slh @slh@infosec.exchange
IT Security Engineer.
Joined Aug 2018
Drupal Critical Release - PSA-2019-02-19
https://www.drupal.org/psa-2019-02-19
Azure AD Connect for Red Teamers
https://blog.xpnsec.com/azuread-connect-for-redteam/
Kali Linux 2019.1 Released!
It includes kernel up to version 4.19.13 and patches for numerous bugs, along with many updated software, like Metasploit 5.0, theHarvester, DBeaver, and more.
https://amp.thehackernews.com/thn/2019/02/kali-linux-hackers-os.html
New #Phishing Attack That Even Most Vigilant Users Could Fall For.
https://thehackernews.com/2019/02/advance-phishing-login-page.html
https://thispersondoesnotexist.com uses AI to generate startling fake human faces.
When you visit the Website, you will likely see a face smiling back at you. Seems innocent enough -- until you realize the face is not actually real, but generated by a neural network algorithm.
https://www.cnet.com/news/this-website-uses-ai-to-generate-startling-fake-human-faces/
127 million user records from 8 companies put up for sale on the dark web.
The same individual sold 620 million user accounts from 16 other companies earlier this week.
https://www.zdnet.com/google-amp/article/127-million-user-records-from-8-companies-put-up-for-sale-on-the-dark-web/
#Mozilla has released a security update to address #vulnerabilities in #Thunderbird. An attacker could exploit some of these vulnerabilities to take control of an affected system.
Update now to 60.5.1 version!
Sources: https://www.us-cert.gov/ncas/current-activity/2019/02/14/Mozilla-Releases-Security-Update-Thunderbird and https://www.mozilla.org/en-US/security/advisories/mfsa2019-06/
Pwning WPA/WPA2 Networks With Bettercap and the PMKID Client-Less Attack
https://www.evilsocket.net/2019/02/13/Pwning-WiFi-networks-with-bettercap-and-the-PMKID-client-less-attack/
WordPress plugin flaw lets you take over entire sites.
Vulnerability found in social sharing plugin named "Simple Social Buttons," installed on more than 40,000 WordPress sites.
https://www.zdnet.com/google-amp/article/wordpress-plugin-flaw-lets-you-take-over-entire-sites/
AutoSploit: The Powerful Marriage of Shodan and Metasploit!
https://www.hackers-arise.com/single-post/2018/11/02/AutoSploit-The-Powerful-Marriage-of-Shodan-and-Metasploit
Vulnerabilities in OpenSSH:
Harry Sintonen from F-Secure Corporation discovered multiple vulnerabilities in OpenSSH, an implementation of the SSH protocol suite. All the vulnerabilities are in found in the scp client implementing the SCP protocol.
https://www.debian.org/security/2019/dsa-4387
New Google Tool Tells You If Your Password Is Unsafe
https://www.simplemost.com/this-new-google-tool-can-tell-you-if-your-password-is-unsafe/amp/
8 000 €, est le coût total d'un poste de travail infecté pour sa remédiation après intervention des professionnels de la chaîne IT avec indisponibilité de travail du collaborateur.
Source : Atelier sur les attaques cyber, AMRAE2019 événement de l'AMRAE, Association pour le Management des Risques et des Assurances de l'Entreprise
Les trottinettes Bird sont piratables avec un tournevis et 30 € (et la startup n’aime pas qu’on en parle) - Tech - Numerama
[Enquête Numerama] Détourner une trottinette Bird avec un simple kit à 30 dollars ? C'est possible. Parce qu'elle utilise des véhicules Xiaomi M365 standards très populaires, l'entreprise est plus ciblée que d'autres par des usagers mal intentionnés. Et ça l'empêche de trouver des solutions efficaces pour lutter contre ces pratiques.
CANalyzat0r - Security Analysis Toolkit For Proprietary Car Protocols
https://amp.kitploit.com/2019/02/canalyzat0r-security-analysis-toolkit.html?amp=1&m=1
How to Turn an Android Phone into a Hacking Device Without Root
https://null-byte.wonderhowto.com/how-to/android-for-hackers-turn-android-phone-into-hacking-device-without-root-0189649/
US Senators ask DHS (Department of Homeland Security) to look into US government workers using foreign VPNs.
Senators alarmed that US government workers may be sending sensitive traffic to China or Russia.
https://www.zdnet.com/google-amp/article/us-senators-ask-dhs-to-look-into-us-government-workers-using-foreign-vpns/
#fortinet #vulnerability Sweet32 Birthday attack in TLS.
The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a "Sweet32" attack.
IT Security Engineer.
Joined Aug 2018
