Daily NCSC-FI news followup 2020-08-23

Remote Desktop (TCP/3389) and Telnet (TCP/23), What might they have in Common?

isc.sans.edu/forums/diary/Remote+Desktop+TCP3389+and+Telnet+TCP23+What+might+they+have+in+Common/26492/ I’m glad you asked. I’m always interested in trends and reviewing the activity capture by my honeypot over this past week, it shows that no matter what port the RDP service is listening on, a specific RDP string (Cookie: mstshash=) might be sent to any ports to find out if it is listing for this service.

2020 CWE Top 25 Most Dangerous Software Weaknesses

cwe.mitre.org/top25/archive/2020/2020_cwe_top25.html The 2020 Common Weakness Enumeration (CWE) Top 25 Most Dangerous Software Weaknesses (CWE Top 25) is a demonstrative list of the most common and impactful issues experienced over the previous two calendar years. These weaknesses are dangerous because they are often easy to find, exploit, and can allow adversaries to completely take over a system, steal data, or prevent an application from working.

Emotet Malware Over the Years: The History of an Active Cyber-Threat

heimdalsecurity.com/blog/emotet-malware-history/ Malware strains come and go while Internet users become more and more accustomed to online threats being dealt with swiftly by the competent authorities. But what happens when a Trojan constantly eludes everyones best efforts to stop it in its tracks?. In this article, I will go over the complex history of one of the longest-running cybercrime operations in recent history, Emotet. Keep reading to find out what it is, how it operates, and what it uses to take control of an entire network.

Why you should always scan UDP ports (part 2/2)

medium.com/bugbountywriteup/why-you-should-always-scan-udp-part-2-2-42050fb136d8 We finished part 1 having gained unprivileged access to a host in a new network. Afterwards, we wanted to gain privileges to continue. This is how we did it.. Part 1:

medium.com/bugbountywriteup/why-you-should-always-scan-udp-ports-part-1-2-d8ee7eb26727. In this story well see how we exploited snmp vulnerabilities, used a Jenkins console to call a reverse shell, bypassed firewall rules, worked around AppArmor and exploited bash injections to escalate privileges, amongst other things.

You might be interested in …

Daily NCSC-FI news followup 2019-11-15

Clampdown on US border device searches not such a big deal www.zdnet.com/article/clampdown-on-us-border-device-searches-not-such-a-big-deal/#ftag=RSSbaffb68 Alasaad v. Mcaleenan acknowledges the intrusiveness of digital searches, but it’s only about “contraband” and falls short of requiring a warrant. It’s time for SCOTUS and Congress to dig deeper, say experts. New Emotet Report Details Threats From One of the Worlds Most […]

Read More

Daily NCSC-FI news followup 2020-07-05

CVE-2020-5902 F5 BIG-IP Exploitation Attempt isc.sans.edu/diary/CVE-2020-5902+F5+BIG-IP+Exploitation+Attempt/26310 A quick heads-up: we are seeing scans for F5 BIG-IP’s vulnerability CVE-2020-5902. Apple iOS 14 Alerts Reveal Reddit App Is Reading User Clipboard Data www.forbes.com/sites/daveywinder/2020/07/05/reddit-latest-to-get-caught-by-apple-ios-14-clipboard-data-copying-alerts-iphone-privacy/ Yesterday it was LinkedIn that was making the news after being exposed by Apple’s iOS 14 new privacy notification feature. The same developer that […]

Read More

Daily NCSC-FI news followup 2020-03-12

Critical Patch Released for ‘Wormable’ SMBv3 Vulnerability Install It ASAP! thehackernews.com/2020/03/patch-wormable-smb-vulnerability.html Microsoft today finally released an emergency software update to patch the recently disclosed very dangerous vulnerability in SMBv3 protocol that could let attackers launch wormable malware, which can propagate itself from one vulnerable computer to another automatically.. see also www.kyberturvallisuuskeskus.fi/fi/kriittinen-haavoittuvuus-microsoftin-smbv3-toteutuksessa 48K Windows Hosts Vulnerable […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.