December 2019 - rwth-security - lists.rwth-aachen.de

Introducing campaign views in Office 365 Advanced Threat Protection
by Bernd Kohler 10 Dec '19

10 Dec '19

Hallo zusammen, sofern nicht selber schon gesehen/-lesen hier [0] FYI "Introducing campaign views in Office 365 Advanced Threat Protection" VG Bernd [0] https://techcommunity.microsoft.com/t5/Security-Privacy-and-Compliance/Intr… -- Bernd Kohler IT Center Abteilung: Netze RWTH Aachen University Wendlignweg 10 52074 Aachen Tel: +49 241 80-29793 Fax: +49 241 80-22666 kohler(a)itc.rwth-aachen.de www.itc.rwth-aachen.de The real world meets IPv6 - first DDoS attack http://h-online.com/-1440502

1 0

Snatch ransomware reboots PCs into Safe Mode to bypass protection
by Bernd Kohler 09 Dec '19

09 Dec '19

Hallo zusammen, sofern nicht selber schon gesehen/-lesen hier [0] FYI "Snatch ransomware reboots PCs into Safe Mode to bypass protection" VG Bernd [0] https://news.sophos.com/en-us/2019/12/09/snatch-ransomware-reboots-pcs-into… -- Bernd Kohler IT Center Abteilung: Netze RWTH Aachen University Wendlignweg 10 52074 Aachen Tel: +49 241 80-29793 Fax: +49 241 80-22666 kohler(a)itc.rwth-aachen.de www.itc.rwth-aachen.de The real world meets IPv6 - first DDoS attack http://h-online.com/-1440502

1 0

Detecting unsafe path access patterns with PathAuditor
by Bernd Kohler 09 Dec '19

09 Dec '19

Hallo zusammen, sofern nicht selber schon gesehen/-lesen hier [0] FYI "Detecting unsafe path access patterns with PathAuditor" (Software gibt es auf [1]) VG Bernd [0] https://security.googleblog.com/2019/12/detecting-unsafe-path-access-patter… [1] https://github.com/google/path-auditor -- Bernd Kohler IT Center Abteilung: Netze RWTH Aachen University Wendlignweg 10 52074 Aachen Tel: +49 241 80-29793 Fax: +49 241 80-22666 kohler(a)itc.rwth-aachen.de www.itc.rwth-aachen.de The real world meets IPv6 - first DDoS attack http://h-online.com/-1440502

1 0

Windows 10 UAC bypass for all executable files which are autoelevate true
by Bernd Kohler 09 Dec '19

09 Dec '19

Hallo zusammen, sofern nicht selber schon gesehen/-lesen hier [0] FYI "Windows 10 UAC bypass for all executable files which are autoelevate true" VG Bernd [0] https://github.com/sailay1996/UAC_Bypass_In_The_Wild -- Bernd Kohler IT Center Abteilung: Netze RWTH Aachen University Wendlignweg 10 52074 Aachen Tel: +49 241 80-29793 Fax: +49 241 80-22666 kohler(a)itc.rwth-aachen.de www.itc.rwth-aachen.de The real world meets IPv6 - first DDoS attack http://h-online.com/-1440502

1 0

Linux - Inferring and hijacking VPN-tunneled TCP connections [CVE-2019-14899]
by Bernd Kohler 06 Dec '19

06 Dec '19

Hallo zusammen, sofern nicht selber schon gesehen/-lesen hier [0] FYI "Inferring and hijacking VPN-tunneled TCP connections" VG Bernd [0] https://seclists.org/oss-sec/2019/q4/122 -- Bernd Kohler IT Center Abteilung: Netze RWTH Aachen University Wendlingweg 10 52074 Aachen Tel: +49 241 80-29793 Fax: +49 241 80-22666 kohler(a)itc.rwth-aachen.de https://www.itc.rwth-aachen.de

1 0

OOMyPod: Nothin’ To CRI-O-bout
by Bernd Kohler 06 Dec '19

06 Dec '19

Hallo zusammen, sofern nicht selber schon gesehen/-lesen hier [0] FYI "OOMyPod: Nothin’ To CRI-O-bout" --> "... Three issues in CRI-O (the default Kubernetes’ container engine for Red Hat’s OpenShift and openSUSE’s Kubic), combined with an overzealous out-of-memory (OOM) killer in recent Linux kernels, can enable a partial container escape for hosts running CRI-O and Kubernetes ... There’s no need to panic, though. It’s good to note that there isn’t a generic complete container escape or node takeover path using these bugs" --> Patch? "Yes, as of CRI-O version 1.16.1" VG Bernd [0] https://capsule8.com/blog/oomypod-nothin-to-cri-o-bout/ -- Bernd Kohler IT Center Abteilung: Netze RWTH Aachen University Wendlingweg 10 52074 Aachen Tel: +49 241 80-29793 Fax: +49 241 80-22666 kohler(a)itc.rwth-aachen.de https://www.itc.rwth-aachen.de

1 0

ntlmrecon - reconnaissance and information gathering tool without external dependencies.
by Bernd Kohler 06 Dec '19

06 Dec '19

Hallo zusammen, sofern nicht selber schon gesehen/-lesen hier [0] FYI "ntlmrecon" VG Bernd [0] https://github.com/sachinkamath/ntlmrecon -- Bernd Kohler IT Center Abteilung: Netze RWTH Aachen University Wendlingweg 10 52074 Aachen Tel: +49 241 80-29793 Fax: +49 241 80-22666 kohler(a)itc.rwth-aachen.de https://www.itc.rwth-aachen.de

1 0

BlackDirect: Microsoft Azure Account Takeover
by Bernd Kohler 05 Dec '19

05 Dec '19

Hallo zusammen, sofern nicht selber schon gesehen/-lesen hier [0] FYI "BlackDirect: Microsoft Azure Account Takeover" VG Bernd [0] https://www.cyberark.com/threat-research-blog/blackdirect-microsoft-azure-a… -- Bernd Kohler IT Center Abteilung: Netze RWTH Aachen University Wendlignweg 10 52074 Aachen Tel: +49 241 80-29793 Fax: +49 241 80-22666 kohler(a)itc.rwth-aachen.de www.itc.rwth-aachen.de The real world meets IPv6 - first DDoS attack http://h-online.com/-1440502

1 0

Meet PyXie: A Nefarious New Python RAT
by Bernd Kohler 04 Dec '19

04 Dec '19

Hallo zusammen, sofern nicht selber schon gesehen/-lesen hier [0] FYI "Meet PyXie: A Nefarious New Python RAT " VG Bernd [0] https://threatvector.cylance.com/en_us/home/meet-pyxie-a-nefarious-new-pyth… -- Bernd Kohler IT Center Abteilung: Netze RWTH Aachen University Wendlingweg 10 52074 Aachen Tel: +49 241 80-29793 Fax: +49 241 80-22666 kohler(a)itc.rwth-aachen.de https://www.itc.rwth-aachen.de

1 0

Help Test Firefox’s built-in HTML Sanitizer to protect against UXSS bugs
by Bernd Kohler 03 Dec '19

03 Dec '19

Hallo zusammen, sofern nicht selber schon gesehen/-lesen hier [0] FYI "Help Test Firefox’s built-in HTML Sanitizer to protect against UXSS bugs" VG Bernd [0] https://blog.mozilla.org/security/2019/12/02/help-test-firefoxs-built-in-ht… -- Bernd Kohler IT Center Abteilung: Netze RWTH Aachen University Wendlingweg 10 52074 Aachen Tel: +49 241 80-29793 Fax: +49 241 80-22666 kohler(a)itc.rwth-aachen.de https://www.itc.rwth-aachen.de

1 0