Forwarded from Sys-Admin Up (Yevgeniy Goncharov)
Threat Actors Target MSSQL Servers in...
https://www.securonix.com/blog/securonix-threat-labs-security-advisory-threat-actors-target-mssql-servers-in-dbjammer-to-deliver-freeworld-ransomware/
https://www.securonix.com/blog/securonix-threat-labs-security-advisory-threat-actors-target-mssql-servers-in-dbjammer-to-deliver-freeworld-ransomware/
Securonix
Securonix Threat Labs Security Advisory: Threat Actors Target MSSQL Servers in DB#JAMMER to Deliver FreeWorld Ransomware
/ “MrTonyScam” — Botnet of Facebook Users Launch High-Intent Messenger Phishing Attack on Business Accounts
https://labs.guard.io/mrtonyscam-botnet-of-facebook-users-launch-high-intent-messenger-phishing-attack-on-business-3182cfb12f4d?gi=366241f9d889
https://labs.guard.io/mrtonyscam-botnet-of-facebook-users-launch-high-intent-messenger-phishing-attack-on-business-3182cfb12f4d?gi=366241f9d889
Medium
“MrTonyScam” — Botnet of Facebook Users Launch High-Intent Messenger Phishing Attack on Business Accounts
By Oleg Zaytsev (Guardio Labs)
🚀 Присоединяйся к Open SysConf в эту субботу, как все будет
Уверен - будет позитивно и полезно.
🔹 Кто удаленно - Присоединяйся онлайн, будь вместе с нами.
🔹 Кто оффлайн - Встретимся в офисе команды Kolesa Team.
Начнем с базовых вещей, продолжим в low level практике, закончим на ноте размышлений - доклады и расписание.
Соберутся специалисты и уверен - хорошие люди из Алматы, Астаны, других городов РК, соседних государств. Встреча обещает пройти в многостороннем общении, обновлении круга знакомств и новых знаний 🤜🤛
Бери хорошее настроение, желание развития, открывай глаза, настораживай уши, готовь голосовой аппарат и уверенность в том, что все будет хорошо! Be connected on Open SysConf.io🐴
Всем Peace ✌️
Уверен - будет позитивно и полезно.
Начнем с базовых вещей, продолжим в low level практике, закончим на ноте размышлений - доклады и расписание.
Соберутся специалисты и уверен - хорошие люди из Алматы, Астаны, других городов РК, соседних государств. Встреча обещает пройти в многостороннем общении, обновлении круга знакомств и новых знаний 🤜🤛
Бери хорошее настроение, желание развития, открывай глаза, настораживай уши, готовь голосовой аппарат и уверенность в том, что все будет хорошо! Be connected on Open SysConf.io
Всем Peace ✌️
Please open Telegram to view this post
VIEW IN TELEGRAM
Youtube
- YouTube
Enjoy the videos and music you love, upload original content, and share it all with friends, family, and the world on YouTube.
/ macOS MetaStealer | New Family of Obfuscated Go Infostealers Spread in Targeted Attacks
Authors highlight how threat actors are proactively targeting macOS businesses by posing as fake clients in order to socially engineer victims into launching malicious payloads..:
— https://www.sentinelone.com/blog/macos-metastealer-new-family-of-obfuscated-go-infostealers-spread-in-targeted-attacks/
Authors highlight how threat actors are proactively targeting macOS businesses by posing as fake clients in order to socially engineer victims into launching malicious payloads..:
— https://www.sentinelone.com/blog/macos-metastealer-new-family-of-obfuscated-go-infostealers-spread-in-targeted-attacks/
SentinelOne
macOS MetaStealer | New Family of Obfuscated Go Infostealers Spread in Targeted Attacks
The rise of macOS infostealers continues with the latest entrant aiming to compromise business environments with targeted social engineering lures.
/ Vitalik Buterin's Twitter account hacked to promote crypto scam
https://web3isgoinggreat.com/single/vitalik-buterins-twitter-account-hacked
https://web3isgoinggreat.com/single/vitalik-buterins-twitter-account-hacked
Web3 is Going Just Great
Vitalik Buterin's Twitter account hacked to promote crypto scam
The Twitter account belonging to Vitalik Buterin, inventor and effective leader of the Ethereum project, was hacked to promote a crypto scam. A tweet posted to his compromised account advertised a "commemorative NFT" to celebrate the impending release of…
Forwarded from Sys-Admin Up (Yevgeniy Goncharov)
Бэкдор во Free Download Manager — возможная атака на Linux через цепочку поставок
— https://securelist.ru/backdoored-free-download-manager-linux-malware/107924/
Title in En: Backdoor in Free Download Manager - Possible Supply Chain Attack on Linux
— https://securelist.ru/backdoored-free-download-manager-linux-malware/107924/
Title in En: Backdoor in Free Download Manager - Possible Supply Chain Attack on Linux
securelist.ru
Зараженный Free Download Manager распространяет бэкдор для Linux
Исследователи «Лаборатории Касперского» проанализировали бэкдор для Linux, распространявшийся с бесплатным ПО Free Download Manager и остававшийся незамеченным в течение не менее трех лет.
Can't Be Contained: Finding a Command Injection Vulnerability in Kubernetes
https://www.akamai.com/blog/security-research/kubernetes-critical-vulnerability-command-injection
https://www.akamai.com/blog/security-research/kubernetes-critical-vulnerability-command-injection
Akamai
Can't Be Contained: Finding a Command Injection Vulnerability in Kubernetes | Akamai
Akamai researchers discover a critical vulnerability in Kubernetes that can lead to remote code execution.
Please open Telegram to view this post
VIEW IN TELEGRAM
Sys-Admin InfoSec pinned «📢 Завтра Open SysConf.io 🐴 - кто регался адрес, онлайн должен быть здесь»
/ Can't Be Contained: Finding a Command Injection Vulnerability in Kubernetes
— https://www.akamai.com/blog/security-research/kubernetes-critical-vulnerability-command-injection
— https://www.akamai.com/blog/security-research/kubernetes-critical-vulnerability-command-injection
Akamai
Can't Be Contained: Finding a Command Injection Vulnerability in Kubernetes | Akamai
Akamai researchers discover a critical vulnerability in Kubernetes that can lead to remote code execution.
/ 38TB of data accidentally exposed by Microsoft AI researchers
Wiz Research found a data exposure incident on Microsoft’s AI GitHub repository, including over 30,000 internal Microsoft Teams messages – all caused by one misconfigured SAS token
The backup includes secrets, private keys, passwords..:
https://www.wiz.io/blog/38-terabytes-of-private-data-accidentally-exposed-by-microsoft-ai-researchers
Wiz Research found a data exposure incident on Microsoft’s AI GitHub repository, including over 30,000 internal Microsoft Teams messages – all caused by one misconfigured SAS token
The backup includes secrets, private keys, passwords..:
https://www.wiz.io/blog/38-terabytes-of-private-data-accidentally-exposed-by-microsoft-ai-researchers
wiz.io
38TB of data accidentally exposed by Microsoft AI researchers | Wiz Blog
Wiz Research found a data exposure incident on Microsoft’s AI GitHub repository, including over 30,000 internal Microsoft Teams messages – all caused by one misconfigured SAS token
/ AWS’s Hidden Threat: AMBERSQUID Cloud-Native Cryptojacking Operation
https://sysdig.com/blog/ambersquid/
https://sysdig.com/blog/ambersquid/
Sysdig
AWS’s Hidden Threat: AMBERSQUID Cloud-Native Cryptojacking Operation | Sysdig
AMBERSQUID is a cloud-native cryptojacking operation that leverages AWS services and can cost victims more than $10,000/day.
Forwarded from Sys-Admin Up (Yevgeniy Goncharov)
Всем привет, меня зовут Евгений Гончаров, кто меня не знает, узнает позже, пост посвящается знающим меня людям.
За последние дни кибер-конференций меня спрашивали "как ты это делаешь, откуда энергия", вопросов было много, на которые я отвечал "у меня есть своя система знаний”.
Система видения мира созданная собственным сознанием, системно организованная, где все практики, результаты, теория - взяты из сугубо личного опыта подтвержденного годами жизни.
Некоторым я рассказываю "как и что", некоторым говорю основы или указываю на ошибки, но действительно - мне хочется отрефлексировать этот опыт в слух, без телефонов, гаджетов.
Мы можем настроиться. Дайте мне знать через форму о своей готовности к участию.
Кто готов. Давайте попробуем в какой-нибудь день вместе послушать о моем “точечном мире”.
Please open Telegram to view this post
VIEW IN TELEGRAM
/ Fileless Remote Code Execution on Juniper Firewalls
In this blog, was demonstrated how CVE-2023-36845, a vulnerability flagged as “Medium” severity by Juniper, can be used to remotely execute arbitrary code without authentication. Authors turned a multi-step (but very good) exploit into an exploit that can be written using a single curl command and appears to affect more (older) systems..:
— https://vulncheck.com/blog/juniper-cve-2023-36845
In this blog, was demonstrated how CVE-2023-36845, a vulnerability flagged as “Medium” severity by Juniper, can be used to remotely execute arbitrary code without authentication. Authors turned a multi-step (but very good) exploit into an exploit that can be written using a single curl command and appears to affect more (older) systems..:
— https://vulncheck.com/blog/juniper-cve-2023-36845
VulnCheck
VulnCheck - Outpace Adversaries
Vulnerability intelligence that predicts avenues of attack with speed and accuracy.
/ New Linux Backdoor, Uses Cobalt Strike for Lateral Movement
https://www.trendmicro.com/en_us/research/23/i/earth-lusca-employs-new-linux-backdoor.html
https://www.trendmicro.com/en_us/research/23/i/earth-lusca-employs-new-linux-backdoor.html
Trend Micro
Earth Lusca Employs New Linux Backdoor, Uses Cobalt Strike for Lateral Movement
While monitoring Earth Lusca, we discovered an intriguing, encrypted file on the threat actor's server — a Linux-based malware, which appears to originate from the open-source Windows backdoor Trochilus, which we've dubbed SprySOCKS due to its swift behavior…
/ GitLab Critical Security Release: 16.3.4 and 16.2.7
These versions contain important security fixes, and GitLab strongly recommend that all GitLab installations be upgraded to one of these versions immediately.
In short: A stored XSS vulnerability was discovered in GitLab.com that allowed an attacker to inject HTML in any note, issue denoscription, or wiki page by abusing syntax_highlight_filter.rb. The vulnerability was caused by the lack of proper input sanitization. The attacker could inject a noscript tag by using the base tag and loading the noscript from their own domain, bypassing the CSP. This could lead to the creation of tokens and take over of SSO accounts.
— https://about.gitlab.com/releases/2023/09/18/security-release-gitlab-16-3-4-released/
These versions contain important security fixes, and GitLab strongly recommend that all GitLab installations be upgraded to one of these versions immediately.
In short: A stored XSS vulnerability was discovered in GitLab.com that allowed an attacker to inject HTML in any note, issue denoscription, or wiki page by abusing syntax_highlight_filter.rb. The vulnerability was caused by the lack of proper input sanitization. The attacker could inject a noscript tag by using the base tag and loading the noscript from their own domain, bypassing the CSP. This could lead to the creation of tokens and take over of SSO accounts.
— https://about.gitlab.com/releases/2023/09/18/security-release-gitlab-16-3-4-released/
GitLab
GitLab Critical Security Release: 16.3.4 and 16.2.7
Learn more about GitLab Critical Security Release: 16.3.4 and 16.2.7 for GitLab Community Edition (CE) and Enterprise Edition (EE).
/ Fake CVE-2023-40477 Proof of Concept Leads to VenomRAT
PoC meant to exploit WinRAR vulnerability:
https://unit42.paloaltonetworks.com/fake-cve-2023-40477-poc-hides-venomrat/
PoC meant to exploit WinRAR vulnerability:
https://unit42.paloaltonetworks.com/fake-cve-2023-40477-poc-hides-venomrat/
Unit 42
Fake CVE-2023-40477 Proof of Concept Leads to VenomRAT
A phony proof-of-concept (PoC) code for CVE-2023-40477 delivered a payload of VenomRAT. We detail our findings, including an analysis of the malicious code.
/ CapraTube | Transparent Tribe’s CapraRAT Mimics YouTube to Hijack Android Phones
https://www.sentinelone.com/labs/capratube-transparent-tribes-caprarat-mimics-youtube-to-hijack-android-phones/
Malicious domain from this research sended to OpenBLD.net😡 ecosystem. Take care of yourself 🙌🏻
https://www.sentinelone.com/labs/capratube-transparent-tribes-caprarat-mimics-youtube-to-hijack-android-phones/
Malicious domain from this research sended to OpenBLD.net
Please open Telegram to view this post
VIEW IN TELEGRAM
SentinelOne
CapraTube | Transparent Tribe’s CapraRAT Mimics YouTube to Hijack Android Phones
Pakistan-aligned threat actor weaponizes fake YouTube apps on the Android platform to deliver mobile remote access trojan spyware.
/ Malware Appears in Earnest Across Cybercrime Threat Landscape
https://www.proofpoint.com/us/blog/threat-insight/chinese-malware-appears-earnest-across-cybercrime-threat-landscape
https://www.proofpoint.com/us/blog/threat-insight/chinese-malware-appears-earnest-across-cybercrime-threat-landscape
Proofpoint
Chinese Malware Appears in Earnest Across Cybercrime Threat Landscape | Proofpoint US
Key Takeaways Proofpoint has observed an increase in activity from specific malware families targeting Chinese-language speakers. Campaigns include Chinese-language lures and malware
Открытый практикум Networks by Rebrain: Архитектура сети в реальности. Часть 1.
• 28 Сентября (Четверг) 19:00 МСК. Детали
Программа:
• Рассмотрим реальный кейс переезда сети на 10к+ серверов и сотни удаленных офисов на новое ядро
• Поменяем протокол маршрутизации, выплатим технический долг досрочно
Ведёт:
• Дмитрий Радчук – Team Lead Вконтакте. CCIE x4. Опыт работы с сетями больше 12 лет.
• 28 Сентября (Четверг) 19:00 МСК. Детали
Программа:
• Рассмотрим реальный кейс переезда сети на 10к+ серверов и сотни удаленных офисов на новое ядро
• Поменяем протокол маршрутизации, выплатим технический долг досрочно
Ведёт:
• Дмитрий Радчук – Team Lead Вконтакте. CCIE x4. Опыт работы с сетями больше 12 лет.