Anatsa banking Trojan hits UK, US and DACH with new campaign

https://www.threatfabric.com/blogs/anatsa-hits-uk-and-dach-with-new-campaign

/ CRIL investigated a new ransomware named Wagner..

This ransomware is a variant of Chaos.. The ransom note starts with, “Official Wagner PMCs Employment Virus“..

Tech. analysys:

https://blog.cyble.com/2023/06/27/unveiling-wagner-groups-cyber-recruitment/

Открытые практикумы DevOps, Linux, Networks и Golang by Rebrain (Июль)

- 4 июля DevOps: MlOps, DataOps
- 5 июля Linux: Репликация баз данных
- 8 июля Golang: Dependency Injection в Go с помощью fx от Uber
- 11 июля DevOps: Репликация MySQL в контейнерах
- 12 июля Linux: Права в Linux
- 13 июля Linux: Погружение в VoIP: протокол sip, основы работы с Asterisk

- Детали Здесь

/ New Fast-Developing ThirdEye Infostealer Pries Open System Information

https://www.fortinet.com/blog/threat-research/new-fast-developing-thirdeye-infostealer-pries-open-system-information

P.S. OpenBLD.net will watch for C2 domain names in this company

/ 8Base Ransomware: A Heavy Hitting Player

https://blogs.vmware.com/security/2023/06/8base-ransomware-a-heavy-hitting-player.html

P.S. malicious domains send to OpenBLD.net DNS ecosystem

✍️ Notice: at the next week, all deprecated services will be disabled and all freed up resources will be included to OpenBLD.net DNS ecosystem.

Updates notice:
https://news.1rj.ru/str/sysadm_in_channel/4701

Take care of yourself. Peace ✌️

/ Malvertising Used as Entry Vector for BlackCat, Actors Also Leverage SpyBoy Terminator

Malicious actors used malvertising to distribute malware via cloned webpages of legitimate organizations. The distribution involved a webpage of the well-known application WinSCP, an open-source Windows application for file transfer via Google Ads...

https://www.trendmicro.com/en_us/research/23/f/malvertising-used-as-entry-vector-for-blackcat-actors-also-lever.html

P.S. IOC domains sends to OpenBLD.net DNS watch lists

Active Directory Lab Setup Tool

https://browninfosecguy.com/Active-Directory-Lab-Setup-Tool

/ Zyxel security advisory for pre-authentication command injection vulnerability in NAS products

https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-pre-authentication-command-injection-vulnerability-in-nas-products

AiTM/ MFA phishing attacks in combination with “new” Microsoft protections (2023 edition)

MFA is not the end all solution to identity security challenges. With only MFA there is still a risk for more modern attacks (MFA fatique, AiTM, PRT, OAuth Attacks and more). Adversary-in-the-middle phishing attacks are still more common in use. Since the removal of basic authentication from Exchange Online more and more attackers are using more modern attacks like adversary-in-the-middle phishing, cookie theft, and other used attacks. What is AiTM, automatic attack disruption and etc:

— https://jeffreyappel.nl/aitm-mfa-phishing-attacks-in-combination-with-new-microsoft-protections-2023-edt/

/ Spear Phishing: How it works and why you should care

— https://www.huntandhackett.com/blog/spear-phishing-how-and-why

/ The DPRK strikes using a new variant of RUSTBUCKET

https://www.elastic.co/security-labs/DPRK-strikes-using-a-new-variant-of-rustbucket

/ Ghostnoscript bug could allow rogue documents to run system commands

Unfortunately, until the latest release of Ghostnoscript, now at version 10.01.2, the product had a bug, dubbed CVE-2023-36664, that could allow rogue documents not only to create pages of text and graphics, but also to send system commands into the Ghostnoscript rendering engine and trick the software into running them:

— https://nakedsecurity.sophos.com/2023/07/04/ghostnoscript-bug-could-allow-rogue-documents-to-run-system-commands/

TeamsPhisher

is a Python3 program that facilitates the delivery of phishing messages and attachments to Microsoft Teams users whose organizations allow external communications:

— https://github.com/Octoberfest7/TeamsPhisher

/ Hunting for Nginx Alias Traversals in the wild

— https://labs.hakaioffsec.com/nginx-alias-traversal/

Открытый практикум Networks by Rebrain: Погружение в VoIP: протокол sip, основы работы с Asterisk
 
• 13 Июля (Четверг), 19:00 по МСК. Детали

Программа:
• SIP протокол: как устанавливается вызов
• Установка Asterisk
• Рассмотрение диагностические команды
• Настройка учетных записей (транки, пиры)
• Настройка dialplan

Ведет:
• Роман Сыртланов – VoIP инженер. Опыт работы с VoIP 7 лет. Работает с Asterisk/FreeSWITCH/Kamailio

/ Cisco ACI Multi-Site CloudSec Encryption Information Disclosure Vulnerability

!High: Cisco Nexus 9000 Series Fabric Switches in ACI mode could allow an unauthenticated, remote attacker to read or modify intersite encrypted traffic:

— https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-aci-cloudsec-enc-Vs5Wn2sX

/ EoP fix Android July update

High: fix elevation of privilege in Android:

https://source.android.com/docs/security/bulletin/aaos/2023-07-01

Increased Truebot Activity Infects U.S. and Canada Based Networks

Deploy from phishing and exloitation some CVE..

IOC domains sended to OpenBLD.net DNS:

https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-187a

Today info about of OpenBLD.net DNS added to AdGuard Wiki KnowledgeBaseDNS repo 🎉