Открытый практикум Networks by Rebrain: Дизайн multi-area OSPF
 
• 29 Июня (Четверг, 19:00 МСК). Детали

Программа:
• Преимущества и недостатки разбития OSPF на area
• Принципы работы stub/nssa area в OSPF
• Какие плюсы можно получить и когда стоит применять различные типы area

Ведет:
• Дмитрий Радчук – Team Lead Вконтакте. CCIE x4. Опыт работы с сетями больше 12 лет.

/ How Microsoft OAuth Misconfiguration Can Lead to Full Account Takeover

https://www.descope.com/blog/post/noauth

/ IoT devices and Linux-based systems targeted by OpenSSH trojan campaign

https://www.microsoft.com/en-us/security/blog/2023/06/22/iot-devices-and-linux-based-systems-targeted-by-openssh-trojan-campaign/

/ Advisory: IDOR in Microsoft Teams Allows for External Tenants to Introduce Malware

https://labs.jumpsec.com/advisory-idor-in-microsoft-teams-allows-for-external-tenants-to-introduce-malware/

BlackLotus Mitigation Guide from NSA

https://media.defense.gov/2023/Jun/22/2003245723/-1/-1/0/CSI_BlackLotus_Mitigation_Guide.PDF

/ FortiNAC - Execute unauthorized code or commands

https://www.fortiguard.com/psirt/FG-IR-23-074

/ Trojanized Super Mario Game Installer Spreads SupremeBot Malware

https://blog.cyble.com/2023/06/23/trojanized-super-mario-game-installer-spreads-supremebot-malware/

P.S. IOC domain added to OpenBLD.net DNS

/ Apple fixes three actively exploited vulnerabilities

Apple has released security updates for several products to address a set of flaws that it says are being actively exploited:

https://www.malwarebytes.com/blog/news/2023/06/update-now-apple-fixes-three-actively-exploited-vulnerabilities

/ Unpacking RDStealer: An Exfiltration Malware Targeting RDP Workloads

https://www.bitdefender.com/blog/businessinsights/unpacking-rdstealer-an-exfiltration-malware-targeting-rdp-workloads/

CFP на OFFZONE (август 24-25)

Call For Papers для тех, кто горит желанием поделиться практическим опытом или рассказать о новом исследовании 24-25 августа на OFFZONE. Форматы выступлений:
- Talk — 45 минут,
- Short talk — 15 минут

Конечно же проходки на конфу и Speaker party (вечеринка с другими спикерам), фирменный мерч, и другие плюшки идут бонусом. Узнать о правилах и подать заявку можно на странице CFP

Anatsa banking Trojan hits UK, US and DACH with new campaign

https://www.threatfabric.com/blogs/anatsa-hits-uk-and-dach-with-new-campaign

/ CRIL investigated a new ransomware named Wagner..

This ransomware is a variant of Chaos.. The ransom note starts with, “Official Wagner PMCs Employment Virus“..

Tech. analysys:

https://blog.cyble.com/2023/06/27/unveiling-wagner-groups-cyber-recruitment/

Открытые практикумы DevOps, Linux, Networks и Golang by Rebrain (Июль)

- 4 июля DevOps: MlOps, DataOps
- 5 июля Linux: Репликация баз данных
- 8 июля Golang: Dependency Injection в Go с помощью fx от Uber
- 11 июля DevOps: Репликация MySQL в контейнерах
- 12 июля Linux: Права в Linux
- 13 июля Linux: Погружение в VoIP: протокол sip, основы работы с Asterisk

- Детали Здесь

/ New Fast-Developing ThirdEye Infostealer Pries Open System Information

https://www.fortinet.com/blog/threat-research/new-fast-developing-thirdeye-infostealer-pries-open-system-information

P.S. OpenBLD.net will watch for C2 domain names in this company

/ 8Base Ransomware: A Heavy Hitting Player

https://blogs.vmware.com/security/2023/06/8base-ransomware-a-heavy-hitting-player.html

P.S. malicious domains send to OpenBLD.net DNS ecosystem

✍️ Notice: at the next week, all deprecated services will be disabled and all freed up resources will be included to OpenBLD.net DNS ecosystem.

Updates notice:
https://news.1rj.ru/str/sysadm_in_channel/4701

Take care of yourself. Peace ✌️

/ Malvertising Used as Entry Vector for BlackCat, Actors Also Leverage SpyBoy Terminator

Malicious actors used malvertising to distribute malware via cloned webpages of legitimate organizations. The distribution involved a webpage of the well-known application WinSCP, an open-source Windows application for file transfer via Google Ads...

https://www.trendmicro.com/en_us/research/23/f/malvertising-used-as-entry-vector-for-blackcat-actors-also-lever.html

P.S. IOC domains sends to OpenBLD.net DNS watch lists

Active Directory Lab Setup Tool

https://browninfosecguy.com/Active-Directory-Lab-Setup-Tool

/ Zyxel security advisory for pre-authentication command injection vulnerability in NAS products

https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-pre-authentication-command-injection-vulnerability-in-nas-products

AiTM/ MFA phishing attacks in combination with “new” Microsoft protections (2023 edition)

MFA is not the end all solution to identity security challenges. With only MFA there is still a risk for more modern attacks (MFA fatique, AiTM, PRT, OAuth Attacks and more). Adversary-in-the-middle phishing attacks are still more common in use. Since the removal of basic authentication from Exchange Online more and more attackers are using more modern attacks like adversary-in-the-middle phishing, cookie theft, and other used attacks. What is AiTM, automatic attack disruption and etc:

— https://jeffreyappel.nl/aitm-mfa-phishing-attacks-in-combination-with-new-microsoft-protections-2023-edt/