/ Cisco Secure Client Carriage Return Line Feed Injection Vulnerability (high)
Cisco Secure Client could allow an unauthenticated, remote attacker to conduct a carriage return line feed (CRLF) injection attack against a user:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-secure-client-crlf-W43V4G7
Cisco Secure Client could allow an unauthenticated, remote attacker to conduct a carriage return line feed (CRLF) injection attack against a user:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-secure-client-crlf-W43V4G7
Cisco
Cisco Security Advisory: Cisco Secure Client Carriage Return Line Feed Injection Vulnerability
A vulnerability in the SAML authentication process of Cisco Secure Client could allow an unauthenticated, remote attacker to conduct a carriage return line feed (CRLF) injection attack against a user.
This vulnerability is due to insufficient validation…
This vulnerability is due to insufficient validation…
Forwarded from OpenBLD.net (Yevgeniy Goncharov)
📢 Integration of OpenBLD.net with URLhaus by abuse.ch
URLhaus is a project operated by abuse.ch. Its purpose is to collect, track, and share malware URLs, aiding network administrators and security analysts in safeguarding their networks and customers from cyber threats.
Now, you can check the malicious domain ownership with OpenBLD.net alongside Quad9, AdGuard, Cloudflare, ProtonDNS on abuse.ch.
In addition, you can incorporate abuse.ch lists into your security solutions, just as OpenBLD.net does.
You can check this as example on:
🔹 https://urlhaus.abuse.ch/host/dukeenergyltd.top
Here's to security for us all. Cheers!)
URLhaus is a project operated by abuse.ch. Its purpose is to collect, track, and share malware URLs, aiding network administrators and security analysts in safeguarding their networks and customers from cyber threats.
Now, you can check the malicious domain ownership with OpenBLD.net alongside Quad9, AdGuard, Cloudflare, ProtonDNS on abuse.ch.
In addition, you can incorporate abuse.ch lists into your security solutions, just as OpenBLD.net does.
You can check this as example on:
Here's to security for us all. Cheers!)
Please open Telegram to view this post
VIEW IN TELEGRAM
/ MAGNET GOBLIN TARGETS PUBLICLY FACING SERVERS USING 1-DAY VULNERABILITIES
https://research.checkpoint.com/2024/magnet-goblin-targets-publicly-facing-servers-using-1-day-vulnerabilities/
https://research.checkpoint.com/2024/magnet-goblin-targets-publicly-facing-servers-using-1-day-vulnerabilities/
Check Point Research
Magnet Goblin Targets Publicly Facing Servers Using 1-Day Vulnerabilities - Check Point Research
Key Points Introduction On January 10, 2024, Ivanti published a security advisory regarding two vulnerabilities in Ivanti Connect Secure VPN. These vulnerabilities, which were exploited in the wild, are identified as CVE-2023-46805 and CVE-2023-21887. The…
/ FortiOS & FortiProxy - Out-of-bounds Write in captive portal
..may allow an inside attacker who has access to captive portal to execute arbitrary code or commands via specially crafted HTTP requests:
https://www.fortiguard.com/psirt/FG-IR-23-328
..may allow an inside attacker who has access to captive portal to execute arbitrary code or commands via specially crafted HTTP requests:
https://www.fortiguard.com/psirt/FG-IR-23-328
FortiGuard Labs
PSIRT | FortiGuard Labs
None
📢 Открытый практикум: Выбираем форк MySQL от Oracle до MariaDB
Время:
• 19 Марта (Вторник) 19:00 МСК
Программа:
• Обзор открытых форков в экосистеме MySQL
• Oracle MySQL
• Percona Server for MySQL
• MariaDB
• Совместимость, возможности перехода
• Сравнение функциональности
↘ Детали
Ведёт:
Николай Лавлинский – Веб-разработчик более 15 лет. Спикер конференций HighLoad++, РИТ++. Специализация: ускорение сайтов и веб-приложений.
Время:
• 19 Марта (Вторник) 19:00 МСК
Программа:
• Обзор открытых форков в экосистеме MySQL
• Oracle MySQL
• Percona Server for MySQL
• MariaDB
• Совместимость, возможности перехода
• Сравнение функциональности
↘ Детали
Ведёт:
Николай Лавлинский – Веб-разработчик более 15 лет. Спикер конференций HighLoad++, РИТ++. Специализация: ускорение сайтов и веб-приложений.
/ DarkGate Operators Exploit Microsoft Windows SmartScreen Bypass in Zero-Day Campaign
https://www.trendmicro.com/en_us/research/24/c/cve-2024-21412--darkgate-operators-exploit-microsoft-windows-sma.html
https://www.trendmicro.com/en_us/research/24/c/cve-2024-21412--darkgate-operators-exploit-microsoft-windows-sma.html
Trend Micro
CVE-2024-21412: DarkGate Operators Exploit Microsoft Windows SmartScreen Bypass in Zero-Day Campaign
In addition to our Water Hydra APT zero day analysis, the Zero Day Initiative (ZDI) observed a DarkGate campaign which we discovered in mid-January 2024 where DarkGate operators exploited CVE-2024-21412.
/ What a Cluster: Local Volumes Vulnerability in Kubernetes
https://www.akamai.com/blog/security-research/kubernetes-local-volumes-command-injection-vulnerability-rce-system-privileges
https://www.akamai.com/blog/security-research/kubernetes-local-volumes-command-injection-vulnerability-rce-system-privileges
Akamai
What a Cluster: Local Volumes Vulnerability in Kubernetes | Akamai
A vulnerability in Kubernetes allows remote code execution. Read how a malicious YAML file can remotely execute code on all Windows nodes in a cluster.
/ Interesting Multi-Stage StopCrypt Ransomware Variant Propagating in the Wild
*with bypass antivirus
https://blog.sonicwall.com/en-us/2024/03/new-multi-stage-stopcrypt-ransomware/
*with bypass antivirus
https://blog.sonicwall.com/en-us/2024/03/new-multi-stage-stopcrypt-ransomware/
/ UDP-based, application-layer protocol implementations are vulnerable to network loops
..An unauthenticated attacker can use maliciously-crafted packets against a UDP-based vulnerable implementation of application protocols (e.g., DNS, NTP, TFTP) that can lead to Denial-of-Service (DOS) and/or abuse of resources..:
https://kb.cert.org/vuls/id/417980
..An unauthenticated attacker can use maliciously-crafted packets against a UDP-based vulnerable implementation of application protocols (e.g., DNS, NTP, TFTP) that can lead to Denial-of-Service (DOS) and/or abuse of resources..:
https://kb.cert.org/vuls/id/417980
www.kb.cert.org
CERT/CC Vulnerability Note VU#417980
Implementations of UDP-based application protocols are vulnerable to network loops
/ SQLi (SQL Injection) org.postgresql:postgresql Dependency in Bamboo Data Center and Server
This Critical severity org.postgresql:postgresql Dependency vulnerability was introduced in versions 8.2.1, 9.0.0, 9.1.0, 9.2.1, 9.3.0, 9.4.0, and 9.5.0 of Bamboo Data Center and Server.
https://jira.atlassian.com/browse/BAM-25716
This Critical severity org.postgresql:postgresql Dependency vulnerability was introduced in versions 8.2.1, 9.0.0, 9.1.0, 9.2.1, 9.3.0, 9.4.0, and 9.5.0 of Bamboo Data Center and Server.
https://jira.atlassian.com/browse/BAM-25716
📢 Открытый практикум DevOps by Rebrain: Как выживать инженеру в потоке тонны звонков
Время:
• 26 Марта (Вторник) 19:00 МСК
Программа:
• Подходы к оптимизации времени
• Фреймворк потока
• Капсульный подход управления календарём
• Тулсет
↘ Регистрация
Ведёт:
Александр Крылов – Опыт работы в DevOps более 7 лет. Спикер конференций: DevOps conf, TeamLead conf, Highload conf. Автор курса по Haproxy на Rebrain.
Время:
• 26 Марта (Вторник) 19:00 МСК
Программа:
• Подходы к оптимизации времени
• Фреймворк потока
• Капсульный подход управления календарём
• Тулсет
↘ Регистрация
Ведёт:
Александр Крылов – Опыт работы в DevOps более 7 лет. Спикер конференций: DevOps conf, TeamLead conf, Highload conf. Автор курса по Haproxy на Rebrain.
/ AWS one-click account takeover vulnerability...
..one-click account takeover vulnerability in the AWS Managed Workflows Apache Airflow service that could have allowed full takeover of a victim’s web management panel of the Airflow instance:
https://www.tenable.com/blog/flowfixation-aws-apache-airflow-service-takeover-vulnerability-and-why-neglecting-guardrails
..one-click account takeover vulnerability in the AWS Managed Workflows Apache Airflow service that could have allowed full takeover of a victim’s web management panel of the Airflow instance:
https://www.tenable.com/blog/flowfixation-aws-apache-airflow-service-takeover-vulnerability-and-why-neglecting-guardrails
Tenable®
FlowFixation: AWS Apache Airflow Service Takeover Vulnerability and Why Neglecting Guardrails Puts Major CSPs at Risk
Tenable Research discovered a one-click account takeover vulnerability in the AWS Managed Workflows Apache Airflow service that could have allowed full takeover of a victim’s web management panel of the Airflow instance. The discovery of this now-resolved…
/ GoFetch is a microarchitectural side-channel attack that can extract secret keys from constant-time cryptographic implementations via data memory-dependent prefetchers (DMPs).
https://gofetch.fail/
https://gofetch.fail/
gofetch.fail
GoFetch: Breaking Constant-Time Cryptographic Implementations Using Data Memory-Dependent Prefetchers
A new microarchitectural side-channel attack exploiting data memory-dependent prefetchers in Apple silicons.
/ ZenHammer: Rowhammer Attacks on AMD Zen-based Platforms
https://comsec.ethz.ch/research/dram/zenhammer/
https://comsec.ethz.ch/research/dram/zenhammer/
/ The latest emerging C2 was primarily focused on Asus devices, and grew to over 6,000 bots in a period of 72 hours.
ASUS routers under attack:
https://blog.lumen.com/the-darkside-of-themoon/
ASUS routers under attack:
https://blog.lumen.com/the-darkside-of-themoon/
Lumen Blog
The darkside of TheMoon
Learn how the Black Lotus Labs team rediscovered a botnet named TheMoon, which has eclipsed its old size and activity.
/ Alert: PROXYLIB and LumiApps Transform Mobile Devices into Proxy Nodes
Residential proxies are frequently used by threat actors to conceal malicious activity, including advertising fraud and the use of bots. Access to residential proxy networks is often purchased from other threat actors who create them through enrolling unwitting users’ devices as nodes in the network through malware embedded in mobile, CTV or desktop applications...
How VPN app can convert your device to malicious proxy node:
https://www.humansecurity.com/learn/blog/satori-threat-intelligence-alert-proxylib-and-lumiapps-transform-mobile-devices-into-proxy-nodes
Residential proxies are frequently used by threat actors to conceal malicious activity, including advertising fraud and the use of bots. Access to residential proxy networks is often purchased from other threat actors who create them through enrolling unwitting users’ devices as nodes in the network through malware embedded in mobile, CTV or desktop applications...
How VPN app can convert your device to malicious proxy node:
https://www.humansecurity.com/learn/blog/satori-threat-intelligence-alert-proxylib-and-lumiapps-transform-mobile-devices-into-proxy-nodes
📢 Открытый практикум: Кросс-командные взаимодействия - учимся жить дружно
Время:
• 2 Апреля (Вторник) 19:00 МСК
Программа:
• Предпосылки для построения или изменения процесса взаимодействия
• Построение процесса взаимодействия команд DEV, QA с DevOps командой, когда вы единая служба
• Построение процесса работы DevOps с OPS/support
↘ Детали
Ведёт:
Александр Крылов – Опыт работы в DevOps более 7 лет. Спикер конференций: DevOps conf, TeamLead conf, Highload conf. Автор курса по Haproxy на Rebrain.
Время:
• 2 Апреля (Вторник) 19:00 МСК
Программа:
• Предпосылки для построения или изменения процесса взаимодействия
• Построение процесса взаимодействия команд DEV, QA с DevOps командой, когда вы единая служба
• Построение процесса работы DevOps с OPS/support
↘ Детали
Ведёт:
Александр Крылов – Опыт работы в DevOps более 7 лет. Спикер конференций: DevOps conf, TeamLead conf, Highload conf. Автор курса по Haproxy на Rebrain.
/ Out of the shadows – ’darcula’ iMessage and RCS smishing attacks target USPS and global postal services
https://www.netcraft.com/blog/darcula-smishing-attacks-target-usps-and-global-postal-services/
https://www.netcraft.com/blog/darcula-smishing-attacks-target-usps-and-global-postal-services/
Netcraft
Out of the shadows - ’darcula’ iMessage and RCS smishing attacks target USPS and global postal services | Netcraft
Chinese-language Phishing-as-a-Service platform ‘darcula’ targets organizations in 100+ countries with sophisticated techniques using more than 20,000 phish ...
Forwarded from Sys-Admin Up (Yevgeniy Goncharov)
“CVE-2024-21388”- Microsoft Edge’s Marketing API Exploited for Covert Extension Installation
Microsoft Edge browser, designated CVE-2024–21388. This flaw could have allowed an attacker to exploit a private API, initially intended for marketing purposes, to covertly install additional browser extensions with broad permissions without the user’s knowledge.
https://labs.guard.io/cve-2024-21388-microsoft-edges-marketing-api-exploited-for-covert-extension-installation-879fe5ad35ca
Microsoft Edge browser, designated CVE-2024–21388. This flaw could have allowed an attacker to exploit a private API, initially intended for marketing purposes, to covertly install additional browser extensions with broad permissions without the user’s knowledge.
https://labs.guard.io/cve-2024-21388-microsoft-edges-marketing-api-exploited-for-covert-extension-installation-879fe5ad35ca
Medium
“CVE-2024-21388”- Microsoft Edge’s Marketing API Exploited for Covert Extension Installation
By Oleg Zaytsev (Guardio Labs)
/ PyPi Is Under Attack: Project Creation and User Registration Suspended
https://checkmarx.com/blog/pypi-is-under-attack-project-creation-and-user-registration-suspended/
https://checkmarx.com/blog/pypi-is-under-attack-project-creation-and-user-registration-suspended/
Checkmarx
PyPi Is Under Attack
A few hours ago, The Python Package Index (PyPi) suspended new project creation and new user registration to mitigate an ongoing malware upload campaign. The research team of Checkmarx simultaneously investigated a campaign of multiple malicious packages…
/ Password Spray Attacks Impacting Remote Access VPN Services
https://www.cisco.com/c/en/us/support/docs/security/secure-firewall-threat-defense/221806-password-spray-attacks-impacting-custome.html
https://www.cisco.com/c/en/us/support/docs/security/secure-firewall-threat-defense/221806-password-spray-attacks-impacting-custome.html
Cisco
Recommendations Against Password Spray Attacks Aimed at Remote Access VPN Services in Secure Firewall
This document describes recommendations to consider against password spray attacks aimed at Remote Access VPN (RAVPN) services configured on Cisco