Found 101 bookmarks
Custom sorting
How ransomware abuses BitLocker | Securelist
How ransomware abuses BitLocker | Securelist
The Kaspersky GERT has detected a VBS script that has been abusing Microsoft Windows features by modifying the system to lower the defenses and using the local MS BitLocker utility to encrypt entire drives and demand a ransom. #BitLocker #Data #Descriptions #Encryption #Incident #Malware #Microsoft #Ransomware #Technologies #Windows #response
#Descriptions#Incident#BitLocker#Microsoft#Windows#Encryption#Ransomware#Malware#response#Data#Technologies
·securelist.com·
How ransomware abuses BitLocker | Securelist
Microsoft: APT28 hackers exploit Windows flaw reported by NSA
Microsoft: APT28 hackers exploit Windows flaw reported by NSA
Microsoft warns that the Russian APT28 threat group exploits a Windows Print Spooler vulnerability to escalate privileges and steal credentials and data using a previously unknown hacking tool called GooseEgg. #APT28 #Computer #Credential #Escalation #Exploit #GooseEgg #InfoSec #NSA #Print #Privilege #Security #Spooler #Theft #Windows
#bleepingcomputer#EN#2024#NSA#Spooler#Print#Theft#Escalation#Credential#Windows#Privilege#GooseEgg#Exploit#APT28
·bleepingcomputer.com·
Microsoft: APT28 hackers exploit Windows flaw reported by NSA
What a Cluster: Local Volumes Vulnerability in Kubernetes
What a Cluster: Local Volumes Vulnerability in Kubernetes
  • Akamai security researcher Tomer Peled recently discovered a high-severity vulnerability in Kubernetes that was assigned CVE-2023-5528 with a CVSS score of 7.2. The vulnerability allows remote code execution with SYSTEM privileges on all Windows endpoints within a Kubernetes cluster. To exploit this vulnerability, the attacker needs to apply malicious YAML files on the cluster. This vulnerability can lead to full takeover on all Windows nodes in a cluster. This vulnerability can be exploited on default installations of Kubernetes (earlier than version 1.28.4), and was tested against both on-prem deployments and Azure Kubernetes Service. In this blog post, we provide a proof-of-concept YAML file as well as an Open Policy Agent (OPA) rule for blocking this vulnerability.
#akamai#EN#2024#CVE-2023-5528#Kubernetes#Windows#vulnerability
·akamai.com·
What a Cluster: Local Volumes Vulnerability in Kubernetes
Kubernetes Vulnerability Allows Remote Code Execution on Windows Endpoints
Kubernetes Vulnerability Allows Remote Code Execution on Windows Endpoints
The exploitation of a high-severity Kubernetes vulnerability can lead to arbitrary code execution with System privileges on all Windows endpoints in a cluster, Akamai warns. The issue, tracked as CVE-2023-5528 and impacting default Kubernetes installations, exists in the way the open source container orchestration system processes YAML files, which it uses for virtually every function. In some regards, the vulnerability is like CVE-2023-3676, a lack of sanitization in the subPath parameter in YAML files leading to code injection when creating pods with volumes.
#securityweek#EN#2024#Kubernetes#cmd#Windows#CVE-2023-5528
·securityweek.com·
Kubernetes Vulnerability Allows Remote Code Execution on Windows Endpoints
The "EventLogCrasher" 0day For Remotely Disabling Windows Event Log, And a Free Micropatch For It
The "EventLogCrasher" 0day For Remotely Disabling Windows Event Log, And a Free Micropatch For It
If you ever troubleshooted anything on Windows or investigated a suspicious event, you know that Windows store various types of events in Windows Event Log. An application crashed and you want to know more about it? Launch the Event Viewer and check the Application log. A service behaving strangely? See the System log. A user account got unexpectedly blocked? The Security log may reveal who or what blocked it. All these events are getting stored to various logs through the Windows Event Log service. Unsurprisingly, this service's description says: "Stopping this service may compromise security and reliability of the system." The Windows Event Log service performs many tasks. Not only is it responsible for writing events coming from various source to persistent file-based logs (residing in %SystemRoot%\System32\Winevt\Logs), it also provides structured access to these stored events through applications like Event Viewer. Furthermore, this service also performs "event forwarding" if you want your events sent to a central log repository like Splunk or Sumo Logic, an intrusion detection system or a SIEM server. Therefore, Windows Event Log service plays an important role in many organizations' intrusion detection and forensic capabilities. And by extension, their compliance check boxes.
#0patch#EN#2024#EventLogCrasher#Windows#Event#Log
·blog.0patch.com·
The "EventLogCrasher" 0day For Remotely Disabling Windows Event Log, And a Free Micropatch For It
Bitwarden Heist - How to Break Into Password Vaults Without Using Passwords
Bitwarden Heist - How to Break Into Password Vaults Without Using Passwords
Sometimes, making particular security design decisions can have unexpected consequences. For security-critical software, such as password managers, this can easily lead to catastrophic failure: In this blog post, we show how Bitwarden’s Windows Hello …
#redteam-pentesting.de#2024#Bitwarden#Password#Vaults#Windows#Hello
·blog.redteam-pentesting.de·
Bitwarden Heist - How to Break Into Password Vaults Without Using Passwords
Windows 10 gets three more years of security updates, if you can afford them | Ars Technica
Windows 10 gets three more years of security updates, if you can afford them | Ars Technica
Windows 10's end-of-support date is October 14, 2025. That's the day that most Windows 10 PCs will receive their last security update and the date when most people should find a way to move to Windows 11 to ensure that they stay secure. As it has done for other stubbornly popular versions of Windows, though, Microsoft is offering a reprieve for those who want or need to stay on Windows 10: three additional years of security updates, provided to those who can pay for the Extended Security Updates (ESU) program.
#arstechnica#EN#2023#win10#ESU#support#end-of-support#Extended#Security#Updates#Windows#Windows10#Microsoft
·arstechnica.com·
Windows 10 gets three more years of security updates, if you can afford them | Ars Technica
How to bypass Windows Hello, log into vulnerable laptops
How to bypass Windows Hello, log into vulnerable laptops
Hardware security hackers have detailed how it's possible to bypass Windows Hello's fingerprint authentication and login as someone else – if you can steal or be left alone with their vulnerable device. The research was carried out by Blackwing Intelligence, primarily Jesse D'Aguanno and Timo Teräs, and was commissioned and sponsored by Microsoft's Offensive Research and Security Engineering group. The pair's findings were presented at the IT giant's BlueHat conference last month, and made public this week. You can watch the duo's talk below, or dive into the details in their write-up here.
#theregister#EN#2023#biometric#fingerprint#bypass#Windows#Hello
·theregister.com·
How to bypass Windows Hello, log into vulnerable laptops