regreSSHion: Remote Unauthenticated Code Execution Vulnerability in OpenSSH server

https://blog.qualys.com/vulnerabilities-threat-research/2024/07/01/regresshion-remote-unauthenticated-code-execution-vulnerability-in-openssh-server

/ Vulnerabilities in CocoaPods Open the Door to Supply Chain Attacks Against Thousands of iOS and MacOS Applications

...Such an attack on the mobile app ecosystem could infect almost every Apple device, leaving thousands of organizations vulnerable to catastrophic financial and reputational damage. One of the vulnerabilities could also enable zero day attacks against the most advanced and secure organizations’ infrastructure..:

https://www.evasec.io/blog/eva-discovered-supply-chain-vulnerabities-in-cocoapods

/ CapraTube Remix | Transparent Tribe’s Android Spyware Targeting Gamers...

The new versions of CapraRAT each use WebView to launch a URL to either YouTube or a mobile gaming site, CrazyGames[.]com. There is no indication that an app with the same name, Crazy Games, is weaponized as it does not require several key CapraRAT permissions, such as sending SMS, making calls, accessing contacts, or recording audio and video..:

https://www.sentinelone.com/labs/capratube-remix-transparent-tribes-android-spyware-targeting-gamers-weapons-enthusiasts/

/ Booting Linux off of Google Drive

https://ersei.net/en/blog/fuse-root

/ Microsoft will end new Office 365 connectors to Teams on August 15, October

https://devblogs.microsoft.com/microsoft365dev/retirement-of-office-365-connectors-within-microsoft-teams/

/ RockYou2024: 10 billion passwords leaked in the largest compilation of all time

https://cybernews.com/security/rockyou2024-largest-password-compilation-leak/

/ blog.ethereum.org mailing list incident

On 2024-06-23, 00:19 AM UTC, a phishing email was sent out to 35,794 emails..:

https://blog.ethereum.org/2024/07/02/blog-incident

/ Windows Hyper-V Elevation of Privilege Vulnerability

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges:

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38080

/ Leaked access token with administrator access to Python’s GitHub repos

The JFrog Security Research team has recently discovered and reported a leaked access token with administrator access to Python’s, PyPI’s and Python Software Foundation’s GitHub repositories, which was leaked in a public Docker container hosted on Docker Hub..:

https://jfrog.com/blog/leaked-pypi-secret-token-revealed-in-binary-preventing-suppy-chain-attack/

/ Patch or Peril: A Veeam vulnerability incident

...this detailed analysis highlights how quickly the threat actors practiced the exploitation of the recently disclosed CVE-2023-27532 vulnerability (March 2023) to target unpatched Veeam Backup & Replication Software. The blog provides an overview of the attacker’s tactics, techniques, and procedures (TTPs)..:

https://www.group-ib.com/blog/estate-ransomware/

/ Apple warns iPhone users in 98 countries of spyware attacks

https://techcrunch.com/2024/07/10/apple-alerts-iphone-users-in-98-countries-to-mercenary-spyware-attacks/

/ “Nearly all” AT&T customers had phone records stolen in new data breach disclosure

Operatotors record all messsages and calls? It's unpleasant when it all flows out..

https://www.malwarebytes.com/blog/news/2024/07/nearly-all-att-customers-had-phone-records-stolen-in-new-data-breach-disclosure

/ Void Banshee Targets Windows Users Through Zombie Internet Explorer in Zero-Day Attacks

https://www.trendmicro.com/en_id/research/24/g/CVE-2024-38112-void-banshee.html

Vulnerabilities in VPN

- Paper presented at the Privacy Enhancing Technologies Symposium 2024
- PoC

/ SEG vs. SEG: How Threat Actors are Pitting Email Security Products Against Each Other With Encoded URLs

https://cofense.com/blog/seg-vs-seg-how-threat-actors-are-pitting-email-security-products-against-each-other/

/ New Recovery Tool to help with CrowdStrike issue impacting Windows endpoints

https://techcommunity.microsoft.com/t5/intune-customer-success/new-recovery-tool-to-help-with-crowdstrike-issue-impacting/ba-p/4196959

/ EvilVideo: Telegram app for Android targeted by zero-day exploit sending malicious videos

https://www.eset.com/uk/about/newsroom/press-releases/set-research-discovers-evilvideo-telegram-app-for-android-targeted-by-zero-day-exploit-sending-malicious-videos/

🦄 Йоу! Хорош спать. Поднимай взор на темы докладов Open SysConf'24

Во первых. Теперь каждый может внести лепту в создание сайта, исправлении ошибок на нем и так далее.
Во вторых. Мы имеем место и дату - 12 Октяря, 2024 года.

В третьихх. Мы имеем четрые крутых заявленых доклада:

1. Три системы, которые ты захочешь развернуть и настроить
2. Внедрение вредоносного кода в андроид приложения.
3. Open(Secure)Source
4. Синтез молекулярных единиц в микросервисах

Иди на сайт и регистрируйся, пока есть места.

Дев. сайт: https://sysconf-io.pages.dev/2024

/ Anyone can Access Deleted and Private Repository Data on GitHub

You can access data from deleted forks, deleted repositories and even private repositories on GitHub. And it is available forever. This is known by GitHub, and intentionally designed that way.

This is such an enormous attack vector for all organizations that use GitHub that we’re introducing a new term: Cross Fork Object Reference (CFOR)...:

https://trufflesecurity.com/blog/anyone-can-access-deleted-and-private-repo-data-github

Happy Sys-Adm.in Day))!

Specula - Turning Outlook Into a C2 With One Registry Change

https://trustedsec.com/blog/specula-turning-outlook-into-a-c2-with-one-registry-change

Microsoft Outlook Security Feature Bypass Vulnerability

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2017-11774