yaracroft @venom@nanao.cybtex.fr
- mnt-by
- @socat
Robot
sc(r)apy | full metal packets
> We Are the Borg
> You Will be Assimilated
> Resistance is Futile
Inscrit·e en mar. 2021
Online disinformation campaigns have become a booming #business. New technology enables nearly anyone to get involved. Private firms, straddling traditional marketing and the shadow world of geopolitical #influence operations, are selling #services once conducted principally by intelligence agencies. The trend emerged after the Cambridge Analytica scandal in 2018.
In this blog post we will explore and learn about various #Microsoft #Windows Logon Types and understand how are these logon type events are generated. We will also see if we can extract credentials from individual logon types.
From RPC to RCE - Workstation Takeover via RBCD and MS-RPChoose-Your-Own-Adventure : In the default configuration of Active Directory, it is possible to remotely take over Workstations (#Microsoft #Windows 7/10/11) and possibly servers (if Desktop Experience is installed) when their WebClient service is running.
https://gist.github.com/gladiatx0r/1ffe59031d42c08603a3bde0ff678feb
MicroBurst is a PowerShell toolkit for attacking #Microsoft #Azure. MicroBurst includes functions and scripts that support Azure Services discovery, weak configuration auditing, and post exploitation actions such as credential dumping
Phew, this was a really bad week for #Microsoft (and a lot of reading for all of us). And just when we thought that the fiasco with the SAM hive was over, a new vulnerability popped up, which is much, much more dangerous unfortunately - it allows a user to completely take over a #Windows domain that has the ADCS service running.
Just another « Won't Fix » #Microsoft #Windows Privilege Escalation from User to Domain Admin. RemotePotato0 is an exploit that allows you to escalate your privileges from a generic User to Domain Admin. Added Cross session activation to activate a COM object in an arbitrary session. No more session 0 constraints needed. Session can be specified with the -s flag. #informatique
« #Microsoft #Windows Servers must defend themselves against NTLM relay attacks »
https://labs.sentinelone.com/relaying-potatoes-dce-rpc-ntlm-relay-eop/
(CVE-2021-35522) ACCESS AND TIME #BIOMETRIC TERMINALS - Customer Security Notice : 🇫🇷 French company IDEMIA, one of the largest vendors of biometrics authentication solutions, strongly recommends that users of the aforementioned biometric terminals update their #devices. A new version of #firmware integrating a fix for security vulnerabilities identified for the following terminals:
- MorphoWave Compact
- VisionPass
- SIGMA Lite and Lite+
- SIGMA Wide
- SIGMA Extreme
- MA VP MD #france #informatique
https://biometricdevices.idemia.com/s/global-search/0696700000JJa0zAAD?sharing=true
CVE-2021-35520 ; CVE-2021-35521 ; CVE-2021-35522 - by exploiting these vulnerabilities, attackers can perform Remote Command Execution (RCE), cause a denial of service (DoS), and read and write arbitrary files on the device #vuln #informatique
One of the worst things that could happen to privacy-focused community : Hole blasted in Guntrader (guntrader.uk) : #UK firearms sales website's #CRM database breached, 111,000 users' info spilled online. The database contains latitude and longitude data, first name and last name, #police force that issued an rfd's certificate, phone numbers, fax numbers, bcrypt-hashed passwords, postcode, postal addresses, user's ip addresses, logs of payments were also included. It is a severe breach of privacy not only for Guntrader (guntrader.uk) but for its users : members of the UK's licensed firearms community #gdpr
https://www.theregister.com/2021/07/23/guntrader_hacked_111k_users_sql_database/
iSCSI Console is a free, #OpenSource, User-Mode iSCSI Target Server written in C#. iSCSI Console is cross-platform (#Windows #Linux #OSX), portable and requires no installation. iSCSI Console can serve physical and virtual disks to multiple clients. The iSCSI library utilized by iSCSI Console was designed to give developers an easy way to serve block storage via iSCSI. Any storage object you wish to share needs to implement the abstract Disk class, and the library will take care of the rest. The library was written with extensibility in mind, and was designed to fit multitude of projects. #informatique #tools
Les systèmes informatiques de la Ville de Thessalonique (thessaloniki.gr), deuxième ville la plus peuplée de Grèce, perturbés suite à une attaque informatique par #ransomware perpétrée dans la nuit du vendredi 23 juillet 2021 #greece #cities
In Q2 2021, we saw the disappearance of a few different ransomware operations. It is difficult to identify whether the groups simply went into hiding, were arrested, rebranded, or are now operating with a different #ransomware group. The previous three months saw a few groups call it quits including #Avaddon, #Babuk Locker, #DarkSide, and #Astro Locker ransomware groups. In Q2 2021 alone, this included 740 different victims as being named to the various active data leak sites. This is a 47% increase when compared to the same activity identified in Q1 2021.
https://www.digitalshadows.com/blog-and-research/q2-2021-ransomware-roll-up/
Un nom de domaine, surtout s'il est utilisé par un service public, doit être absolument et correctement décommissionné.
https://guillem.lefait.fr/martinique/2021/06/25/pwn-region-martinique-domain-control.html
Panne de service #Internet sur Mauritius Telecom (telecom.mu), la piste s'oriente vers une attaque #informatique de type #DDoS #cyber #threats
Cette histoire à dormir debout est à peine croyable : il y a plus d'un an l'hébergeur Internet français Scaleway (anciennement Online SAS) a fait l'objet d'un vol de dique dur SSD lors d'un « transport sécurisé » entre deux datacenters. Rebondissement insoupçonné, un Youtubeur préparant un sujet sur l'effacement des données et de leur persistance après formatage, a acheté sur un site de petites annonces le fameux disque SSD volé. « La cybercriminalité est un réel fléau que nous nous devons tous de combattre, avec professionnalisme et discrétion » ( Yann Lechelle ). En réponse à cet incident, Scaleway annonce des contrôles renforcés de ses transports en indiquant que dorénavant des mallettes durcies équipées de traceurs GPS seront utilisées.
https://blog.scaleway.com/incident-securitaire-video-youtube/
Exploitation automatisée du dossier médical, exploitation de données génétiques, exploitation de données d'objets connectés, exploitation de données de mobilité, exploitation de données personnelles,.. ce rapport d'information atterrant indique que la 🇫🇷 #France projette de se doter du « #numérique » comme outils de gestion de : risques, crises, catastrophes, accidents,.. Placés sous #surveillance constante, ces collectes de données et leur traitement en temps réel par intelligence artificielle offriraient la possibilité d'appliquer un contrôle social discontinu permettant d'évaluer individuellement les comportements de chaque français-e. Ainsi, en cas de désobéissance ou en situation non conformité les « mauvais » citoyens pourraient être systématiquement alertés et/ou automatiquement sanctionnés #gouvernance #technologies #informatique #ubiquitaire #h2020 #europe #governance #citizens #digital #future
Total tracked #ransomware payments: $92,531,490.24
More businesses lost larger sums of money to #phone #scams in past year. Fraudulent phone calls have been an issue for years, and they're becoming more common. According to a recent report from Truecaller (truecaller.blog), 59.49 million Americans lost #money to scam calls in the past year, costing $29.8 billion. These #threats have risen in both number and cost, and businesses can't afford to ignore this trend. The #COVID-19 #pandemic has also played a crucial role in creating a perfect storm of fraud. #cyber #telecom
- mnt-by
- @socat
Robot
sc(r)apy | full metal packets
> We Are the Borg
> You Will be Assimilated
> Resistance is Futile
Inscrit·e en mar. 2021
yaracroft recommande :
