Открытый практикум DevOps by Rebrain: Шифрование секретов в GitOps
 
• 25 Апреля (Вторник), 19:00 по МСК. Детали

Программа:
• Где хранить секреты - git, vault или облачный сервис?
• Разбираемся с dek, kek и kms
• Изучаем схему работы sops, sealed secrets
• Если успеем, то затронем варианты реализации kubernetes authentication в vault и external secrets

Ведет:
• Василий Озеров - Руководит международной командой в рамках своего агентства Fevlake. Co-Founder REBRAIN. Более 8 лет Devops практик.

/ Stop using Telnet to test ports

Make life simpler by automating network checks with tools like Expect, Bash, Netcat, and Nmap instead:

https://www.redhat.com/sysadmin/stop-using-telnet-test-port

/ Test TCP ports with Python and Scapy

https://www.redhat.com/sysadmin/test-tcp-python-scapy

/ 3CX Software Supply Chain Compromise Initiated by a Prior Software Supply Chain Compromise

https://www.mandiant.com/resources/blog/3cx-software-supply-chain-compromise

/ Medusa ransomware crew brags about spreading Bing, Cortana source code

https://www.theregister.com/2023/04/19/medusa_microsoft_data_dump/

/ Multiple vulnerabilities in VMware Aria Operations

Critical. An unauthenticated, malicious actor with network access to VMware Aria Operations for Logs may be able to execute arbitrary code as root. Advisory:

— https://www.vmware.com/security/advisories/VMSA-2023-0007.html

/ Debugging D-Link: Emulating firmware and hacking hardware

— https://www.greynoise.io/blog/debugging-d-link-emulating-firmware-and-hacking-hardware

/ Private vulnerability reporting now generally availablein GitHub

private vulnerability reporting, a private collaboration channel that makes it easier for researchers and maintainers to report and fix vulnerabilities on public repositories:

https://github.blog/2023-04-19-private-vulnerability-reporting-now-generally-available/

/ GhostToken – Exploiting GCP application infrastructure to create invisible, unremovable trojan app on Google accounts

https://astrix.security/ghosttoken-exploiting-gcp-application-infrastructure-to-create-invisible-unremovable-trojan-app-on-google-accounts/

/ RBAC Buster - First-Ever Attack Leveraging Kubernetes RBAC to Backdoor Clusters

This blog post is a part of a comprehensive study we conducted on misconfigured K8s clusters in the wild. Research findings are significant as they shed light on the risks of misconfigurations and how even large organizations can overlook the importance of securing their clusters, leaving them vulnerable to potential disasters with just one mistake:

— https://blog.aquasec.com/leveraging-kubernetes-rbac-to-backdoor-clusters

/ EvilExtractor – All-in-One Stealer

EvilExtractor (sometimes spelled Evil Extractor) is an attack tool designed to target Windows operating systems and extract data and files from endpoint devices. It includes several modules that all work via an FTP service. It was developed by a company named Kodex, which claims it is an educational tool. However, research conducted by FortiGuard Labs shows cybercriminals are actively using it as an info stealer:

— https://www.fortinet.com/blog/threat-research/evil-extractor-all-in-one-stealer

/ BlueNoroff APT group targets macOS with ‘RustBucket’ Malware

https://www.jamf.com/blog/bluenoroff-apt-targets-macos-rustbucket-malware/

/ Cisco patches high and critical flaws across several products

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ind-CAeLFk6V

/ Free Copilot analog from Amazon

https://aws.amazon.com/codewhisperer/

New side attack to Intel CPU report

Abstract—The transient execution attack is a type of attack
leveraging the vulnerability of modern CPU optimization tech-
nologies. New attacks surface rapidly. The side-channel is a key
part of transient execution attacks to leak data

Тезисно о том, как можно получить Open Source - All Product Pack лицензию от JetBrains

Все просто - делай вклад в этот мир и тебе воздастся ;)

— https://youtu.be/9DMnXS0ifAA

⚠️ Note: All DoT (853) BLD (bld.sys-adm.in) clients (Android) should be migrate to A-BLD (a-bld.sys-adm.in)

🔆 Внимание. Всем Android клиентам bld.sys-adm.in - необходимо перенастроить безопасный DNS на a-bld.sys-adm.in!

/ Detecting and decrypting Sliver C2 – a threat hunter’s guide

Sliver is an open-source, cross-platform, and extensible C2 framework. It’s written primarily in Go, making it fast, portable, and easy to customize. This versatility makes it a popular choice among red teams for adversary emulation and as a learning tool for security enthusiasts.

The Sliver C2 framework has features catering to both beginner and advanced users. One of its main attractions is the ability to generate dynamic payloads for multiple platforms, such as Windows, Linux, and macOS. These payloads, or “slivers,” provide capabilities like establishing persistence, spawning a shell, and exfiltrating data.

When it comes to communication, Sliver supports a wide range of communication protocols, including HTTP, HTTPS, DNS, TCP, and WireGuard. This ensures that C2 traffic is flexible, stealthy, and can blend in with normal network traffic

— Full article…

/ A maintenance release Git v2.40.1 with fixes many security issues

CVE-2023-25652, CVE-2023-25815, and CVE-2023-29007

— https://lkml.org/lkml/2023/4/25/705

/ New high-severity vulnerability (CVE-2023-29552) discovered in the Service Location Protocol (SLP)

https://www.bitsight.com/blog/new-high-severity-vulnerability-cve-2023-29552-discovered-service-location-protocol-slp