/ GitLab Critical Security Release: 16.3.4 and 16.2.7
These versions contain important security fixes, and GitLab strongly recommend that all GitLab installations be upgraded to one of these versions immediately.
In short: A stored XSS vulnerability was discovered in GitLab.com that allowed an attacker to inject HTML in any note, issue denoscription, or wiki page by abusing syntax_highlight_filter.rb. The vulnerability was caused by the lack of proper input sanitization. The attacker could inject a noscript tag by using the base tag and loading the noscript from their own domain, bypassing the CSP. This could lead to the creation of tokens and take over of SSO accounts.
— https://about.gitlab.com/releases/2023/09/18/security-release-gitlab-16-3-4-released/
These versions contain important security fixes, and GitLab strongly recommend that all GitLab installations be upgraded to one of these versions immediately.
In short: A stored XSS vulnerability was discovered in GitLab.com that allowed an attacker to inject HTML in any note, issue denoscription, or wiki page by abusing syntax_highlight_filter.rb. The vulnerability was caused by the lack of proper input sanitization. The attacker could inject a noscript tag by using the base tag and loading the noscript from their own domain, bypassing the CSP. This could lead to the creation of tokens and take over of SSO accounts.
— https://about.gitlab.com/releases/2023/09/18/security-release-gitlab-16-3-4-released/
GitLab
GitLab Critical Security Release: 16.3.4 and 16.2.7
Learn more about GitLab Critical Security Release: 16.3.4 and 16.2.7 for GitLab Community Edition (CE) and Enterprise Edition (EE).
/ Fake CVE-2023-40477 Proof of Concept Leads to VenomRAT
PoC meant to exploit WinRAR vulnerability:
https://unit42.paloaltonetworks.com/fake-cve-2023-40477-poc-hides-venomrat/
PoC meant to exploit WinRAR vulnerability:
https://unit42.paloaltonetworks.com/fake-cve-2023-40477-poc-hides-venomrat/
Unit 42
Fake CVE-2023-40477 Proof of Concept Leads to VenomRAT
A phony proof-of-concept (PoC) code for CVE-2023-40477 delivered a payload of VenomRAT. We detail our findings, including an analysis of the malicious code.
/ CapraTube | Transparent Tribe’s CapraRAT Mimics YouTube to Hijack Android Phones
https://www.sentinelone.com/labs/capratube-transparent-tribes-caprarat-mimics-youtube-to-hijack-android-phones/
Malicious domain from this research sended to OpenBLD.net😡 ecosystem. Take care of yourself 🙌🏻
https://www.sentinelone.com/labs/capratube-transparent-tribes-caprarat-mimics-youtube-to-hijack-android-phones/
Malicious domain from this research sended to OpenBLD.net
Please open Telegram to view this post
VIEW IN TELEGRAM
SentinelOne
CapraTube | Transparent Tribe’s CapraRAT Mimics YouTube to Hijack Android Phones
Pakistan-aligned threat actor weaponizes fake YouTube apps on the Android platform to deliver mobile remote access trojan spyware.
/ Malware Appears in Earnest Across Cybercrime Threat Landscape
https://www.proofpoint.com/us/blog/threat-insight/chinese-malware-appears-earnest-across-cybercrime-threat-landscape
https://www.proofpoint.com/us/blog/threat-insight/chinese-malware-appears-earnest-across-cybercrime-threat-landscape
Proofpoint
Chinese Malware Appears in Earnest Across Cybercrime Threat Landscape | Proofpoint US
Key Takeaways Proofpoint has observed an increase in activity from specific malware families targeting Chinese-language speakers. Campaigns include Chinese-language lures and malware
Открытый практикум Networks by Rebrain: Архитектура сети в реальности. Часть 1.
• 28 Сентября (Четверг) 19:00 МСК. Детали
Программа:
• Рассмотрим реальный кейс переезда сети на 10к+ серверов и сотни удаленных офисов на новое ядро
• Поменяем протокол маршрутизации, выплатим технический долг досрочно
Ведёт:
• Дмитрий Радчук – Team Lead Вконтакте. CCIE x4. Опыт работы с сетями больше 12 лет.
• 28 Сентября (Четверг) 19:00 МСК. Детали
Программа:
• Рассмотрим реальный кейс переезда сети на 10к+ серверов и сотни удаленных офисов на новое ядро
• Поменяем протокол маршрутизации, выплатим технический долг досрочно
Ведёт:
• Дмитрий Радчук – Team Lead Вконтакте. CCIE x4. Опыт работы с сетями больше 12 лет.
/ StopRansomware: Snatch Ransomware
Report from CISA, FBI agency - about of how to mitigate/stop this ramsomware:
— https://www.cisa.gov/sites/default/files/2023-09/joint-cybersecurity-advisory-stopransomware-snatch-ransomware_0.pdf
IOCs:
xml - https://www.cisa.gov/sites/default/files/2023-09/AA23-263A.stix_.xml
json - https://www.cisa.gov/sites/default/files/2023-09/AA23-263A%20%23StopRansomware%20Snatch%20Ransomware.stix_.json
Full advisory:
— https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-263av
Thread domains sended to OpenBLD.net DNS😡
Report from CISA, FBI agency - about of how to mitigate/stop this ramsomware:
— https://www.cisa.gov/sites/default/files/2023-09/joint-cybersecurity-advisory-stopransomware-snatch-ransomware_0.pdf
IOCs:
xml - https://www.cisa.gov/sites/default/files/2023-09/AA23-263A.stix_.xml
json - https://www.cisa.gov/sites/default/files/2023-09/AA23-263A%20%23StopRansomware%20Snatch%20Ransomware.stix_.json
Full advisory:
— https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-263av
Thread domains sended to OpenBLD.net DNS
Please open Telegram to view this post
VIEW IN TELEGRAM
/ Urgent Apple Updates for iOS, macOS and etc
— iOS: https://support.apple.com/en-us/HT213927 (elevate privileges)
— iPad: https://support.apple.com/en-us/HT213926 (elevate privileges)
— Monterey: https://support.apple.com/en-us/HT213932 (elevate privileges)
— Ventura: https://support.apple.com/en-us/HT213931 (elevate privileges)
— Safari: https://support.apple.com/en-us/HT213930 (arbitrary code execution)
— iOS: https://support.apple.com/en-us/HT213927 (elevate privileges)
— iPad: https://support.apple.com/en-us/HT213926 (elevate privileges)
— Monterey: https://support.apple.com/en-us/HT213932 (elevate privileges)
— Ventura: https://support.apple.com/en-us/HT213931 (elevate privileges)
— Safari: https://support.apple.com/en-us/HT213930 (arbitrary code execution)
Apple Support
About the security content of iOS 16.7 and iPadOS 16.7
This document describes the security content of iOS 16.7 and iPadOS 16.7.
Forwarded from Sys-Admin Up (Yevgeniy Goncharov)
🌟 Ada - Adaptive DNS: Harmoniously filters malicious content and ensures seamless internet connectivity whenever possible
🚫 Ric - Strict DNS: Blocks many marketing and tracking resources, which may affect access to certain internet content
Curious to learn more? Dive into the details here
I recommend Ada for most OpenBLD.net DNS users. Take care of yourself. Peace out! ✌️
Please open Telegram to view this post
VIEW IN TELEGRAM
/ Inside Microsoft's plan to kill PPLFault
In this research publication, authors will learn about upcoming improvements to the Windows Code Integrity subsystem that will make it harder for malware to tamper with Anti-Malware processes and other important security features:
-- https://www.elastic.co/security-labs/inside-microsofts-plan-to-kill-pplfault
In this research publication, authors will learn about upcoming improvements to the Windows Code Integrity subsystem that will make it harder for malware to tamper with Anti-Malware processes and other important security features:
-- https://www.elastic.co/security-labs/inside-microsofts-plan-to-kill-pplfault
www.elastic.co
Inside Microsoft's plan to kill PPLFault — Elastic Security Labs
In this research publication, we'll learn about upcoming improvements to the Windows Code Integrity subsystem that will make it harder for malware to tamper with Anti-Malware processes and other important security features.
/ Predator In The Wires
Ahmed Eltantawy Targeted with Predator Spyware After Announcing Presidential Ambitions
-- https://citizenlab.ca/2023/09/predator-in-the-wires-ahmed-eltantawy-targeted-with-predator-spyware-after-announcing-presidential-ambitions/
Ahmed Eltantawy Targeted with Predator Spyware After Announcing Presidential Ambitions
-- https://citizenlab.ca/2023/09/predator-in-the-wires-ahmed-eltantawy-targeted-with-predator-spyware-after-announcing-presidential-ambitions/
Forwarded from Sys-Admin Up (Yevgeniy Goncharov)
They will take fingerprints when creating a passport in Kazakhstan
https://www.inform.kz/ru/kak-obyazatelnoe-snyatie-otpechatkov-paltsev-uprostit-zhizn-kazahstantsev-ee12c5
https://www.inform.kz/ru/kak-obyazatelnoe-snyatie-otpechatkov-paltsev-uprostit-zhizn-kazahstantsev-ee12c5
Казинформ
Как обязательное снятие отпечатков пальцев упростит жизнь казахстанцев
Уже с 1 января 2024 года вводится обязательная дактилоскопическая регистрация граждан при получении паспорта и удостоверения личности. Старший инспектор Комитета миграционной службы МВД РК Нуржан Джанабаев рассказал, как эта норма упростит жизнь казахстанцев…
/ Xenomorph Malware Strikes Again: Over 30+ US Banks Now Targeted
https://www.threatfabric.com/blogs/xenomorph
https://www.threatfabric.com/blogs/xenomorph
ThreatFabric
Xenomorph Malware Strikes Again: Over 30+ US Banks Now Targeted
Xenomorph Malware Resurfaces with Expanded Targets - Insights from ThreatFabric
In first - Big Thanks to the DNS Blocklists project for their significant contribution to "Keep the internet clean" ideology
In this quarter of 2023, I've introduced various enhancements to the OpenBLD.net ecosystem.
🔻 Here's the scoop:
1️⃣ OpenBLD.net now incorporates the DNS Blocklists project into its own DNS filtering mechanisms, ensuring a cleaner internet experience.
2️⃣ Successfully resolved major Apple content delivery issues for Eastern Europe, enhancing DNS delivery experience.
3️⃣ Experience a boost in DNS response speed by approximately 5%. The General pool is now around ~
111ms, while Local pools are at ~70ms.4️⃣ According to Alternativeto, OpenBLD.net stands out as an alternative to Quad9, NextDNS, AdGuard DNS, AhaDNS, and BlahDNS.
✨ And most importantly, OpenBLD.net is your go-to solution for a clean Internet – free from Ads, Tracking, Metrics, Telemetry, Phishing, Malware and all that other "Crap.” without agent installations and add-ins in your browsers.
Embrace yourself and stay focused with the power of clean Internet with https://openbld.net DNS 😎
#OpenBLD #DNS #InternetCleanse #Innovation
Please open Telegram to view this post
VIEW IN TELEGRAM
/ Your photos can hear you. AI and machine learning help researchers get audio from still images and silent videos
https://news.northeastern.edu/2023/09/25/audio-recovery-still-images-silent-videos/
https://news.northeastern.edu/2023/09/25/audio-recovery-still-images-silent-videos/
Northeastern Global News
Your photos can hear you. AI and machine learning help researchers get audio from still images and silent videos
Using a machine learning assisted tool called Side Eye, researchers can extract audio from photos and muted videos like TikToks.
/ Surprise: When Dependabot Contributes Malicious Code
https://checkmarx.com/blog/surprise-when-dependabot-contributes-malicious-code/
https://checkmarx.com/blog/surprise-when-dependabot-contributes-malicious-code/
Checkmarx
Surprise: When Dependabot Contributes Malicious Code
In July 2023, our scanners detected nontypical commits to hundreds of GitHub repositories appear to be contributed by Dependabot and carrying malicious code.
/ (0Day) Exim AUTH Out-Of-Bounds Write Remote Code Execution Vulnerability
https://www.zerodayinitiative.com/advisories/ZDI-23-1469/
https://www.zerodayinitiative.com/advisories/ZDI-23-1469/
Zerodayinitiative
ZDI-23-1469
(0Day) Exim AUTH Out-Of-Bounds Write Remote Code Execution Vulnerability
Открытый практикум DevOps by Rebrain: DevOps maturity matrix in product
• 3 Октября (Вторник) 19:00 МСК. Детали
Программа:
• Концепт DevOps maturity matrix
• Этапы внедрения maturity matrix
Ведёт:
• Александр Крылов - Опыт работы в DevOps более 7 лет. Постоянный спикер конференций: DevOps conf, TeamLead conf, Highload conf. Автор практикума по Haproxy на Rebrain.
• 3 Октября (Вторник) 19:00 МСК. Детали
Программа:
• Концепт DevOps maturity matrix
• Этапы внедрения maturity matrix
Ведёт:
• Александр Крылов - Опыт работы в DevOps более 7 лет. Постоянный спикер конференций: DevOps conf, TeamLead conf, Highload conf. Автор практикума по Haproxy на Rebrain.
/ MS Teams external participant splash screen bypass
-- https://badoption.eu/blog/2023/09/27/teams4.html
-- https://badoption.eu/blog/2023/09/27/teams4.html
BadOption.eu
Teams external participant splash screen bypass
Teams external participant splash screen bypass Today I was preparing some demonstration on Teams phishing and was baffled, as Microsoft finaly after almost 2 years fixed an important vector. The group chat now also shows a big splash screen warning the user…
/ The Marvin RSA Attack
..is a return of a 25 year old vulnerability that allows performing RSA decryption and signing operations as an attacker with the ability to observe only the time of the decryption operation performed with the private key..:
https://people.redhat.com/~hkario/marvin/
..is a return of a 25 year old vulnerability that allows performing RSA decryption and signing operations as an attacker with the ability to observe only the time of the decryption operation performed with the private key..:
https://people.redhat.com/~hkario/marvin/
Redhat
The Marvin Attack
The Marvin Attack is a return of a timing variant of a 25-year-old vulnerability that allows performing RSA decryption and signing operations with the private key of a TLS server.
/ ZenRAT: Malware Brings More Chaos Than Calm
..a new malware called ZenRAT being distributed via fake installation packages of the password manager Bitwarden..:
https://www.proofpoint.com/us/blog/threat-insight/zenrat-malware-brings-more-chaos-calm
..a new malware called ZenRAT being distributed via fake installation packages of the password manager Bitwarden..:
https://www.proofpoint.com/us/blog/threat-insight/zenrat-malware-brings-more-chaos-calm
Proofpoint
ZenRAT: Malware Brings More Chaos Than Calm | Proofpoint US
Key Takeaways Proofpoint identified a new malware called ZenRAT being distributed via fake installation packages of the password manager Bitwarden. The malware is specifically