/ Guidance for investigating attacks using CVE-2023-23397
A successful exploit of this vulnerability can result in unauthorized access to an organization’s environment by triggering a Net-NTLMv2 hash leak.
Understanding the vulnerability and how it has been leveraged by threat actors can help guide the overall investigative process:
https://www.microsoft.com/en-us/security/blog/2023/03/24/guidance-for-investigating-attacks-using-cve-2023-23397/
A successful exploit of this vulnerability can result in unauthorized access to an organization’s environment by triggering a Net-NTLMv2 hash leak.
Understanding the vulnerability and how it has been leveraged by threat actors can help guide the overall investigative process:
https://www.microsoft.com/en-us/security/blog/2023/03/24/guidance-for-investigating-attacks-using-cve-2023-23397/
Microsoft News
Guidance for investigating attacks using CVE-2023-23397
This guide provides steps to assess whether users have been targeted or compromised by threat actors exploiting CVE-2023-23397.
Forwarded from OpenBLD.net (Yevgeniy Goncharov)
Обновление можно назвать экспериментальным, так как часть устоявшихся стабильных системных установок пришлось переработать, что в итоге дало прирост в скорости отклика на ~10ms
Что еще. В DoH RIC добавилась опция "all" т.е. можно пробовать использовать DoH DNS без фильтрации. Этот эксперимент, в случае успешности может привести к DoH RIC с опцией "children" где будет меньше "синего кита", "наркотиков", "сект".
Именно скорость, безопасность получаемого контента формируют наше внутреннее состояние. Стабильное удержание такого отклика с течением времени нужно наблюдать, так как часть изменений экспериментальны, успех зависит буквально от нас всех.
Как попробовать. Просто настрой браузер, используй какое-то время, если что-то не будет работать, приходи сразу ко мне @sysadminkz
Станешь ты лучшей частью того, что уже есть, все зависит конкретно от тебя, твоего фидбека. Задумайся об этом. Peace ✌️
Please open Telegram to view this post
VIEW IN TELEGRAM
/ Printer names and icons might be changed and HP Smart app automatically installs
Printers are renamed as HP printers regardless of their manufacturer. Most are being named as the HP LaserJet M101-M106 model. Printer icons might also be changed:
- Read details on Microsoft site
Printers are renamed as HP printers regardless of their manufacturer. Most are being named as the HP LaserJet M101-M106 model. Printer icons might also be changed:
- Read details on Microsoft site
Docs
Windows 11, version 22H2 known issues and notifications
View announcements and review known issues and fixes for Windows 11, version 22H2
/ 1C Bitrix under attack
Vulnerability of the landing module of a content management system (CMS). Exploitation of the vulnerability could allow a remote attacker to execute OS commands on a vulnerable host, gain control of resources and penetrate the internal network:
https://www.1c-bitrix.ru/vul/18645386/
Vulnerability of the landing module of a content management system (CMS). Exploitation of the vulnerability could allow a remote attacker to execute OS commands on a vulnerable host, gain control of resources and penetrate the internal network:
https://www.1c-bitrix.ru/vul/18645386/
www.1c-bitrix.ru
Уязвимость модуля landing системы управления содержимым сайтов (CMS)
Уязвимость модуля landing системы управления содержимым сайтов (CMS) 1С-Битрикс: Управление сайтом вызвана ошибками синхронизации при использовании общего ресурса. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, выполнить команды…
/ A Comprehensive Analysis Of Outlook Attack Vectors
..it is essential to examine the attack vectors on Outlook for typical enterprise environments, which Check Point Research will do in this paper. We assume the position of an average user – we click and double-click on things on Outlook – as our daily work requires, and we examine the security risks they may introduce from a security research perspective:
https://research.checkpoint.com/2023/the-obvious-the-normal-and-the-advanced-a-comprehensive-analysis-of-outlook-attack-vectors/
..it is essential to examine the attack vectors on Outlook for typical enterprise environments, which Check Point Research will do in this paper. We assume the position of an average user – we click and double-click on things on Outlook – as our daily work requires, and we examine the security risks they may introduce from a security research perspective:
https://research.checkpoint.com/2023/the-obvious-the-normal-and-the-advanced-a-comprehensive-analysis-of-outlook-attack-vectors/
Check Point Research
The Obvious, the Normal, and the Advanced: A Comprehensive Analysis of Outlook Attack Vectors - Check Point Research
Research by: Haifei Li, Check Point Research Introduction Outlook, the desktop app in the Microsoft Office suite, has become one of the world’s most popular apps for organizations worldwide for sending and receiving emails, scheduling conferences, and more.…
Forwarded from Sys-Admin Up (Yevgeniy Goncharov)
vusec
SLAM: Spectre based on Linear Address Masking - vusec
SLAM explores the residual attack surface of Spectre on modern (and even future) CPUs equipped with Intel LAM or similar features. Instead of targeting new transient execution techniques (like BHI or Inception), SLAM focuses on exploiting a common but previously…
📢 Открытый практикум DevOps: Паттерны и антипаттерны создания dockerfile
↘ Детали
Время:
• 12 Декабря (Вторник) 19:00 МСК
Программа:
• Что такое dockerfile
• Слои dockerfile
• Паттерны создания dockerfile
Ведёт:
• Александр Крылов – Опыт работы в DevOps более 7 лет. Спикер конференций: DevOps conf, TeamLead conf, Highload conf. Автор курса по Haproxy на Rebrain.
↘ Детали
Время:
• 12 Декабря (Вторник) 19:00 МСК
Программа:
• Что такое dockerfile
• Слои dockerfile
• Паттерны создания dockerfile
Ведёт:
• Александр Крылов – Опыт работы в DevOps более 7 лет. Спикер конференций: DevOps conf, TeamLead conf, Highload conf. Автор курса по Haproxy на Rebrain.
AutoSpill: Zero Effort Credential Stealing from Mobile Password Managers
https://www.blackhat.com/eu-23/briefings/schedule/#autospill-zero-effort-credential-stealing-from-mobile-password-managers-34420
https://www.blackhat.com/eu-23/briefings/schedule/#autospill-zero-effort-credential-stealing-from-mobile-password-managers-34420
Blackhat
Black Hat Europe 2023
Forwarded from OpenBLD.net (Yevgeniy Goncharov)
Last week, last month, this year... I've been meeting and talking to different people, and they all echoed the same sentiment - IPv6 is needed
A few days ago, I got acquainted with VEESP.com, a company that generously provided OpenBLD.net with an incredibly fast server featuring a high-speed Ethernet connection
Abstract: Usually, I spend some time testing servers, then assign them a secondary role before introducing them to the production environment. However, this time was different...
I was so impressed
I believe this is a great opportunity to start exploring the IPv6 space. In this month or early 2024, I hope we can begin experimenting with IPv6!
If you're ready to participate in the preliminary testing, please let me know through this OpenBLD.net Pre-Release Testing Form. I will reach out to you directly when the time comes, and together we can strive to make this world even better
P.S. Thanks to veesp.com and everyone who gives incentive to take a step forward
Please open Telegram to view this post
VIEW IN TELEGRAM
/ pfSense Security: Sensing Code Vulnerabilities
Attackers can combine the vulnerabilities to execute arbitrary code on the pfSense appliance remotely. An attacker can trick an authenticated pfSense user into clicking on a maliciously crafted link containing an XSS payload that exploits the command injection vulnerability:
https://www.sonarsource.com/blog/pfsense-vulnerabilities-sonarcloud/
Attackers can combine the vulnerabilities to execute arbitrary code on the pfSense appliance remotely. An attacker can trick an authenticated pfSense user into clicking on a maliciously crafted link containing an XSS payload that exploits the command injection vulnerability:
https://www.sonarsource.com/blog/pfsense-vulnerabilities-sonarcloud/
Sonarsource
pfSense Security: Sensing Code Vulnerabilities with SonarCloud
Our Clean Code solution SonarCloud discovered multiple vulnerabilities leading to remote code execution on pfSense CE 2.7.0. Let's see how SonarCloud found them and how it can keep your code clean.
Forwarded from OpenBLD.net (Yevgeniy Goncharov)
In OpenBLD.net scoping activities, I created lite Go app - Awesome Servers Inventory Web App, which is a simple web app to manage your servers inventory. Ideal solution for small projects and infrastructures or IT ecosystems.
Features:
- Add new server
- Edit existing server
- Delete existing server
- Copy server IP details to clipboard
- Yaml config file
- Portable sqLite database
- One binary file to run the app
- https://github.com/m0zgen/serversAwesome
Please open Telegram to view this post
VIEW IN TELEGRAM
/ Exploiting JetBrains TeamCity CVE Globally
CISA warns:
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-347a
CISA warns:
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-347a
/ Threat actors misuse OAuth applications to automate financially driven attacks
https://www.microsoft.com/en-us/security/blog/2023/12/12/threat-actors-misuse-oauth-applications-to-automate-financially-driven-attacks/
https://www.microsoft.com/en-us/security/blog/2023/12/12/threat-actors-misuse-oauth-applications-to-automate-financially-driven-attacks/
Microsoft News
Threat actors misuse OAuth applications to automate financially driven attacks
Microsoft presents cases of threat actors misusing OAuth applications as automation tools in financially motivated attacks.
/ OpenSSH 9.6 release contains a number of security fixes, includes MiTM "Terrain attack"fix:
https://www.openssh.com/releasenotes.html
https://www.openssh.com/releasenotes.html
www.openssh.org
OpenSSH: Release Notes
OpenSSH release notes
/ Mute the Sound: Chaining Vulnerabilities to Achieve RCE on Outlook: Pt 1
https://www.akamai.com/blog/security-research/chaining-vulnerabilities-to-achieve-rce-part-one
https://www.akamai.com/blog/security-research/chaining-vulnerabilities-to-achieve-rce-part-one
Akamai
Mute the Sound: Chaining Vulnerabilities to Achieve RCE on Outlook: Pt 1 | Akamai
In part 1 of this two-part series, Akamai researchers explore two new Windows vulnerabilities that could lead to remote code execution against Outlook clients.
/ Mozilla Foundation Security Advisory (with fixing RCE)
https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/
https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/
📢 Открытый практикум DevOps by Rebrain: IT-Quiz
↘ Регистрация
Время:
26 Декабря (Вторник) в 19:00 по МСК
Программа:
• Решаем 3 задачки в онлайн-формате
• Получаем подарки за выполнение заданий
• Проводим розыгрыш New Year Sale by Rebrain
Ведёт:
Василий Озеров – Co-Founder REBRAIN. Руководит международной командой в рамках своего агентства Fevlake. Более 8 лет Devops практик.
↘ Регистрация
Время:
26 Декабря (Вторник) в 19:00 по МСК
Программа:
• Решаем 3 задачки в онлайн-формате
• Получаем подарки за выполнение заданий
• Проводим розыгрыш New Year Sale by Rebrain
Ведёт:
Василий Озеров – Co-Founder REBRAIN. Руководит международной командой в рамках своего агентства Fevlake. Более 8 лет Devops практик.