Sys-Admin InfoSec

16 July 2024 07:37

/ “Nearly all” AT&T customers had phone records stolen in new data breach disclosure

Operatotors record all messsages and calls? It's unpleasant when it all flows out..

https://www.malwarebytes.com/blog/news/2024/07/nearly-all-att-customers-had-phone-records-stolen-in-new-data-breach-disclosure

Sys-Admin InfoSec

12 July 2024 15:56

/ Patch or Peril: A Veeam vulnerability incident

...this detailed analysis highlights how quickly the threat actors practiced the exploitation of the recently disclosed CVE-2023-27532 vulnerability (March 2023) to target unpatched Veeam Backup & Replication Software. The blog provides an overview of the attacker’s tactics, techniques, and procedures (TTPs)..:

https://www.group-ib.com/blog/estate-ransomware/

Sys-Admin InfoSec

09 July 2024 21:25

/ Windows Hyper-V Elevation of Privilege Vulnerability

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges:

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38080

Sys-Admin InfoSec

08 July 2024 09:12

/ RockYou2024: 10 billion passwords leaked in the largest compilation of all time

https://cybernews.com/security/rockyou2024-largest-password-compilation-leak/

Sys-Admin InfoSec

05 July 2024 04:59

/ Booting Linux off of Google Drive

https://ersei.net/en/blog/fuse-root

Sys-Admin InfoSec

02 July 2024 15:30

/ Vulnerabilities in CocoaPods Open the Door to Supply Chain Attacks Against Thousands of iOS and MacOS Applications

...Such an attack on the mobile app ecosystem could infect almost every Apple device, leaving thousands of organizations vulnerable to catastrophic financial and reputational damage. One of the vulnerabilities could also enable zero day attacks against the most advanced and secure organizations’ infrastructure..:

https://www.evasec.io/blog/eva-discovered-supply-chain-vulnerabities-in-cocoapods

Sys-Admin InfoSec

27 June 2024 13:55

/ GitLab Critical Patch Release: 17.1.1, 17.0.3, 16.11.5

- Run pipelines as any user
- Private job artifacts can be accessed by any user
- Denial of service using a crafted OpenAPI file
- and more..

https://about.gitlab.com/releases/2024/06/26/patch-release-gitlab-17-1-1-released/

Sys-Admin InfoSec

26 June 2024 10:30

OpenBLD.net Preventing: - Polyfill supply chain attack (hits 100K+ sites)

The polyfill.js is a popular open source library to support older browsers. 100K+ sites embed it using the cdn.polyfill.io domain...

All IoC sent to OpenBLD.net ecosystem 💪

Attack details:

https://sansec.io/research/polyfill-supply-chain-attack

Sys-Admin InfoSec

21 June 2024 04:59

/ Cloaked and Covert: Uncovering UNC3886 Espionage Operations

After exploiting zero-day vulnerabilities to gain access to vCenter servers and subsequently managed ESXi servers, the actor obtained total control of guest virtual machines that shared the same ESXi server as the vCenter server..:

https://cloud.google.com/blog/topics/threat-intelligence/uncovering-unc3886-espionage-operations

Sys-Admin InfoSec

19 June 2024 07:51

/ Backdoor BadSpace delivered by high-ranking infected websites

There is a tendency to infect WordPress websites and to inject the malicious code to the JavaScript libraries like jQuery or in the index page.

..The PowerShell code silently downloads the BadSpace backdoor and after ten seconds it executes the downloaded file using rundll32.exe..:

https://www.gdatasoftware.com/blog/2024/06/37947-badspace-backdoor

Sys-Admin InfoSec

17 June 2024 04:38

/ lnav – Awesome terminal log file viewer for Linux and Unix

https://www.cyberciti.biz/open-source/lnav-linux-unix-ncurses-terminal-log-file-viewer/

Sys-Admin InfoSec

13 June 2024 05:13

Аутлук или Оутглюк? Ясно одно - открыв письмо из него можно словить два эффекта одновременно: Critical Microsoft Outlook Vulnerability Executes as Email is Opened:

https://blog.morphisec.com/cve-2024-30103-microsoft-outlook-vulnerability

Sys-Admin InfoSec

12 June 2024 04:20

/ Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30080

Sys-Admin InfoSec

10 June 2024 07:52

/ 1/6 | How We Hacked Multi-Billion Dollar Companies in 30 Minutes Using a Fake VSCode Extension

amitassaraf/the-story-of-extensiontotal-how-we-hacked-the-vscode-marketplace-5c6e66a0e9d7" rel="nofollow">https://medium.com/@amitassaraf/the-story-of-extensiontotal-how-we-hacked-the-vscode-marketplace-5c6e66a0e9d7

Sys-Admin InfoSec

06 June 2024 09:45

📢 Открытые практикумы DevOps, Linux, Networks, Golang: Расписание на неделю
⁠
• 10 июня Networks: Системы мониторинга VoIP
• 11 июня Linux: Низкоуровневые интерфейсы Linux
• 13 июня DevOps: Мониторинг и нагрузочное тестирование Angie

Детали ↘ Здесь

Sys-Admin InfoSec

15 July 2024 04:11

/ Apple warns iPhone users in 98 countries of spyware attacks

https://techcrunch.com/2024/07/10/apple-alerts-iphone-users-in-98-countries-to-mercenary-spyware-attacks/

Sys-Admin InfoSec

12 July 2024 09:05

/ Leaked access token with administrator access to Python’s GitHub repos

The JFrog Security Research team has recently discovered and reported a leaked access token with administrator access to Python’s, PyPI’s and Python Software Foundation’s GitHub repositories, which was leaked in a public Docker container hosted on Docker Hub..:

https://jfrog.com/blog/leaked-pypi-secret-token-revealed-in-binary-preventing-suppy-chain-attack/

Sys-Admin InfoSec

08 July 2024 21:25

/ blog.ethereum.org mailing list incident

On 2024-06-23, 00:19 AM UTC, a phishing email was sent out to 35,794 emails..:

https://blog.ethereum.org/2024/07/02/blog-incident

Sys-Admin InfoSec

05 July 2024 07:32

/ Microsoft will end new Office 365 connectors to Teams on August 15, October

https://devblogs.microsoft.com/microsoft365dev/retirement-of-office-365-connectors-within-microsoft-teams/

Sys-Admin InfoSec

02 July 2024 19:04

/ CapraTube Remix | Transparent Tribe’s Android Spyware Targeting Gamers...

The new versions of CapraRAT each use WebView to launch a URL to either YouTube or a mobile gaming site, CrazyGames[.]com. There is no indication that an app with the same name, Crazy Games, is weaponized as it does not require several key CapraRAT permissions, such as sending SMS, making calls, accessing contacts, or recording audio and video..:

https://www.sentinelone.com/labs/capratube-remix-transparent-tribes-android-spyware-targeting-gamers-weapons-enthusiasts/

Sys-Admin InfoSec

01 July 2024 17:07

regreSSHion: Remote Unauthenticated Code Execution Vulnerability in OpenSSH server

https://blog.qualys.com/vulnerabilities-threat-research/2024/07/01/regresshion-remote-unauthenticated-code-execution-vulnerability-in-openssh-server

Sys-Admin InfoSec

27 June 2024 09:01

/ The Growing Threat of Malware Concealed Behind Cloud Services

- Affected Platforms: Linux Distributions
- Impacted Users: Any organization
- Impact: Remote attackers gain control of the vulnerable systems
- Severity Level: High

Cybersecurity threats are increasingly leveraging cloud services to store, distribute, and establish command and control (C2) servers, such as VCRUMS stored on AWS or SYK Crypter distributed via DriveHQ. This shift in strategy presents significant challenges for detection and prevention, as cloud services provide scalability, anonymity, and resilience that traditional hosting methods lack..:

https://www.fortinet.com/blog/threat-research/growing-threat-of-malware-concealed-behind-cloud-services

Sys-Admin InfoSec

25 June 2024 12:20

/ Any.Run - Phishing Incident Report: Facts and Timeline

...part of a business email compromise (BEC) phishing campaign:

https://any.run/cybersecurity-blog/phishing-incident-report/

Sys-Admin InfoSec

20 June 2024 17:38

/ New Diamorphine rootkit variant seen undetected in the wild

https://decoded.avast.io/davidalvarez/new-diamorphine-rootkit-variant-seen-undetected-in-the-wild/

Sys-Admin InfoSec

17 June 2024 14:59

/ D-Link router - Hidden Backdoor

Certain models of D-Link wireless routers contain an undisclosed factory testing backdoor. Unauthenticated attackers on the local area network can force the device to enable Telnet service by accessing a specific URL and can log in by using the administrator credentials obtained from analyzing the firmware:

https://www.twcert.org.tw/en/cp-139-7880-629f5-2.html

Sys-Admin InfoSec

13 June 2024 13:02

/ AutoIt Delivering Vidar Stealer Via Drive-by Downloads

Dangerous KMSPico activator tool..:

https://www.esentire.com/blog/autoit-delivering-vidar-stealer-via-drive-by-downloads

Sys-Admin InfoSec

13 June 2024 05:11

/ FortiOS RCE

Multiple stack-based buffer overflow vulnerabilities [CWE-121] in the command line interpreter of FortiOS may allow an authenticated attacker to execute unauthorized code or commands via specially crafted command line arguments:

https://www.fortiguard.com/psirt/FG-IR-23-460

Sys-Admin InfoSec

11 June 2024 10:43

/ Bypassing 2FA with phishing and OTP bots

https://securelist.com/2fa-phishing/112805/

Sys-Admin InfoSec

07 June 2024 09:27

/ Muhstik Malware Targets Message Queuing Services Applications

https://www.aquasec.com/blog/muhstik-malware-targets-message-queuing-services-applications/

Sys-Admin InfoSec

05 June 2024 11:55

/ PikaBot: a Guide to its Deep Secrets and Operations

PikaBot is a malware loader... several sources reported that successful PikaBot compromises led to the deployment of the Black Basta ransomware...

This article provides an in-depth analysis of PikaBot, focusing on its anti-analysis techniques implemented in the different malware stages. Additionally, this report shares technical details on PikaBot C2 infrastructure:

https://blog.sekoia.io/pikabot-a-guide-to-its-deep-secrets-and-operations/