Canadian Centre for Cyber Security Releases #Advisory on #Fileless #Malware

The Canadian Centre for Cyber Security (CCCS) has released an advisory on an #Astaroth fileless malware campaign affecting Microsoft Windows. Astaroth resides solely in memory, and an attacker can use it and other fileless malware to steal information, such as credentials and keystrokes, and obtain other sensitive data.

https://www.us-cert.gov/ncas/current-activity/2019/07/18/canadian-centre-cyber-security-releases-advisory-fileless-malware

#Microsoft #Windows Task Scheduler Local Privilege Escalation

https://packetstormsecurity.com/files/153698/taskschdEoP_Report.txt

📃 "Medición de la "Burbuja de filtro": Cómo influye Google en lo que haces clic" https://telegra.ph/Medici%C3%B3n-de-la-Burbuja-de-filtro-C%C3%B3mo-influye-Google-en-lo-que-haces-clic-06-17

Sliver: un #framework para implants muy interesante

Sliver es un sistema de Comando y Control (C2) creado para #pentesters, #redteamers y #APT avanzadas. Genera implants o implantes (slivers) que pueden ejecutarse en prácticamente todas las arquitecturas, y administrar estas conexiones de forma segura a través de un servidor central.

https://www.hackplayers.com/2019/06/sliver-un-framework-para-implants.html

#Docker for #Pentesters

https://blog.ropnop.com/docker-for-pentesters/

Awesome #Sysadmin

A curated list of amazingly awesome open source sysadmin #resources.

https://github.com/kahun/awesome-sysadmin

Hackers breach FSB contractor, expose Tor deanonymization project and more

SyTech, the hacked company, was working on research projects for the FSB, Russia's intelligence service.

https://www.zdnet.com/article/hackers-breach-fsb-contractor-expose-tor-deanonymization-project/

#Skadi v2019.4 releases: Collect, Process, and Hunt with host based data from MacOS, Windows, and Linux

Skadi is a free, open-source collection of tools that enable the collection, processing and advanced analysis of #forensic artifacts and images. It scales to work effectively on laptops, desktops, servers, the cloud and can be installed on top of #hardened / gold disk images.

https://securityonline.info/skadi/

Attacking Private Networks from the Internet with #DNS Rebinding

https://medium.com/@brannondorsey/attacking-private-networks-from-the-internet-with-dns-rebinding-ea7098a2d325

#Linux #Kernel CVE-2019-11811 Local Arbitrary Code Execution Vulnerability

https://www.securityfocus.com/bid/108410/info

#ProFTPD Remote Code Execution Bug Exposes Over 1 Million Servers
#RCE

More than one million ProFTPD servers are vulnerable to remote code execution and information disclosure attacks that could be triggered after successful exploitation of an arbitrary file copy vulnerability.

https://www.bleepingcomputer.com/news/security/proftpd-remote-code-execution-bug-exposes-over-1-million-servers/

#Apple Releases Multiple Security Updates

Apple has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

https://www.us-cert.gov/ncas/current-activity/2019/07/22/apple-releases-multiple-security-updates

Hackers Exploit #Jira, Exim #Linux Servers to "Keep the Internet Safe'

Hackers are exploiting vulnerable Jira and #Exim servers with the end goal of infecting them with a new #Watchbog Linux Trojan variant and using the resulting botnet as part of a #Monero cryptomining operation.

Watchbog is a malware strain used to infect Linux servers by exploiting vulnerable software such as Jenkins during a campaign from May, as well as Nexus Repository Manager 3, ThinkPHP, and Linux Supervisord as part of an operation from March as discovered by Alibaba Cloud Security researchers.

https://www.bleepingcomputer.com/news/security/hackers-exploit-jira-exim-linux-servers-to-keep-the-internet-safe/

QCSuper: A tool for capturing 2G/3G/4G air traffic on Qualcomm-based phones

https://www.andreafortuna.org/2019/07/23/qcsuper-a-tool-for-capturing-2g-3g-4g-air-traffic-on-qualcomm-based-phones/

Building #Resilience to Foreign Interference, #Misinformation Activities

https://www.us-cert.gov/ncas/current-activity/2019/07/22/building-resilience-foreign-interference-misinformation-activities

#PuTTY a free #SSH and #Telnet client

New in 0.72 (released 2019-07-20)

https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html

#Comodo #Antivirus Affected With Multiple Vulnerabilities that Includes Privilege Escalation and Denial of Service

Researchers discovered five critical vulnerabilities in Comodo Antivirus / Advanced version. Out of five vulnerabilities four present in version 12.0.0.6810 and one with 11.0.0.6582.

https://gbhackers.com/comodo-antivirus-affected-with-multiple-vulnerabilities-that-includes-privilege-escalation-and-denial-of-service

[SECURITY] [DSA 4487-1] #neovim security update

https://lists.debian.org/debian-security-announce/2019/msg00135.html

CVE-2019–13382: Local Privilege Escalation in #SnagIt

Version: Snagit 2019.1.2 Build 3596 
Operating System tested on: Windows 10 1803 (x64) 
Vulnerability: SnagIt Relay Classic Recorder Local Privilege Escalation through insecure file move

https://posts.specterops.io/cve-2019-13382-local-privilege-escalation-in-snagit-abe5f31c349

Consiguiendo persistencia invisible al editor del registro de Windows (regedit)

#Hackplayers

https://www.hackplayers.com/2019/07/persistencia-invisible-regedit.html?m=1