Forwarded from Sys-Admin Up (Yevgeniy Goncharov)
Supply Chain Risk From Gigabyte App Center Backdoor
Recently, the Eclypsium platform began detecting suspected backdoor-like behavior within Gigabyte systems in the wild.
..analysis discovered that firmware in Gigabyte systems is dropping and executing a Windows native executable during the system startup process, and this executable then downloads and executes additional payloads insecurely. It uses the same techniques as other OEM backdoor-like features like Computrace backdoor (a.k.a. LoJack DoubleAgent)..:
https://eclypsium.com/blog/supply-chain-risk-from-gigabyte-app-center-backdoor/
Recently, the Eclypsium platform began detecting suspected backdoor-like behavior within Gigabyte systems in the wild.
..analysis discovered that firmware in Gigabyte systems is dropping and executing a Windows native executable during the system startup process, and this executable then downloads and executes additional payloads insecurely. It uses the same techniques as other OEM backdoor-like features like Computrace backdoor (a.k.a. LoJack DoubleAgent)..:
https://eclypsium.com/blog/supply-chain-risk-from-gigabyte-app-center-backdoor/
Eclypsium | Supply Chain Security for the Modern Enterprise
Supply Chain Risk from Gigabyte App Center Backdoor
Eclypsium Research discovers that Gigabyte motherboards have an embedded backdoor in their firmware, which drops a Windows executable that can download and execute additional payloads insecurely. The backdoor affects gaming PCs and high-end computers.
Открытые практикумы DevOps, Linux, Networks, Golang by Rebrain (расписание, Июнь 2023)
Бесплатные практикумы на всевозможные IT темы. Основное — Kubernetes, Docker, Ansible, Gitlab CI, Linux, Kafka , MySQL, Golang и др. Работа в консоли, разбор реальных кейсов на практике:
• 6 июня DevOps: SQL: Введение в использование JOIN (Виктор Щупоченко - DevOps-engineer)
• 7 июня Linux: OpenVPN (Даниил Батурин - Основатель проекта VyOS)
• 8 июня Golang: Design patterns в GO (Егор Гришечко - Software engineer в Uber)
• 13 июня DevOps: Configuration drift - управляем конфигурацией приложений
• 14 июня Linux: С Windows на Linux (Андрей Буранов - Специалист по UNIX-системам VK)
• 15 июня Networks: OSPF Loop Prevention (Дмитрий Радчук - Team Lead Вконтакте)
• 20 июня DevOps: Система Percona Motoring and Management в Docker
• 21 июня Linux: Как контролировать ресурсы (Андрей Буранов)
• 22 июня Networks: Основы построения Wi-Fi сетей (Ольга Яновская - Руководитель направления Networks by Rebrain)
• 27 июня DevOps by Rebrain (Василий Озеров - Co-Founder REBRAIN/Fevlake)
• 28 июня Linux: Пользователи Linux (Андрей Буранов)
• 29 июня Networks: Дизайн multi-area OSPF (Дмитрий Радчук)
Подключиться можно Здесь
Бесплатные практикумы на всевозможные IT темы. Основное — Kubernetes, Docker, Ansible, Gitlab CI, Linux, Kafka , MySQL, Golang и др. Работа в консоли, разбор реальных кейсов на практике:
• 6 июня DevOps: SQL: Введение в использование JOIN (Виктор Щупоченко - DevOps-engineer)
• 7 июня Linux: OpenVPN (Даниил Батурин - Основатель проекта VyOS)
• 8 июня Golang: Design patterns в GO (Егор Гришечко - Software engineer в Uber)
• 13 июня DevOps: Configuration drift - управляем конфигурацией приложений
• 14 июня Linux: С Windows на Linux (Андрей Буранов - Специалист по UNIX-системам VK)
• 15 июня Networks: OSPF Loop Prevention (Дмитрий Радчук - Team Lead Вконтакте)
• 20 июня DevOps: Система Percona Motoring and Management в Docker
• 21 июня Linux: Как контролировать ресурсы (Андрей Буранов)
• 22 июня Networks: Основы построения Wi-Fi сетей (Ольга Яновская - Руководитель направления Networks by Rebrain)
• 27 июня DevOps by Rebrain (Василий Озеров - Co-Founder REBRAIN/Fevlake)
• 28 июня Linux: Пользователи Linux (Андрей Буранов)
• 29 июня Networks: Дизайн multi-area OSPF (Дмитрий Радчук)
Подключиться можно Здесь
/ Multi-stage attack chain uses PowerShell downloader and DLL sideloading
New Horabot campaign targets Gmail, Yahoo, Outlook mailboxes.. exfiltrate contacts’ email addresses, and send phishing emails with malicious HTML attachments to all addresses in the victim’s mailbox:
https://blog.talosintelligence.com/new-horabot-targets-americas/
New Horabot campaign targets Gmail, Yahoo, Outlook mailboxes.. exfiltrate contacts’ email addresses, and send phishing emails with malicious HTML attachments to all addresses in the victim’s mailbox:
https://blog.talosintelligence.com/new-horabot-targets-americas/
Cisco Talos Blog
New Horabot campaign targets the Americas
Cisco Talos has observed a threat actor deploying a previously unidentified botnet program Talos is calling “Horabot,” which delivers a known banking trojan and spam tool onto victim machines in a campaign that has been ongoing since at least November 2020.
/ Splunk - ‘edit_user’ Capability Privilege Escalation
https://advisory.splunk.com/advisories/SVD-2023-0602
https://advisory.splunk.com/advisories/SVD-2023-0602
Splunk Vulnerability Disclosure
‘edit_user’ Capability Privilege Escalation
A low-privileged user who holds a role that has the ‘edit_user’ capability assigned to it can escalate their privileges to that of the admin user by providing a specially crafted web request. This is because the ‘edit_user’ capability does not honor the …
/ Malicious code in PDF Toolbox extension
https://palant.info/2023/05/16/malicious-code-in-pdf-toolbox-extension/
https://palant.info/2023/05/16/malicious-code-in-pdf-toolbox-extension/
Almost Secure
Malicious code in PDF Toolbox extension
PDF Toolbox extension (used by more than 2 million users) contains obfuscated malicious code, allowing serasearchtop[.]com website to inject arbitrary JavaScript code into all websites you visit.
/ kill Cortana: MS released doc named: End of support for Cortana in Windows
https://support.microsoft.com/en-us/topic/end-of-support-for-cortana-in-windows-d025b39f-ee5b-4836-a954-0ab646ee1efa
https://support.microsoft.com/en-us/topic/end-of-support-for-cortana-in-windows-d025b39f-ee5b-4836-a954-0ab646ee1efa
Forwarded from Sys-Admin Up (Yevgeniy Goncharov)
/ Zyxel’s guidance for the recent attacks on the ZyWALL devices
— some firewall versions could allow an unauthenticated attacker to execute some OS commands remotely by sending crafted packets to an affected device
https://www.zyxel.com/global/en/support/security-advisories/zyxels-guidance-for-the-recent-attacks-on-the-zywall-devices
— some firewall versions could allow an unauthenticated attacker to execute some OS commands remotely by sending crafted packets to an affected device
https://www.zyxel.com/global/en/support/security-advisories/zyxels-guidance-for-the-recent-attacks-on-the-zywall-devices
Zyxel
Zyxel’s guidance for the recent attacks on the ZyWALL devices | Zyxel Networks
Summary Zyxel recently became aware of a cyberattack targeting our ZyWALL devices. These vulnerabilities already have patches - we took immediate action as soon as we become aware of them, and have released patches, as well as security advisories for CVE…
Netdata - Best Open-source Monitoring And Troubleshooting System
Few time ago I found Netdata.cloud - is a brilliant service with unique features:
• Fast deploy: One line of code and metrics will start collecting
• Multiple monitors: Auto-discovering many type of services on target systems
• Envs: On-premise, hybrid, IoT, multi-cloud, containers (k8s, Docker, LXC, LXD, and more)
• Integrations: OS, DB, Networks, Applications with over 1k+ integrations
• Import data: Prometheus, StatsD, SQL - visualize with opinionated dashboards and charts
In short - a couple of minutes is enough to start monitoring the system, with full coverage for all necessary needs
• Active Directory, CoreDNS, IIS, Docker and more and more live monitors Live Demo
• Site: https://www.netdata.cloud/features
#sysadminlab #news #netdata #monitoring #observability #mychoice
Few time ago I found Netdata.cloud - is a brilliant service with unique features:
• Fast deploy: One line of code and metrics will start collecting
• Multiple monitors: Auto-discovering many type of services on target systems
• Envs: On-premise, hybrid, IoT, multi-cloud, containers (k8s, Docker, LXC, LXD, and more)
• Integrations: OS, DB, Networks, Applications with over 1k+ integrations
• Import data: Prometheus, StatsD, SQL - visualize with opinionated dashboards and charts
In short - a couple of minutes is enough to start monitoring the system, with full coverage for all necessary needs
• Active Directory, CoreDNS, IIS, Docker and more and more live monitors Live Demo
• Site: https://www.netdata.cloud/features
#sysadminlab #news #netdata #monitoring #observability #mychoice
✨️️ Open SysConf'23 - Регистрация Докладчика
Несмотря на то, что мы планируем встречу на осень, было решено начать сбор докладчиков уже сегодня.
Тематики как всегда - IT, Dev(Sec)Ops, AppSec, Cybersec, Hardening, Сложные сертификации.. особенно круто, если это собственный ресерч или крутая разработка, которая делает этот прекрасный мир лучше.
Начинай думать, сегодня о том, что будем делать завтра 😉
— Форма регистрации Здесь
Несмотря на то, что мы планируем встречу на осень, было решено начать сбор докладчиков уже сегодня.
Тематики как всегда - IT, Dev(Sec)Ops, AppSec, Cybersec, Hardening, Сложные сертификации.. особенно круто, если это собственный ресерч или крутая разработка, которая делает этот прекрасный мир лучше.
Начинай думать, сегодня о том, что будем делать завтра 😉
— Форма регистрации Здесь
/ Can you trust ChatGPT’s package recommendations?
ChatGPT can offer coding solutions, but its tendency for hallucination presents attackers with an opportunity:
https://vulcan.io/blog/ai-hallucinations-package-risk/
ChatGPT can offer coding solutions, but its tendency for hallucination presents attackers with an opportunity:
https://vulcan.io/blog/ai-hallucinations-package-risk/
Tenable®
Cybersecurity Snapshot: New Guide Details How To Use AI Securely, as CERT Honcho Tells CISOs To Sharpen AI Security Skills Pronto
Cyber agencies from multiple countries published a joint guide on using artificial intelligence safely. Meanwhile, CERT’s director says AI is the top skill for CISOs to have in 2024. Plus, the UK’s NCSC forecasts how AI will supercharge cyberattacks. And…
/ When Hackers hack the Hackers - Malware Analysis for a group targeting Malware Developers
Detailed analysis revealed Command & Control (C2) connections using Discord for communication.
https://www.r-tec.net/r-tec-blog-when-hackers-hack-the-hackers.html
P.S. Malicious domains with Cobalt Strike C2, Remcos C2 already blocked in OpenBLD.net DNS
Detailed analysis revealed Command & Control (C2) connections using Discord for communication.
https://www.r-tec.net/r-tec-blog-when-hackers-hack-the-hackers.html
P.S. Malicious domains with Cobalt Strike C2, Remcos C2 already blocked in OpenBLD.net DNS
www.r-tec.net
When Hackers hack the Hackers
In this post, the malware analysis process, as well as attacker activities and Indicators of Compromise (IoCs) are presented.
Открытый практикум: Configuration drift – управляем конфигурацией приложений
13 Июня (Вторник) 19:00 по МСК. Детали
Программа:
• Что такое configuration drift?
• Какая может быть архитектура configuration drift?
• Рассмотрим пример реализации configuration drift
Ведет:
Александр Крылов – Опыт работы в DevOps более 7 лет. Постоянный спикер конференций: DevOps conf, TeamLead conf, Highload conf. Автор курса по Haproxy на Rebrain.
13 Июня (Вторник) 19:00 по МСК. Детали
Программа:
• Что такое configuration drift?
• Какая может быть архитектура configuration drift?
• Рассмотрим пример реализации configuration drift
Ведет:
Александр Крылов – Опыт работы в DevOps более 7 лет. Постоянный спикер конференций: DevOps conf, TeamLead conf, Highload conf. Автор курса по Haproxy на Rebrain.
/ Cisco AnyConnect for Windows could allow a low-privileged, authenticated, local attacker to elevate privileges to those of SYSTEM (High)
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ac-csc-privesc-wx4U4Kw
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ac-csc-privesc-wx4U4Kw
Cisco
Cisco Security Advisory: Cisco AnyConnect Secure Mobility Client Software for Windows and Cisco Secure Client Software for Windows…
A vulnerability in the client update process of Cisco AnyConnect Secure Mobility Client Software for Windows and Cisco Secure Client Software for Windows could allow a low-privileged, authenticated, local attacker to elevate privileges to those of SYSTEM.…
/ Update. Barracuda Email Security Gateway Appliance (ESG) Vulnerability
ACTION NOTICE: Impacted ESG appliances must be immediately replaced regardless of patch version level.
Barracuda’s remediation recommendation at this time is full replacement of the impacted ESG:
https://www.barracuda.com/company/legal/esg-vulnerability
Prev post:
https://news.1rj.ru/str/sysadm_in_channel/4655
ACTION NOTICE: Impacted ESG appliances must be immediately replaced regardless of patch version level.
Barracuda’s remediation recommendation at this time is full replacement of the impacted ESG:
https://www.barracuda.com/company/legal/esg-vulnerability
Prev post:
https://news.1rj.ru/str/sysadm_in_channel/4655
/ MFA is no protection against this critical new Fortinet vulnerability, CVE-2023-27997
https://www.thestack.technology/fortinet-vulnerability-vpn-cve-2023-27997/
https://www.thestack.technology/fortinet-vulnerability-vpn-cve-2023-27997/
The Stack
MFA no protection against new Fortinet bug CVE-2023-27997
"It is a pre-auth RCE [and] has been proven to be exploitable in a consistent manner; we found it during a Red Team engagement and have exploited it remotely..."
15, 20 в Алматы пройдет несколько ИБ-ивента
- 15 июня проведет Trend Micro в рамках мирового роадшоу Risk to Resilience: https://resources.trendmicro.com/R2R-WT23-Almaty-Russian.html
- 20 июня - впервые в Казахстане состоится Positive Security Day (будет даже А.Лукацкий): https://psdaykz.ptsecurity.com/
- 15 июня проведет Trend Micro в рамках мирового роадшоу Risk to Resilience: https://resources.trendmicro.com/R2R-WT23-Almaty-Russian.html
- 20 июня - впервые в Казахстане состоится Positive Security Day (будет даже А.Лукацкий): https://psdaykz.ptsecurity.com/
/ Elastic Security Labs has discovered the SPECTRALVIPER malware
https://www.elastic.co/security-labs/elastic-charms-spectralviper
https://www.elastic.co/security-labs/elastic-charms-spectralviper
www.elastic.co
Elastic charms SPECTRALVIPER — Elastic Security Labs
Elastic Security Labs has discovered the P8LOADER, POWERSEAL, and SPECTRALVIPER malware families targeting a national Vietnamese agribusiness. REF2754 shares malware and motivational elements of the REF4322 and APT32 activity groups.