📢 AppSecFest Объявляет CFP набор 🚀
AppSecFest 2024 ориентировочно пройдет ~3 мая в Almaty, будет разделен на несколько зон:
🔹 App Zone: сосредоточен на трендах разработки ПО (mobile, web, блокчейн, микросервисы и т.п.). Трендах Dev и DevOps AI/ML в SDLC.
🔹 Sec Zone: актуальная безопасность приложений (SAST, SCA, DAST, RASP. API, IaC и Container Security. ASTO, WAF, IAST, MAST, Secrets Management). Векторы атак и управление уязвимостями
Нужны спикеры! Ты специалист в App/Sec? Тогда welcome to CFP:
🔹 https://forms.gle/EBAAArtHtoCmSMri7
AppSecFest 2024 ориентировочно пройдет ~3 мая в Almaty, будет разделен на несколько зон:
Нужны спикеры! Ты специалист в App/Sec? Тогда welcome to CFP:
Please open Telegram to view this post
VIEW IN TELEGRAM
/ XSS Vulnerability in LiteSpeed Cache Plugin Affecting 4+ Million Sites
The plugin LiteSpeed Cache (free version), which has over 4 million active installations, is known as the most popular caching plugin in WordPress.
This plugin suffers from unauthenticated site-wide stored XSS vulnerability and could allow any unauthenticated user from stealing sensitive information to, in this case, privilege escalation on the WordPress site by performing a single HTTP request.
https://patchstack.com/articles/xss-vulnerability-in-litespeed-cache-plugin-affecting-4-million-sites/
The plugin LiteSpeed Cache (free version), which has over 4 million active installations, is known as the most popular caching plugin in WordPress.
This plugin suffers from unauthenticated site-wide stored XSS vulnerability and could allow any unauthenticated user from stealing sensitive information to, in this case, privilege escalation on the WordPress site by performing a single HTTP request.
https://patchstack.com/articles/xss-vulnerability-in-litespeed-cache-plugin-affecting-4-million-sites/
Patchstack
XSS Vulnerability in LiteSpeed Cache Plugin - Patchstack
There is a vulnerability in the LiteSpeed Cache plugin - Unauth Site Wide Stored XSS in <= 5.7 affecting 4+ millions of sites.
📢 Открытый практикум Linux by Rebrain: LVM - первая часть
Время:
• 6 Марта (Среда) 20:00 МСК
Программа:
• От логических разделов к логическим томам
• PV, VG, LV
• Практика работы с LVM - создание LV, манипуляции со свободным пространством
↘ Детали
Ведёт:
Андрей Буранов – Системный администратор в департаменте VK Play. 10+ лет опыта работы с ОС Linux.
Время:
• 6 Марта (Среда) 20:00 МСК
Программа:
• От логических разделов к логическим томам
• PV, VG, LV
• Практика работы с LVM - создание LV, манипуляции со свободным пространством
↘ Детали
Ведёт:
Андрей Буранов – Системный администратор в департаменте VK Play. 10+ лет опыта работы с ОС Linux.
/ Data Scientists Targeted by Malicious Hugging Face ML Models with Silent Backdoor
How can loading an ML model lead to payload code execution? Analysis:
https://jfrog.com/blog/data-scientists-targeted-by-malicious-hugging-face-ml-models-with-silent-backdoor/
How can loading an ML model lead to payload code execution? Analysis:
https://jfrog.com/blog/data-scientists-targeted-by-malicious-hugging-face-ml-models-with-silent-backdoor/
JFrog
Data Scientists Targeted by Malicious Hugging Face ML Models with Silent Backdoor
Is Hugging Face the target of model-based attacks? See a detailed explanation of the attack mechanism and what is required to identify real threats >
/ 0-Click Account Takeover on Facebook
https://infosecwriteups.com/0-click-account-takeover-on-facebook-e4120651e23e
https://infosecwriteups.com/0-click-account-takeover-on-facebook-e4120651e23e
Medium
0-Click Account Takeover on Facebook
0-Click Account Takeover on Facebook Hello, This is Samip Aryal from Nepal writing about my highest-paid report. This writeup basically describes rate-limiting issue in a specific endpoint of …
Forwarded from OpenBLD.net (Yevgeniy Goncharov)
The Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) are releasing this joint CSA, to disseminate known TTPs and IOCs associated with the Phobos ransomware variants observed as recently as February 2024...
Phobos actors run executables like 1saas.exe or cmd.exe to deploy additional Phobos payloads that have elevated privileges enabled. Additionally, Phobos actors can use the previous commands to perform various windows shell functions. The Windows command shell enables threat actors to control various aspects of a system, with multiple permission levels required for different subsets of commands.
How to mitigate risks:
- Secure RDP
- Reduce administratiove provigese scoping
- Use OpenBLD.net or similar services
Technical details on CISA site:
- https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-060a
Please open Telegram to view this post
VIEW IN TELEGRAM
/ VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability (Critical)
A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host..:
https://www.vmware.com/security/advisories/VMSA-2024-0006.html
A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host..:
https://www.vmware.com/security/advisories/VMSA-2024-0006.html
/ Apple pathes OS 17.4 and iPadOS 17.4
Impact: An app may be able to read sensitive location information:
https://support.apple.com/en-us/HT214081
Impact: An app may be able to read sensitive location information:
https://support.apple.com/en-us/HT214081
Apple Support
About the security content of iOS 17.4 and iPadOS 17.4
This document describes the security content of iOS 17.4 and iPadOS 17.4.
/ WogRAT Malware Exploits aNotepad (Windows, Linux)
AhnLab Security intelligence Center (ASEC) has recently discovered the distribution of backdoor malware via aNotepad, a free online notepad platform. Said malware supports both the PE format that targets the Windows system and the ELF format that targets the Linux system. As the threat actor used the string ‘WingOfGod’ during the development of the malware, it is classified as WogRAT:
https://asec.ahnlab.com/en/62446/
AhnLab Security intelligence Center (ASEC) has recently discovered the distribution of backdoor malware via aNotepad, a free online notepad platform. Said malware supports both the PE format that targets the Windows system and the ELF format that targets the Linux system. As the threat actor used the string ‘WingOfGod’ during the development of the malware, it is classified as WogRAT:
https://asec.ahnlab.com/en/62446/
/ Spinning YARN - A New Linux Malware Campaign Targets Docker, Apache Hadoop, Redis and Confluence
Cado Security Labs researchers have recently encountered an emerging malware campaign targeting misconfigured servers running the following web-facing services.
- Apache Hadoop YARN,
- Docker,
- Confluence and
- Redis
Detailed research - Details
Cado Security Labs researchers have recently encountered an emerging malware campaign targeting misconfigured servers running the following web-facing services.
- Apache Hadoop YARN,
- Docker,
- Confluence and
- Redis
Detailed research - Details
Cadosecurity
Spinning YARN - A New Linux Malware Campaign Targets Docker, Apache Hadoop, Redis and Confluence - Cado Security | Cloud Forensics…
Introduction Cado Security Labs researchers have recently encountered an emerging malware campaign targeting misconfigured servers running the following web-facing services: The campaign utilises a number of unique and unreported payloads, including four…
📢 Открытый практикум DevOps by Rebrain: HTTPS в Nginx и Angie
Время:
• 12 Марта (Вторник) 19:00 МСК
Программа:
• Разбираем принципы TLS и HTTPS
• Учимся получать бесплатные сертификаты
• Автоматизируем их обновление
• Настраиваем быстрый и безопасный HTTPS для сайта
↘ Детали
Ведёт:
Николай Лавлинский – Веб-разработчик более 15 лет. Спикер конференций HighLoad++, РИТ++. Специализация: ускорение сайтов и веб-приложений.
Время:
• 12 Марта (Вторник) 19:00 МСК
Программа:
• Разбираем принципы TLS и HTTPS
• Учимся получать бесплатные сертификаты
• Автоматизируем их обновление
• Настраиваем быстрый и безопасный HTTPS для сайта
↘ Детали
Ведёт:
Николай Лавлинский – Веб-разработчик более 15 лет. Спикер конференций HighLoad++, РИТ++. Специализация: ускорение сайтов и веб-приложений.
/ Cisco Secure Client Carriage Return Line Feed Injection Vulnerability (high)
Cisco Secure Client could allow an unauthenticated, remote attacker to conduct a carriage return line feed (CRLF) injection attack against a user:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-secure-client-crlf-W43V4G7
Cisco Secure Client could allow an unauthenticated, remote attacker to conduct a carriage return line feed (CRLF) injection attack against a user:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-secure-client-crlf-W43V4G7
Cisco
Cisco Security Advisory: Cisco Secure Client Carriage Return Line Feed Injection Vulnerability
A vulnerability in the SAML authentication process of Cisco Secure Client could allow an unauthenticated, remote attacker to conduct a carriage return line feed (CRLF) injection attack against a user.
This vulnerability is due to insufficient validation…
This vulnerability is due to insufficient validation…
Forwarded from OpenBLD.net (Yevgeniy Goncharov)
📢 Integration of OpenBLD.net with URLhaus by abuse.ch
URLhaus is a project operated by abuse.ch. Its purpose is to collect, track, and share malware URLs, aiding network administrators and security analysts in safeguarding their networks and customers from cyber threats.
Now, you can check the malicious domain ownership with OpenBLD.net alongside Quad9, AdGuard, Cloudflare, ProtonDNS on abuse.ch.
In addition, you can incorporate abuse.ch lists into your security solutions, just as OpenBLD.net does.
You can check this as example on:
🔹 https://urlhaus.abuse.ch/host/dukeenergyltd.top
Here's to security for us all. Cheers!)
URLhaus is a project operated by abuse.ch. Its purpose is to collect, track, and share malware URLs, aiding network administrators and security analysts in safeguarding their networks and customers from cyber threats.
Now, you can check the malicious domain ownership with OpenBLD.net alongside Quad9, AdGuard, Cloudflare, ProtonDNS on abuse.ch.
In addition, you can incorporate abuse.ch lists into your security solutions, just as OpenBLD.net does.
You can check this as example on:
Here's to security for us all. Cheers!)
Please open Telegram to view this post
VIEW IN TELEGRAM
/ MAGNET GOBLIN TARGETS PUBLICLY FACING SERVERS USING 1-DAY VULNERABILITIES
https://research.checkpoint.com/2024/magnet-goblin-targets-publicly-facing-servers-using-1-day-vulnerabilities/
https://research.checkpoint.com/2024/magnet-goblin-targets-publicly-facing-servers-using-1-day-vulnerabilities/
Check Point Research
Magnet Goblin Targets Publicly Facing Servers Using 1-Day Vulnerabilities - Check Point Research
Key Points Introduction On January 10, 2024, Ivanti published a security advisory regarding two vulnerabilities in Ivanti Connect Secure VPN. These vulnerabilities, which were exploited in the wild, are identified as CVE-2023-46805 and CVE-2023-21887. The…
/ FortiOS & FortiProxy - Out-of-bounds Write in captive portal
..may allow an inside attacker who has access to captive portal to execute arbitrary code or commands via specially crafted HTTP requests:
https://www.fortiguard.com/psirt/FG-IR-23-328
..may allow an inside attacker who has access to captive portal to execute arbitrary code or commands via specially crafted HTTP requests:
https://www.fortiguard.com/psirt/FG-IR-23-328
FortiGuard Labs
PSIRT | FortiGuard Labs
None
📢 Открытый практикум: Выбираем форк MySQL от Oracle до MariaDB
Время:
• 19 Марта (Вторник) 19:00 МСК
Программа:
• Обзор открытых форков в экосистеме MySQL
• Oracle MySQL
• Percona Server for MySQL
• MariaDB
• Совместимость, возможности перехода
• Сравнение функциональности
↘ Детали
Ведёт:
Николай Лавлинский – Веб-разработчик более 15 лет. Спикер конференций HighLoad++, РИТ++. Специализация: ускорение сайтов и веб-приложений.
Время:
• 19 Марта (Вторник) 19:00 МСК
Программа:
• Обзор открытых форков в экосистеме MySQL
• Oracle MySQL
• Percona Server for MySQL
• MariaDB
• Совместимость, возможности перехода
• Сравнение функциональности
↘ Детали
Ведёт:
Николай Лавлинский – Веб-разработчик более 15 лет. Спикер конференций HighLoad++, РИТ++. Специализация: ускорение сайтов и веб-приложений.
/ DarkGate Operators Exploit Microsoft Windows SmartScreen Bypass in Zero-Day Campaign
https://www.trendmicro.com/en_us/research/24/c/cve-2024-21412--darkgate-operators-exploit-microsoft-windows-sma.html
https://www.trendmicro.com/en_us/research/24/c/cve-2024-21412--darkgate-operators-exploit-microsoft-windows-sma.html
Trend Micro
CVE-2024-21412: DarkGate Operators Exploit Microsoft Windows SmartScreen Bypass in Zero-Day Campaign
In addition to our Water Hydra APT zero day analysis, the Zero Day Initiative (ZDI) observed a DarkGate campaign which we discovered in mid-January 2024 where DarkGate operators exploited CVE-2024-21412.
/ What a Cluster: Local Volumes Vulnerability in Kubernetes
https://www.akamai.com/blog/security-research/kubernetes-local-volumes-command-injection-vulnerability-rce-system-privileges
https://www.akamai.com/blog/security-research/kubernetes-local-volumes-command-injection-vulnerability-rce-system-privileges
Akamai
What a Cluster: Local Volumes Vulnerability in Kubernetes | Akamai
A vulnerability in Kubernetes allows remote code execution. Read how a malicious YAML file can remotely execute code on all Windows nodes in a cluster.
/ Interesting Multi-Stage StopCrypt Ransomware Variant Propagating in the Wild
*with bypass antivirus
https://blog.sonicwall.com/en-us/2024/03/new-multi-stage-stopcrypt-ransomware/
*with bypass antivirus
https://blog.sonicwall.com/en-us/2024/03/new-multi-stage-stopcrypt-ransomware/
/ UDP-based, application-layer protocol implementations are vulnerable to network loops
..An unauthenticated attacker can use maliciously-crafted packets against a UDP-based vulnerable implementation of application protocols (e.g., DNS, NTP, TFTP) that can lead to Denial-of-Service (DOS) and/or abuse of resources..:
https://kb.cert.org/vuls/id/417980
..An unauthenticated attacker can use maliciously-crafted packets against a UDP-based vulnerable implementation of application protocols (e.g., DNS, NTP, TFTP) that can lead to Denial-of-Service (DOS) and/or abuse of resources..:
https://kb.cert.org/vuls/id/417980
www.kb.cert.org
CERT/CC Vulnerability Note VU#417980
Implementations of UDP-based application protocols are vulnerable to network loops
/ SQLi (SQL Injection) org.postgresql:postgresql Dependency in Bamboo Data Center and Server
This Critical severity org.postgresql:postgresql Dependency vulnerability was introduced in versions 8.2.1, 9.0.0, 9.1.0, 9.2.1, 9.3.0, 9.4.0, and 9.5.0 of Bamboo Data Center and Server.
https://jira.atlassian.com/browse/BAM-25716
This Critical severity org.postgresql:postgresql Dependency vulnerability was introduced in versions 8.2.1, 9.0.0, 9.1.0, 9.2.1, 9.3.0, 9.4.0, and 9.5.0 of Bamboo Data Center and Server.
https://jira.atlassian.com/browse/BAM-25716