/ Exploiting JetBrains TeamCity CVE Globally
CISA warns:
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-347a
CISA warns:
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-347a
/ Threat actors misuse OAuth applications to automate financially driven attacks
https://www.microsoft.com/en-us/security/blog/2023/12/12/threat-actors-misuse-oauth-applications-to-automate-financially-driven-attacks/
https://www.microsoft.com/en-us/security/blog/2023/12/12/threat-actors-misuse-oauth-applications-to-automate-financially-driven-attacks/
Microsoft News
Threat actors misuse OAuth applications to automate financially driven attacks
Microsoft presents cases of threat actors misusing OAuth applications as automation tools in financially motivated attacks.
/ OpenSSH 9.6 release contains a number of security fixes, includes MiTM "Terrain attack"fix:
https://www.openssh.com/releasenotes.html
https://www.openssh.com/releasenotes.html
www.openssh.org
OpenSSH: Release Notes
OpenSSH release notes
/ Mute the Sound: Chaining Vulnerabilities to Achieve RCE on Outlook: Pt 1
https://www.akamai.com/blog/security-research/chaining-vulnerabilities-to-achieve-rce-part-one
https://www.akamai.com/blog/security-research/chaining-vulnerabilities-to-achieve-rce-part-one
Akamai
Mute the Sound: Chaining Vulnerabilities to Achieve RCE on Outlook: Pt 1 | Akamai
In part 1 of this two-part series, Akamai researchers explore two new Windows vulnerabilities that could lead to remote code execution against Outlook clients.
/ Mozilla Foundation Security Advisory (with fixing RCE)
https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/
https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/
📢 Открытый практикум DevOps by Rebrain: IT-Quiz
↘ Регистрация
Время:
26 Декабря (Вторник) в 19:00 по МСК
Программа:
• Решаем 3 задачки в онлайн-формате
• Получаем подарки за выполнение заданий
• Проводим розыгрыш New Year Sale by Rebrain
Ведёт:
Василий Озеров – Co-Founder REBRAIN. Руководит международной командой в рамках своего агентства Fevlake. Более 8 лет Devops практик.
↘ Регистрация
Время:
26 Декабря (Вторник) в 19:00 по МСК
Программа:
• Решаем 3 задачки в онлайн-формате
• Получаем подарки за выполнение заданий
• Проводим розыгрыш New Year Sale by Rebrain
Ведёт:
Василий Озеров – Co-Founder REBRAIN. Руководит международной командой в рамках своего агентства Fevlake. Более 8 лет Devops практик.
/ Android Banking Trojan Chameleon can now bypass any Biometric Authentication
https://www.threatfabric.com/blogs/android-banking-trojan-chameleon-is-back-in-action
https://www.threatfabric.com/blogs/android-banking-trojan-chameleon-is-back-in-action
ThreatFabric
Android Banking Trojan Chameleon can now bypass any Biometric Authentication
ThreatFabric discovers a new variant of the Chameleon banking trojan distributed via Zombinder with features to bypass any biometric authentication.
/ The Cashback Extension Killer - Fake Chrome netPlus VPN Extensions
C2 domain target communications - Kazakhstan, Ukraine, Russia, Belarus, Pakistan...
https://reasonlabs.com/research/the-cashback-extension-killer
P.S. C2 domains already sended to OpenBLD.net😡
C2 domain target communications - Kazakhstan, Ukraine, Russia, Belarus, Pakistan...
https://reasonlabs.com/research/the-cashback-extension-killer
P.S. C2 domains already sended to OpenBLD.net
Please open Telegram to view this post
VIEW IN TELEGRAM
/ The Rising Threat Of Phishing Attacks With Crypto Drainers
Unmasking Deceptive Tactics: A recent investigation by Check Point Research exposes a troubling trend in the cryptocurrency landscape. The cryptocurrency community has been witnessing an alarming increase in sophisticated phishing attacks..:
https://research.checkpoint.com/2023/the-rising-threat-of-phishing-attacks-with-crypto-drainers/
Unmasking Deceptive Tactics: A recent investigation by Check Point Research exposes a troubling trend in the cryptocurrency landscape. The cryptocurrency community has been witnessing an alarming increase in sophisticated phishing attacks..:
https://research.checkpoint.com/2023/the-rising-threat-of-phishing-attacks-with-crypto-drainers/
Check Point Research
The Rising Threat of Phishing Attacks with Crypto Drainers - Check Point Research
By Oded Vanunu, Dikla Barda, Roman Zaikin Unmasking Deceptive Tactics: A recent investigation by Check Point Research exposes a troubling trend in the cryptocurrency landscape. The cryptocurrency community has been witnessing an alarming increase in sophisticated…
/ use-after-free vulnerability in the implementation in Linux kernel nf_tables
Openwall note: https://www.openwall.com/lists/oss-security/2023/12/22/6
Exploit prototype - https://www.openwall.com/lists/oss-security/2023/12/22/6/1
Openwall note: https://www.openwall.com/lists/oss-security/2023/12/22/6
Exploit prototype - https://www.openwall.com/lists/oss-security/2023/12/22/6/1
Forwarded from OpenBLD.net (Yevgeniy Goncharov)
This media is not supported in your browser
VIEW IN TELEGRAM
🚀 Glad to present the new release zDNS v0.1.3! 🎉
Following Zero Trust practices, I recently wrote and am slowly beginning to introduce new “blackhole” functionality into the OpenBLD.net DNS ecosystem
zDNS is a DNS server that puts security and control over DNS queries at the center. With new functionality, zDNS now supports regular expressions in hosts.txt files, allowing more flexibility in configuring allowed queries. Now you can use the power of regular expressions to precisely control permissions, including subdomains and patterns.
Main features:
🛑 Denies all DNS queries by default.
✅ Allows you to configure allowed requests through the hosts.txt file.
🔄 Uses balancing strategies to ensure reliable operation with DNS servers.
🛠Easily customizable via YAML configuration.
🔜 Prometheus metrics coming soon
Additional protection of your infrastructure or testing requests with zDNS is possible and may be useful to you! Download the latest version here and start using a DNS server with powerful customization options:
https://github.com/m0zgen/zdns/tree/dev
#zDNS #DNS #Security #Release #News
Following Zero Trust practices, I recently wrote and am slowly beginning to introduce new “blackhole” functionality into the OpenBLD.net DNS ecosystem
zDNS is a DNS server that puts security and control over DNS queries at the center. With new functionality, zDNS now supports regular expressions in hosts.txt files, allowing more flexibility in configuring allowed queries. Now you can use the power of regular expressions to precisely control permissions, including subdomains and patterns.
Main features:
🛑 Denies all DNS queries by default.
✅ Allows you to configure allowed requests through the hosts.txt file.
🔄 Uses balancing strategies to ensure reliable operation with DNS servers.
🛠Easily customizable via YAML configuration.
🔜 Prometheus metrics coming soon
Additional protection of your infrastructure or testing requests with zDNS is possible and may be useful to you! Download the latest version here and start using a DNS server with powerful customization options:
https://github.com/m0zgen/zdns/tree/dev
#zDNS #DNS #Security #Release #News
/ RAR SFX with LNK Infection Vector
https://www.deepinstinct.com/blog/threat-actor-uac-0099-continues-to-target-ukraine
https://www.deepinstinct.com/blog/threat-actor-uac-0099-continues-to-target-ukraine
Deep Instinct
Threat Actor 'UAC-0099' Continues to Target Ukraine
Deep Instinct’s Threat Research team explores recent activities by threat actor "UAC-0099," including recent attacks on Ukrainian targets. It also examines common tactics, techniques, and procedures (TTPs), including the use of fabricated court summons to…
Let’s Get Ready to Rumble!!
Let the leap year🎄 bring only high profits and high success!)) Peace ✌️
Let the leap year
Please open Telegram to view this post
VIEW IN TELEGRAM
/ Compromising Google Accounts: Malwares Exploiting Undocumented OAuth2 Functionality for session hijacking
https://cloudsek.com/blog/compromising-google-accounts-malwares-exploiting-undocumented-oauth2-functionality-for-session-hijacking
https://cloudsek.com/blog/compromising-google-accounts-malwares-exploiting-undocumented-oauth2-functionality-for-session-hijacking
Cloudsek
Compromising Google Accounts: Malwares Exploiting Undocumented OAuth2 Functionality for session hijacking | CloudSEK
A detailed blog on Analysis of the Global Malware Trend: Exploiting Undocumented OAuth2 Functionality to Regenerate Google Service Cookies Regardless of IP or Password Reset.
Forwarded from OpenBLD.net (Yevgeniy Goncharov)
Open Thank You Message.
First of all, thanks to all users of the OpenBLD.net service. Thank you for trusting, service using, contributing and providing feedback.
Some companies, like the people in them, also trust the service and support it with system resources and OSS licenses, which allows the service to grow, be faster, and expand points of presence around the world.
Thanks everyone. I also wrote an Open Tnak You Letter in my blog post to everyone who supported.
Everyone who wants to support, add their logo or name to the project website, support the OpenBLD.net project and receive this benefits.
Peace to all ✌️
First of all, thanks to all users of the OpenBLD.net service. Thank you for trusting, service using, contributing and providing feedback.
Some companies, like the people in them, also trust the service and support it with system resources and OSS licenses, which allows the service to grow, be faster, and expand points of presence around the world.
Thanks everyone. I also wrote an Open Tnak You Letter in my blog post to everyone who supported.
Everyone who wants to support, add their logo or name to the project website, support the OpenBLD.net project and receive this benefits.
Peace to all ✌️
Forwarded from Sys-Admin Up (Yevgeniy Goncharov)
How Does PCI DSS 4.0 Affect Web Application Firewalls?
https://www.tripwire.com/state-of-security/how-does-pci-dss-40-affect-web-application-firewalls
https://www.tripwire.com/state-of-security/how-does-pci-dss-40-affect-web-application-firewalls
Tripwire
How Does PCI DSS 4.0 Affect Web Application Firewalls?
The payment industry is bracing for the transition to Payment Card Industry Data Security Standard (PCI DSS) 4.0, heralding significant changes in cybersecurity practices.
/ Deceptive Cracked Software Spreads Lumma Variant on YouTube
https://www.fortinet.com/blog/threat-research/lumma-variant-on-youtube
https://www.fortinet.com/blog/threat-research/lumma-variant-on-youtube
Fortinet Blog
Deceptive Cracked Software Spreads Lumma Variant on YouTube
FortiGuard Labs uncovered a threat group using YouTube channels to spread Private .NET loader for Lumma Stealer 4.0. Learn more.…
/ Hyper-V RCE and Kerberos Bypass
MS released two fixes for..:
Windows Kerberos Security Feature Bypass Vulnerability
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20674
Windows Hyper-V Remote Code Execution Vulnerability
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20700
MS released two fixes for..:
Windows Kerberos Security Feature Bypass Vulnerability
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20674
Windows Hyper-V Remote Code Execution Vulnerability
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20700
📢 Открытый практикум DevOps by Rebrain: Запуск Nginx и Angie в Docker
↘ Регистрация
Время:
16 Января (Вторник) 19:00 МСК
Программа:
• Основы контейнеризации веб-сервера
• Зачем использовать контейнер для Nginx
• Особенности веб-сервера Angie и сравнение с Nginx
• Запуск Nginx и Angie в Docker-контейнерах
• Настройка конфигурации
• Работа с логами
• Хранение данных веб-приложения
Ведёт:
• Николай Лавлинский – Технический директор. Веб-разработчик более 15 лет. Спикер конференций HighLoad++, РИТ++. Специализация: ускорение сайтов и веб-приложений
↘ Регистрация
Время:
16 Января (Вторник) 19:00 МСК
Программа:
• Основы контейнеризации веб-сервера
• Зачем использовать контейнер для Nginx
• Особенности веб-сервера Angie и сравнение с Nginx
• Запуск Nginx и Angie в Docker-контейнерах
• Настройка конфигурации
• Работа с логами
• Хранение данных веб-приложения
Ведёт:
• Николай Лавлинский – Технический директор. Веб-разработчик более 15 лет. Спикер конференций HighLoad++, РИТ++. Специализация: ускорение сайтов и веб-приложений
/ The malware is spread over SSH protocol using a custom Mirai botnet that was modified by the threat actors.
https://www.akamai.com/blog/security-research/mirai-based-noabot-crypto-mining
https://www.akamai.com/blog/security-research/mirai-based-noabot-crypto-mining
Akamai
You Had Me at Hi — Mirai-Based NoaBot Makes an Appearance | Akamai
Akamai security researchers uncovered a new cryptomining campaign — NoaBot — that uses a custom Mirai botnet modified by the threat actors.