Group Policies Going Rogue Security News & Discussion

---

• Group Policies Going Rogue
• Understanding Web Security Checks in Firefox (Part 1)
• PatchChecker - Finds Exploitable Vulnerabilities on Windows hosts, basically web-based Watson...
• The Art of automation, creating your own Alfred
• Crack hashes on Google Colab GPUs for free :)
• Pwn2Win 2020 - Hardware Trojan write-up
• SMBleedingGhost Writeup: Chaining SMBleed (CVE-2020-1206) with SMBGhost - ZecOps Blog
• serpentine - Windows RAT (Remote Administration Tool) with a multiplatform RESTful server
• New persistence technique using Windows Telemetry
• Online voting system made by Seattle-based 'Democracy Live' can be hacked to alter votes without detection according to a report by MIT and the University of Michigan
• Explaining how a wallpaper can break a phone and why it happened(summed up)
• RDP brute forcing continues to be a favorite entry point for ransomware actors. In this past month we saw activity from the Lockbit ransomware family.
• Google Engineer Uncovers Holes In Linux's Speculative Execution Mitigations
• A beginner question about CIDR notation
• ntlm_theft: A file payload generator for forcing targets to disclosure NTLMv2 hashes
• CallStranger CVE-2020-12695 Data Exfiltration & Reflected Amplified TCP DDOS & Port Scan via UPnP SUBSCRIBE Callback
• Is Your Database Secured? Think Again
• Vulnerability Report Generator & Repository
• GKE Kubelet TLS Bootstrap Privilege Escalation
• fwupd - S3 bucket takeover and CVE-2020-10759 signature verification bypass (500,000 unique IP addresses affected)

Group Policies Going Rogue Posted: 10 Jun 2020 01:19 AM PDT submitted by /u/0xdea [link] [comments]

Understanding Web Security Checks in Firefox (Part 1) Posted: 10 Jun 2020 01:01 AM PDT submitted by /u/mozfreddyb [link] [comments]

PatchChecker - Finds Exploitable Vulnerabilities on Windows hosts, basically web-based Watson... Posted: 09 Jun 2020 07:41 PM PDT submitted by /u/deadjakk [link] [comments]

The Art of automation, creating your own Alfred Posted: 10 Jun 2020 07:09 AM PDT submitted by /u/0xsha [link] [comments]

Crack hashes on Google Colab GPUs for free :) Posted: 09 Jun 2020 09:19 AM PDT submitted by /u/someshkar [link] [comments]

Pwn2Win 2020 - Hardware Trojan write-up Posted: 10 Jun 2020 09:42 AM PDT submitted by /u/alissonb [link] [comments]

SMBleedingGhost Writeup: Chaining SMBleed (CVE-2020-1206) with SMBGhost - ZecOps Blog Posted: 09 Jun 2020 01:58 PM PDT submitted by /u/m417z [link] [comments]

serpentine - Windows RAT (Remote Administration Tool) with a multiplatform RESTful server Posted: 10 Jun 2020 05:16 AM PDT submitted by /u/jafarlihi [link] [comments]

New persistence technique using Windows Telemetry Posted: 09 Jun 2020 10:52 AM PDT submitted by /u/oddvarmoe [link] [comments]

Online voting system made by Seattle-based 'Democracy Live' can be hacked to alter votes without detection according to a report by MIT and the University of Michigan Posted: 08 Jun 2020 08:09 PM PDT submitted by /u/kylecurator [link] [comments]

Explaining how a wallpaper can break a phone and why it happened(summed up) Posted: 09 Jun 2020 01:49 AM PDT So if you have maybe been living under a rock for the past couple of days a new image has surfaced that crashes android phones (specifically samsung and google). If you still aren't sure what I'm talking about this: https://mobileszone.co.uk/wp-content/uploads/2020/06/1591102601_Warning-This-wallpaper-could-break-your-Android-phone.jpg wallpaper has been known to break android phones but how? Ok so the picture isn't actually the original it's a edited version to make it more color rich, prophoto rgb is the color scale specifically, this is important for later! Ok so now why does this crash these phones? Since android can actually handle prophoto even thought it supports srgb (they are programmed to convert images from other color spaces to srgb, this is where the problem begins) this gets mildly more complicated as you can problably tell... So the problem is actually at this conversion, since the max value of red, green or blue pixel luminance is actually 255 there is one specific pixel in the photo which cannot be converted for the life of it. This pixel is the whole problem... For this particular pixel the red, green and blue values are all insanely high red:255 blue:243 green:255. So to know why this happened we need to look at the math behind luminance, luminance is basically brightness but just adjusted for the way we as humans see things. The luminance of a pixel on android is calculated by the following formula: 0.2126*red, 0.7152*green, 0.722*blue so what seems to be the error? Well google actually rounds up all of these numbers. The error and what's happening:so by the formula I explained in the above paragraph the values we should be getting are: 54.213 + 182.367 + 17.5446 = 254 which is still under the limit right? Well as I explained earlier google rounds up all of those numbers so we actually end up with a value around 256! This is over the theoretical max. ERROR! So normally if android runs into a problem like this it just closes the image, but you set it as your wallpaper remember? Thus it can't close it aaaaand bootloop you just broke a phone! Thanks for reading my more complicated explanation of what's going on! I got all my info from the following video: https://www.youtube.com/watch?v=iXKvwPjCGnY and I just tried to sum it up in a way that we all can understand it. submitted by /u/-_-qarmah-_- [link] [comments]

RDP brute forcing continues to be a favorite entry point for ransomware actors. In this past month we saw activity from the Lockbit ransomware family. Posted: 10 Jun 2020 09:10 AM PDT submitted by /u/TheDFIRReport [link] [comments]

Google Engineer Uncovers Holes In Linux's Speculative Execution Mitigations Posted: 09 Jun 2020 04:20 AM PDT submitted by /u/cn3m [link] [comments]

A beginner question about CIDR notation Posted: 10 Jun 2020 09:39 AM PDT submitted by /u/hacback17 [link] [comments]

ntlm_theft: A file payload generator for forcing targets to disclosure NTLMv2 hashes Posted: 09 Jun 2020 05:15 AM PDT submitted by /u/greenwolf247 [link] [comments]

CallStranger CVE-2020-12695 Data Exfiltration & Reflected Amplified TCP DDOS & Port Scan via UPnP SUBSCRIBE Callback Posted: 09 Jun 2020 05:33 AM PDT submitted by /u/flipsideCREATIONS [link] [comments]

Is Your Database Secured? Think Again Posted: 10 Jun 2020 12:33 AM PDT submitted by /u/mohammedmodi [link] [comments]

Vulnerability Report Generator & Repository Posted: 09 Jun 2020 01:06 AM PDT VULNRΞPO is a free open source project designed to speed up the creation of IT Security vulnerability reports. Complete templates of issues, AES encryption, Nessus/Burp/OpenVAS issues import, Jira export, TXT/HTML/PDF report, attachments, automatic changelog and statistics, vulnerability assessment, vulnerability management, secure issues sharing. The project is still in BETA version, ideas and suggestions are highly appreciated. ​ Online: https://vulnrepo.com/ Download: https://github.com/kac89/vulnrepo ​ Cheers! submitted by /u/Burns_Flipper_ [link] [comments]

GKE Kubelet TLS Bootstrap Privilege Escalation Posted: 09 Jun 2020 09:38 AM PDT submitted by /u/hackers_and_builders [link] [comments]

fwupd - S3 bucket takeover and CVE-2020-10759 signature verification bypass (500,000 unique IP addresses affected) Posted: 08 Jun 2020 06:29 PM PDT submitted by /u/Gallus [link] [comments]

You are subscribed to email updates from /r/netsec - Information Security News & Discussion. To stop receiving these emails, you may unsubscribe now.	Email delivery powered by Google
Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States