Veeam ONE allows an unauthenticated user to gain information about the SQL server connection Veeam ONE uses to access its configuration database.
This may lead to remote code execution on the SQL server hosting the Veeam ONE configuration database.
Ande next: CVE-2023-38548
A vulnerability in Veeam ONE allows an unprivileged user who has access to the Veeam ONE Web Client the ability to acquire the NTLM hash of the account used by the Veeam ONE Reporting Service..:
https://www.veeam.com/kb4508
This may lead to remote code execution on the SQL server hosting the Veeam ONE configuration database.
Ande next: CVE-2023-38548
A vulnerability in Veeam ONE allows an unprivileged user who has access to the Veeam ONE Web Client the ability to acquire the NTLM hash of the account used by the Veeam ONE Reporting Service..:
https://www.veeam.com/kb4508
Veeam Software
KB4508: CVE-2023-38547 | CVE-2023-38548 | CVE-2023-38549 | CVE-2023-41723
Security update regarding: CVE-2023-38547 | CVE-2023-38548 | CVE-2023-38549 | CVE-2023-41723
Открытый практикум Linux by Rebrain: Обнаружение и просмотр устройств в Linux
Время:
↘ 15 Ноября (Среда) 19:00 МСК. Детали
Программа:
• Утилиты для просмотра устройств: lspci, lsusb, dmidecode...
• Интерфейсы ядра в /proc и /sys
• Именование дисков и сетевых устройств
• Просмотр свойств сетевых устройств с ethtool
Ведёт:
• Даниил Батурин – Основатель проекта VyOS, системы для корпоративных и провайдерских маршрутизаторов с открытым исходным кодом.
Время:
↘ 15 Ноября (Среда) 19:00 МСК. Детали
Программа:
• Утилиты для просмотра устройств: lspci, lsusb, dmidecode...
• Интерфейсы ядра в /proc и /sys
• Именование дисков и сетевых устройств
• Просмотр свойств сетевых устройств с ethtool
Ведёт:
• Даниил Батурин – Основатель проекта VyOS, системы для корпоративных и провайдерских маршрутизаторов с открытым исходным кодом.
Forwarded from OpenBLD.net (Yevgeniy Goncharov)
Последнее время я дебажил проблему, исходя из полученных сведений, мне удалось нивелировать часть вредоносного трафика, примерно на 50%.
Ближайшие сутки процент увеличится, а время ответа серверов сократится...
Трафик шел из разных стран, из разных сред облачных провайдеров (как пример Linode)...
Сейчас готов скрипт который вычленяет циклы запросов и отдает их в специльный DROP пулл.
В общем пока справляемся, конечные пользователи OpenBLD.net практически не ощутили флуд-эффекта и это радует.
Не будучи пальцем деланы. Развивайтесь друзья мои ✊️️️️️️️
Please open Telegram to view this post
VIEW IN TELEGRAM
/ Google ad distributes malicious CPU-Z
One common technique used by threat actors to evade detection is to employ cloaking. Anyone clicking on the ad and who’s not the intended victim will see a standard blog with a number of articles..:
https://www.malwarebytes.com/blog/threat-intelligence/2023/11/malvertiser-copies-pc-news-site-to-deliver-infostealer
One common technique used by threat actors to evade detection is to employ cloaking. Anyone clicking on the ad and who’s not the intended victim will see a standard blog with a number of articles..:
https://www.malwarebytes.com/blog/threat-intelligence/2023/11/malvertiser-copies-pc-news-site-to-deliver-infostealer
/ Detecting “Effluence”, An Unauthenticated Confluence Web Shell
Confluence under attack... vulnerability allows an attacker to gain unauthorized access to the administrative areas of a Confluence server:
https://www.aon.com/cyber-solutions/aon_cyber_labs/detecting-effluence-an-unauthenticated-confluence-web-shell/
Confluence under attack... vulnerability allows an attacker to gain unauthorized access to the administrative areas of a Confluence server:
https://www.aon.com/cyber-solutions/aon_cyber_labs/detecting-effluence-an-unauthenticated-confluence-web-shell/
Aon
Detecting
Discovering Effluence, a unique web shell accessible on every page of an infected Confluence
/ Uncovering thousands of unique secrets in PyPI packages
...PyPi packages and surfaced thousands of hardcoded credentials.
Let’s start with article authors, with the big reveal of what them found:
- 3.938 total unique secrets across all projects
- 768 of those unique secrets were found to be valid
- 2.922 projects contained at least one unique secret
https://blog.gitguardian.com/uncovering-thousands-of-unique-secrets-in-pypi-packages/
...PyPi packages and surfaced thousands of hardcoded credentials.
Let’s start with article authors, with the big reveal of what them found:
- 3.938 total unique secrets across all projects
- 768 of those unique secrets were found to be valid
- 2.922 projects contained at least one unique secret
https://blog.gitguardian.com/uncovering-thousands-of-unique-secrets-in-pypi-packages/
GitGuardian Blog - Take Control of Your Secrets Security
Uncovering thousands of unique secrets in PyPI packages
Security Researcher Tom Forbes worked with the GitGuardian team to analyze all the code committed to PyPi packages and surfaced thousands of hardcoded credentials.
/ StopRansomware: Royal Ransomware
Remort from CISA. According to third-party reporting, Royal actors most commonly (in 66.7% of incidents) gain initial access to victim networks via successful phishing emails:
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-061a
Remort from CISA. According to third-party reporting, Royal actors most commonly (in 66.7% of incidents) gain initial access to victim networks via successful phishing emails:
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-061a
/ Windows DWM Core Library Elevation of Privilege Vulnerability
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36033
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36036
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36033
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36036
/ Microsoft guidance regarding credentials leaked to GitHub Actions Logs through Azure CLI
Vulnerability where Azure Command-Line Interface (CLI) could expose sensitive information, including credentials, through GitHub Actions logs:
🔹 https://msrc.microsoft.com/blog/2023/11/microsoft-guidance-regarding-credentials-leaked-to-github-actions-logs-through-azure-cli/
Vulnerability where Azure Command-Line Interface (CLI) could expose sensitive information, including credentials, through GitHub Actions logs:
Please open Telegram to view this post
VIEW IN TELEGRAM
Открытый практикум DevOps by Rebrain: Практики разработки жизненного цикла ПО
Время:
↘ 21 Ноября (Вторник) 19:00 МСК. Детали
Программа:
• Жизненный цикл ПО
• Методологии разработки
• Kanban
• Scrum
• DevOps
• SRE
Ведёт:
• Александр Крылов – Опыт работы в DevOps более 7 лет. Постоянный спикер конференций: DevOps conf, TeamLead conf, Highload conf. Автор курса по Haproxy на Rebrain.
Время:
↘ 21 Ноября (Вторник) 19:00 МСК. Детали
Программа:
• Жизненный цикл ПО
• Методологии разработки
• Kanban
• Scrum
• DevOps
• SRE
Ведёт:
• Александр Крылов – Опыт работы в DevOps более 7 лет. Постоянный спикер конференций: DevOps conf, TeamLead conf, Highload conf. Автор курса по Haproxy на Rebrain.
/ Samsung says hackers accessed customer data during year-long breach
https://techcrunch.com/2023/11/16/samsung-hackers-customer-data-breach
https://techcrunch.com/2023/11/16/samsung-hackers-customer-data-breach
TechCrunch
Samsung says hackers accessed customer data during year-long breach
Samsung confirmed hackers accessed the personal data of U.K.-based customers during a historical year-long breach of its systems.
/ The Spelling Police: Searching for Malicious HTTP Servers by Identifying Typos in HTTP Responses
Fox-SRT Uncategorized
Sometimes cybercriminals that host malicious servers employ tactics that involve mimicking the responses of legitimate software to evade detection. However, a common pitfall of these malicious actors are typos, which we use as unique fingerprints to identify such servers..:
https://blog.fox-it.com/2023/11/15/the-spelling-police-searching-for-malicious-http-servers-by-identifying-typos-in-http-responses/
Fox-SRT Uncategorized
Sometimes cybercriminals that host malicious servers employ tactics that involve mimicking the responses of legitimate software to evade detection. However, a common pitfall of these malicious actors are typos, which we use as unique fingerprints to identify such servers..:
https://blog.fox-it.com/2023/11/15/the-spelling-police-searching-for-malicious-http-servers-by-identifying-typos-in-http-responses/
/ Unveiling LummaC2 stealer’s novel Anti-Sandbox technique: Leveraging trigonometry for human behavior detection
https://outpost24.com/blog/lummac2-anti-sandbox-technique-trigonometry-human-detection/
https://outpost24.com/blog/lummac2-anti-sandbox-technique-trigonometry-human-detection/
Outpost24
Analyzing LummaC2 stealer’s novel Anti-Sandbox technique: Leveraging trigonometry for human behavior detection
LummaC2 stealer’s new Anti-Sandbox technique that forces the malware to wait until “human” behavior is detected.
Forwarded from Sys-Admin Up (Yevgeniy Goncharov)
A deep dive into Phobos ransomware
https://blog.talosintelligence.com/deep-dive-into-phobos-ransomware/
https://blog.talosintelligence.com/deep-dive-into-phobos-ransomware/
/ Sophos Web Appliance vulnerability exploited in the wild (CVE-2023-1671)
https://www.helpnetsecurity.com/2023/11/20/cve-2023-1671/
https://www.helpnetsecurity.com/2023/11/20/cve-2023-1671/
Help Net Security
Sophos Web Appliance vulnerability exploited in the wild (CVE-2023-1671)
CISA has added three bugs to its Known Exploited Vulnerabilities catalog, among them a critical one (CVE-2023-1671) in Sophos Web Appliance.
/ CVE-2023–36025: An In-Depth Analysis of Circumventing Windows SmartScreen Security
https://infosecwriteups.com/cve-2023-36025-an-in-depth-analysis-of-circumventing-windows-smartscreen-security-6ff05c8b69d0
https://infosecwriteups.com/cve-2023-36025-an-in-depth-analysis-of-circumventing-windows-smartscreen-security-6ff05c8b69d0
Medium
CVE-2023–36025: An In-Depth Analysis of Circumventing Windows SmartScreen Security
In the world of cybersecurity, the discovery of a vulnerability like CVE-2023-36025 in Windows SmartScreen is a significant event. This…
Forwarded from OpenBLD.net (Yevgeniy Goncharov)
Автоматически попасть можно по нескольким причинам:
Иногда это может быть ошибочное срабатывание, не переживайте, если ADA или RIC сервера не пингуются, а сайты перестали загружаться. 90% случаев это бан, что можно сделать в этом случае?
99% аптайм - хороший показатель, но безопасность и скорость, тоже важные показатели, давайте учитывать это вместе.
Всем спасибо кто пользуется и остается в фокусе и за понимание, кто еще не пользуется - welcome, донаты приветствуются, контакты здесь. Всем Peace ✌️
Please open Telegram to view this post
VIEW IN TELEGRAM
/ The Ticking Supply Chain Attack Bomb of Exposed Kubernetes Secrets
...exposed Kubernetes secrets of hundreds of organizations and open-source projects allow access to sensitive environments in the Software Development Life Cycle (SDLC) and open a severe supply chain attack threat..:
https://blog.aquasec.com/the-ticking-supply-chain-attack-bomb-of-exposed-kubernetes-secrets
...exposed Kubernetes secrets of hundreds of organizations and open-source projects allow access to sensitive environments in the Software Development Life Cycle (SDLC) and open a severe supply chain attack threat..:
https://blog.aquasec.com/the-ticking-supply-chain-attack-bomb-of-exposed-kubernetes-secrets
Aqua
The Ticking Supply Chain Attack Bomb of Exposed Kubernetes Secrets
Aqua Nautilus researchers found exposed Kubernetes secrets that pose a critical threat of supply chain attack to hundreds of organizations and OSS.
📢 Открытый практикум Networks by Rebrain: vxlan, часть 1
Время:
↘ 28 Ноября (Вторник) 19:00 МСК. Детали
Программа:
— Необходимость vxlan
— Классический вариант с Flood and Learn подходом
— Появление BGP Control plane
Ведёт:
Дмитрий Радчук – Team Lead Вконтакте. CCIE x4. Опыт работы с сетями больше 12 лет. Опыт преподавания больше 4-х лет
Время:
↘ 28 Ноября (Вторник) 19:00 МСК. Детали
Программа:
— Необходимость vxlan
— Классический вариант с Flood and Learn подходом
— Появление BGP Control plane
Ведёт:
Дмитрий Радчук – Team Lead Вконтакте. CCIE x4. Опыт работы с сетями больше 12 лет. Опыт преподавания больше 4-х лет