Google Bans Embedded Browser Logins In Brutal War Against Phishing Attacks
https://www.hothardware.com/news/google-bans-embedded-browser-logins-war-phishing-attacks
https://www.hothardware.com/news/google-bans-embedded-browser-logins-war-phishing-attacks
HotHardware
Google Bans Embedded Browser Logins In Brutal War Against Phishing Attacks
In an ongoing effort to stay one step ahead of the bad guys (or at least keep pace with them), Google has decided to block sign-ins from embedded browser frameworks, such as the Chromium Embedded Framework (CEF).
Some internet outages predicted for the coming month as '768k Day' approaches
768k Day expected within the month, reminiscent of 512k Day when AT&T, BT, Comcast, Sprint, and Verizon all went down.
https://www.zdnet.com/article/some-internet-outages-predicted-for-the-coming-month-as-768k-day-approaches/
768k Day expected within the month, reminiscent of 512k Day when AT&T, BT, Comcast, Sprint, and Verizon all went down.
https://www.zdnet.com/article/some-internet-outages-predicted-for-the-coming-month-as-768k-day-approaches/
ZDNet
Some internet outages predicted for the coming month as '768k Day' approaches
768k Day expected within the month, reminiscent of 512k Day when AT&T, BT, Comcast, Sprint, and Verizon all went down.
PowerShell script creating a timeline of Active Directory changes with replication metadata
The ADTimeline script generates a timeline based on Active Directory replication metadata for objects considered of interest.
Replication metadata gives you the time at which each replicated attribute for a given object was last changed. As a result the timeline of modifications is partial. For each modification of a replicated attribute a version number is incremented.
https://github.com/ANSSI-FR/ADTimeline
The ADTimeline script generates a timeline based on Active Directory replication metadata for objects considered of interest.
Replication metadata gives you the time at which each replicated attribute for a given object was last changed. As a result the timeline of modifications is partial. For each modification of a replicated attribute a version number is incremented.
https://github.com/ANSSI-FR/ADTimeline
GitHub
GitHub - ANSSI-FR/ADTimeline: Timeline of Active Directory changes with replication metadata
Timeline of Active Directory changes with replication metadata - ANSSI-FR/ADTimeline
Active Directory Control Paths
Control paths in Active Directory are an aggregation of "control relations" between entities of the domain (users, computers, groups, GPO, containers, etc.) which can be visualized as graphs (such as above) and whose purpose is to answer questions like "Who can get 'Domain Admins' privileges ?" or "What resources can a user control ?" and even "Who can read the CEO's emails ?".
https://github.com/ANSSI-FR/AD-control-paths
Control paths in Active Directory are an aggregation of "control relations" between entities of the domain (users, computers, groups, GPO, containers, etc.) which can be visualized as graphs (such as above) and whose purpose is to answer questions like "Who can get 'Domain Admins' privileges ?" or "What resources can a user control ?" and even "Who can read the CEO's emails ?".
https://github.com/ANSSI-FR/AD-control-paths
GitHub
GitHub - ANSSI-FR/AD-control-paths: Active Directory Control Paths auditing and graphing tools
Active Directory Control Paths auditing and graphing tools - ANSSI-FR/AD-control-paths
Hacker Group Exposes Iranian APT Operations and Members
Hackers have revealed details about the inner workings of a cyber-espionage group mostly known in the security community as OilRig, APT34, and HelixKitten, linked to the Iranian government.
https://www.bleepingcomputer.com/news/security/hacker-group-exposes-iranian-apt-operations-and-members/
Hackers have revealed details about the inner workings of a cyber-espionage group mostly known in the security community as OilRig, APT34, and HelixKitten, linked to the Iranian government.
https://www.bleepingcomputer.com/news/security/hacker-group-exposes-iranian-apt-operations-and-members/
BleepingComputer
Hacker Group Exposes Iranian APT Operations and Members
Hackers have revealed details about the inner workings of a cyber-espionage group mostly known in the security community as OilRig, APT34, and HelixKitten, linked to the Iranian government.
How to extract forensic artifacts from pagefile.sys?
https://www.andreafortuna.org/2019/04/17/how-to-extract-forensic-artifacts-from-pagefile-sys/
@hackplayers
https://www.andreafortuna.org/2019/04/17/how-to-extract-forensic-artifacts-from-pagefile-sys/
@hackplayers
Andrea Fortuna
How to extract forensic artifacts from pagefile.sys?
Microsoft Windows uses a paging file, called pagefile.sys, to store page-size blocks of memory that do not current fit into physical memory. This file, stored in %SystemDrive%\pagefile.sys is a hidden system file and it can never be read or accessed by a…
Exploring, Exploiting Active Directory Pen Test
http://blog.securelayer7.net/exploring-exploiting-active-directory-pen-test/
http://blog.securelayer7.net/exploring-exploiting-active-directory-pen-test/
Penetration Testing and CyberSecurity Solution - SecureLayer7
Exploring, Exploiting Active Directory Pen Test
Active Directory (Pen Test ) is most commonly used in the Enterprise Infrastructure to manage 1000's of computers in the organization with a single point of control as "Domain Controller"....
PartyLoud: un sencillo script en bash para generar "ruido" en la red
PartyLoud es una herramienta para crear tráfico de Internet falso con el fin de impedir o mitigar el seguimiento en redes locales. Está basada en noisy.py y su objetivo es hacer mucho ruido en la red (en forma de peticiones http) para que sea más difícil rastrear tu navegación real.
https://www.hackplayers.com/2019/04/partyloud-script-genera-ruido-en-lan.html
PartyLoud es una herramienta para crear tráfico de Internet falso con el fin de impedir o mitigar el seguimiento en redes locales. Está basada en noisy.py y su objetivo es hacer mucho ruido en la red (en forma de peticiones http) para que sea más difícil rastrear tu navegación real.
https://www.hackplayers.com/2019/04/partyloud-script-genera-ruido-en-lan.html
Hackplayers
PartyLoud: un sencillo script en bash para generar "ruido" en la red
PartyLoud es una herramienta para crear tráfico de Internet falso con el fin de impedir o mitigar el seguimiento en redes locales. Está ba...
Apache Tomcat CGI Servlet Remote Code Execution (CVE-2019-0232)
A remote code execution vulnerability exists in Apache Tomcat CGI Servlet. Successful exploitation of this vulnerability could lead to remote code execution on the target server.
https://www.checkpoint.com/defense/advisories/public/2019/cpai-2019-0531.html
A remote code execution vulnerability exists in Apache Tomcat CGI Servlet. Successful exploitation of this vulnerability could lead to remote code execution on the target server.
https://www.checkpoint.com/defense/advisories/public/2019/cpai-2019-0531.html
Source Code for CARBANAK Banking Malware Found On VirusTotal
https://thehackernews.com/2019/04/carbanak-malware-source-code.html
https://thehackernews.com/2019/04/carbanak-malware-source-code.html
January 2019 OpenSSH Vulnerabilities in NetApp Products
Multiple NetApp products incorporate OpenSSH software libraries. OpenSSH versions through 7.9 are susceptible to vulnerabilities which when successfully exploited could lead to disclosure of sensitive information or the addition or modification of data.
https://security.netapp.com/advisory/ntap-20190213-0001/
Multiple NetApp products incorporate OpenSSH software libraries. OpenSSH versions through 7.9 are susceptible to vulnerabilities which when successfully exploited could lead to disclosure of sensitive information or the addition or modification of data.
https://security.netapp.com/advisory/ntap-20190213-0001/
Netapp
NetApp Product Security
NetApp is an industry leader in developing and implementing product security standards. Learn how we can help you maintain the confidentiality, integrity, and availability of your data.
El Gobierno francés lanzó una alternativa a WhatsApp de uso interno con una importante brecha de seguridad
https://www.genbeta.com/seguridad/gobierno-frances-lanzo-alternativa-a-whatsapp-uso-interno-importante-brecha-seguridad
https://www.genbeta.com/seguridad/gobierno-frances-lanzo-alternativa-a-whatsapp-uso-interno-importante-brecha-seguridad
Genbeta
El Gobierno francés lanzó una alternativa a WhatsApp de uso interno con una importante brecha de seguridad
La semana pasada, el Gobierno francés anunció una aplicación de mensajería para utilizar de manera interna. La bautizaron como Tchap, y desde hace unos días...
TALOS-2018-0693
Symantec Endpoint Protection Small Business Edition ccSetx86.sys 0x224844 kernel memory information disclosure vulnerability
CVE-2018-18366
An exploitable kernel memory disclosure vulnerability exists in the 0x224844 IOCTL handler function of Symantec Endpoint Protection Small Business Edition ccSetx86.sys, version 16.0.0.77. A specially crafted IRP request can cause the driver to return uninitialized memory, resulting in kernel memory disclosure. An attacker can send an IRP request to trigger this vulnerability.
https://talosintelligence.com/vulnerability_reports/TALOS-2018-0693
Symantec Endpoint Protection Small Business Edition ccSetx86.sys 0x224844 kernel memory information disclosure vulnerability
CVE-2018-18366
An exploitable kernel memory disclosure vulnerability exists in the 0x224844 IOCTL handler function of Symantec Endpoint Protection Small Business Edition ccSetx86.sys, version 16.0.0.77. A specially crafted IRP request can cause the driver to return uninitialized memory, resulting in kernel memory disclosure. An attacker can send an IRP request to trigger this vulnerability.
https://talosintelligence.com/vulnerability_reports/TALOS-2018-0693
DNSpionage Drops New Karkoff Malware, Cherry-Picks Its Victims
Besides the DNSpionage malware, the hacking group behind the campaign also uses the Mimikatz credential dumper, various off-the-shelf administration tools, the Bitvise WinSSH SSH server, a number of open source hacking tools, and the Putty program for SSH tunneling within the same network, as detailed by the French security researchers from CERT-OPMD which also provide a ATT&CK Matrix mapping for DNSpionage attacks.
https://www.bleepingcomputer.com/news/security/dnspionage-drops-new-karkoff-malware-cherry-picks-its-victims/
Besides the DNSpionage malware, the hacking group behind the campaign also uses the Mimikatz credential dumper, various off-the-shelf administration tools, the Bitvise WinSSH SSH server, a number of open source hacking tools, and the Putty program for SSH tunneling within the same network, as detailed by the French security researchers from CERT-OPMD which also provide a ATT&CK Matrix mapping for DNSpionage attacks.
https://www.bleepingcomputer.com/news/security/dnspionage-drops-new-karkoff-malware-cherry-picks-its-victims/
BleepingComputer
DNSpionage Drops New Karkoff Malware, Cherry-Picks Its Victims
The DNSpionage malware campaign has added a new reconnaissance stage showing that the attackers have become more picky with their targets, as well as a new .NET-based malware dubbed Karkoff and designed to allow them to execute code remotely on compromised…
Múltiples vulnerabilidades en productos de TIBCO
Fecha de publicación: 25/04/2019
Importancia: 5 - Crítica
Descripción:
TIBCO ha publicado 6 vulnerabilidades que afectan a varios de sus productos, en las que un atacante podría realizar ataques XSS, CSRF, ejecución remota de código, descarga de información confidencial sin autenticación, escalada de privilegios o redirección abierta.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-productos-tibco-0
Fecha de publicación: 25/04/2019
Importancia: 5 - Crítica
Descripción:
TIBCO ha publicado 6 vulnerabilidades que afectan a varios de sus productos, en las que un atacante podría realizar ataques XSS, CSRF, ejecución remota de código, descarga de información confidencial sin autenticación, escalada de privilegios o redirección abierta.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-productos-tibco-0
INCIBE-CERT
Múltiples vulnerabilidades en productos de TIBCO
TIBCO ha publicado 6 vulnerabilidades que afectan a varios de sus productos, en las que un atacante podría realizar ataques XSS, CSRF, ejecución remota de código, descarga de información confidencial sin autenticación, escalada de privilegios o redirección…
Múltiples vulnerabilidades en BIND
Fecha de publicación: 25/04/2019
Importancia: 4 - Alta
Descripción:
Se han publicado múltiples vulnerabilidades en BIND que afectan a varios de sus productos, 1 de severidad alta y 2 de severidad media.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-bind-1
Fecha de publicación: 25/04/2019
Importancia: 4 - Alta
Descripción:
Se han publicado múltiples vulnerabilidades en BIND que afectan a varios de sus productos, 1 de severidad alta y 2 de severidad media.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-bind-1
INCIBE-CERT
Múltiples vulnerabilidades en BIND
Se han publicado múltiples vulnerabilidades en BIND que afectan a varios de sus productos, 1 de severidad alta y 2 de severidad media.
PHP es cada vez más vulnerable
El lenguaje de programación utilizado en el desarrollo de la mayoría de los sitios web es cada vez más vulnerable, concluye un nuevo análisis de F5 Labs. En 2018, el 81% del tráfico malicioso controlado estuvo relacionado con PHP.
https://diarioti.com/php-es-cada-vez-mas-vulnerable/109278
El lenguaje de programación utilizado en el desarrollo de la mayoría de los sitios web es cada vez más vulnerable, concluye un nuevo análisis de F5 Labs. En 2018, el 81% del tráfico malicioso controlado estuvo relacionado con PHP.
https://diarioti.com/php-es-cada-vez-mas-vulnerable/109278
Diarioti
PHP es cada vez más vulnerable
El lenguaje de programación utilizado en el desarrollo de la mayoría de los sitios web es cada vez más vulnerable, concluye un nuevo análisis de F5 Labs. En 2018, el 81% del tráfico malicioso controlado estuvo relacionado con PHP.
Critical Unpatched Flaw Disclosed in WordPress WooCommerce Extension
https://thehackernews.com/2019/04/wordpress-woocommerce-security.html
https://thehackernews.com/2019/04/wordpress-woocommerce-security.html
Getting in the Zone: dumping Active Directory DNS using adidnsdump
https://blog.fox-it.com/2019/04/25/getting-in-the-zone-dumping-active-directory-dns-using-adidnsdump/
https://blog.fox-it.com/2019/04/25/getting-in-the-zone-dumping-active-directory-dns-using-adidnsdump/
Fox-IT International blog
Getting in the Zone: dumping Active Directory DNS using adidnsdump
Zone transfers are a classical way of performing reconnaissance in networks (or even from the internet). They require an insecurely configured DNS server that allows anonymous users to transfer all…
Hackers Breached a Programming Tool Used By Big Tech and Stole Private Keys and Tokens
Docker Hub lost keys and tokens for around 190,000 accounts, which could have downstream effects if hackers used them to access source code at big companies.
https://motherboard.vice.com/en_us/article/7xgbzb/docker-hub-breach-hackers-stole-private-keys-tokens
Docker Hub lost keys and tokens for around 190,000 accounts, which could have downstream effects if hackers used them to access source code at big companies.
https://motherboard.vice.com/en_us/article/7xgbzb/docker-hub-breach-hackers-stole-private-keys-tokens
Vice
Hackers Breached a Programming Tool Used By Big Tech and Stole Private Keys and Tokens
Docker Hub lost keys and tokens for around 190,000 accounts, which could have downstream effects if hackers used them to access source code at big companies.