Sys-Admin InfoSec

2022-04-22 05:22:00 / Attackers linger on government agency computers before deploying Lockbit ransomware

https://news.sophos.com/en-us/2022/04/12/attackers-linger-on-government-agency-computers-before-deploying-lockbit-ransomware/ Open / Comment

2022-04-22 05:19:24 / Microsoft Exchange Servers are targetted by Hive ransomware

https://cloud7.news/security/microsoft-exchange-servers-are-targetted-by-hive-ransomware/amp/ Open / Comment

2022-04-21 16:03:06 BLINDING SNORT: BREAKING THE MODBUS OT PREPROCESSOR

https://claroty.com/2022/04/14/blog-research-blinding-snort-breaking-the-modbus-ot-preprocessor/ Open / Comment

2022-04-21 10:45:00  
Открытые практикумы DevOps и Golang by Rebrain (26 и 28 Апреля)

Как написать лаконичный и эффективный Dockerfile
• Рассмотрим основные команды и блоки для сборки образа
• аучимся работать с многоэтапными сборками (multistage builds)
• Разберем лучшие практики на примере создание маленьких контейнеров

• 26 Апреля 19.00 МСК. Детали
• Павел Леонтьев - Devops-инженер в Timeweb Cloud — облачной платформе, сочетающей масс-маркет и enterprise подходы. Руководил группы обучения технической поддержки Timeweb.

Introduction to Unit Testing golang
• Моки в golang (https://github.com/golang/mock/)
• Unit test для базы данных (https://github.com/DATA-DOG/go-sqlmock)

• 28 Апреля 19.00 МСК. Детали
• Яков Бадыгин - Backend Lead команды ERP, KazanExpress — маркетплейс с доставкой за сутки. Сооснователь и технический директор компании delion.
 
#free #webinar #dnt Open / Comment

2022-04-20 17:30:59 / AWS's Log4Shell Hot Patch Vulnerable to Container Escape and Privilege Escalation

https://unit42.paloaltonetworks.com/aws-log4shell-hot-patch-vulnerabilities/ Open / Comment

2022-04-20 04:33:17 When “secure” isn’t secure at all: High‑impact UEFI vulnerabilities discovered in Lenovo consumer laptops

https://www.welivesecurity.com/2022/04/19/when-secure-isnt-secure-uefi-vulnerabilities-lenovo-consumer-laptops/

Lenovo Notebook BIOS Vulnerabilities

https://support.lenovo.com/fr/fr/product_security/ps500485-lenovo-notebook-bios-vulnerabilities Open / Comment

2022-04-19 15:43:02 / Fake Windows upgrade website delivering information stealer malware

Now, CloudSEK researchers have uncovered a multi-stage information stealer malware targeting Windows users and stealing their data from browsers, crypto wallets, and such. The malware is a part of a campaign using fake domains for hosting the payload which is deployed to the victim’s machine via an iso file masquerading as a Windows 11 upgrade:

https://techwireasia.com/2022/04/fake-windows-upgrade-website-delivering-information-stealer-malware/ Open / Comment

2022-04-19 15:40:38 / CatalanGate - Extensive Mercenary Spyware Operation against Catalans Using Pegasus and Candiru

Analysis:

https://citizenlab.ca/2022/04/catalangate-extensive-mercenary-spyware-operation-against-catalans-using-pegasus-candiru/ Open / Comment

2022-04-19 06:09:57 A blueprint for evading industry leading endpoint protection in 2022

In this post, I’d like to lay out a collection of techniques that together can be used to bypassed industry leading enterprise endpoint protection solutions. This is purely for educational purposes for (ethical) red teamers and alike, so I’ve decided not to publicly release the source code. The aim for this post is to be accessible to a wide audience in the security industry, but not to drill down to the nitty gritty details of every technique. Instead, I will refer to writeups of others that deep dive better than I can:

https://vanmieghem.io/blueprint-for-evading-edr-in-2022/ Open / Comment

2022-04-18 13:36:44 / CVE-2022-29072 - 7-Zip through 21.07 on Windows allows privilege escalation and command execution when a file with the .7z extension is dragged to the Help>Contents area:

https://github.com/kagancapar/CVE-2022-29072 Open / Comment