/ EoP fix Android July update
High: fix elevation of privilege in Android:
https://source.android.com/docs/security/bulletin/aaos/2023-07-01
High: fix elevation of privilege in Android:
https://source.android.com/docs/security/bulletin/aaos/2023-07-01
Forwarded from Sys-Admin Up (Yevgeniy Goncharov)
Increased Truebot Activity Infects U.S. and Canada Based Networks
Deploy from phishing and exloitation some CVE..
IOC domains sended to OpenBLD.net DNS:
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-187a
Deploy from phishing and exloitation some CVE..
IOC domains sended to OpenBLD.net DNS:
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-187a
Forwarded from Sys-Admin Up (Yevgeniy Goncharov)
Today info about of OpenBLD.net DNS added to AdGuard Wiki KnowledgeBaseDNS repo 🎉
Tailing Big Head Ransomware’s Variants, Tactics, and Impact
https://www.trendmicro.com/en_us/research/23/g/tailing-big-head-ransomware-variants-tactics-and-impact.html
https://www.trendmicro.com/en_us/research/23/g/tailing-big-head-ransomware-variants-tactics-and-impact.html
Trend Micro
Tailing Big Head Ransomware’s Variants, Tactics, and Impact
Сентябрьский дайджест ИТ конференций в Алматы
Сентябрь насыщен ИТ-встречами, много друзей, много встреч, дети начинают учиться, а мы общаться:
• 8 Сентября. DevOps и все что рядом - DevOpsDays.kz
• 13-15 Сентября. Масштабная CyberSec конфа - KazHackStan.com
• 16 Сентября. Открытая IT/Cybersec/Ops Knowledge Sharing конфа Open SysConf.io
13 по 16 дни ИТ концентрата, живущим здесь энергетиков больше, едущим в Алматы на KHS - бери билеты на 4 дня 😉
Мира всем. Peace ✌️
Сентябрь насыщен ИТ-встречами, много друзей, много встреч, дети начинают учиться, а мы общаться:
• 8 Сентября. DevOps и все что рядом - DevOpsDays.kz
• 13-15 Сентября. Масштабная CyberSec конфа - KazHackStan.com
• 16 Сентября. Открытая IT/Cybersec/Ops Knowledge Sharing конфа Open SysConf.io
13 по 16 дни ИТ концентрата, живущим здесь энергетиков больше, едущим в Алматы на KHS - бери билеты на 4 дня 😉
Мира всем. Peace ✌️
/ FortiOS - Allow a remote attacker to execute arbitrary code or command
A stack-based overflow vulnerability [CWE-124] in FortiOS & FortiProxy may allow a remote attacker to execute arbitrary code or command via crafted packets reaching proxy policies or firewall policies with proxy mode alongside SSL deep packet inspection.
Denoscription and workaround:
— https://www.fortiguard.com/psirt/FG-IR-23-183
A stack-based overflow vulnerability [CWE-124] in FortiOS & FortiProxy may allow a remote attacker to execute arbitrary code or command via crafted packets reaching proxy policies or firewall policies with proxy mode alongside SSL deep packet inspection.
Denoscription and workaround:
— https://www.fortiguard.com/psirt/FG-IR-23-183
FortiGuard Labs
PSIRT | FortiGuard Labs
None
/ Storm-0978 attacks reveal financial and espionage motive
New phishing campaign:
https://www.microsoft.com/en-us/security/blog/2023/07/11/storm-0978-attacks-reveal-financial-and-espionage-motives/
And Office and Windows HTML Remote Code Execution Vulnerability:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36884
New phishing campaign:
https://www.microsoft.com/en-us/security/blog/2023/07/11/storm-0978-attacks-reveal-financial-and-espionage-motives/
And Office and Windows HTML Remote Code Execution Vulnerability:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36884
Microsoft News
Storm-0978 attacks reveal financial and espionage motives
A Storm-0978 phishing campaign targeting defense and government entities in Europe and North America involves the abuse of CVE-2023-36884.
/ Azure AD is Becoming Microsoft Entra ID
https://techcommunity.microsoft.com/t5/microsoft-entra-azure-ad-blog/azure-ad-is-becoming-microsoft-entra-id/ba-p/2520436
https://techcommunity.microsoft.com/t5/microsoft-entra-azure-ad-blog/azure-ad-is-becoming-microsoft-entra-id/ba-p/2520436
TECHCOMMUNITY.MICROSOFT.COM
Azure AD is Becoming Microsoft Entra ID | Microsoft Community Hub
Same capabilities, same licensing, new name for Azure Active Directory. Learn more!
/ Urgent Security Notice: SonicWall GMS/Analytics Impacted by suite of vulnerabilities
https://www.sonicwall.com/support/knowledge-base/urgent-security-notice-sonicwall-gms-analytics-impacted-by-suite-of-vulnerabilities/230710150218060/
https://www.sonicwall.com/support/knowledge-base/urgent-security-notice-sonicwall-gms-analytics-impacted-by-suite-of-vulnerabilities/230710150218060/
/ MIcrosoft confirms Chinese APT successful exploited Microsoft cloud email systems
Mitigation for China-Based Threat Actor Activity from MS:
https://blogs.microsoft.com/on-the-issues/2023/07/11/mitigation-china-based-threat-actor/
Mitigation for China-Based Threat Actor Activity from MS:
https://blogs.microsoft.com/on-the-issues/2023/07/11/mitigation-china-based-threat-actor/
Microsoft On the Issues
Mitigation for China-based threat actor activity
Microsoft and others in the industry have called for transparency when it comes to cyber incidents so that we can learn and get better. As we’ve stated previously, we cannot ignore the exponential rise and frequency of sophisticated attacks. The growing challenges…
Открытый практикум Golang by Rebrain: Реализация kubernetes оператора
• 18 Июля (Вторник) 19:00 по МСК. Детали
Программа:
• Рассмотрим паттерн оператор, концепцию ресурсов и k8s REST API
• Рассмотрим реализацию кеша в библиотеки client-go для работы с API k8s
• Поработаем с Operator Framework
• Рассмотрим некоторые практики, используемые при написании операторов
Ведет:
• Дмитрий Гордеев – Руководитель практикума Golang by REBRAIN. Занимается разработкой нового Claud'а в x5 Tech. Опыт разработки – 5 лет
• 18 Июля (Вторник) 19:00 по МСК. Детали
Программа:
• Рассмотрим паттерн оператор, концепцию ресурсов и k8s REST API
• Рассмотрим реализацию кеша в библиотеки client-go для работы с API k8s
• Поработаем с Operator Framework
• Рассмотрим некоторые практики, используемые при написании операторов
Ведет:
• Дмитрий Гордеев – Руководитель практикума Golang by REBRAIN. Занимается разработкой нового Claud'а в x5 Tech. Опыт разработки – 5 лет
/ TeamTNT Reemerged with New Aggressive Cloud Campaign
The botnet run by TeamTNT has set its sights on Docker and Kubernetes environments, Redis servers, Postgres databases, Hadoop clusters, Tomcat and Nginx servers, Weave Scope, SSH, and Jupyter applications..:
— Article with Technical Details from AquaSec
The botnet run by TeamTNT has set its sights on Docker and Kubernetes environments, Redis servers, Postgres databases, Hadoop clusters, Tomcat and Nginx servers, Weave Scope, SSH, and Jupyter applications..:
— Article with Technical Details from AquaSec
Aqua
TeamTNT Reemerged with New Aggressive Cloud Campaign
The botnet run by TeamTNT has set its sights on Docker and Kubernetes environments, Redis servers, Postgres databases, Hadoop clusters, Tomcat and others.
⚠️ Reminding/Notice. bld.sys-adm.in will migrate to OpenBLD.net
Review and resetup all DoT, DoH, DNS setings to OpenBLD.net please.
Keep in mind - On this IP addresess will only remain DoT, DoH:
-
-
Review and resetup all DoT, DoH, DNS setings to OpenBLD.net please.
Keep in mind - On this IP addresess will only remain DoT, DoH:
-
49.12.234.130-
135.125.204.230/ Routers From The Underground: Exposing AVrecon
..complex operation that infects small-office/home-office (SOHO) routers, deploying a Linux-based Remote Access Trojan (RAT) we’ve dubbed “AVrecon.”..:
https://blog.lumen.com/routers-from-the-underground-exposing-avrecon/
..complex operation that infects small-office/home-office (SOHO) routers, deploying a Linux-based Remote Access Trojan (RAT) we’ve dubbed “AVrecon.”..:
https://blog.lumen.com/routers-from-the-underground-exposing-avrecon/
Lumen Blog
Routers from the Underground: Exposing AVrecon
Lumen Black Lotus Labs® identified a complex operation that infects small-office/home-office (SOHO) routers we’ve dubbed “AVrecon.”
/ Citrix Secure Access client escalate local privileges to AUTHORITY\SYSTEM
https://nvd.nist.gov/vuln/detail/CVE-2023-24491
and has RCE on Ubuntu:
https://nvd.nist.gov/vuln/detail/CVE-2023-24492
https://nvd.nist.gov/vuln/detail/CVE-2023-24491
and has RCE on Ubuntu:
https://nvd.nist.gov/vuln/detail/CVE-2023-24492
/ WormGPT – The Generative AI Tool Cybercriminals Are Using to Launch Business Email Compromise Attacks
https://slashnext.com/blog/wormgpt-the-generative-ai-tool-cybercriminals-are-using-to-launch-business-email-compromise-attacks/
https://slashnext.com/blog/wormgpt-the-generative-ai-tool-cybercriminals-are-using-to-launch-business-email-compromise-attacks/
/ CISA Develops Factsheet for Free Tools for Cloud Environments
https://www.cisa.gov/news-events/alerts/2023/07/17/cisa-develops-factsheet-free-tools-cloud-environments
https://www.cisa.gov/news-events/alerts/2023/07/17/cisa-develops-factsheet-free-tools-cloud-environments
/ Massive Targeted Exploit Campaign Against WooCommerce Payments Underway
Tactics, Techniques, and Procedures (TTPs):
https://www.wordfence.com/blog/2023/07/massive-targeted-exploit-campaign-against-woocommerce-payments-underway/
Tactics, Techniques, and Procedures (TTPs):
https://www.wordfence.com/blog/2023/07/massive-targeted-exploit-campaign-against-woocommerce-payments-underway/
Wordfence
Massive Targeted Exploit Campaign Against WooCommerce Payments Underway
The Wordfence Threat Intelligence team has been monitoring an ongoing exploit campaign targeting a recently disclosed vulnerability in WooCommerce Payments, a plugin installed on over 600,000 sites. Large-scale attacks against the vulnerability, assigned…
/ Remote Code Execution in OpenSSH's forwarded ssh-agent
Agent forwarding should be enabled with caution. Users with the ability to bypass file permissions on the remote host ... can access the local agent through the forwarded connection… CVE-2023-38408:
— https://www.qualys.com/2023/07/19/cve-2023-38408/rce-openssh-forwarded-ssh-agent.txt
Agent forwarding should be enabled with caution. Users with the ability to bypass file permissions on the remote host ... can access the local agent through the forwarded connection… CVE-2023-38408:
— https://www.qualys.com/2023/07/19/cve-2023-38408/rce-openssh-forwarded-ssh-agent.txt