many parts make the whole
A vulnerability in the Linux kernel was recently disclosed that could allow a bad actor with local access to escalate to root privileges. A bug in nft_elem_init leads to a buffer overflow and allows for access as root. The vulnerability has a CVSS score of 7.8 HIGH. A patch has been released by the Linux … Read More “LINUX FIREWALL VULNERABILITY – CVE-2022-34918” »
A new privilege escalation vulnerability has been released for Active Directory. The vulnerability allows a low privileged user to escalate their privileges to Domain Administrator by abusing certificate based authentication. This vulnerability was patched as part of the May 2022 Microsoft Security Updates, so ensure you are up to date. Great writeup on the vulnerability … Read More “CERTIFRIED Active Directory DOMAIN PRIVILEGE ESCALATION – CVE-2022-26923” »
AWS released several hot patches to mitigate vulnerability to log4shell. Unfortunately Unit 42 at Palo Alto identified several severe vulnerabilities with their fixes, including container escape which is pretty much the holy grail of a cloud vulnerability. If you are not familiar, cloud infrastructure works by having a lot of hardware that is effectively “shared” … Read More “AWS Log4Shell PATCH VULNERABLE TO CONTAINER ESCAPE AND PRIV ESCALATION” »
Google is again issuing an update to address a zero-day vulnerability in Google Chrome since the beginning of this year. Type confusion could allow a bad actor to exploit heap corruption via a specially crafted HTML page. Currently this CVE is CVSS scored 8.8 HIGH. Google is acknowledging there is already an exploit in the … Read More “Google ISSUES SECOND UPDATE TO ADDRESS A ZERO-DAY VULNERABILITY in Google Chrome THIS YEAR – CVE-2022-1096” »
Sometimes your paranoia is justified! You may remember this story from 2015 about the NSA installing backdoors into the firmware of hard drives that would not be easily removed. So you may already have reasons to be skeptical of your hardware. Well rmcybernetics has a great writeup here about discovering malware on a machine they … Read More “HARDWARE ARRIVES FROM CHINA COMPLETE WITH PREINSTALLED MALWARE” »
Log4j appears to be the gift that keeps on giving. The severity score for the second Log4j vulnerability, CVE-2021-45046, has been upgraded from a CVSS score of 3.7 to 9.0. The fix for the original CVE-2021-44228 in Apache Log4j has been found to be incomplete allowing for Remote Code Execution in certain configurations. LunaSec blog … Read More “SEVERITY UPGRADE for Log4Shell CVE-2021-45046” »
The NVIDIA TSEC (Tegra Security Co-processor) is a security chip in the Nintendo Switch that is intended to secure the boot process of the gaming console. At this time the function of the chip has been fully compromised in a way that should not be easily patched thanks a dedicated group of hardware hackers and … Read More “FULL EXTRACTION of NVIDIA TSEC” »
fail2ban is very useful piece of software that stops brute forcing attacks on a variety of services. Knowing that fail2ban exists is serious source of frustration for me personally when I am completing a vulnerable machine or an exercise and the solution is “just brute force credentials using hydra and X wordlist.” In the back … Read More “REMOTE CODE EXECUTION in fail2ban – CVE-2021-32749” »
As more and more people are working remotely virtual meeting apps like Zoom are becoming an essential part of many organizations. Although Zoom is no stranger to security issues, see CVE-2021-28133 and CVE-2021-30480, it is still widely in use. Personally I would recommend using an alternative like Teams or Webex, but to each their own. … Read More “REMOTE CODE EXECUTION in Zoom from Pwn2Own 2021” »
Exploit code is now available for CVE-2021-1675 allowing for Remote Code Execution. This vulnerability allows an unauthenticated bad actor to execute code as SYSTEM on vulnerable systems. Microsoft has released an advisory and patches are available here. There are reports that the patches alone are not sufficient at this time so you may want to … Read More “PrintNightmare – REMOTE CODE EXECUTION in Windows Spooler Service CVE-2021-1675” »