Forwarded from Yevgeniy Goncharov
Два месяца и все, мы:
• готовим доклады
• ждем доклады
• ждем тебя уважаемый <
username>!Пока идет подготовка, собрав в кучу время, силы и налобав страницу конференции 24-го года, прибив ее в нужное место на сайте:
Кто хочет посмотреть о чем мы вещали в предыдущие года, ссылки есть на главной sysconf.io
Забивай время в календаре - 12 Октября, в SmartPoint!
Не забудь отметиться в регистрационной форме, это нам нужно для организации мест в зале. Ждем!
Please open Telegram to view this post
VIEW IN TELEGRAM
/ Windows TCP/IP Remote Code Execution Vulnerability
Mitigations - Systems are not affected if IPv6 is disabled on the target machine...)
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38063
Mitigations - Systems are not affected if IPv6 is disabled on the target machine...)
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38063
Forwarded from OpenBLD.net (Yevgeniy Goncharov)
Да, это сладкое чуство, когда ты первый, когда мы все первые! Показатель плавающий, но на текущий момент, это показатель, и он радует!
Это говорит о том, что защита OpenBLD.net
Показатель, который обошел - Cloudflare, Quad9, AdGuard, dns0 и даже ProtonDNS
С чем, всех и поздравляю. Едем дальше!
Что такое OpenBLD.net и как его использовать - https://openbld.net/
Please open Telegram to view this post
VIEW IN TELEGRAM
/ Tusk: unraveling a complex infostealer campaign
targets: Windows, macOS..:
https://securelist.com/tusk-infostealers-campaign/113367/
targets: Windows, macOS..:
https://securelist.com/tusk-infostealers-campaign/113367/
Securelist
Tusk campaign uses infostealers and clippers for financial gain
Kaspersky researchers discovered Tusk campaign with ongoing activity that uses Danabot and StealC infostealers and clippers to obtain cryptowallet credentials and system data.
/ "WireServing" Up Credentials: Escalating Privileges in Azure Kubernetes Services
...An attacker with access to a vulnerable Microsoft Azure Kubernetes Services cluster could have escalated privileges and accessed credentials for services used by the cluster...:
https://cloud.google.com/blog/topics/threat-intelligence/escalating-privileges-azure-kubernetes-services/
...An attacker with access to a vulnerable Microsoft Azure Kubernetes Services cluster could have escalated privileges and accessed credentials for services used by the cluster...:
https://cloud.google.com/blog/topics/threat-intelligence/escalating-privileges-azure-kubernetes-services/
Google Cloud Blog
"WireServing" Up Credentials: Escalating Privileges in Azure Kubernetes Services | Google Cloud Blog
An attacker with access to a vulnerable Microsoft Azure Kubernetes Services cluster could have escalated privileges and accessed credentials for services used by the cluster.
/ Fixes SolarWinds Web Help Desk Hardcoded Credential Vulnerability 🤦
SolarWinds released hotfix for Help Desk Ticketing software...
https://support.solarwinds.com/SuccessCenter/s/article/SolarWinds-Web-Help-Desk-12-8-3-Hotfix-2
SolarWinds released hotfix for Help Desk Ticketing software...
https://support.solarwinds.com/SuccessCenter/s/article/SolarWinds-Web-Help-Desk-12-8-3-Hotfix-2
Solarwinds
SolarWinds Web Help Desk 12.8.3 Hotfix 2
This hotfix addresses the SolarWinds Web Help Desk Broken Access Control Remote Code Execution vulnerability fixed in WHD 12.8.3 Hotfix 1, as well as fixing the SolarWinds Web Help Desk Hardcoded Credential vulnerability, and restoring the affected product…
♨️ KazHackStan'24: Крупнейшая конфа, неоспоримость факта
Аккуратность такта, много InfoSec артефактов, место где не будешь ждать антракта
Готовь органы слуха, материал подобран и отобран, мой спич о Неявной превентивной защите одобрен!
Интро:
Неявная превентивная защита - этот термин я придумал несколько лет назад ввиду обнаруженной архаичности и шаблонности киберзащитных подходов во взглядах многих специалистов. Атаки, инциденты, материализации информационных рисков идут скоростными темпами, а подходы к защите идут темпами регламентированными различными вендорами. Но что если вендоры не успевают?
В своем докладе я расскажу о том, какие вижу угрозы в некоторых направлениях жизни и бизнес-моделей, как стараюсь их нивелировать, раскрывая суть моего подхода названным, как “неявная превентивная защита”, будучи сам себе клевым поставщиком решений.
Сайт конфы: https://kazhackstan.com
До встречи на KazHackStan 2024! Всем Peace ✌️
Аккуратность такта, много InfoSec артефактов, место где не будешь ждать антракта
Готовь органы слуха, материал подобран и отобран, мой спич о Неявной превентивной защите одобрен!
Интро:
Неявная превентивная защита - этот термин я придумал несколько лет назад ввиду обнаруженной архаичности и шаблонности киберзащитных подходов во взглядах многих специалистов. Атаки, инциденты, материализации информационных рисков идут скоростными темпами, а подходы к защите идут темпами регламентированными различными вендорами. Но что если вендоры не успевают?
В своем докладе я расскажу о том, какие вижу угрозы в некоторых направлениях жизни и бизнес-моделей, как стараюсь их нивелировать, раскрывая суть моего подхода названным, как “неявная превентивная защита”, будучи сам себе клевым поставщиком решений.
Сайт конфы: https://kazhackstan.com
До встречи на KazHackStan 2024! Всем Peace ✌️
Keylogger in Pidgin
…If you happened to install this plugin, you will want to uninstall it immediately…:
https://pidgin.im/posts/2024-08-malicious-plugin/
…If you happened to install this plugin, you will want to uninstall it immediately…:
https://pidgin.im/posts/2024-08-malicious-plugin/
pidgin.im
Malicious Plugin
Greetings everyone. It is with much regret that I am writing this post. A plugin, ss-otr, was added to the third party plugins list on July 6th. On August 16th we received a report from 0xFFFC0000 that the plugin contained a key logger and shared screen shots…
/ The Malware That Must Not Be Named: Suspected Espionage Campaign Delivers “Voldemort”
...Voldemort’s attack chain has unusual, customized functionality including using Google Sheets for command and control (C2) and using a saved search file on an external share...:
https://www.proofpoint.com/us/blog/threat-insight/malware-must-not-be-named-suspected-espionage-campaign-delivers-voldemort
...Voldemort’s attack chain has unusual, customized functionality including using Google Sheets for command and control (C2) and using a saved search file on an external share...:
https://www.proofpoint.com/us/blog/threat-insight/malware-must-not-be-named-suspected-espionage-campaign-delivers-voldemort
Proofpoint
New Voldemort Malware Espionage Campaign | Proofpoint US
Learn how to defend yourself from the Voldemort malware campaign’s espionage with Proofpoint. Protect yourself from Chinese spyware threats.
/ How multiple vulnerabilities in Microsoft apps for macOS pave the way to stealing permissions
https://blog.talosintelligence.com/how-multiple-vulnerabilities-in-microsoft-apps-for-macos-pave-the-way-to-stealing-permissions/
https://blog.talosintelligence.com/how-multiple-vulnerabilities-in-microsoft-apps-for-macos-pave-the-way-to-stealing-permissions/
Cisco Talos Blog
How multiple vulnerabilities in Microsoft apps for macOS pave the way to stealing permissions
An adversary could exploit these vulnerabilities by injecting malicious libraries into Microsoft's applications to gain their ennoscriptments and user-granted permissions.
День общения и взаимосвязи. Расписание докладов еще формируется, но ряд тематик уже известны.
Однозначно понятно, что здесь будет Kubernetes и OpenStack, и одноименные/взаимосвязанные практики.
DevOps - тренд и так или иначе ИТ специалисты должны быть осведомлены об этом направлении, онлайн трансляция обещает присутствовать.
Все детали здесь - DevOpsDays.kz
Please open Telegram to view this post
VIEW IN TELEGRAM
/ Threat Actors Target the Middle East Using Fake Palo Alto GlobalProtect Tool
https://www.trendmicro.com/en_us/research/24/h/threat-actors-target-middle-east-using-fake-tool.html
https://www.trendmicro.com/en_us/research/24/h/threat-actors-target-middle-east-using-fake-tool.html
Trend Micro
Threat Actors Target the Middle East Using Fake Palo Alto GlobalProtect Tool
Threat actors are targeting users in the Middle East by distributing sophisticated malware disguised as the Palo Alto GlobalProtect tool.
/ Spoofed GlobalProtect Used to Deliver Unique WikiLoader Variant
WikiLoader is a multistage malware loader that adversaries developed with consideration toward evasion..
..The advertisements we observed linked to multiple fake sites serving spoofed GlobalProtect installers..:
https://unit42.paloaltonetworks.com/global-protect-vpn-spoof-distributes-wikiloader/
WikiLoader is a multistage malware loader that adversaries developed with consideration toward evasion..
..The advertisements we observed linked to multiple fake sites serving spoofed GlobalProtect installers..:
https://unit42.paloaltonetworks.com/global-protect-vpn-spoof-distributes-wikiloader/
Unit 42
Spoofed GlobalProtect Used to Deliver Unique WikiLoader Variant
Unit 42 discusses WikiLoader malware spoofing GlobalProtect VPN, detailing evasion techniques, malicious URLs, and mitigation strategies. Unit 42 discusses WikiLoader malware spoofing GlobalProtect VPN, detailing evasion techniques, malicious URLs, and mitigation…
Forwarded from Sys-Admin Up (Yevgeniy Goncharov)
Revival Hijack – PyPI hijack technique exploited in the wild, puts 22K packages at risk
https://jfrog.com/blog/revival-hijack-pypi-hijack-technique-exploited-22k-packages-at-risk/
https://jfrog.com/blog/revival-hijack-pypi-hijack-technique-exploited-22k-packages-at-risk/
JFrog
Revival Hijack - PyPI hijack technique exploited in the wild, puts 22K packages at risk
JFrog’s security research team continuously monitors open-source software registries, proactively identifying and addressing potential malware and vulnerability threats to foster a secure and reliable ecosystem for open-source software development and deployment.…
New RansomHub attack uses TDSKiller and LaZagne, disables EDR
https://www.threatdown.com/blog/new-ransomhub-attack-uses-tdskiller-and-lazagne-disables-edr/
https://www.threatdown.com/blog/new-ransomhub-attack-uses-tdskiller-and-lazagne-disables-edr/
ThreatDown by Malwarebytes
New RansomHub attack uses TDSSKiller and LaZagne, disables EDR - ThreatDown by Malwarebytes
The attack signals a new shift in RansomHub’s arsenal of tools.
Quad7 botnet - compromising several brands of SOHO routers and VPN appliances, including TP-LINK, Zyxel, Asus, Axentra, D-Link, and Netgear, using multiple vulnerabilities..
https://blog.sekoia.io/a-glimpse-into-the-quad7-operators-next-moves-and-associated-botnets/
https://blog.sekoia.io/a-glimpse-into-the-quad7-operators-next-moves-and-associated-botnets/
Sekoia.io Blog
A glimpse into the Quad7 operators' next moves and associated botnets
Uncover the secrets of the Quad7 botnet and its ever-evolving toolset. Learn about the new backdoors and protocols used by these operators.
GitLab Critical Patch Release (17.3.2, 17.2.5, 17.1.7)
- Execute environment stop actions as the owner of the stop action job
- Prevent code injection in Product Analytics funnels YAML
- SSRF via Dependency Proxy
- Denial of Service via sending a large glm_source parameter
GitLab say: We strongly recommend that all installations running a version affected by the issues described below are upgraded to the latest version as soon as possible.
https://about.gitlab.com/releases/2024/09/11/patch-release-gitlab-17-3-2-released/
- Execute environment stop actions as the owner of the stop action job
- Prevent code injection in Product Analytics funnels YAML
- SSRF via Dependency Proxy
- Denial of Service via sending a large glm_source parameter
GitLab say: We strongly recommend that all installations running a version affected by the issues described below are upgraded to the latest version as soon as possible.
https://about.gitlab.com/releases/2024/09/11/patch-release-gitlab-17-3-2-released/
CloudImposer: Executing Code on Millions of Google Servers with a Single Malicious Package
https://www.tenable.com/blog/cloudimposer-executing-code-on-millions-of-google-servers-with-a-single-malicious-package
https://www.tenable.com/blog/cloudimposer-executing-code-on-millions-of-google-servers-with-a-single-malicious-package
Tenable®
CloudImposer: Executing Code on Millions of Google Servers with a Single Malicious Package
Tenable Research discovered a remote code execution (RCE) vulnerability in Google Cloud Platform (GCP) that is now fixed and that we dubbed CloudImposer. The vulnerability could have allowed an attacker to hijack an internal software dependency that Google…
D-Link - Attacker can use hard-coded credentials. Critical Router Vulnerabilities.
https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10412
https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10412
/ Zero-Click RCE Bug in macOS Calendar Exposes iCloud Data
bypassed the Calendar sandbox, Gatekeeper, and TCC in a chain attack that allowed for wanton theft of iCloud photos..:
https://www.darkreading.com/vulnerabilities-threats/zero-click-rce-bug-macos-calendar-exposes-icloud-data
bypassed the Calendar sandbox, Gatekeeper, and TCC in a chain attack that allowed for wanton theft of iCloud photos..:
https://www.darkreading.com/vulnerabilities-threats/zero-click-rce-bug-macos-calendar-exposes-icloud-data
Dark Reading
Zero-Click RCE Bug in macOS Calendar Exposes iCloud Data
A researcher bypassed the Calendar sandbox, Gatekeeper, and TCC in a chain attack that allowed for wanton theft of iCloud photos.