📢 Открытый практикум DevOps by Rebrain: Запуск Nginx и Angie в Docker
↘ Регистрация
Время:
16 Января (Вторник) 19:00 МСК
Программа:
• Основы контейнеризации веб-сервера
• Зачем использовать контейнер для Nginx
• Особенности веб-сервера Angie и сравнение с Nginx
• Запуск Nginx и Angie в Docker-контейнерах
• Настройка конфигурации
• Работа с логами
• Хранение данных веб-приложения
Ведёт:
• Николай Лавлинский – Технический директор. Веб-разработчик более 15 лет. Спикер конференций HighLoad++, РИТ++. Специализация: ускорение сайтов и веб-приложений
↘ Регистрация
Время:
16 Января (Вторник) 19:00 МСК
Программа:
• Основы контейнеризации веб-сервера
• Зачем использовать контейнер для Nginx
• Особенности веб-сервера Angie и сравнение с Nginx
• Запуск Nginx и Angie в Docker-контейнерах
• Настройка конфигурации
• Работа с логами
• Хранение данных веб-приложения
Ведёт:
• Николай Лавлинский – Технический директор. Веб-разработчик более 15 лет. Спикер конференций HighLoad++, РИТ++. Специализация: ускорение сайтов и веб-приложений
/ The malware is spread over SSH protocol using a custom Mirai botnet that was modified by the threat actors.
https://www.akamai.com/blog/security-research/mirai-based-noabot-crypto-mining
https://www.akamai.com/blog/security-research/mirai-based-noabot-crypto-mining
Akamai
You Had Me at Hi — Mirai-Based NoaBot Makes an Appearance | Akamai
Akamai security researchers uncovered a new cryptomining campaign — NoaBot — that uses a custom Mirai botnet modified by the threat actors.
/ Hundreds of Thousands of Dollars Worth of Solana Cryptocurrency Assets Stolen in Recent CLINKSINK Drainer Campaigns
- Overview of CLINKSINK Drainer Campaigns
- Initial Analysis of CLINKSINK
- Distribution of Stolen Solana Cryptocurrency Funds
- Multiple DaaS Offerings Use CLINKSINK
- Outlook and Implications
- YARA Rules
https://www.mandiant.com/resources/blog/solana-cryptocurrency-stolen-clinksink-drainer-campaigns
- Overview of CLINKSINK Drainer Campaigns
- Initial Analysis of CLINKSINK
- Distribution of Stolen Solana Cryptocurrency Funds
- Multiple DaaS Offerings Use CLINKSINK
- Outlook and Implications
- YARA Rules
https://www.mandiant.com/resources/blog/solana-cryptocurrency-stolen-clinksink-drainer-campaigns
/ CVE-2023-4001: a vulnerability in the (downstream) GRUB boot manager
https://dfir.ru/2024/01/15/cve-2023-4001-a-vulnerability-in-the-downstream-grub-boot-manager/
https://dfir.ru/2024/01/15/cve-2023-4001-a-vulnerability-in-the-downstream-grub-boot-manager/
My DFIR Blog
CVE-2023-4001: a vulnerability in the (downstream) GRUB boot manager
One can set a password to protect the boot menu entries and the command-line shell of the GRUB boot manager (see the official manual and the Red Hat manual). This is an additional security measure …
/ CVE-2023-36025 Exploited for Defense Evasion in Phemedrone Stealer Campaign
This blog delves into the Phemedrone Stealer campaign's exploitation of CVE-2023-36025, the Windows Defender SmartScreen Bypass vulnerability, for its defense evasion and investigates the malware's payload:
https://www.trendmicro.com/en_us/research/24/a/cve-2023-36025-exploited-for-defense-evasion-in-phemedrone-steal.html
This blog delves into the Phemedrone Stealer campaign's exploitation of CVE-2023-36025, the Windows Defender SmartScreen Bypass vulnerability, for its defense evasion and investigates the malware's payload:
https://www.trendmicro.com/en_us/research/24/a/cve-2023-36025-exploited-for-defense-evasion-in-phemedrone-steal.html
Trend Micro
CVE-2023-36025 Exploited for Defense Evasion in Phemedrone Stealer Campaign
This blog delves into the Phemedrone Stealer campaign's exploitation of CVE-2023-36025, the Windows Defender SmartScreen Bypass vulnerability, for its defense evasion and investigates the malware's payload.
Forwarded from OpenBLD.net (Yevgeniy Goncharov)
New OpenBLD points of presence have been added in the world thanks to AlphaVPS!
AlphaVPS.com - Fast & Cheap VPS, Cloud Servers and few servers from AlphaVPS stay which located in Bulgaria and Germany joined in to OpenBLD.net ecosystem.
As you know one of the our prioritites - fast DoH/DoT responses and 1GBit/s from AlphaVPS it is good base for this requirements.
One server already available for users (see status of Ada-h4), second server will be available in the next few days. Enjoy it 🚀
P.S. Few times ago I posted OpenBLD.net IPv6 Pre-Release notice, in few near weeks I'll plan implement DoH/DoT IPv6 for users in Europe, I'll tell about this later 😎...
Please open Telegram to view this post
VIEW IN TELEGRAM
/ Undetected macOS InfoStealers | KeySteal, Atomic & CherryPie Continue to Adapt
https://www.sentinelone.com/blog/the-many-faces-of-undetected-macos-infostealers-keysteal-atomic-cherrypie-continue-to-adapt/
https://www.sentinelone.com/blog/the-many-faces-of-undetected-macos-infostealers-keysteal-atomic-cherrypie-continue-to-adapt/
SentinelOne
The Many Faces of Undetected macOS InfoStealers | KeySteal, Atomic & CherryPie Continue to Adapt
Learn about the latest threats to macOS as Infostealers continue to rapidly adapt to evade static signatures.
/ A lightweight method to detect potential iOS malware
https://securelist.com/shutdown-log-lightweight-ios-malware-detection-method/111734/
https://securelist.com/shutdown-log-lightweight-ios-malware-detection-method/111734/
Securelist
Detecting iOS malware via Shutdown.log file
Analyzing Shutdown.log file as a lightweight method to detect indicators of infection with sophisticated iOS malware such as Pegasus, Reign and Predator.
📢 Открытый практикум: DWARF, ELF & ptrace или как работает ваш дебагер
↘ Регистрация
Время:
• 23 Января (Вторник) в 19:00 по МСК
Программа:
• Разберём устройство современного дебагера
• Научимся использовать системный вызов ptrace
• Рассмотрим форматы ELF и DWARF
• Напишем простой отладчик, используя полученные знания
Ведёт:
• Константин Деревцов – Rust разработчик.
↘ Регистрация
Время:
• 23 Января (Вторник) в 19:00 по МСК
Программа:
• Разберём устройство современного дебагера
• Научимся использовать системный вызов ptrace
• Рассмотрим форматы ELF и DWARF
• Напишем простой отладчик, используя полученные знания
Ведёт:
• Константин Деревцов – Rust разработчик.
/ Deserialization of Untrusted Data on Splunk Enterprise for Windows through Path Traversal from Separate Disk Partition
- Mitigations and WorkaroundsPermalink: N/A
- DetectionsPermalink: None
- SeverityPermalink: High
https://advisory.splunk.com/advisories/SVD-2024-0108
- Mitigations and WorkaroundsPermalink: N/A
- DetectionsPermalink: None
- SeverityPermalink: High
https://advisory.splunk.com/advisories/SVD-2024-0108
Splunk Vulnerability Disclosure
Deserialization of Untrusted Data on Splunk Enterprise for Windows through Path Traversal from Separate Disk Partition
In Splunk Enterprise for Windows versions below 9.0.8 and 9.1.3, Splunk Enterprise does not correctly sanitize path input data. This results in the unsafe deserialization of untrusted data from a separate disk partition on the machine. This vulnerability…
/ JAVA-Based Sophisticated Stealer Using Discord Bot as EventListener
https://www.trellix.com/about/newsroom/stories/research/java-based-sophisticated-stealer-using-discord-bot-as-eventlistener/
https://www.trellix.com/about/newsroom/stories/research/java-based-sophisticated-stealer-using-discord-bot-as-eventlistener/
Trellix
JAVA-based Sophisticated Stealer Using Discord Bot as EventListener
In mid-November 2023, Trellix Advanced Research Center team members observed a Java-based stealer being spread through cracked software zip files using JDABuilder Classes to create an instance of the EventListener to easily register. The Stealer uses Discord…
/ Malicious npm packages target developer SSH keys
warbeast2000, kodiak2k... Malicious actors looking to obtain SSH keys from developers is an alarming development. Detailed research:
https://www.reversinglabs.com/blog/gitgot-cybercriminals-using-github-to-store-stolen-data
warbeast2000, kodiak2k... Malicious actors looking to obtain SSH keys from developers is an alarming development. Detailed research:
https://www.reversinglabs.com/blog/gitgot-cybercriminals-using-github-to-store-stolen-data
ReversingLabs
GitGot: GitHub leveraged by cybercriminals to store stolen data | ReversingLabs
ReversingLabs researchers found two suspicious npm packages that demonstrate how GitHub is increasingly being used to easily deploy malware in novel ways.
Forwarded from OpenBLD.net (Yevgeniy Goncharov)
Few month ago I stared develop from scratch zDNS service, now it's can:
- Restrict DNS queries by type like as A, AAAA, HTTPS, CNAME, MX, PTR..
- Balancing DNS traffic between upstream servers
- Providing Prometheus metrics
- DNS responses caching by custom TTL
- Has few working modes - Zero Trust, Allow/Blocking
- Has separated "Permanent" mode with additional custom upstream DNS servers
- Can load allow/block lists from local and remote through HTTP(S)
- Create/Delete custom users with different configs and hosts files
- and more...
New opportunities, features, looking forward, and info about of new OpenBLD.net Personal Usage Testing pre-relase see here:
https://openbld.net/blog/zdns-big-updates-and-features/
Please open Telegram to view this post
VIEW IN TELEGRAM
📢 Открытый практикум DevOps by Rebrain: Практика управления ошибками спринта в DevOps
• 30 Января (Вторник) 19:00 МСК.
↘ Детали
Программа:
• Что такое RCA
• Спринтовое планирование
• Проводим RCA и соотносим со сквозным бэклогом
Ведёт:
Александр Крылов – Team Lead DevOps. Опыт работы в DevOps более 7 лет. Спикер конференций: DevOps conf, TeamLead conf, Highload conf. Автор курса по Haproxy на Rebrain.
• 30 Января (Вторник) 19:00 МСК.
↘ Детали
Программа:
• Что такое RCA
• Спринтовое планирование
• Проводим RCA и соотносим со сквозным бэклогом
Ведёт:
Александр Крылов – Team Lead DevOps. Опыт работы в DevOps более 7 лет. Спикер конференций: DevOps conf, TeamLead conf, Highload conf. Автор курса по Haproxy на Rebrain.
/ Phishing Microsoft Teams for initial access
https://pushsecurity.com/blog/phishing-microsoft-teams-for-initial-access/
https://pushsecurity.com/blog/phishing-microsoft-teams-for-initial-access/
Push Security
Phishing Microsoft Teams for initial access
In this article, we will cover a number of spoofing and phishing strategies that can be employed by external attackers to target an organization using Teams.
/ GitLab - upgraded to the latest version as soon as possible
Crirtucal security release:
https://about.gitlab.com/releases/2024/01/11/critical-security-release-gitlab-16-7-2-released/
Up
https://about.gitlab.com/releases/2024/01/25/critical-security-release-gitlab-16-8-1-released/
P.S. @hranitel_y2k thx for the link 🤝
Crirtucal security release:
https://about.gitlab.com/releases/2024/01/11/critical-security-release-gitlab-16-7-2-released/
Up
https://about.gitlab.com/releases/2024/01/25/critical-security-release-gitlab-16-8-1-released/
P.S. @hranitel_y2k thx for the link 🤝
GitLab
GitLab Critical Security Release: 16.7.2, 16.6.4, 16.5.6
Learn more about GitLab Critical Security Release: 16.7.2, 16.6.4, 16.5.6 for GitLab Community Edition (CE) and Enterprise Edition (EE).
/ Info Stealing Packages Hidden in PyPI
The identified packages—nigpal, figflix, telerer, seGMM, fbdebug, sGMM, myGens, NewGends, and TestLibs111—exhibit attack methodologies similar to those outlined in a Checkmarx blog post published four months ago...
The packages released before December 2023 are very similar to those discussed in earlier blog posts. Specifically, they deploy Whitesnake PE malware if the victim’s device runs on Windows, or they can deliver a Python noscript designed to steal information from Linux devices..:
https://www.fortinet.com/blog/threat-research/info-stealing-packages-hidden-in-pypi
The identified packages—nigpal, figflix, telerer, seGMM, fbdebug, sGMM, myGens, NewGends, and TestLibs111—exhibit attack methodologies similar to those outlined in a Checkmarx blog post published four months ago...
The packages released before December 2023 are very similar to those discussed in earlier blog posts. Specifically, they deploy Whitesnake PE malware if the victim’s device runs on Windows, or they can deliver a Python noscript designed to steal information from Linux devices..:
https://www.fortinet.com/blog/threat-research/info-stealing-packages-hidden-in-pypi
Fortinet Blog
Info Stealing Packages Hidden in PyPI
An info-stealing PyPI malware author was identified discreetly uploading malicious packages. Learn more.…
/ A false-alarm incident involving Panda Security software leads to three very real CVEs
..an attacker might be able to achieve RCE by chaining CVE-2023-6330 with other vulnerabilities..:
https://news.sophos.com/en-us/2024/01/25/multiple-vulnerabilities-discovered-in-widely-used-security-driver/
..an attacker might be able to achieve RCE by chaining CVE-2023-6330 with other vulnerabilities..:
https://news.sophos.com/en-us/2024/01/25/multiple-vulnerabilities-discovered-in-widely-used-security-driver/
Sophos News
Multiple vulnerabilities discovered in widely used security driver
A false-alarm incident involving Panda Security software leads to three very real CVEs
/ Prevent credential exposure with OIDC for GitHub Actions
Many different CI/CD patterns that cause us to raise our eyebrows. One situation in particular that we encounter relatively often is the unsafe use of AWS credentials.
OpenID Connect is an authentication standard, which when coupled with GitHub Actions, offers a more secure alternative for authentication when compared to utilizing traditional access keys..:
https://blog.cloudsecuritypartners.com/oidc-for-github-actions/
Many different CI/CD patterns that cause us to raise our eyebrows. One situation in particular that we encounter relatively often is the unsafe use of AWS credentials.
OpenID Connect is an authentication standard, which when coupled with GitHub Actions, offers a more secure alternative for authentication when compared to utilizing traditional access keys..:
https://blog.cloudsecuritypartners.com/oidc-for-github-actions/
Cloud Security Partners Blog
OIDC for GitHub Actions
At Cloud Security Partners, we perform a lot of code reviews and Cloud Security Assessments. During these engagements, we see many different CI/CD patterns that cause us to raise our eyebrows. One situation in particular that we encounter relatively often…
/ DarkGate malware delivered via Microsoft Teams - detection and response
https://cybersecurity.att.com/blogs/security-essentials/darkgate-malware-delivered-via-microsoft-teams-detection-and-response
https://cybersecurity.att.com/blogs/security-essentials/darkgate-malware-delivered-via-microsoft-teams-detection-and-response
LevelBlue
DarkGate malware delivered via Microsoft Teams - detection…
Executive summary While most end users are well-acquainted with the dangers of traditional phishing attacks, such as those delivered via email or other media, a large proportion are likely unaware that Microsoft Teams chats could be a phishing vector. Most…