Background In our previous blog post, we talked about the recently-published DFSCoerce utility which is useful for forcing NTLM or Kerberos authentication by interacting with the Distributed File Service (DFS) over Remote Procedure Calls (RPC) on Windo…
Tag: Privilege Escalation
Europe, Global Security News, North America, Vulnerabilities
Chaining MFA-Enabled IAM Users with IAM Roles for Potential Privilege Escalation in AWS
by emmaline •
Overview In AWS, sts:AssumeRole is an action within AWS’s Security Token Service that allows existing IAM principals to access AWS resources to which they may not already have access. For example, Role A can assume Role B and then use Role B’s privile…
Malware Indicators (IoCs), Vulnerabilities
Microsoft Found Numerous Bugs Affecting Pre-Built Android Apps From Telcos
by Abeerah Hashim •
Microsoft discovered numerous bugs in an Android framework that numerous service providers use for their…
Microsoft Found Numerous Bugs Affecting Pre-Built Android Apps From Telcos on Latest Hacking News.
Malware Indicators (IoCs), Vulnerabilities
Serious Argo CD Vulnerability Could Allow Admin Access To The Attackers
by Abeerah Hashim •
A major security vulnerability existed in the Kubernetes continuous delivery tool Argo CD. Exploiting this…
Serious Argo CD Vulnerability Could Allow Admin Access To The Attackers on Latest Hacking News.
Malware Indicators (IoCs), Vulnerabilities
Microsoft Patch Tuesday May Fixed 75 Bugs Including Three Zero-Day Flaws
by Abeerah Hashim •
Heads up, Windows users! If you haven’t updated your PCs until now, make sure to…
Microsoft Patch Tuesday May Fixed 75 Bugs Including Three Zero-Day Flaws on Latest Hacking News.
Malware Indicators (IoCs), Vulnerabilities
Numerous “ExtraReplica” Bugs In Microsoft Azure Exposed Databases
by Abeerah Hashim •
Researchers have reported multiple bugs dubbed “ExtraReplica” affecting Microsoft Azure. Exploiting the vulnerabilities could allow…
Numerous “ExtraReplica” Bugs In Microsoft Azure Exposed Databases on Latest Hacking News.
Security Bloggers, Security Vendor News
Extra, Extra, VERT Reads All About It: Cybersecurity News for the Week of April 25, 2022
by Dylan D'Silva •
All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of April 25, 2022. I’ve als…
Malware Indicators (IoCs), Vulnerabilities
Multiple “Nimbuspwn” Vulnerabilities Allowed Linux Privilege Escalation
by Abeerah Hashim •
The tech giant Microsoft has recently shared details about multiple vulnerabilities affecting Linux systems. Identified…
Multiple “Nimbuspwn” Vulnerabilities Allowed Linux Privilege Escalation on Latest Hacking News.
Malware Indicators (IoCs), Vulnerabilities
Lenovo Fixed UEFI Driver Bugs Affecting 100+ Laptop Models
by Abeerah Hashim •
The tech giant Lenovo has recently addressed some serious UEFI driver bugs. The vulnerabilities affected…
Lenovo Fixed UEFI Driver Bugs Affecting 100+ Laptop Models on Latest Hacking News.
Malware Indicators (IoCs), Vulnerabilities
Microsoft April Patch Tuesday Is Huge, Fixed 128 Bugs
by Abeerah Hashim •
Microsoft has rolled out the scheduled Patch Tuesday updates for April. This one is huge…
Microsoft April Patch Tuesday Is Huge, Fixed 128 Bugs on Latest Hacking News.
Europe, Global Security News, North America
Record High Ransomware Payouts in 2021 as Extortion Evolves
by Nathan Eddy •
Flush with cash from successful ransomware campaigns, cybercriminals are investing in more sophisticated technology and using new tactics to drive up ransomware payments even further, with the Conti ransomware group responsible for the most activity i…
Malware Indicators (IoCs), Vulnerabilities
Microsoft Patch Tuesday March Addressed 71 Bugs Including 3 Zero-Day
by Abeerah Hashim •
The Redmond giant’s monthly scheduled updates have arrived this week. With March Patch Tuesday, Microsoft…
Microsoft Patch Tuesday March Addressed 71 Bugs Including 3 Zero-Day on Latest Hacking News.
Malware Indicators (IoCs), Vulnerabilities
Microsoft February Patch Tuesday Addresses 51 Bugs Including A Zero-Day
by Abeerah Hashim •
As scheduled, the monthly Patch Tuesday updates from Microsoft have arrived for February containing a…
Microsoft February Patch Tuesday Addresses 51 Bugs Including A Zero-Day on Latest Hacking News.
Malware Indicators (IoCs), Vulnerabilities
PwnKit Linux Vulnerability Discovered And Fixed After 12 Years
by Abeerah Hashim •
Researchers have discovered a new Linux vulnerability, dubbed “PwnKit” which has riddled various Linux distros…
PwnKit Linux Vulnerability Discovered And Fixed After 12 Years on Latest Hacking News.
Malware Indicators (IoCs), Vulnerabilities
Microsoft January Patch Tuesday Addresses 96 Vulnerabilities
by Abeerah Hashim •
Microsoft January Patch Tuesday update bundle has arrived with significant security fixes. Specifically, it includes…
Microsoft January Patch Tuesday Addresses 96 Vulnerabilities on Latest Hacking News.
Europe, Global Security News, North America
DEF CON 29 Adversary Village – Carlos Polop’s ‘New Generation Of PEAS’
by Marc Handelman •
Our thanks to DEFCON for publishing their outstanding DEFCON 29 Adversary Village videos on the Conferences’ YouTube channel.
Permalink
The post DEF CON 29 Adversary Village – Carlos Polop’s ‘New Generation Of PEAS’ appeared f…