Increased Truebot Activity Infects U.S. and Canada Based Networks

Deploy from phishing and exloitation some CVE..

IOC domains sended to OpenBLD.net DNS:

https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-187a

Today info about of OpenBLD.net DNS added to AdGuard Wiki KnowledgeBaseDNS repo 🎉

Tailing Big Head Ransomware’s Variants, Tactics, and Impact

https://www.trendmicro.com/en_us/research/23/g/tailing-big-head-ransomware-variants-tactics-and-impact.html

Сентябрьский дайджест ИТ конференций в Алматы
 
Сентябрь насыщен ИТ-встречами, много друзей, много встреч, дети начинают учиться, а мы общаться:

• 8 Сентября. DevOps и все что рядом - DevOpsDays.kz
• 13-15 Сентября. Масштабная CyberSec конфа - KazHackStan.com
• 16 Сентября. Открытая IT/Cybersec/Ops Knowledge Sharing конфа Open SysConf.io

13 по 16 дни ИТ концентрата, живущим здесь энергетиков больше, едущим в Алматы на KHS - бери билеты на 4 дня 😉

Мира всем. Peace ✌️

/ FortiOS - Allow a remote attacker to execute arbitrary code or command

A stack-based overflow vulnerability [CWE-124] in FortiOS & FortiProxy may allow a remote attacker to execute arbitrary code or command via crafted packets reaching proxy policies or firewall policies with proxy mode alongside SSL deep packet inspection.

Denoscription and workaround:

— https://www.fortiguard.com/psirt/FG-IR-23-183

/ Storm-0978 attacks reveal financial and espionage motive

New phishing campaign:

https://www.microsoft.com/en-us/security/blog/2023/07/11/storm-0978-attacks-reveal-financial-and-espionage-motives/

And Office and Windows HTML Remote Code Execution Vulnerability:

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36884

/ Azure AD is Becoming Microsoft Entra ID

https://techcommunity.microsoft.com/t5/microsoft-entra-azure-ad-blog/azure-ad-is-becoming-microsoft-entra-id/ba-p/2520436

/ Urgent Security Notice: SonicWall GMS/Analytics Impacted by suite of vulnerabilities

https://www.sonicwall.com/support/knowledge-base/urgent-security-notice-sonicwall-gms-analytics-impacted-by-suite-of-vulnerabilities/230710150218060/

/ MIcrosoft confirms Chinese APT successful exploited Microsoft cloud email systems

Mitigation for China-Based Threat Actor Activity from MS:

https://blogs.microsoft.com/on-the-issues/2023/07/11/mitigation-china-based-threat-actor/

/ Browse the Internet ecosystem with BGP Tools

— https://bgp.tools/

Открытый практикум Golang by Rebrain: Реализация kubernetes оператора
 
• 18 Июля (Вторник) 19:00 по МСК. Детали

Программа:
• Рассмотрим паттерн оператор, концепцию ресурсов и k8s REST API
• Рассмотрим реализацию кеша в библиотеки client-go для работы с API k8s
• Поработаем с Operator Framework
• Рассмотрим некоторые практики, используемые при написании операторов

Ведет:
• Дмитрий Гордеев – Руководитель практикума Golang by REBRAIN. Занимается разработкой нового Claud'а в x5 Tech. Опыт разработки – 5 лет

/ Multiple Vulnerabilities in Juniper PHP software

Severity: Critical - Official KB article

/ TeamTNT Reemerged with New Aggressive Cloud Campaign

The botnet run by TeamTNT has set its sights on Docker and Kubernetes environments, Redis servers, Postgres databases, Hadoop clusters, Tomcat and Nginx servers, Weave Scope, SSH, and Jupyter applications..:

— Article with Technical Details from AquaSec

⚠️ Reminding/Notice. bld.sys-adm.in will migrate to OpenBLD.net

Review and resetup all DoT, DoH, DNS setings to OpenBLD.net please.

Keep in mind - On this IP addresess will only remain DoT, DoH:
- 49.12.234.130
- 135.125.204.230

/ Routers From The Underground: Exposing AVrecon

..complex operation that infects small-office/home-office (SOHO) routers, deploying a Linux-based Remote Access Trojan (RAT) we’ve dubbed “AVrecon.”..:

https://blog.lumen.com/routers-from-the-underground-exposing-avrecon/

/ Citrix Secure Access client escalate local privileges to AUTHORITY\SYSTEM

https://nvd.nist.gov/vuln/detail/CVE-2023-24491

and has RCE on Ubuntu:

https://nvd.nist.gov/vuln/detail/CVE-2023-24492

/ WormGPT – The Generative AI Tool Cybercriminals Are Using to Launch Business Email Compromise Attacks

https://slashnext.com/blog/wormgpt-the-generative-ai-tool-cybercriminals-are-using-to-launch-business-email-compromise-attacks/

/ CISA Develops Factsheet for Free Tools for Cloud Environments

https://www.cisa.gov/news-events/alerts/2023/07/17/cisa-develops-factsheet-free-tools-cloud-environments

/ Massive Targeted Exploit Campaign Against WooCommerce Payments Underway

Tactics, Techniques, and Procedures (TTPs):

https://www.wordfence.com/blog/2023/07/massive-targeted-exploit-campaign-against-woocommerce-payments-underway/

/ Remote Code Execution in OpenSSH's forwarded ssh-agent

Agent forwarding should be enabled with caution. Users with the ability to bypass file permissions on the remote host ... can access the local agent through the forwarded connection… CVE-2023-38408:

— https://www.qualys.com/2023/07/19/cve-2023-38408/rce-openssh-forwarded-ssh-agent.txt

Открытый практикум Networks by Rebrain: Ethernet over IP
 
• 27 Июля (Четверг), 20:00 по МСК. Детали

Программа:
• Всегда ли нужен L3 VPN
• Как работают EoIP / Layer-2 GRE / L2TPv3
• Примеры конфигураций и сценарии использования

Ведет:
• Ольга Яновская – Руководитель направления Networks by Rebrain. Ph.D. in Information Technology. Cisco NetAcad Instructor / NetAcad Success Lead / Instructor-Trainer.