- rwth-security - lists.rwth-aachen.de

Living Off The Land Drivers
by Bernd Kohler 12 Apr '23

12 Apr '23

Hallo zusammen, sofern nicht selber schon gesehen/-lesen hier [0] FYI "Living Off The Land Drivers" --> curated list of Windows drivers used by adversaries to bypass security controls and carry out attacks. VG Bernd [0] https://www.loldrivers.io/ -- Bernd Kohler IT Center Abteilung: Netze RWTH Aachen University Wendlingweg 10 52074 Aachen Tel: +49 241 80-29793 Fax: +49 241 80-22666 kohler(a)itc.rwth-aachen.de https://www.itc.rwth-aachen.de Social Media Kanäle des IT Centers: https://blog.rwth-aachen.de/itc/ https://www.facebook.com/itcenterrwth https://www.linkedin.com/company/itcenterrwth https://twitter.com/ITCenterRWTH https://www.youtube.com/channel/UCKKDJJukeRwO0LP-ac8x8rQ

1 0

Nokoyawa ransomware attacks with Windows zero-day
by Bernd Kohler 12 Apr '23

12 Apr '23

Hallo zusammen, sofern nicht selber schon gesehen/-lesen hier [0] FYI "Nokoyawa ransomware attacks with Windows zero-day" --> inkl. IoC VG Bernd [0] https://securelist.com/nokoyawa-ransomware-attacks-with-windows-zero-day/10… -- Bernd Kohler IT Center Abteilung: Netze RWTH Aachen University Wendlingweg 10 52074 Aachen Tel: +49 241 80-29793 Fax: +49 241 80-22666 kohler(a)itc.rwth-aachen.de https://www.itc.rwth-aachen.de Social Media Kanäle des IT Centers: https://blog.rwth-aachen.de/itc/ https://www.facebook.com/itcenterrwth https://www.linkedin.com/company/itcenterrwth https://twitter.com/ITCenterRWTH https://www.youtube.com/channel/UCKKDJJukeRwO0LP-ac8x8rQ

1 0

Introducing Microsoft Security Copilot: Empowering defenders at the
by Bernd Kohler 29 Mar '23

29 Mar '23

Hallo zusammen, sofern nicht selber schon gesehen/-lesen hier [0] FYI "Introducing Microsoft Security Copilot: Empowering defenders at the speed of AI" VG Bernd [0] https://blogs.microsoft.com/blog/2023/03/28/introducing-microsoft-security-… -- Bernd Kohler IT Center Abteilung: Netze RWTH Aachen University Wendlingweg 10 52074 Aachen Tel: +49 241 80-29793 Fax: +49 241 80-22666 kohler(a)itc.rwth-aachen.de https://www.itc.rwth-aachen.de Social Media Kanäle des IT Centers: https://blog.rwth-aachen.de/itc/ https://www.facebook.com/itcenterrwth https://www.linkedin.com/company/itcenterrwth https://twitter.com/ITCenterRWTH https://www.youtube.com/channel/UCKKDJJukeRwO0LP-ac8x8rQ

1 0

Threat Advisory: Microsoft Outlook privilege escalation vulnerability
by Bernd Kohler 16 Mar '23

16 Mar '23

Hallo zusammen, sofern nicht selber schon gesehen/-lesen hier [0] FYI "Threat Advisory: Microsoft Outlook privilege escalation vulnerability being exploited in the wild" --> als Ergänzung zu [1] VG Bernd [0] https://blog.talosintelligence.com/outlook-privilege-escalation-vulnerabili… [1] https://msrc.microsoft.com/update-guide/vulnerability -- Bernd Kohler IT Center Abteilung: Netze RWTH Aachen University Wendlingweg 10 52074 Aachen Tel: +49 241 80-29793 Fax: +49 241 80-22666 kohler(a)itc.rwth-aachen.de https://www.itc.rwth-aachen.de Social Media Kanäle des IT Centers: https://blog.rwth-aachen.de/itc/ https://www.facebook.com/itcenterrwth https://www.linkedin.com/company/itcenterrwth https://twitter.com/ITCenterRWTH https://www.youtube.com/channel/UCKKDJJukeRwO0LP-ac8x8rQ

1 0

LastPass owner GoTo has been compromised
by Bernd Kohler 28 Feb '23

28 Feb '23

Hallo zusammen, sofern nicht selber schon gesehen/-lesen hier [0] FYI "Our response to a recent security incident" --> Status LastPass noch unbekannt, aber "...unusual activity within our development environment and third-party cloud storage service ..." VG Bernd [0] https://www.goto.com/blog/our-response-to-a-recent-security-incident# -- Bernd Kohler IT Center Abteilung: Netze RWTH Aachen University Wendlingweg 10 52074 Aachen Tel: +49 241 80-29793 Fax: +49 241 80-22666 kohler(a)itc.rwth-aachen.de www.itc.rwth-aachen.de Social Media Kanäle des IT Centers: https://blog.rwth-aachen.de/itc/ https://www.facebook.com/itcenterrwth https://www.linkedin.com/company/itcenterrwth https://twitter.com/ITCenterRWTH https://www.youtube.com/channel/UCKKDJJukeRwO0LP-ac8x8rQ

1 1

Removal of Windows edition checks for AppLocker
by Bernd Kohler 23 Feb '23

23 Feb '23

Hallo zusammen, sofern nicht selber schon gesehen/-lesen hier [0] FYI "Removal of Windows edition checks for AppLocker" VG Bernd [0] https://support.microsoft.com/en-us/topic/kb5024351-removal-of-windows-edit… -- Bernd Kohler IT Center Abteilung: Netze RWTH Aachen University Wendlingweg 10 52074 Aachen Tel: +49 241 80-29793 Fax: +49 241 80-22666 kohler(a)itc.rwth-aachen.de www.itc.rwth-aachen.de Social Media Kanäle des IT Centers: https://blog.rwth-aachen.de/itc/ https://www.facebook.com/itcenterrwth https://www.linkedin.com/company/itcenterrwth https://twitter.com/ITCenterRWTH https://www.youtube.com/channel/UCKKDJJukeRwO0LP-ac8x8rQ

1 0

BitB: Bowser in the browser phishing
by Jens Hektor 18 Feb '23

18 Feb '23

Hi, hier mal ein bemerkenswerter Artikel vom Internet Storm Center über eine "Browser in the Browser" Phishing Technik: https://isc.sans.edu/diary/HTML%20phishing%20attachment%20with%20browser-in… Es werden gefälschte Login Popups präsentiert, die echt aussehen, es aber nicht sind. Der Artikel schliesst mit den Worten, das in Awareness Trainings einzuschliessen. Hiermit getan ;-) Your turn! Gruß, Jens Hektor

1 0

ZeroSSL: XSS leading to session hijacking, stealing a private key
by Bernd Kohler 16 Feb '23

16 Feb '23

Hallo zusammen, sofern nicht selber schon gesehen/-lesen hier [0] FYI "ZeroSSL: XSS leading to session hijacking, stealing a private key (and a password hash)" --> wer also ZeroSSL genutzt hat, bitte prüfen/neu machen VG Bernd [0] https://groups.google.com/a/ccadb.org/g/public/c/kqtoGeEv5Fc -- Bernd Kohler IT Center Abteilung: Netze RWTH Aachen University Wendlingweg 10 52074 Aachen Tel: +49 241 80-29793 Fax: +49 241 80-22666 kohler(a)itc.rwth-aachen.de www.itc.rwth-aachen.de Social Media Kanäle des IT Centers: https://blog.rwth-aachen.de/itc/ https://www.facebook.com/itcenterrwth https://www.linkedin.com/company/itcenterrwth https://twitter.com/ITCenterRWTH https://www.youtube.com/channel/UCKKDJJukeRwO0LP-ac8x8rQ

1 0

NIST Selects ‘Lightweight Cryptography’ Algorithms to Protect Small Devices
by Bernd Kohler 09 Feb '23

09 Feb '23

Hallo zusammen, sofern nicht selber schon gesehen/-lesen hier [0] FYI "NIST Selects ‘Lightweight Cryptography’ Algorithms to Protect Small Devices" VG Bernd [0] https://www.nist.gov/news-events/news/2023/02/nist-selects-lightweight-cryp… -- Bernd Kohler IT Center Abteilung: Netze RWTH Aachen University Wendlingweg 10 52074 Aachen Tel: +49 241 80-29793 Fax: +49 241 80-22666 kohler(a)itc.rwth-aachen.de www.itc.rwth-aachen.de Social Media Kanäle des IT Centers: https://blog.rwth-aachen.de/itc/ https://www.facebook.com/itcenterrwth https://www.linkedin.com/company/itcenterrwth https://twitter.com/ITCenterRWTH https://www.youtube.com/channel/UCKKDJJukeRwO0LP-ac8x8rQ

1 0

Stealing the Bitlocker key from a TPM
by Bernd Kohler 09 Feb '23

09 Feb '23

Hallo zusammen, sofern nicht selber schon gesehen/-lesen hier [0] FYI "Stealing the Bitlocker key from a TPM" VG Bernd [0] https://astralvx.com/stealing-the-bitlocker-key-from-a-tpm/ -- Bernd Kohler IT Center Abteilung: Netze RWTH Aachen University Wendlingweg 10 52074 Aachen Tel: +49 241 80-29793 Fax: +49 241 80-22666 kohler(a)itc.rwth-aachen.de www.itc.rwth-aachen.de Social Media Kanäle des IT Centers: https://blog.rwth-aachen.de/itc/ https://www.facebook.com/itcenterrwth https://www.linkedin.com/company/itcenterrwth https://twitter.com/ITCenterRWTH https://www.youtube.com/channel/UCKKDJJukeRwO0LP-ac8x8rQ

1 0