Fake system update drops Aurora stealer via Invalid Printer loader
https://www.malwarebytes.com/blog/threat-intelligence/2023/05/fake-system-update-drops-new-highly-evasive-loader
https://www.malwarebytes.com/blog/threat-intelligence/2023/05/fake-system-update-drops-new-highly-evasive-loader
ThreatDown by Malwarebytes
Fake system update drops Aurora stealer via Invalid Printer loader
Malvertising seems to be enjoying a renaissance as of late, whether it is from ads on search engine results pages or…
RapperBot DDoS Botnet Expands into Cryptojacking
https://www.fortinet.com/blog/threat-research/rapperbot-ddos-botnet-expands-into-cryptojacking
https://www.fortinet.com/blog/threat-research/rapperbot-ddos-botnet-expands-into-cryptojacking
Fortinet Blog
RapperBot DDoS Botnet Expands into Cryptojacking
FortiGuard Labs discusses the changes observed in a new RapperBot campaign and provides a technical analysis of the variant upgraded with miner capabilities. Learn more.…
Открытый практикум DevOps by Rebrain: Введение в Docker
Успевайте зарегистрироваться. Количество мест строго ограничено! Запись практикума “DevOps by Rebrain” в подарок за регистрацию!
16 Мая (Вторник), 19:00 по МСК. Детали
Программа:
• Основы технологии контейнеризации
• Установка всех необходимых компонент
• Запуск первого контейнера
• Основные команды docker
• Разбор сетей в docker
• Обзор того, зачем нужен docker-compose
• Практика
Ведет:
Николай Лавлинский - Веб-разработчик более 15 лет. Специализация: ускорение сайтов и веб-приложений
Успевайте зарегистрироваться. Количество мест строго ограничено! Запись практикума “DevOps by Rebrain” в подарок за регистрацию!
16 Мая (Вторник), 19:00 по МСК. Детали
Программа:
• Основы технологии контейнеризации
• Установка всех необходимых компонент
• Запуск первого контейнера
• Основные команды docker
• Разбор сетей в docker
• Обзор того, зачем нужен docker-compose
• Практика
Ведет:
Николай Лавлинский - Веб-разработчик более 15 лет. Специализация: ускорение сайтов и веб-приложений
/ Security Vulnerabilities fixed in Firefox 113
https://www.mozilla.org/en-US/security/advisories/mfsa2023-16/
https://www.mozilla.org/en-US/security/advisories/mfsa2023-16/
Mozilla
Security Vulnerabilities fixed in Firefox 113
/ Royal ransomware has been involved in high-profile attacks against critical infrastructure
Victimology..:
— https://unit42.paloaltonetworks.com/royal-ransomware/
Victimology..:
— https://unit42.paloaltonetworks.com/royal-ransomware/
Unit 42
Threat Assessment: Royal Ransomware
Royal ransomware has made notable attacks against sectors such as healthcare and infrastructure. Our overview includes victimology and functionality.
/ Critical Privilege Escalation in Essential Addons for Elementor Plugin Affecting 1+ Million Sites
— https://patchstack.com/articles/critical-privilege-escalation-in-essential-addons-for-elementor-plugin-affecting-1-million-sites/
— https://patchstack.com/articles/critical-privilege-escalation-in-essential-addons-for-elementor-plugin-affecting-1-million-sites/
Patchstack
1+ Million Sites Affected by Critical Privilege Escalation Vulnerability in Essential Addons for Elementor Plugin
This blog post is about the Essential Addons for Elementor plugin vulnerability -please update the plugin to at least version 5.7.2.
/ CISA and FBI Release Joint Advisory in Response to Active Exploitation of PaperCut Vulnerability
— https://www.cisa.gov/news-events/alerts/2023/05/11/cisa-and-fbi-release-joint-advisory-response-active-exploitation-papercut-vulnerability
— https://www.cisa.gov/news-events/alerts/2023/05/11/cisa-and-fbi-release-joint-advisory-response-active-exploitation-papercut-vulnerability
/ OneNote documents have emerged as a new malware infection vector
With the disablement of VBA macros, threat actors have turned to using OneNote attachments as a new way to install malware on an endpoint. OneNote attachments can contain embedded file formats, such as HTML, ISO, and JScripts, which can be exploited by malicious actors..:
— Read more…
With the disablement of VBA macros, threat actors have turned to using OneNote attachments as a new way to install malware on an endpoint. OneNote attachments can contain embedded file formats, such as HTML, ISO, and JScripts, which can be exploited by malicious actors..:
— Read more…
LevelBlue
OneNote documents have emerged as a new malware infection…
The content of this post is solely the responsibility of the author. LevelBlue does not adopt or endorse any of the views, positions, or information provided by the author in this article. Intro In February 2022, Microsoft disabled VBA macros on documents…
Fake system update drops Aurora stealer via Invalid Printer loader
https://www.malwarebytes.com/blog/threat-intelligence/2023/05/fake-system-update-drops-new-highly-evasive-loader
P.S. All indicator of compromise blocked in OpenBLD.net DNS
https://www.malwarebytes.com/blog/threat-intelligence/2023/05/fake-system-update-drops-new-highly-evasive-loader
P.S. All indicator of compromise blocked in OpenBLD.net DNS
ThreatDown by Malwarebytes
Fake system update drops Aurora stealer via Invalid Printer loader
Malvertising seems to be enjoying a renaissance as of late, whether it is from ads on search engine results pages or…
Как растет и кто помогает расти OpenBLD.net (Q2 2023)
В экосистеме OpenBLD произошел эволюционный всплеск, теперь это:
— Anycast/GeoDNS, DNSSEC, DNS-over-HTTPS, DNS-over-TLS, DNS
Благодаря этому появились два новых сервиса - Adaptive (ADA), Strict (RIC) которые заменят A-BLD, BLD (в чем отличие)
Настало время тестирования, я тестирую уже более двух недель и это пушка, кто использует OpenBLD пробуй заменить:
🔸 DoH: https://a-bld.sys-adm.in/dns-query на https://ada.openbld.net/dns-query
🔸 DoT: a-bld.sys-adm.in на ada.openbld.net
🔹 DoH: https://bld.sys-adm.in/dns-query на https://ric.openbld.net/dns-query
🔹 DoT: bld.sys-adm.in на ric.openbld.net
В течении недели, мб двух A-BLD будет полностью смерджен с ADA и перестанет существовать как таковой. Один сервер (109.234.39.72) будет заменен другим (46.151.29.15) более шустрым. Начинай тестирование уже сейчас.
Этого не было бы без поддержки. В этом году OpenBLD проект поддержали:
— Сервисно: ClouDNS, Gcore, JetBrains, UptimeRobot
— Информационо: AST Cyber Lab, Core24/7, qCloudy
— Отдельное спасибо Казахстанским хостерам: Unihost.kz, GOhost.kz 🤜️️️️️️🤛️️️️️️
Ты тоже можешь сделать свой вклад в открытый сервис по фильтрации вредоносного контента, пиши @sysadminkz
Всем Peace ✌️
В экосистеме OpenBLD произошел эволюционный всплеск, теперь это:
— Anycast/GeoDNS, DNSSEC, DNS-over-HTTPS, DNS-over-TLS, DNS
Благодаря этому появились два новых сервиса - Adaptive (ADA), Strict (RIC) которые заменят A-BLD, BLD (в чем отличие)
Настало время тестирования, я тестирую уже более двух недель и это пушка, кто использует OpenBLD пробуй заменить:
🔸 DoH: https://a-bld.sys-adm.in/dns-query на https://ada.openbld.net/dns-query
🔸 DoT: a-bld.sys-adm.in на ada.openbld.net
🔹 DoH: https://bld.sys-adm.in/dns-query на https://ric.openbld.net/dns-query
🔹 DoT: bld.sys-adm.in на ric.openbld.net
В течении недели, мб двух A-BLD будет полностью смерджен с ADA и перестанет существовать как таковой. Один сервер (109.234.39.72) будет заменен другим (46.151.29.15) более шустрым. Начинай тестирование уже сейчас.
Этого не было бы без поддержки. В этом году OpenBLD проект поддержали:
— Сервисно: ClouDNS, Gcore, JetBrains, UptimeRobot
— Информационо: AST Cyber Lab, Core24/7, qCloudy
— Отдельное спасибо Казахстанским хостерам: Unihost.kz, GOhost.kz 🤜️️️️️️🤛️️️️️️
Ты тоже можешь сделать свой вклад в открытый сервис по фильтрации вредоносного контента, пиши @sysadminkz
Всем Peace ✌️
Sys-Admin InfoSec pinned «Как растет и кто помогает расти OpenBLD.net (Q2 2023) В экосистеме OpenBLD произошел эволюционный всплеск, теперь это: — Anycast/GeoDNS, DNSSEC, DNS-over-HTTPS, DNS-over-TLS, DNS Благодаря этому появились два новых сервиса - Adaptive (ADA), Strict (RIC)…»
/ SIM Swapping and Abuse of the Microsoft Azure Serial Console: Serial Is Part of a Well Balanced Attack
https://www.mandiant.com/resources/blog/sim-swapping-abuse-azure-serial
https://www.mandiant.com/resources/blog/sim-swapping-abuse-azure-serial
Google Cloud Blog
SIM Swapping and Abuse of the Microsoft Azure Serial Console: Serial Is Part of a Well Balanced Attack | Mandiant | Google Cloud…
/ Hypervisor Jackpotting, Part 3: Lack of Antivirus Support Opens the Door to Adversary Attacks
https://www.crowdstrike.com/blog/hypervisor-jackpotting-lack-of-antivirus-support-opens-the-door-to-adversaries/
https://www.crowdstrike.com/blog/hypervisor-jackpotting-lack-of-antivirus-support-opens-the-door-to-adversaries/
CrowdStrike.com
Hypervisor Jackpotting, Part 3: Lack of Antivirus Support Opens the Door to Adversaries
Learn how the lack of support for third-party agents or antivirus software continues to make ESXi a highly attractive target for modern adversaries.
/ Linux IPv6 "Route of Death" 0day
https://www.interruptlabs.co.uk//articles/linux-ipv6-route-of-death
https://www.interruptlabs.co.uk//articles/linux-ipv6-route-of-death
/ Chrome Use after free Security Fixes (Critical, High)
113.0.5672.126 for Mac and Linux and 113.0.5672.126/.127 for Windows:
— https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop_16.html
113.0.5672.126 for Mac and Linux and 113.0.5672.126/.127 for Windows:
— https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop_16.html
Chrome Releases
Stable Channel Update for Desktop
The Stable channel has been updated to 113.0.5672.126 for Mac and Linux and 113.0.5672.126 /.127 for Windows , which will roll out over t...
/ VSCode Security: Malicious Extensions Detected- More Than 45,000 Downloads- PII Exposed, and Backdoors Enabled
https://blog.checkpoint.com/securing-the-cloud/malicious-vscode-extensions-with-more-than-45k-downloads-steal-pii-and-enable-backdoors/
https://blog.checkpoint.com/securing-the-cloud/malicious-vscode-extensions-with-more-than-45k-downloads-steal-pii-and-enable-backdoors/
Check Point Blog
VSCode Security: Malicious Extensions Detected- More Than 45,000 Downloads- PII Exposed, and Backdoors Enabled - Check Point Blog
Highlights: CloudGuard Spectral detected malicious extensions on the VSCode marketplace Users installing these extensions were enabling attackers to steal
/ Active Directory Spotlight: Attacking Microsoft's Configuration Manager (SCCM/MECM)
Attacking/Defending SCCM:
— https://www.securesystems.de/blog/active-directory-spotlight-attacking-the-microsoft-configuration-manager/
Attacking/Defending SCCM:
— https://www.securesystems.de/blog/active-directory-spotlight-attacking-the-microsoft-configuration-manager/
Systemsecurity
Active Directory Spotlight: Attacking The Microsoft Configuration Manager (SCCM/MECM)
This spotlight covers the Microsoft Configuration Manager (ConfigMgr), also known as SCCM or MECM.
Get an intro into the Configuration Manger, an overview and demonstration of known attacks against it, practical tool box knowledge and best practice defensive…
Get an intro into the Configuration Manger, an overview and demonstration of known attacks against it, practical tool box knowledge and best practice defensive…
Открытый практикум Golang by Rebrain: Design patterns в GO
• 25 Мая (Четверг), 19:00 МСК. Детали
Программа:
• Рассмотрим представителей 3х основных классов design patterns
• Поделимся личным опытом о частоте встреч с каждым из паттернов
Ведет:
• Егор Гришечко - Software engineer в Uber. Пишет внутреннее облако Uber. 7 лет профессионального опыта. Докладчик на крупных конференциях (.NEXT, GolangConf)
• 25 Мая (Четверг), 19:00 МСК. Детали
Программа:
• Рассмотрим представителей 3х основных классов design patterns
• Поделимся личным опытом о частоте встреч с каждым из паттернов
Ведет:
• Егор Гришечко - Software engineer в Uber. Пишет внутреннее облако Uber. 7 лет профессионального опыта. Докладчик на крупных конференциях (.NEXT, GolangConf)
/ Cisco Small Business Series Switches Buffer Overflow Vulnerabilities
Critical:
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sg-web-multi-S9g4Nkgv
Critical:
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sg-web-multi-S9g4Nkgv
Cisco
Cisco Security Advisory: Cisco Small Business Series Switches Buffer Overflow Vulnerabilities
Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected…
/ Dynamic Device Code Phishing
This blog post is intended to give a light overview of device codes, access tokens, and refresh tokens. Here, author focus on the technical how-to for standing up and operating a Dynamic Device Code phishing campaign:
— https://www.blackhillsinfosec.com/dynamic-device-code-phishing/
This blog post is intended to give a light overview of device codes, access tokens, and refresh tokens. Here, author focus on the technical how-to for standing up and operating a Dynamic Device Code phishing campaign:
— https://www.blackhillsinfosec.com/dynamic-device-code-phishing/
Black Hills Information Security, Inc.
Dynamic Device Code Phishing - Black Hills Information Security, Inc.
rvrsh3ll // Introduction This blog post is intended to give a light overview of device codes, access tokens, and refresh tokens. Here, I focus on the technical how-to for standing […]
/ The AI Attack Surface Map v1.0
This resource is a first thrust at a framework for thinking about how to attack AI systems..:
— https://danielmiessler.com/blog/the-ai-attack-surface-map-v1-0/
This resource is a first thrust at a framework for thinking about how to attack AI systems..:
— https://danielmiessler.com/blog/the-ai-attack-surface-map-v1-0/
Danielmiessler
The AI Attack Surface Map v1.0
Introduction Purpose Components Attacks Discussion Summary Introduction This resource is a first thrust at a framework for thinking about how to attack AI syste