/ Multi-stage attack chain uses PowerShell downloader and DLL sideloading

New Horabot campaign targets Gmail, Yahoo, Outlook mailboxes.. exfiltrate contacts’ email addresses, and send phishing emails with malicious HTML attachments to all addresses in the victim’s mailbox:

https://blog.talosintelligence.com/new-horabot-targets-americas/

/ Splunk - ‘edit_user’ Capability Privilege Escalation

https://advisory.splunk.com/advisories/SVD-2023-0602

/ Malicious code in PDF Toolbox extension

https://palant.info/2023/05/16/malicious-code-in-pdf-toolbox-extension/

/ kill Cortana: MS released doc named: End of support for Cortana in Windows

https://support.microsoft.com/en-us/topic/end-of-support-for-cortana-in-windows-d025b39f-ee5b-4836-a954-0ab646ee1efa

Today Digital Ocean supported OpenBLD.net DNS

.. step forward in a joyful mood 🥳

/ Zyxel’s guidance for the recent attacks on the ZyWALL devices

— some firewall versions could allow an unauthenticated attacker to execute some OS commands remotely by sending crafted packets to an affected device

https://www.zyxel.com/global/en/support/security-advisories/zyxels-guidance-for-the-recent-attacks-on-the-zywall-devices

Netdata - Best Open-source Monitoring And Troubleshooting System
 
Few time ago I found Netdata.cloud - is a brilliant service with unique features:

• Fast deploy: One line of code and metrics will start collecting
• Multiple monitors: Auto-discovering many type of services on target systems
• Envs: On-premise, hybrid, IoT, multi-cloud, containers (k8s, Docker, LXC, LXD, and more)
• Integrations: OS, DB, Networks, Applications with over 1k+ integrations
• Import data: Prometheus, StatsD, SQL - visualize with opinionated dashboards and charts

In short - a couple of minutes is enough to start monitoring the system, with full coverage for all necessary needs

• Active Directory, CoreDNS, IIS, Docker and more and more live monitors Live Demo
• Site: https://www.netdata.cloud/features

#sysadminlab #news #netdata #monitoring #observability #mychoice

✨️️ Open SysConf'23 - Регистрация Докладчика
 
Несмотря на то, что мы планируем встречу на осень, было решено начать сбор докладчиков уже сегодня.

Тематики как всегда - IT, Dev(Sec)Ops, AppSec, Cybersec, Hardening, Сложные сертификации.. особенно круто, если это собственный ресерч или крутая разработка, которая делает этот прекрасный мир лучше.

Начинай думать, сегодня о том, что будем делать завтра 😉

— Форма регистрации Здесь

/ Can you trust ChatGPT’s package recommendations?

ChatGPT can offer coding solutions, but its tendency for hallucination presents attackers with an opportunity:

https://vulcan.io/blog/ai-hallucinations-package-risk/

/ When Hackers hack the Hackers - Malware Analysis for a group targeting Malware Developers

Detailed analysis revealed Command & Control (C2) connections using Discord for communication.

https://www.r-tec.net/r-tec-blog-when-hackers-hack-the-hackers.html

P.S. Malicious domains with Cobalt Strike C2, Remcos C2 already blocked in OpenBLD.net DNS

Открытый практикум: Configuration drift – управляем конфигурацией приложений
 
13 Июня (Вторник) 19:00 по МСК. Детали

Программа:
• Что такое configuration drift?
• Какая может быть архитектура configuration drift?
• Рассмотрим пример реализации configuration drift

Ведет:
Александр Крылов – Опыт работы в DevOps более 7 лет. Постоянный спикер конференций: DevOps conf, TeamLead conf, Highload conf. Автор курса по Haproxy на Rebrain.
 

/ OWASP API Security Top-10 for 2023 Risk Ratings

https://lab.wallarm.com/owasp-api-security-top-10-for-2023-risk-ratings/amp/

/ Cisco AnyConnect for Windows could allow a low-privileged, authenticated, local attacker to elevate privileges to those of SYSTEM (High)

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ac-csc-privesc-wx4U4Kw

Debian 12 bookworm released

https://www.debian.org/News/2023/20230610

/ Update. Barracuda Email Security Gateway Appliance (ESG) Vulnerability

ACTION NOTICE: Impacted ESG appliances must be immediately replaced regardless of patch version level.

Barracuda’s remediation recommendation at this time is full replacement of the impacted ESG:

https://www.barracuda.com/company/legal/esg-vulnerability

Prev post:
https://news.1rj.ru/str/sysadm_in_channel/4655

/ MFA is no protection against this critical new Fortinet vulnerability, CVE-2023-27997

https://www.thestack.technology/fortinet-vulnerability-vpn-cve-2023-27997/

15, 20 в Алматы пройдет несколько ИБ-ивента

- 15 июня проведет Trend Micro в рамках мирового роадшоу Risk to Resilience: https://resources.trendmicro.com/R2R-WT23-Almaty-Russian.html

- 20 июня - впервые в Казахстане состоится Positive Security Day (будет даже А.Лукацкий): https://psdaykz.ptsecurity.com/

/ Elastic Security Labs has discovered the SPECTRALVIPER malware

https://www.elastic.co/security-labs/elastic-charms-spectralviper

/ UI Bug in Visual Studio Lets Attackers Impersonate Publishers

https://www.varonis.com/blog/visual-studio-bug

🚀 Experience the Power of AI-Powered Anomaly Detection in Netdata!
 
Revolutionize your infrastructure monitoring with Netdata's cutting-edge AI/ML capabilities. Discover the next level of automated anomaly detection and prediction, setting new standards for open-source monitoring tools 💪️️️️

Prepare to be amazed by Netdata's anomaly features and unlock these remarkable qualities:
— Anomaly Advisor: Quickly surface potentially anomalous metrics and charts
— Predictive Analytics: Leverage AI and ML to predict future trends and potential issues
— Real-Time Anomaly Detection: With ML predictions for each collected metric
— Alerting and Remediation: Intelligent alerting with AI and ML to create context-aware alerts
— Non-stop Research and Development: Developers actively explore and develop new AI and ML-driven features
🔧 How It Works: See detailed article

Whether you're involved in metric collection, monitoring, or observability, Netdata.cloud is your ultimate destination ✨ Peace ✌️