Sys-Admin InfoSec

2022-02-10 15:34:21 / NaturalFreshMall: a mass store hack

More than 350 ecommerce stores infected with malware in a single day. Magento under attack..:

https://sansec.io/research/naturalfreshmall-mass-hack

And another article from the same category - Critical Vulnerabilities in PHP Everywhere Allow Remote Code Execution

https://www.wordfence.com/blog/2022/02/critical-vulnerabilities-in-php-everywhere-allow-remote-code-execution/ Open / Comment

2022-02-10 10:54:49 StackScraper - Capturing sensitive data using real-time stack scanning against a remote process

tool to show how much data can be extracted from a running process without requiring any injection techniques

https://www.x86matthew.com/view_post?id=stack_scraper Open / Comment

2022-02-10 10:45:00  
Открытые практикумы DevOps и Linux by Rebrain (15 и 16 Февраля)

Модульное управление инфраструктурой с помощью Terraform + Terragrunt
• Познакомимся с инструментом Terragrunt
• Создадим типовой моно репозиторий с инфраструктурой
• Определим, какие плюсы и минусы появляются при работе с Terragrun
• 15 Февраля 19.00 МСК. Регистрация

Linux by Rebrain: Маршрутизатор на базе Linux
• Как включить маршрутизацию в Linux
• Полноценный маршрутизатор
• Маршрутизатор с NAT
• 16 Февраля 20.00 МСК. Регистрация

#free #webinar #dnt Open / Comment

2022-02-10 08:49:50 / Most Common Antivirus Evasion and Bypass Techniques

The following are some of the most prevalent methods used by hackers to avoid antivirus detection:

https://www.socinvestigation.com/most-common-antivirus-evasion-and-bypass-techniques/

Additional article - Top 10 web hacking techniques of 2021

..the latest iteration of our annual community-powered effort to identify the most significant web security research released in the last year:

https://portswigger.net/research/top-10-web-hacking-techniques-of-2021 Open / Comment

2022-02-09 18:21:13 / Attackers Disguise RedLine Stealer as a Windows 11 Upgrade

Threat actors are always looking for topical lures to socially engineer victims into infecting systems. We recently analyzed one such lure, namely a fake Windows 11 installer.

https://threatresearch.ext.hp.com/redline-stealer-disguised-as-a-windows-11-upgrade/ Open / Comment

2022-02-09 15:00:31 NGINX - If is Evil... when used in location context

(EN) Directive if has problems when used in location context, in some cases it doesn’t do what you expect but something completely different instead. In some cases it even segfaults. It’s generally a good idea to avoid it if possible.

(RU) Директива if - у нее есть проблемы при использовании в контексте локаций, в некоторых случаях эта директива делает не то, что ожидается, а нечто совершенно другое.

На оф. сайте рекомендуют избегать этой директивы, если это возможно. А ты знал? Я нет - сюрприз

https://www.nginx.com/resources/wiki/start/topics/depth/ifisevil/ Open / Comment

2022-02-09 09:33:13 Windows DNS Server Remote Code Execution Vulnerability

CVE-2022-21984 (important update)

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21984 Open / Comment

2022-02-09 08:47:42 Exploring extensions of dependency confusion attacks via npm package aliasing

Dependency confusion attacks are a form of open source supply chain security attacks in which an attacker exploits how package managers install dependencies. In a prior post, we explored how to detect and prevent dependency confusion attacks on npm to maintain supply chain security:

https://snyk.io/blog/exploring-extensions-of-dependency-confusion-attacks-via-npm-package-aliasing/ Open / Comment

2022-02-09 05:01:11 / Distribution of Kimsuky Group’s xRAT (Quasar RAT) Confirmed

PoC:
https://asec.ahnlab.com/en/31089/ Open / Comment

2022-02-09 04:39:47 / Windows Kernel Elevation of Privilege Vulnerability

CVE-2022-21989

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21989 Open / Comment