/ DarkGate malware delivered via Microsoft Teams - detection and response
https://cybersecurity.att.com/blogs/security-essentials/darkgate-malware-delivered-via-microsoft-teams-detection-and-response
/ A false-alarm incident involving Panda Security software leads to three very real CVEs
..an attacker might be able to achieve RCE by chaining CVE-2023-6330 with other vulnerabilities..:
https://news.sophos.com/en-us/2024/01/25/multiple-vulnerabilities-discovered-in-widely-used-security-driver/
/ GitLab - upgraded to the latest version as soon as possible
Crirtucal security release:
https://about.gitlab.com/releases/2024/01/11/critical-security-release-gitlab-16-7-2-released/
📢 Открытый практикум DevOps by Rebrain: Практика управления ошибками спринта в DevOps
• 30 Января (Вторник) 19:00 МСК.
↘ Детали
Программа:
• Что такое RCA
• Спринтовое планирование
• Проводим RCA и соотносим со сквозным бэклогом
Ведёт:
Александр Крылов – Team Lead DevOps. Опыт работы в DevOps более 7 лет. Спикер конференций: DevOps conf, TeamLead conf, Highload conf. Автор курса по Haproxy на Rebrain.
/ Malicious npm packages target developer SSH keys
warbeast2000, kodiak2k... Malicious actors looking to obtain SSH keys from developers is an alarming development. Detailed research:
https://www.reversinglabs.com/blog/gitgot-cybercriminals-using-github-to-store-stolen-data
/ Deserialization of Untrusted Data on Splunk Enterprise for Windows through Path Traversal from Separate Disk Partition
- Mitigations and WorkaroundsPermalink: N/A
- DetectionsPermalink: None
- SeverityPermalink: High
https://advisory.splunk.com/advisories/SVD-2024-0108
/ A lightweight method to detect potential iOS malware
https://securelist.com/shutdown-log-lightweight-ios-malware-detection-method/111734/
😡 OpenBLD.net growth with AlphaVPS
New OpenBLD points of presence have been added in the world thanks to AlphaVPS!
AlphaVPS.com - Fast & Cheap VPS, Cloud Servers and few servers from AlphaVPS stay which located in Bulgaria and Germany joined in to OpenBLD.net ecosystem.
As you know one of the our prioritites - fast DoH/DoT responses and 1GBit/s from AlphaVPS it is good base for this requirements.
One server already available for users (see status of Ada-h4), second server will be available in the next few days. Enjoy it 🚀
P.S. Few times ago I posted OpenBLD.net IPv6 Pre-Release notice, in few near weeks I'll plan implement DoH/DoT IPv6 for users in Europe, I'll tell about this later 😎...
/ CVE-2023-4001: a vulnerability in the (downstream) GRUB boot manager
https://dfir.ru/2024/01/15/cve-2023-4001-a-vulnerability-in-the-downstream-grub-boot-manager/
/ Hundreds of Thousands of Dollars Worth of Solana Cryptocurrency Assets Stolen in Recent CLINKSINK Drainer Campaigns
- Overview of CLINKSINK Drainer Campaigns
- Initial Analysis of CLINKSINK
- Distribution of Stolen Solana Cryptocurrency Funds
- Multiple DaaS Offerings Use CLINKSINK
- Outlook and Implications
- YARA Rules
https://www.mandiant.com/resources/blog/solana-cryptocurrency-stolen-clinksink-drainer-campaigns
📢 Открытый практикум DevOps by Rebrain: Запуск Nginx и Angie в Docker
↘ Регистрация
Время:
16 Января (Вторник) 19:00 МСК
Программа:
• Основы контейнеризации веб-сервера
• Зачем использовать контейнер для Nginx
• Особенности веб-сервера Angie и сравнение с Nginx
• Запуск Nginx и Angie в Docker-контейнерах
• Настройка конфигурации
• Работа с логами
• Хранение данных веб-приложения
Ведёт:
• Николай Лавлинский – Технический директор. Веб-разработчик более 15 лет. Спикер конференций HighLoad++, РИТ++. Специализация: ускорение сайтов и веб-приложений
/ Deceptive Cracked Software Spreads Lumma Variant on YouTube
https://www.fortinet.com/blog/threat-research/lumma-variant-on-youtube
Open Thank You Message.
First of all, thanks to all users of the OpenBLD.net service. Thank you for trusting, service using, contributing and providing feedback.
Some companies, like the people in them, also trust the service and support it with system resources and OSS licenses, which allows the service to grow, be faster, and expand points of presence around the world.
Thanks everyone. I also wrote an Open Tnak You Letter in my blog post to everyone who supported.
Everyone who wants to support, add their logo or name to the project website, support the OpenBLD.net project and receive this benefits.
Peace to all ✌️
Let’s Get Ready to Rumble!!
Let the leap year 🎄 bring only high profits and high success!)) Peace ✌️
🚀 Glad to present the new release zDNS v0.1.3! 🎉
Following Zero Trust practices, I recently wrote and am slowly beginning to introduce new “blackhole” functionality into the OpenBLD.net DNS ecosystem
zDNS is a DNS server that puts security and control over DNS queries at the center. With new functionality, zDNS now supports regular expressions in hosts.txt files, allowing more flexibility in configuring allowed queries. Now you can use the power of regular expressions to precisely control permissions, including subdomains and patterns.
Main features:
🛑 Denies all DNS queries by default.
✅ Allows you to configure allowed requests through the hosts.txt file.
🔄 Uses balancing strategies to ensure reliable operation with DNS servers.
🛠Easily customizable via YAML configuration.
🔜 Prometheus metrics coming soon
Additional protection of your infrastructure or testing requests with zDNS is possible and may be useful to you! Download the latest version here and start using a DNS server with powerful customization options:
https://github.com/m0zgen/zdns/tree/dev
#zDNS #DNS #Security #Release #News
/ Prevent credential exposure with OIDC for GitHub Actions
Many different CI/CD patterns that cause us to raise our eyebrows. One situation in particular that we encounter relatively often is the unsafe use of AWS credentials.
OpenID Connect is an authentication standard, which when coupled with GitHub Actions, offers a more secure alternative for authentication when compared to utilizing traditional access keys..:
https://blog.cloudsecuritypartners.com/oidc-for-github-actions/
/ Info Stealing Packages Hidden in PyPI
The identified packages—nigpal, figflix, telerer, seGMM, fbdebug, sGMM, myGens, NewGends, and TestLibs111—exhibit attack methodologies similar to those outlined in a Checkmarx blog post published four months ago...
The packages released before December 2023 are very similar to those discussed in earlier blog posts. Specifically, they deploy Whitesnake PE malware if the victim’s device runs on Windows, or they can deliver a Python script designed to steal information from Linux devices..:
https://www.fortinet.com/blog/threat-research/info-stealing-packages-hidden-in-pypi
/ Phishing Microsoft Teams for initial access
https://pushsecurity.com/blog/phishing-microsoft-teams-for-initial-access/
🚀 zDNS Released with Big Updates and Features
Few month ago I stared develop from scratch zDNS service, now it's can:
- Restrict DNS queries by type like as A, AAAA, HTTPS, CNAME, MX, PTR..
- Balancing DNS traffic between upstream servers
- Providing Prometheus metrics
- DNS responses caching by custom TTL
- Has few working modes - Zero Trust, Allow/Blocking
- Has separated "Permanent" mode with additional custom upstream DNS servers
- Can load allow/block lists from local and remote through HTTP(S)
- Create/Delete custom users with different configs and hosts files
- and more...
New opportunities, features, looking forward, and info about of new OpenBLD.net Personal Usage Testing pre-relase see here:
https://openbld.net/blog/zdns-big-updates-and-features/
/ JAVA-Based Sophisticated Stealer Using Discord Bot as EventListener
https://www.trellix.com/about/newsroom/stories/research/java-based-sophisticated-stealer-using-discord-bot-as-eventlistener/
📢 Открытый практикум: DWARF, ELF & ptrace или как работает ваш дебагер
↘ Регистрация
Время:
• 23 Января (Вторник) в 19:00 по МСК
Программа:
• Разберём устройство современного дебагера
• Научимся использовать системный вызов ptrace
• Рассмотрим форматы ELF и DWARF
• Напишем простой отладчик, используя полученные знания
Ведёт:
• Константин Деревцов – Rust разработчик.
/ Undetected macOS InfoStealers | KeySteal, Atomic & CherryPie Continue to Adapt
https://www.sentinelone.com/blog/the-many-faces-of-undetected-macos-infostealers-keysteal-atomic-cherrypie-continue-to-adapt/
/ CVE-2023-36025 Exploited for Defense Evasion in Phemedrone Stealer Campaign
This blog delves into the Phemedrone Stealer campaign's exploitation of CVE-2023-36025, the Windows Defender SmartScreen Bypass vulnerability, for its defense evasion and investigates the malware's payload:
https://www.trendmicro.com/en_us/research/24/a/cve-2023-36025-exploited-for-defense-evasion-in-phemedrone-steal.html
JunOS RCE (critical status)
https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-SRX-Series-and-EX-Series-Security-Vulnerability-in-J-web-allows-a-preAuth-Remote-Code-Execution-CVE-2024-21591?language=en_US
/ The malware is spread over SSH protocol using a custom Mirai botnet that was modified by the threat actors.
https://www.akamai.com/blog/security-research/mirai-based-noabot-crypto-mining
/ Hyper-V RCE and Kerberos Bypass
MS released two fixes for..:
Windows Kerberos Security Feature Bypass Vulnerability
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20674
Windows Hyper-V Remote Code Execution Vulnerability
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20700
How Does PCI DSS 4.0 Affect Web Application Firewalls?
https://www.tripwire.com/state-of-security/how-does-pci-dss-40-affect-web-application-firewalls
/ Compromising Google Accounts: Malwares Exploiting Undocumented OAuth2 Functionality for session hijacking
https://cloudsek.com/blog/compromising-google-accounts-malwares-exploiting-undocumented-oauth2-functionality-for-session-hijacking
/ RAR SFX with LNK Infection Vector
https://www.deepinstinct.com/blog/threat-actor-uac-0099-continues-to-target-ukraine
/ use-after-free vulnerability in the implementation in Linux kernel nf_tables
Openwall note: https://www.openwall.com/lists/oss-security/2023/12/22/6
Exploit prototype - https://www.openwall.com/lists/oss-security/2023/12/22/6/1