📢 Открытый практикум DevOps by Rebrain: Работаем с бэклогом команды DevOps
Время:
• 20 Февраля (Вторник) 19:00 МСК
Программа:
• Построение процесса бэклога команды
• Подход к сквозному приоритету задач
• Контроль сроков
↘ Детали
Ведёт:
• Александр Крылов – Опыт работы в DevOps более 7 лет. Спикер конференций: DevOps conf, TeamLead conf, Highload conf. Автор курса по Haproxy на Rebrain.
Время:
• 20 Февраля (Вторник) 19:00 МСК
Программа:
• Построение процесса бэклога команды
• Подход к сквозному приоритету задач
• Контроль сроков
↘ Детали
Ведёт:
• Александр Крылов – Опыт работы в DevOps более 7 лет. Спикер конференций: DevOps conf, TeamLead conf, Highload conf. Автор курса по Haproxy на Rebrain.
/ New WiFi Authentication Vulnerabilities Discovered
One vulnerability affects Android, ChromeOS and Linux devices connecting to enterprise WiFi networks, another affects home WiFi using a Linux device as a wireless access point:
https://www.top10vpn.com/research/wifi-vulnerabilities/
One vulnerability affects Android, ChromeOS and Linux devices connecting to enterprise WiFi networks, another affects home WiFi using a Linux device as a wireless access point:
https://www.top10vpn.com/research/wifi-vulnerabilities/
Top10Vpn
New WiFi Authentication Vulnerabilities Discovered
Two new WiFi vulnerabilities allow hackers to trick you into connecting to fake hotspots and steal your data, and join secure networks without the password.
/ Serious Vulnerability in the Internet Infrastructure Fundamental design flaw in DNSSEC discovered
https://www.athene-center.de/en/news/press/key-trap
https://www.athene-center.de/en/news/press/key-trap
/ New macOS Backdoor Written in Rust Shows Possible Link with Windows Ransomware Group
https://www.bitdefender.com/blog/labs/new-macos-backdoor-written-in-rust-shows-possible-link-with-windows-ransomware-group/
https://www.bitdefender.com/blog/labs/new-macos-backdoor-written-in-rust-shows-possible-link-with-windows-ransomware-group/
Bitdefender Labs
New macOS Backdoor Written in Rust Shows Possible Link with Windows Ransomware Group
UPDATE:
Following our initial release, we have been contacted by our fellow researchers at Jamf who were able to identify three more samples that act like first-stage payloads.
Following our initial release, we have been contacted by our fellow researchers at Jamf who were able to identify three more samples that act like first-stage payloads.
Forwarded from OpenBLD.net (Yevgeniy Goncharov)
New researched malicious campaign from Proofpoint researchers, detected integrating credential phishing and cloud account takeover (ATO) techniques...
This campaign contains multiple endpoints which also included domains used as malicious infrastructure...
So - All malicious infrastructure domains sent to OpenBLD.net ecosystem
Be safe and be focused my friends
Please open Telegram to view this post
VIEW IN TELEGRAM
📢 VDSina present new hosting project on VDSina.com
With servers based on the latest AMD EPYC processors. Processor frequency 3.55 GHz. Triple redundant NVMe storage. Internet port speed 10 Gbit/sec. Data-center located in Netherlands.
Some of services from lab.sys-adm.in are using this VPS hosting for own needs (like as Chat Prettier, Masha Banhammer or Get Telegram IDs Telegram bots). Price started from
You can see more details on official VDSina.com site
With servers based on the latest AMD EPYC processors. Processor frequency 3.55 GHz. Triple redundant NVMe storage. Internet port speed 10 Gbit/sec. Data-center located in Netherlands.
Some of services from lab.sys-adm.in are using this VPS hosting for own needs (like as Chat Prettier, Masha Banhammer or Get Telegram IDs Telegram bots). Price started from
0.16$ in day, it's great for VPN, websites, telegram bots and other needs...You can see more details on official VDSina.com site
/ Pelmeni Wrapper: New Wrapper of Kazuar (Turla Backdoor)
- Infection Chain
- Technical analysis: Kazuar (DotNET) and Pelmeni Wrapper (Wrapper DLL)
- IoC's
https://lab52.io/blog/pelmeni-wrapper-new-wrapper-of-kazuar-turla-backdoor/
- Infection Chain
- Technical analysis: Kazuar (DotNET) and Pelmeni Wrapper (Wrapper DLL)
- IoC's
https://lab52.io/blog/pelmeni-wrapper-new-wrapper-of-kazuar-turla-backdoor/
📢 Открытый практикум Linux by Rebrain: bash
Время:
• 28 Февраля (Среда) 20:00 МСК
Программа:
• Что такое командная оболочка
• Bash - удобный инструмент для работы в Linux
• Внешние и внутренние команды
• Стандартные потоки информации
• Порядок интерпретации команд
↘ Детали
Ведёт:
Андрей Буранов – Системный администратор в департаменте VK Play. 10+ лет опыта работы с ОС Linux.
Время:
• 28 Февраля (Среда) 20:00 МСК
Программа:
• Что такое командная оболочка
• Bash - удобный инструмент для работы в Linux
• Внешние и внутренние команды
• Стандартные потоки информации
• Порядок интерпретации команд
↘ Детали
Ведёт:
Андрей Буранов – Системный администратор в департаменте VK Play. 10+ лет опыта работы с ОС Linux.
/ SSH-Snake: Automatic traversal of networks using SSH private keys
SSH-Snake performs three basic tasks:
- On the current system, find any SSH private keys,
- On the current system, find any hosts or destinations (user@host) that the private keys may be accepted on,
- Attempt to SSH into all of the discovered destinations using all of the private keys discovered.
https://joshua.hu/ssh-snake-ssh-network-traversal-discover-ssh-private-keys-network-graph
SSH-Snake performs three basic tasks:
- On the current system, find any SSH private keys,
- On the current system, find any hosts or destinations (user@host) that the private keys may be accepted on,
- Attempt to SSH into all of the discovered destinations using all of the private keys discovered.
https://joshua.hu/ssh-snake-ssh-network-traversal-discover-ssh-private-keys-network-graph
Forwarded from Sys-Admin Up (Yevgeniy Goncharov)
/ OpenBLD.net PDP Beta Program Announce
Personal DoH Profiling (PDP), a new service that provides:
- Complete isolation of your DNS requests, ensuring that no one can track your online activity.
- Personalized DNS settings, so you can block ads, malicious websites, and other unwanted content.
- Robust security with DNSSEC, TLSv1.2, and TLSv1.3.
- Self Allow/Block lists controls and more...
Details: https://news.1rj.ru/str/openbld/56
Personal DoH Profiling (PDP), a new service that provides:
- Complete isolation of your DNS requests, ensuring that no one can track your online activity.
- Personalized DNS settings, so you can block ads, malicious websites, and other unwanted content.
- Robust security with DNSSEC, TLSv1.2, and TLSv1.3.
- Self Allow/Block lists controls and more...
Details: https://news.1rj.ru/str/openbld/56
Telegram
OpenBLD.net
📢 Take Control of Your Privacy! Join the OpenBLD.net PDP Beta! 😡
Do you want to protect your online privacy and the privacy of your family? Join the beta for OpenBLD.net Personal DoH Profiling (PDP), a new service that provides:
🔹 Complete isolation of…
Do you want to protect your online privacy and the privacy of your family? Join the beta for OpenBLD.net Personal DoH Profiling (PDP), a new service that provides:
🔹 Complete isolation of…
/ Details on Apple’s Shortcuts Vulnerability: A Deep Dive into CVE-2024-23204
https://www.bitdefender.com/blog/labs/details-on-apples-shortcuts-vulnerability-a-deep-dive-into-cve-2024-23204/
https://www.bitdefender.com/blog/labs/details-on-apples-shortcuts-vulnerability-a-deep-dive-into-cve-2024-23204/
Bitdefender Labs
Details on Apple’s Shortcuts Vulnerability: A Deep Dive into CVE-2024-23204
CVE-2024-23204 sheds light on the critical importance of continuous security vigilance.
/ Zyxel security advisory for multiple vulnerabilities in firewalls and APs
Zyxel has released patches addressing multiple vulnerabilities in some firewall and access point (AP) versions. Users are advised to install the patches for optimal protection:
- some firewall and AP versions could allow an authenticated attacker with administrator privileges to execute some operating system (OS) commands on an affected device via FTP
- IPSec VPN feature in some firewall versions could allow an attacker to achieve unauthorized remote code execution
- LAN-based attacker to cause denial-of-service (DoS)
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-aps-02-21-2024
Zyxel has released patches addressing multiple vulnerabilities in some firewall and access point (AP) versions. Users are advised to install the patches for optimal protection:
- some firewall and AP versions could allow an authenticated attacker with administrator privileges to execute some operating system (OS) commands on an affected device via FTP
- IPSec VPN feature in some firewall versions could allow an attacker to achieve unauthorized remote code execution
- LAN-based attacker to cause denial-of-service (DoS)
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-aps-02-21-2024
Zyxel
Zyxel security advisory for multiple vulnerabilities in firewalls and APs | Zyxel Networks
CVEs: CVE-2023-6397, CVE-2023-6398, CVE-2023-6399, CVE-2023-6764 Summary Zyxel has released patches addressing multiple vulnerabilities in some firewall and access point (AP) versions. Users are advised to install the patches for optimal protection. What…
/ Announcing bpftop: Streamlining eBPF performance optimization
https://netflixtechblog.com/announcing-bpftop-streamlining-ebpf-performance-optimization-6a727c1ae2e5
https://netflixtechblog.com/announcing-bpftop-streamlining-ebpf-performance-optimization-6a727c1ae2e5
Medium
Announcing bpftop: Streamlining eBPF performance optimization
By Jose Fernandez
📢 AppSecFest Объявляет CFP набор 🚀
AppSecFest 2024 ориентировочно пройдет ~3 мая в Almaty, будет разделен на несколько зон:
🔹 App Zone: сосредоточен на трендах разработки ПО (mobile, web, блокчейн, микросервисы и т.п.). Трендах Dev и DevOps AI/ML в SDLC.
🔹 Sec Zone: актуальная безопасность приложений (SAST, SCA, DAST, RASP. API, IaC и Container Security. ASTO, WAF, IAST, MAST, Secrets Management). Векторы атак и управление уязвимостями
Нужны спикеры! Ты специалист в App/Sec? Тогда welcome to CFP:
🔹 https://forms.gle/EBAAArtHtoCmSMri7
AppSecFest 2024 ориентировочно пройдет ~3 мая в Almaty, будет разделен на несколько зон:
Нужны спикеры! Ты специалист в App/Sec? Тогда welcome to CFP:
Please open Telegram to view this post
VIEW IN TELEGRAM
/ XSS Vulnerability in LiteSpeed Cache Plugin Affecting 4+ Million Sites
The plugin LiteSpeed Cache (free version), which has over 4 million active installations, is known as the most popular caching plugin in WordPress.
This plugin suffers from unauthenticated site-wide stored XSS vulnerability and could allow any unauthenticated user from stealing sensitive information to, in this case, privilege escalation on the WordPress site by performing a single HTTP request.
https://patchstack.com/articles/xss-vulnerability-in-litespeed-cache-plugin-affecting-4-million-sites/
The plugin LiteSpeed Cache (free version), which has over 4 million active installations, is known as the most popular caching plugin in WordPress.
This plugin suffers from unauthenticated site-wide stored XSS vulnerability and could allow any unauthenticated user from stealing sensitive information to, in this case, privilege escalation on the WordPress site by performing a single HTTP request.
https://patchstack.com/articles/xss-vulnerability-in-litespeed-cache-plugin-affecting-4-million-sites/
Patchstack
XSS Vulnerability in LiteSpeed Cache Plugin - Patchstack
There is a vulnerability in the LiteSpeed Cache plugin - Unauth Site Wide Stored XSS in <= 5.7 affecting 4+ millions of sites.
📢 Открытый практикум Linux by Rebrain: LVM - первая часть
Время:
• 6 Марта (Среда) 20:00 МСК
Программа:
• От логических разделов к логическим томам
• PV, VG, LV
• Практика работы с LVM - создание LV, манипуляции со свободным пространством
↘ Детали
Ведёт:
Андрей Буранов – Системный администратор в департаменте VK Play. 10+ лет опыта работы с ОС Linux.
Время:
• 6 Марта (Среда) 20:00 МСК
Программа:
• От логических разделов к логическим томам
• PV, VG, LV
• Практика работы с LVM - создание LV, манипуляции со свободным пространством
↘ Детали
Ведёт:
Андрей Буранов – Системный администратор в департаменте VK Play. 10+ лет опыта работы с ОС Linux.
/ Data Scientists Targeted by Malicious Hugging Face ML Models with Silent Backdoor
How can loading an ML model lead to payload code execution? Analysis:
https://jfrog.com/blog/data-scientists-targeted-by-malicious-hugging-face-ml-models-with-silent-backdoor/
How can loading an ML model lead to payload code execution? Analysis:
https://jfrog.com/blog/data-scientists-targeted-by-malicious-hugging-face-ml-models-with-silent-backdoor/
JFrog
Data Scientists Targeted by Malicious Hugging Face ML Models with Silent Backdoor
Is Hugging Face the target of model-based attacks? See a detailed explanation of the attack mechanism and what is required to identify real threats >
/ 0-Click Account Takeover on Facebook
https://infosecwriteups.com/0-click-account-takeover-on-facebook-e4120651e23e
https://infosecwriteups.com/0-click-account-takeover-on-facebook-e4120651e23e
Medium
0-Click Account Takeover on Facebook
0-Click Account Takeover on Facebook Hello, This is Samip Aryal from Nepal writing about my highest-paid report. This writeup basically describes rate-limiting issue in a specific endpoint of …
Forwarded from OpenBLD.net (Yevgeniy Goncharov)
The Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) are releasing this joint CSA, to disseminate known TTPs and IOCs associated with the Phobos ransomware variants observed as recently as February 2024...
Phobos actors run executables like 1saas.exe or cmd.exe to deploy additional Phobos payloads that have elevated privileges enabled. Additionally, Phobos actors can use the previous commands to perform various windows shell functions. The Windows command shell enables threat actors to control various aspects of a system, with multiple permission levels required for different subsets of commands.
How to mitigate risks:
- Secure RDP
- Reduce administratiove provigese scoping
- Use OpenBLD.net or similar services
Technical details on CISA site:
- https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-060a
Please open Telegram to view this post
VIEW IN TELEGRAM
/ VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability (Critical)
A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host..:
https://www.vmware.com/security/advisories/VMSA-2024-0006.html
A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host..:
https://www.vmware.com/security/advisories/VMSA-2024-0006.html
/ Apple pathes OS 17.4 and iPadOS 17.4
Impact: An app may be able to read sensitive location information:
https://support.apple.com/en-us/HT214081
Impact: An app may be able to read sensitive location information:
https://support.apple.com/en-us/HT214081
Apple Support
About the security content of iOS 17.4 and iPadOS 17.4
This document describes the security content of iOS 17.4 and iPadOS 17.4.