/ Three New BGP Message Parsing Vulnerabilities Disclosed in FRRouting Software

https://www.forescout.com/blog/three-new-bgp-message-parsing-vulnerabilities-disclosed-in-frrouting-software/

/ Netgear User Management Remote Credentials Disclosur,e Remote Restriction Bypass

https://flashpoint.io/resources/research/fp-2023-01-netgear-prosafe-network-management-system/

/ The LockBit ransomware (kinda) comes for macOS

Detailed research:

https://objective-see.org/blog/blog_0x75.html

Открытый практикум Linux by Rebrain: ФСТЭК для Linux. Часть 2
 
• 10 Мая (Среда) в 20:00 по МСК. Детали

Программа:
• Продолжаем выполнять требования
• Что нужно поправить в работе ядра
• Что может быть если это не исправить

Ведет:
• Андрей Буранов - Специалист по UNIX-системам в компании VK. Опыт работы с ОС Linux более 7 лет.

/ AirPods under attack. Hotfixes from Apple

https://support.apple.com/en-us/HT213752

OpenBLD Pre-release Testing Program
 
I'm working on new OpenBLD DoH/DoT release with Anycast DNS, GeoDNS (Europe, Asia locations) functionality.

I think this or next month, I'll start the new faster DoH/DoT OpenBLD testing release with automatic identification of the closest server location continent and network route detection for OpenBLD clients.

You can fill this form in, after review I'll "ping" you with testing as soon as possible:

🔶 REQUEST PARTICIPATION

Let's make internet surfing faster and safer together. Peace ✌️

When Good APIs Go Bad: Uncovering 3 Azure API Management Vulnerabilities

Vulnerabilities in the Azure API Management service. These included two SSRF (Server-Side Request Forgery) vulnerabilities and a file upload path traversal on an internal Azure workload:

— Read more…

GitLab Critical Security Release: 15.11.2, 15.10.6, and 15.9.7

GitLab Community Edition (CE) and Enterprise Edition (EE) - Malicious Runner Attachment via GraphQL:

— https://about.gitlab.com/releases/2023/05/05/critical-security-release-gitlab-15-11-2-released/

[CVE-2023-32233] Linux kernel use-after-free in Netfilter nf_tables

https://www.openwall.com/lists/oss-security/2023/05/08/4

New Akira Ransomware Operation Hits Corporate Networks

https://www.blackhatethicalhacking.com/news/new-akira-ransomware-operation-hits-corporate-networks/

MS released update consists of the following 40 Microsoft CVEs:

https://msrc.microsoft.com/update-guide/releaseNote/2023-May

One of CVE indicated as CVE-2023-24932, article for Windows Boot Manager revocations for Secure Boot changes:

https://support.microsoft.com/en-us/topic/kb5025885-how-to-manage-the-windows-boot-manager-revocations-for-secure-boot-changes-associated-with-cve-2023-24932-41a975df-beb2-40c1-99a3-b3ff139f832d

From One Vulnerability to Another: Outlook Patch Analysis Reveals Important Flaw in Windows API

…
An unauthenticated attacker on the internet could use the vulnerability to coerce an Outlook client to connect to an attacker-controlled server. This results in NTLM credentials theft. It is a zero-click vulnerability, meaning it can be triggered with no user interaction
…

— https://www.akamai.com/blog/security-research/important-outlook-vulnerability-bypass-windows-api

Fake system update drops Aurora stealer via Invalid Printer loader

https://www.malwarebytes.com/blog/threat-intelligence/2023/05/fake-system-update-drops-new-highly-evasive-loader

RapperBot DDoS Botnet Expands into Cryptojacking

https://www.fortinet.com/blog/threat-research/rapperbot-ddos-botnet-expands-into-cryptojacking

Открытый практикум DevOps by Rebrain: Введение в Docker
 
Успевайте зарегистрироваться. Количество мест строго ограничено! Запись практикума “DevOps by Rebrain” в подарок за регистрацию!

16 Мая (Вторник), 19:00 по МСК. Детали

Программа:
• Основы технологии контейнеризации
• Установка всех необходимых компонент
• Запуск первого контейнера
• Основные команды docker
• Разбор сетей в docker
• Обзор того, зачем нужен docker-compose
• Практика

Ведет:
Николай Лавлинский - Веб-разработчик более 15 лет. Специализация: ускорение сайтов и веб-приложений
 

/ Royal ransomware has been involved in high-profile attacks against critical infrastructure

Victimology..:

— https://unit42.paloaltonetworks.com/royal-ransomware/

/ Critical Privilege Escalation in Essential Addons for Elementor Plugin Affecting 1+ Million Sites

— https://patchstack.com/articles/critical-privilege-escalation-in-essential-addons-for-elementor-plugin-affecting-1-million-sites/

/ CISA and FBI Release Joint Advisory in Response to Active Exploitation of PaperCut Vulnerability

— https://www.cisa.gov/news-events/alerts/2023/05/11/cisa-and-fbi-release-joint-advisory-response-active-exploitation-papercut-vulnerability

/ OneNote documents have emerged as a new malware infection vector

With the disablement of VBA macros, threat actors have turned to using OneNote attachments as a new way to install malware on an endpoint. OneNote attachments can contain embedded file formats, such as HTML, ISO, and JScripts, which can be exploited by malicious actors..:

— Read more…

Fake system update drops Aurora stealer via Invalid Printer loader

https://www.malwarebytes.com/blog/threat-intelligence/2023/05/fake-system-update-drops-new-highly-evasive-loader

P.S. All indicator of compromise blocked in OpenBLD.net DNS