Введите текст для поиска
Расширенный поиск каналов

Бот для продажи рекламы в TG-канале

Подключай канал к SocialData и продавай больше рекламы
img
реклама

Воронка за 3 дня

Простая воронка для продажи наставничества и курсов
img
реклама

Надо было вчера

Про креатив и PR с неожиданных ракурсов от эксперта
img
реклама

Vulnerability Management and more

@avleonovcom
Гео и язык канала: не указан, Английский
Категория: Технологии

Vulnerability assessment, IT compliance management, security automation and other beautiful stuff. Discussion group for this channel: @avleonovchat. PM me @leonov_av

Связанные каналы  |  Похожие каналы
Гео и язык канала
не указан, Английский
Категория
Технологии
Статистика
Это ваш канал? Подтвердить История канала
Фильтр публикаций

Vulnerability Management and more

10 Apr, 03:23

Открыть в Telegram Поделиться Пожаловаться
First impressions of the April Microsoft Patch Tuesday. I don't even know what to write. 🤪 Very strange! 173 vulnerabilities, of which 23 were added since the last Patch Tuesday.

Microsoft flags one vulnerability as being exploited in the wild: Spoofing - Proxy Driver (CVE-2024-26234). And only Qualys briefly mentions it. Literally like this: "Microsoft has not disclosed any information about the vulnerability". 😅 ZDI also claims that Security Feature Bypass - SmartScreen Prompt (CVE-2024-29988) is being exploited in the wild, which is a Mark of the Web (MotW) bypass.

There are no exploits for anything yet. The following vulnerabilities can be highlighted:

🔸 Remote Code Execution - Microsoft Excel (CVE-2024-26257). Can be exploited by an attacker when the victim opens a specially crafted file.
🔸 Remote Code Execution - RPC (CVE-2024-20678). It is highlighted by ZDI, which also claims 1.3 million exposed TCP 135 ports.
🔸 Spoofing - Outlook for Windows (CVE-2024-20670). ZDI writes that this is an Information Disclosure vulnerability that can be used in NTLM relay attacks.
🔸 Remote Code Execution - Windows DNS Server (CVE-2024-26221, CVE-2024-26222, CVE-2024-26223, CVE-2024-26224, CVE-2024-26227, CVE-2024-26231, CVE-2024-26233). Maybe some of this will be exploited in the wild, ZDI particularly highlights CVE-2024-26221.
🔸 Remote Code Execution - Microsoft Defender for IoT (CVE-2024-21322, CVE-2024-21323, CVE-2024-29053). It is an IoT and ICS/OT security solution that can be deployed on-prem.

There are simply indecently massive fixes:

🔹 Remote Code Execution - Microsoft OLE DB Driver for SQL Server / Microsoft WDAC OLE DB Provider for SQL Server / Microsoft WDAC SQL Server ODBC Driver. 28 CVEs! I won’t even list everything here. 😨
🔹 Security Feature Bypass - Secure Boot. 23 CVEs!

🗒 Vulristics report

На русском

Upd. 10.04 I slightly tweaked the vulnerability type detection to increase the priority of the detection based on the Microsoft generated description compared to the detection based on CWE. In particular, the type of vulnerability for Spoofing - Proxy Driver (CVE-2024-26234) and Spoofing - Outlook for Windows (CVE-2024-20670) has changed.

@avleonovcom #Vulristics #PatchTuesday #Microsoft #ProxyDriver #Excel #RPC #Outlook #DNS #ZDI #Qualys #DefenderForIoT #OLE #SQLServer #SecureBoot
539 0 1 2
Vulnerability Management and more

10 Apr, 03:23

Открыть в Telegram Поделиться Пожаловаться
425 0 1 1
Vulnerability Management and more

9 Apr, 17:05

Открыть в Telegram Поделиться Пожаловаться
The digest of March trending vulnerabilities was published on the Positive Technologies website (in Russian). I also generated a Vulristics report for these vulnerabilities. There are 5 vulnerabilities in total.

🔻 For 3 vulnerabilities there are exploits and confirmed signs of exploitation in the wild: AuthBypass - TeamCity (CVE-2024-27198), RCE - FortiClientEMS (CVE-2023-48788), EoP - Windows Kernel (CVE-2024-21338).

🔻 For 2 more vulnerabilities there are no signs of exploitation in the wild yet, but there are exploits: EoP - Windows CLFS Driver (CVE-2023-36424), RCE - Microsoft Outlook (CVE-2024-21378).

На русском

@avleonovcom #Vulristics #PositiveTechnologies #JetBrains #TeamCity #Fortinet #Microsoft #TrendVulns
412 0 2 2
Vulnerability Management and more

31 Mar, 13:53

Открыть в Telegram Поделиться Пожаловаться
The fundamental Open Source vulnerability demonstrated by the XZ Utils backdoor is not technical at all. The fact is that the work of the communities responsible for writing commonly used code is based on more infantile principles than the work of children building a castle in a sandbox.

Some dedicated computer geeks on some mailing list somehow get organized and solve monstrously complex technical problems that affect hundreds of millions of people. 🤷‍♂️ Who are these geeks, what is their motivation, how adequate are the community leaders they choose? 🤔

As people familiar with the situation write, the backdoor in XZ Utils was allegedly added by a developer who, over the course of 2 years, joined the project, becoming its maintainer and main contributor. 😎 And the previous maintainer was gaslighted with the help of virtual trolls and was forced to share power. 🤷‍♂️ As a result, a Microsoft employee accidentally found the backdoor and raised the alarm.

На русском

@avleonovcom #XZUtils #OpenSource
791 0 4 3
Vulnerability Management and more

31 Mar, 02:59

Открыть в Telegram Поделиться Пожаловаться
For the January Elevation of Privilege (Local Privilege Escalation) - Linux Kernel (CVE-2024-1086), the write-up and PoC were released on March 26. The video demo for the script looks impressive: they run the script as a regular user and after a couple of seconds they get a root shell. According to the author, the exploit works with most Linux kernels between versions 5.14 and 6.6, including Debian, Ubuntu and KernelCTF.

🔻 The exploit requires kconfig CONFIG_USER_NS=y; sh command sysctl kernel.unprivileged_userns_clone = 1; kconfig CONFIG_NF_TABLES=y. The author writes that this is the default for Debian, Ubuntu, and KernelCTF, and for other distributions it is necessary to test it.
🔹 The exploit does not work with kernels v6.4> with kconfig CONFIG_INIT_ON_ALLOC_DEFAULT_ON=y (including Ubuntu v6.5)

NSFOCUS writes that Redhat is also vulnerable. 🤷‍♂️

На русском

@avleonovcom #nftables #Linux #Vulristics #EoP #LPE #MakeMeRoot #DirtyPagedirectory #NSFOCUS
624 0 4 3
Vulnerability Management and more

21 Mar, 23:25

Открыть в Telegram Поделиться Пожаловаться
I generated a report on the March Linux Patch Wednesday. 134 vulnerabilities, of which 68 are in the Linux Kernel. There are no vulnerabilities with signs of exploitation in the wild. There are 15 vulnerabilities with PoCs.

🔸 The top vulnerability is Command Injection - libuv (CVE-2024-24806). This is a multi-platform library for asynchronous I/O. An attacker could potentially access internal APIs.

🔸 For aiohttp there is a pack of Command Injection (CVE-2023-37276, CVE-2023-47627, CVE-2023-49082) and Security Feature Bypass (CVE-2023-47641, CVE-2023-49081) with PoCs. It is an asynchronous client/server HTTP framework. The vulns were patched only in Russian RedOS and Debian.

🔸There are problems with vulnerability types/products detection due to the NVD crisis (no CPE & CWE). 🤷‍♂️

🔸 The Linux Kernel team is now a CNA and is creating a ton of CVEs with monstrously large descriptions. Because they can! 😏

🗒 March Linux Patch Wednesday

На русском

@avleonovcom #LinuxPatchWednesday #Vulristics #libuv #aiohttp
798 0 2 3
Vulnerability Management and more

19 Mar, 01:29

Открыть в Telegram Поделиться Пожаловаться
Over the weekend, I achieved the first results in my open source vulnerability detection project Vuldetta. 😇

What I managed to do:

🔹 I parsed Ubuntu OVAL into simple detection rules based on package versions. The structure of Ubuntu OVAL is quite sophisticated, especially when it comes to detecting kernel vulnerabilities (not by packages, but by uname_test and variable_test 🤯). Despite the fact that OVAL content for each distribution version is downloaded in a separate file, distribution version checks are also implemented in OVAL. Now I just go through all the definitions, see which dpkginfo_test are used in the criteria and parse only them.

🔹 I made a primitive utility that uses these detection rules. Without any optimizations, parsing OVAL and calculating vulnerabilities takes 6.5 seconds. It works. 🙂👍

All code is available on Github. Next I will deal with kernel vulnerabilities, optimization and turn the code into an http API.

На русском

@avleonovcom #Vuldetta #Ubuntu
630 0 2 4
Vulnerability Management and more

17 Mar, 13:02

Открыть в Telegram Поделиться Пожаловаться
840 0 1
Показано 8 последних публикаций.