Телеграмм чат группы sysadm_in

Size: a a a

Sys-Admin & InfoSec Channel

14505 membersпожаловаться на группу

2021 June 25

Sys-Admin & InfoSec Channel

Eclypsium Discovers Multiple Vulnerabilities in Dell BIOSConnect
https://eclypsium.com/2021/06/24/biosdisconnect/

Eclypsium

BIOS Disconnect - Vendor Update Tools Pose Significant Risks to the Integrity of Dell Devices

Eclypsium Discovers Multiple Vulnerabilities Affecting 128 Dell Models via Dell Remote OS Recovery and Firmware Update Capabilities

источник

311514:51пожаловаться #1

Sys-Admin & InfoSec Channel

Action Required on My Book Live and My Book Live Duo - WD Legacy Products / My Book Live

Western Digital has determined that some My Book Live devices are being compromised by malicious software. In some cases, this compromise has led to a factory reset that appears to erase all data on the device

https://community.wd.com/t/action-required-on-my-book-live-and-my-book-live-duo/268147

WD Community

Important Announcement About Your WD My Book Live Product: WDC-21008

UPDATED 7/6/2021 The My Book Live and My Book Live Duo Data Recovery Service Offer and Trade-In Offer are now available and more information can be found about each at the following links: My Book Live and My Book Live Duo: Data Recovery Service Offer https://www.westerndigital.com/support/my-book-live/data-recovery-service-offer My Book Live and My Book Live Duo: Trade-In Offer https://www.westerndigital.com/support/my-book-live/trade-in-offer The latest information about this incident wi...

источник

410115:52пожаловаться #2

2021 June 28

Sys-Admin & InfoSec Channel

Microsoft signed a malicious Netfilter rootkit

Тот случай, когда малварь (не просто малварь, а драйвер работающий на уровне ядра ОС) подписан вендором (в данном случае Microsoft):

https://www.gdatasoftware.com/blog/microsoft-signed-a-malicious-netfilter-rootkit

Gdatasoftware

Microsoft signed a malicious Netfilter rootkit

What started as a false positive alert for a Microsoft signed file turns out to be a WFP application layer enforcement callout driver that redirects traffic to a Chinese IP. How did this happen?

источник

347009:34пожаловаться #3

Sys-Admin & InfoSec Channel

CVE-2020-3580: Proof of Concept Published for Cisco ASA Flaw Patched in October - Blog | Tenable®
https://www.tenable.com/blog/cve-2020-3580-proof-of-concept-published-for-cisco-asa-flaw-patched-in-october

Tenable®

CVE-2020-3580: Proof of Concept Published for Cisco ASA Flaw Patched in October

Researchers at Positive Technologies have published a proof-of-concept exploit for CVE-2020-3580. There are reports of researchers pursuing bug bounties using this exploit.
Update June 28: The Background section has been updated to correct the initial publication date of Cisco's advisory. The Vendor Response section has also been updated.

источник

313418:53пожаловаться #4

2021 June 29

Sys-Admin & InfoSec Channel

Exclusive: 700 Million LinkedIn Records Leaked June 2021 | Safety First
https://www.privacysharks.com/exclusive-700-million-linkedin-records-for-sale-on-hacker-forum-june-22nd-2021/

PrivacySharks

Exclusive: 700 Million LinkedIn Records Leaked June 2021 | Safety First

A recent data breach involving 700 LinkedIn records has been exposed. The leak is the largest that LinkedIn has experienced so far.

источник

307910:44пожаловаться #5

Sys-Admin & InfoSec Channel

Похоже Linux все же будет поддерживать M1

Поддержка M1 озвучена в релизе Linux 5.13-rc1

http://lkml.iu.edu/hypermail/linux/kernel/2105.1/00457.html

Теперь же состоится релиз 5.13 с заявленной поддержкой:

https://lore.kernel.org/lkml/CAHk-=wj7E9iTGHbqfgtaTAM09WrVzwXjda2_D59MT8D_1=54Rg@mail.gmail.com/T/#u

lkml.iu.edu

Linux-Kernel Archive: Linux 5.13-rc1

источник

314610:54пожаловаться #6

2021 June 30

Sys-Admin & InfoSec Channel

⁠
Cyber Polygon 2021 - бесплатный международный онлайн-тренинг по кибербезопасности (9 июля)

Основная тема - безопасное развитие экосистем и отражение атак supply chain

Тренинг будет включать в себя два сценария — Defence и Response:
- сначала команды будут отражать атаку на цепочку поставок в рамках корпоративной экосистемы
- затем расследовать инцидент с использованием техник классической компьютерной криминалистики и подхода Threat Hunting

Тренинг предназначен для команд - Регистрация / Детали

На тренинг зарегистрировалось более 160 организаций из 47 стран. Среди них — Сбер, "Тинькофф", Home Credit bank, TimeWeb, SB Crédito, Ventum Consulting, OZON, Агентство кибербезопасности Сингапура, UZCERT и многие другие.

Нюансы:
• заявки принимаются только от корпоративных команд
• на прохождение сценариев тренинга нужно заложить сутки
⁠

источник

290705:12пожаловаться #7

Sys-Admin & InfoSec Channel

New Ransomware Variant Uses Golang Packer

https://www.crowdstrike.com/blog/new-ransomware-variant-uses-golang-packer/

crowdstrike.com

New Ransomware Variant Uses Golang Packer | crowdstrike.com

CrowdStrike recently observed a ransomware sample borrowing implementations from previous HelloKitty and FiveHands variants and using a Golang packer compiled with the most recent version of Golang (Go1.16, released mid-February 2021). These ransomware families have been active since late 2019 and analyzed by the research community under different names based on various code overlaps. The […]

источник

276006:50пожаловаться #8

Sys-Admin & InfoSec Channel

Vim vs. Nano vs. Emacs: Three sysadmins weigh in | Enable Sysadmin

https://www.redhat.com/sysadmin/3-text-editors-compared

Enable Sysadmin

Vim vs. Nano vs. Emacs: Three sysadmins weigh in

Three editors. Three experts. Which Linux text editor is right for you?

источник

291606:53пожаловаться #9

Sys-Admin & InfoSec Channel

MITRE ATT&CK® mappings released for built-in Azure security controls

https://www.microsoft.com/security/blog/2021/06/29/mitre-attck-mappings-released-for-built-in-azure-security-controls/

Microsoft Security Blog

MITRE ATT&CK® mappings released for built-in Azure security controls - Microsoft Security Blog

Microsoft is pleased to announce the publication of the Security Stack Mappings for Azure project in partnership with the Center for Threat-Informed Defense.

источник

290914:41пожаловаться #10

2021 July 01

Sys-Admin & InfoSec Channel

An EPYC escape: Case-study of a KVM breakout

Выход за пределы гостевой системы гипервизора KVM

https://googleprojectzero.blogspot.com/2021/06/an-epyc-escape-case-study-of-kvm.html

Blogspot

An EPYC escape: Case-study of a KVM breakout

Posted by Felix Wilhelm, Project Zero Introduction KVM (for Kernel-based Virtual Machine) is the de-facto standard hypervisor for Linux-...

источник

275909:07пожаловаться #11

Sys-Admin & InfoSec Channel

Android App Bundles (AAB) приходит на смену APK (Android package)

https://developer.android.com/guide/app-bundle

Android Developers

About Android App Bundles | Android Developers

источник

282209:14пожаловаться #12

Sys-Admin & InfoSec Channel

PrintNightmare (CVE-2021-1675): Remote code execution in Windows Spooler Service

https://github.com/afwu/PrintNightmare

P.S. RatLab спасибо за ссылку ✌️

источник

269711:33пожаловаться #13

Sys-Admin & InfoSec Channel

SMB Worm “Indexsinas” Uses Lateral Movement to Infect Whole Networks

https://www.guardicore.com/labs/smb-worm-indexsinas/

Guardicore

SMB Worm “Indexsinas” Uses Lateral Movement to Infect Whole Networks

Guardicore Labs reveals more details on the Indexsinas (NSABuffMiner) SMB worm. The campaign has been active since at least 2019 and has managed to infect servers from a wide range of industries, including healthcare, hospitality, telecommunications and education.

источник

264211:34пожаловаться #14

Sys-Admin & InfoSec Channel

Уже как час идет Linkmeetup митап от IT для IT

Офлайн митапы живы и Linkmeetup тому доказательство) Для всех кто не смог прийти очно, но очень хочет посмотреть - есть оналйн трансляция

В программе сегодняшнего движа: клоуны, звери, бородатые женщины... беседы про WI-Fi 6, мечты о Miktotik'ах, вся правда про отечественные облака, разбор подноготоной DPI и тренинг личностной эффективности по переговорам с провайдерами да хостерами

Расписание - https://meetup.linkmeup.ru
Сама трансляция - mkrtk.ru/linkmeetup

meetup.linkmeup.ru

Linkmeetup

Митап от IT для IT.

источник

264512:19пожаловаться #15

Sys-Admin & InfoSec Channel

Microsoft finds new NETGEAR firmware vulnerabilities that could lead to identity theft and full system compromise

https://www.microsoft.com/security/blog/2021/06/30/microsoft-finds-new-netgear-firmware-vulnerabilities-that-could-lead-to-identity-theft-and-full-system-compromise/

Microsoft Security Blog

Microsoft finds new NETGEAR firmware vulnerabilities that could lead to identity theft and full system compromise - Microsoft Security Blog

We discovered vulnerabilities in NETGEAR DGN-2200v1 series routers that can compromise a network's security—opening the gates for attackers to roam untethered through an entire organization. We shared our findings with NETGEAR through coordinated vulnerability disclosure via Microsoft Security Vulnerability Research (MSVR), and worked closely with NETGEAR security and engineering teams to provide advice on mitigating these issues.

источник

271512:29пожаловаться #16

Sys-Admin & InfoSec Channel

В продолжение поста про PrintNightmare

Технические детали, митигация (очень простая - остановить службу печати 🙂 ):

https://doublepulsar.com/zero-day-for-every-supported-windows-os-version-in-the-wild-printnightmare-b3fdb82f840c

Medium

Zero day for every supported Windows OS version in the wild — PrintNightmare

zhiniang peng tweeted out a proof of concept exploit and explainer recently, and then quickly deleted it. This exploit and discussion…

источник

297418:20пожаловаться #17

2021 July 02

Sys-Admin & InfoSec Channel

Configure PXE Boot Server for Rocky Linux 8 Kickstart Installation

https://www.lisenet.com/2021/configure-pxe-boot-server-for-rocky-linux-8-kickstart-installation/

Lisenet

Lisenet.com :: Linux | Security | Networking | Admin Blog

Technical admin blog about Linux, Security, Networking and IT.

источник

284411:40пожаловаться #18

Sys-Admin & InfoSec Channel

Backdoored Client from Mongolian CA MonPass

Когда удостоверяющий центр государства взломан

https://decoded.avast.io/luigicamastra/backdoored-client-from-mongolian-ca-monpass/

Avast Threat Labs

Backdoored Client from Mongolian CA MonPass - Avast Threat Labs

Follow us in our journey analyzing Mongolian certificate authority breach and certificate client backdoored with Cobalt Strike.

источник

319611:53пожаловаться #19

Sys-Admin & InfoSec Channel

.NET Core Remote Code Execution Vulnerability - https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26701

В связи с чем рекомендуется обновить PowerShell - https://azure.microsoft.com/en-us/updates/update-powershell-versions-70-and-71-to-protect-against-a-vulnerability/

Доп. информация по уязвимости - https://github.com/advisories/GHSA-ghhp-997w-qr28

Microsoft

Update PowerShell versions 7.0 and 7.1 to protect against a remote ...

If you manage your Azure resources from PowerShell, update versions 7.0 and 7.1 of PowerShell as soon as possible.

источник

326718:42пожаловаться #20