Complicated Active Directory setups are undermining security

Credit to Author: Pieter Arntz| Date: Thu, 24 Jun 2021 14:32:06 +0000

Researchers have found several flaws in the Active Directory Certificate Service that can lead to credential theft, privilege escalation, and domain persistence.

Categories: Reports

Tags:

(Read more…)

The post Complicated Active Directory setups are undermining security appeared first on Malwarebytes Labs.

Read more

How the most damaging ransomware evades IT security

Credit to Author: Mark Loman| Date: Thu, 14 Nov 2019 13:50:28 +0000

This article is a condensed version of our report How Ransomware Behaves: What defenders should know about the top families<img src=”http://feeds.feedburner.com/~r/sophos/dgdY/~4/-0DnxPzSZek” height=”1″ width=”1″ alt=””/>

Read more

How Windows Defender Antivirus integrates hardware-based system integrity for informed, extensive endpoint protection

Credit to Author: Eric Avena| Date: Wed, 31 Jul 2019 16:30:35 +0000

The deep integration of Windows Defender Antivirus with hardware-based isolation capabilities allows the detection of artifacts of attacks that tamper with kernel-mode agents at the hypervisor level.

The post How Windows Defender Antivirus integrates hardware-based system integrity for informed, extensive endpoint protection appeared first on Microsoft Security.

Read more

SSD Advisory – SME Server Unauthenticated XSS To Privileged Remote Code Execution

Credit to Author: SSD / Ori Nimron| Date: Mon, 07 Jan 2019 13:21:59 +0000

Vulnerabilities Summary The following advisory describes a vulnerability in SME Server 9.2, which lets an unauthenticated attackers perform XSS attack that leads to remote code execution as root. SME Server is a Linux distribution for small and medium enterprises by Koozali foundation. CVE CVE-2018-18072 Credit An independent security researcher, Karn Ganeshen has reported this vulnerability … Continue reading SSD Advisory – SME Server Unauthenticated XSS To Privileged Remote Code Execution

Read more

SSD Advisory – Cisco Prime Infrastructure File Inclusion and Remote Command Execution to Privileges Escalation

Credit to Author: SSD / Ori Nimron| Date: Thu, 04 Oct 2018 05:12:22 +0000

Vulnerabilities Summary Cisco Prime Infrastructure (CPI) contains two vulnerabilities that when exploited allow an unauthenticated attacker to achieve root privileges and execute code remotely. The first vulnerability is a file upload vulnerability that allows the attacker to upload and execute JSP files as the Apache Tomcat user. The second vulnerability is a privilege escalation to … Continue reading SSD Advisory – Cisco Prime Infrastructure File Inclusion and Remote Command Execution to Privileges Escalation

Read more

SSD Advisory – IRDA Linux Driver UAF

Credit to Author: SSD / Ori Nimron| Date: Thu, 27 Sep 2018 11:23:40 +0000

Vulnerabilities Summary The following advisory describes two vulnerabilities in the Linux Kernel. By combining these two vulnerabilities a privilege escalation can be achieved. The two vulnerabilities are quite old and have been around for at least 17 years, quite a few Long Term releases of Linux have them in their kernel. While the assessment of … Continue reading SSD Advisory – IRDA Linux Driver UAF

Read more

SSD Advisory – Linux AF_LLC Double Free

Credit to Author: SSD / Noam Rathaus| Date: Mon, 30 Apr 2018 13:05:13 +0000

Vulnerability Summary A use after free vulnerability in AF_LLC allows local attackers to control the flow of code that the kernel executes, allowing them to cause it to run arbitrary code and gain elevated privileges. Vendor Response The vulnerability was reported to the Kernel Security, which asked us to contact the netdev team. A patch … Continue reading SSD Advisory – Linux AF_LLC Double Free

Read more

SSD Advisory – Kingsoft Antivirus/Internet Security 9+ Privilege Escalation

Credit to Author: SSD / Maor Schwartz| Date: Tue, 26 Dec 2017 10:03:53 +0000

Vulnerability Summary The following advisory describes a kernel stack buffer overflow that leads to privilege escalation found in Kingsoft Antivirus/Internet Security 9+. Kingsoft Antivirus “provides effective and efficient protection solution at no cost to users. It applies cloud security technology to monitor, scan and protect your systems without any worrying. The comprehensive defender and anti-virus … Continue reading SSD Advisory – Kingsoft Antivirus/Internet Security 9+ Privilege Escalation

Read more