фленов - тот самый автор журнала Хакер, написавший несколько книг из серии "Глазами Хакера"

Детали и регистрация здесь - appsecfest.kz

/ Dangerous SFX

How Falcon OverWatch Investigates Malicious Self-Extracting Archives, Decoy Files and Their Hidden Payloads:

— https://www.crowdstrike.com/blog/self-extracting-archives-decoy-files-and-their-hidden-payloads/

/ Rorschach – A New Sophisticated And Fast Ransomware

— https://research.checkpoint.com/2023/rorschach-a-new-sophisticated-and-fast-ransomware/

Агрегатор доменов для Pi-Hole, AdGuard, Blocky, Open BLD
 
хей хо, кто юзает pi-hole, adguard, blocky, open-bld.. а так же блокирует вредоносные IP через ipset, firewalld или ip2drop

Я запустил новый cactusd пайплайн который два раза в сутки (каждые 12 часов) агрегирует зловредные доменные имена и айпи адреса в мега-листы, которые в том числе юзаются на bld и ip2drop эндпоинтах, кто хочет использовать self hosted решение, конфиги приведены там же в README.md:

— https://github.com/m0zgen/cactusd
 

/ Certain HP Enterprise LaserJet and HP LaserJet Managed printers - Potential information disclosure

critical

https://support.hp.com/us-en/document/ish_7905330-7905358-16/hpsbpi03838

/ Rilide: A New Malicious Browser Extension for Stealing Cryptocurrencies

https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/rilide-a-new-malicious-browser-extension-for-stealing-cryptocurrencies/