Sys-Admin InfoSec

2022-04-15 17:22:12 / Bore - is a simple CLI tool for making tunnels to localhost

https://github.com/ekzhang/bore Open / Comment

2022-04-15 16:59:48 / Juniper released multiple patched for vulnerabilities

https://supportportal.juniper.net/s/global-search/%40uri?language=en_US#sort=date%20descending&f:ctype=%5BSecurity%20Advisories%5D Open / Comment

2022-04-15 05:05:34 / Git security vulnerability announced

CVE-2022-24765

This vulnerability affects users working on multi-user machines where a malicious actor could create a .git directory in a shared location above a victim’s current working directory. On Windows, for example, an attacker could create C:\.git\config, which would cause all git invocations that occur outside of a repository to read its configured values…

CVE-2022-24767

Got Windows uninstaller when run via the SYSTEM account

https://github.blog/2022-04-12-git-security-vulnerability-announced/ Open / Comment

2022-04-15 05:00:09 / OldGremlin new ramsomware methods

Technical analysys:

https://blog.group-ib.com/oldgremlin_comeback Open / Comment

2022-04-14 14:57:31 / Spring Framework Affecting Cisco Products (Critical)

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-java-spring-rce-Zx9GUc67

Additional info about of Spring Framework "Spring4Shell" RCE via Data Binding Vulnerability:

https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement Open / Comment

2022-04-14 10:45:00  
Открытые практикумы DevOps и Networks by Rebrain (19 и 21 Апреля)

DevOps by Rebrain: Быстрый старт с Kafka
• Что такое кафка и зачем нужна
• Быстро настраиваем свой первый кластер с GUI
• Разбираемся с партициями, репликами и топиками
• Проводим нагрузочное тестирование kafka кластера

• 19 Апреля 19.00 МСК. Детали
• Василий Озеров - Co-Founder REBRAIN. Более 8 лет Devops практик. На данный момент работает с компаниями: KupiKupon, InMyRoom, News360 и др.

Networks: Дизайн и настройка корпоративной сети на уровне доступа
• Иерархический дизайн корпоративной сети
• Коммутаторы уровня доступа
• Фильтрация broadcast, multicast, unicast трафика
• Сегментация трафика
• Обнаружение петель на L2
• Защита от подмены IP-адресов

• 21 Апреля 19.00 МСК. Детали
• Ольга Яновская - Ведущий сетевой инженер оператора связи. Python backend-разработчик. Инструктор-тренер программ сетевой академии Cisco. Кандидат технических наук по специальности "Информационные технологии".

#free #webinar #dnt Open / Comment

2022-04-14 08:07:34 / On Wednesday, 6 April 2022 VMware disclosed several critical-severity vulnerabilities impacting multiple VMware products. If successfully exploited, the vulnerabilities could lead to Remote Code Execution (RCE) or Authentication Bypass.

In addition to the critical severity vulnerabilities, VMware disclosed several high and medium severity vulnerabilities, which could lead to Cross Site Request Forgery (CSRF), Local Privilege Escalation (LPE), or Information Disclosure. All of the vulnerabilities were discovered and responsibly reported to VMware by a security researcher and patches are available to remediate all vulnerabilities:

https://core.vmware.com/vmsa-2022-0011-questions-answers-faq#section1

And additional links to KBs:

https://arcticwolf.com/uk/resources/blog/critical-vulnerabilities-disclosed-in-vmware-products Open / Comment

2022-04-13 15:58:51 / Citrix Endpoint Management (XenMobile Server) gain root access

CISA Warn, Citrix Patch(es) Open / Comment

2022-04-13 13:32:14 Tarrask malware uses scheduled tasks for defense evasion

Windows Task Scheduler is a service that allows users to perform automated tasks (scheduled tasks) on a chosen computer for legitimate administrative purposes (e.g., scheduled updates for browsers and other applications)... threat actors commonly make use of this service to maintain persistence within a Windows environment.

Tarrask malware generates several artifacts upon the creation of a scheduled task, whether using the Task Scheduler GUI or the schtasks command line utility. Profiling the use of either of these tools can aid investigators in tracking this persistence mechanism:

https://www.microsoft.com/security/blog/2022/04/12/tarrask-malware-uses-scheduled-tasks-for-defense-evasion/ Open / Comment

2022-03-02 18:13:29 / Daxin: Stealthy Backdoor Designed for Attacks Against Hardened Networks

Daxin is a backdoor that allows the attacker to perform various operations on the infected computer such as reading and writing arbitrary files.

https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/daxin-backdoor-espionage Open / Comment