August 2024 - rwth-security - lists.rwth-aachen.de

SMB security hardening in Windows Server 2025 & Windows 11
by Bernd Kohler 27 Aug '24

27 Aug '24

Hallo zusammen, sofern nicht selber schon gesehen/-lesen hier [0] FYI "SMB security hardening in Windows Server 2025 & Windows 11" VG Bernd [0] https://techcommunity.microsoft.com/t5/storage-at-microsoft/smb-security-ha… -- Bernd Kohler IT Center Abteilung: Netze RWTH Aachen University Wendlingweg 10 52074 Aachen Tel: +49 241 80-29793 Fax: +49 241 80-22666 kohler(a)itc.rwth-aachen.de https://www.itc.rwth-aachen.de Social Media Kanäle des IT Centers: https://blog.rwth-aachen.de/itc/ https://www.facebook.com/itcenterrwth https://www.linkedin.com/company/itcenterrwth https://twitter.com/ITCenterRWTH https://www.youtube.com/c/ITCenterRWTHAachen

1 0

GNU/Linux Sandboxing - A Brief Review
by Bernd Kohler 27 Aug '24

27 Aug '24

Hallo zusammen, sofern nicht selber schon gesehen/-lesen hier [0] FYI "GNU/Linux Sandboxing - A Brief Review" VG Bernd [0] https://hardenedlinux.org/blog/2024-08-20-gnu/linux-sandboxing-a-brief-revi… -- Bernd Kohler IT Center Abteilung: Netze RWTH Aachen University Wendlingweg 10 52074 Aachen Tel: +49 241 80-29793 Fax: +49 241 80-22666 kohler(a)itc.rwth-aachen.de https://www.itc.rwth-aachen.de Social Media Kanäle des IT Centers: https://blog.rwth-aachen.de/itc/ https://www.facebook.com/itcenterrwth https://www.linkedin.com/company/itcenterrwth https://twitter.com/ITCenterRWTH https://www.youtube.com/c/ITCenterRWTHAachen

1 0

Unveiling "sedexp": A Stealthy Linux Malware Exploiting udev Rules
by Bernd Kohler 27 Aug '24

27 Aug '24

Hallo zusammen, sofern nicht selber schon gesehen/-lesen hier [0] FYI 'Unveiling "sedexp": A Stealthy Linux Malware Exploiting udev Rules" --> siehe dazu auch [1] --> ein PoC gibt es auf [2] --> hier hilft - regelmäßiges Monitoren der Regeln in /etc/udev/rules.d/ - zudem besonderes Augenmerkauf Regeln mit "RUN+=/path/to/code" VG Bernd [0] https://www.aon.com/en/insights/cyber-labs/unveiling-sedexp [1] https://ch4ik0.github.io/en/posts/leveraging-Linux-udev-for-persistence/ [2] https://github.com/grahamhelton/USP -- Bernd Kohler IT Center Abteilung: Netze RWTH Aachen University Wendlingweg 10 52074 Aachen Tel: +49 241 80-29793 Fax: +49 241 80-22666 kohler(a)itc.rwth-aachen.de https://www.itc.rwth-aachen.de Social Media Kanäle des IT Centers: https://blog.rwth-aachen.de/itc/ https://www.facebook.com/itcenterrwth https://www.linkedin.com/company/itcenterrwth https://twitter.com/ITCenterRWTH https://www.youtube.com/c/ITCenterRWTHAachen

1 0

New Linux Kernel Exploit Technique 'SLUBStick' Discovered by
by Bernd Kohler 26 Aug '24

26 Aug '24

Hallo zusammen, sofern nicht selber schon gesehen/-lesen hier [0] FYI "New Linux Kernel Exploit Technique 'SLUBStick' Discovered by Researchers" VG Bernd [0] https://thehackernews.com/2024/08/new-linux-kernel-exploit-technique.html -- Bernd Kohler IT Center Abteilung: Netze RWTH Aachen University Wendlingweg 10 52074 Aachen Tel: +49 241 80-29793 Fax: +49 241 80-22666 kohler(a)itc.rwth-aachen.de www.itc.rwth-aachen.de Social Media Kanäle des IT Centers: https://blog.rwth-aachen.de/itc/ https://www.facebook.com/itcenterrwth https://www.linkedin.com/company/itcenterrwth https://twitter.com/ITCenterRWTH https://www.youtube.com/channel/UCKKDJJukeRwO0LP-ac8x8rQ

1 1

New Qilin Ransomware Attack Uses VPN Credentials, Steals Chrome Data
by Bernd Kohler 23 Aug '24

23 Aug '24

Hallo zusammen, sofern nicht selber schon gesehen/-lesen hier [0] FYI "Be careful what you pwish for – Phishing in PWA applications" --> "... stolen credentials stored in Google Chrome browsers on a small set of compromised endpoints ..." --> "... attack, detected in July 2024, involved infiltrating the target network via compromised credentials for a VPN portal that lacked multi-factor authentication (MFA), with the threat actors conducting post-exploitation actions 18 days after initial access took place ..." --> "... Once the attacker reached the domain controller in question ..." VG Bernd [0] https://thehackernews.com/2024/08/new-qilin-ransomware-attack-uses-vpn.html -- Bernd Kohler IT Center Abteilung: Netze RWTH Aachen University Wendlingweg 10 52074 Aachen Tel: +49 241 80-29793 Fax: +49 241 80-22666 kohler(a)itc.rwth-aachen.de https://www.itc.rwth-aachen.de Social Media Kanäle des IT Centers: https://blog.rwth-aachen.de/itc/ https://www.facebook.com/itcenterrwth https://www.linkedin.com/company/itcenterrwth https://twitter.com/ITCenterRWTH https://www.youtube.com/c/ITCenterRWTHAachen

1 0

Urgent Edge Security Update: Microsoft Patches Zero-day & RCE
by Bernd Kohler 23 Aug '24

23 Aug '24

Hallo zusammen, sofern nicht selber schon gesehen/-lesen hier [0] FYI "Urgent Edge Security Update: Microsoft Patches Zero-day & RCE Vulnerabilities" VG Bernd [0] https://securityonline.info/urgent-edge-security-update-microsoft-patches-z… -- Bernd Kohler IT Center Abteilung: Netze RWTH Aachen University Wendlingweg 10 52074 Aachen Tel: +49 241 80-29793 Fax: +49 241 80-22666 kohler(a)itc.rwth-aachen.de https://www.itc.rwth-aachen.de Social Media Kanäle des IT Centers: https://blog.rwth-aachen.de/itc/ https://www.facebook.com/itcenterrwth https://www.linkedin.com/company/itcenterrwth https://twitter.com/ITCenterRWTH https://www.youtube.com/c/ITCenterRWTHAachen

1 0

sshamble - research tool for SSH implementations
by Bernd Kohler 23 Aug '24

23 Aug '24

Hallo zusammen, sofern nicht selber schon gesehen/-lesen hier [0] FYI "sshamble" (von runZero) --> "research tool for SSH implementations that includes:" - Interesting attacks against authentication - Post-session authentication attacks - Pre-authentication state transitions - Authentication timing analysis - Post-session enumeration --> siehe auch [1] VG Bernd [0] https://github.com/runZeroInc/sshamble [1] https://SSHamble.com/ -- Bernd Kohler IT Center Abteilung: Netze RWTH Aachen University Wendlingweg 10 52074 Aachen Tel: +49 241 80-29793 Fax: +49 241 80-22666 kohler(a)itc.rwth-aachen.de https://www.itc.rwth-aachen.de Social Media Kanäle des IT Centers: https://blog.rwth-aachen.de/itc/ https://www.facebook.com/itcenterrwth https://www.linkedin.com/company/itcenterrwth https://twitter.com/ITCenterRWTH https://www.youtube.com/c/ITCenterRWTHAachen

1 0

NGate Android malware relays NFC traffic to steal cash
by Bernd Kohler 22 Aug '24

22 Aug '24

Hallo zusammen, sofern nicht selber schon gesehen/-lesen hier [0] FYI "NGate Android malware relays NFC traffic to steal cash" --> da wir ja nach Benutzung von NFC dies via Schnellzugriff immer wieder deaktivieren ... ;) VG Bernd [0] https://www.welivesecurity.com/en/eset-research/ngate-android-malware-relay… -- Bernd Kohler IT Center Abteilung: Netze RWTH Aachen University Wendlingweg 10 52074 Aachen Tel: +49 241 80-29793 Fax: +49 241 80-22666 kohler(a)itc.rwth-aachen.de https://www.itc.rwth-aachen.de Social Media Kanäle des IT Centers: https://blog.rwth-aachen.de/itc/ https://www.facebook.com/itcenterrwth https://www.linkedin.com/company/itcenterrwth https://twitter.com/ITCenterRWTH https://www.youtube.com/c/ITCenterRWTHAachen

1 0

Be careful what you pwish for – Phishing in PWA applications
by Bernd Kohler 22 Aug '24

22 Aug '24

Hallo zusammen, sofern nicht selber schon gesehen/-lesen hier [0] FYI "Be careful what you pwish for – Phishing in PWA applications" VG Bernd [0] https://www.welivesecurity.com/en/eset-research/be-careful-what-you-pwish-f… -- Bernd Kohler IT Center Abteilung: Netze RWTH Aachen University Wendlingweg 10 52074 Aachen Tel: +49 241 80-29793 Fax: +49 241 80-22666 kohler(a)itc.rwth-aachen.de https://www.itc.rwth-aachen.de Social Media Kanäle des IT Centers: https://blog.rwth-aachen.de/itc/ https://www.facebook.com/itcenterrwth https://www.linkedin.com/company/itcenterrwth https://twitter.com/ITCenterRWTH https://www.youtube.com/c/ITCenterRWTHAachen

1 0

QNAP adds NAS ransomware protection to latest QTS version
by Bernd Kohler 22 Aug '24

22 Aug '24

Hallo zusammen, sofern nicht selber schon gesehen/-lesen hier [0] FYI "QNAP adds NAS ransomware protection to latest QTS version" VG Bernd [0] https://www.bleepingcomputer.com/news/security/qnap-adds-nas-ransomware-pro… -- Bernd Kohler IT Center Abteilung: Netze RWTH Aachen University Wendlingweg 10 52074 Aachen Tel: +49 241 80-29793 Fax: +49 241 80-22666 kohler(a)itc.rwth-aachen.de https://www.itc.rwth-aachen.de Social Media Kanäle des IT Centers: https://blog.rwth-aachen.de/itc/ https://www.facebook.com/itcenterrwth https://www.linkedin.com/company/itcenterrwth https://twitter.com/ITCenterRWTH https://www.youtube.com/c/ITCenterRWTHAachen

1 0