#printnightmare — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #printnightmare, aggregated by home.social.
-
Potatoes, EternalBlue, PrintNightmare: способы детектирования уязвимостей протокола SMB
Всем привет! Меня зовут Влад Кузнецов, я аналитик SOC в К2 Кибербезопасность . SMB — один из самых распространенных протоколов сетевой коммуникации для безопасного управления файлами и различными службами удаленного сервера. Несмотря на свою незаменимость, протокол SMB может быть отличной лазейкой для хакерских атак. В этой статье я расскажу о принципах эксплуатации и способах детектирования таких уязвимостей, как Potatoes, EternalBlue, PrintNightmare, а также о скрипте SMBExec. В конце материала вы найдете подробную информацию о настройке политик расширенного аудита и список общих рекомендаций по локализации и устранению уязвимостей, связанных с протоколом SMB.
https://habr.com/ru/companies/k2tech/articles/892202/
#smb #smb_протокол #уязвимости #уязвимость #rottenpotato #eternalblue #printnightmare #сетевой_протокол #кибербезопасность #информационная_безопасность
-
Potatoes, EternalBlue, PrintNightmare: способы детектирования уязвимостей протокола SMB
Всем привет! Меня зовут Влад Кузнецов, я аналитик SOC в К2 Кибербезопасность . SMB — один из самых распространенных протоколов сетевой коммуникации для безопасного управления файлами и различными службами удаленного сервера. Несмотря на свою незаменимость, протокол SMB может быть отличной лазейкой для хакерских атак. В этой статье я расскажу о принципах эксплуатации и способах детектирования таких уязвимостей, как Potatoes, EternalBlue, PrintNightmare, а также о скрипте SMBExec. В конце материала вы найдете подробную информацию о настройке политик расширенного аудита и список общих рекомендаций по локализации и устранению уязвимостей, связанных с протоколом SMB.
https://habr.com/ru/companies/k2tech/articles/892202/
#smb #smb_протокол #уязвимости #уязвимость #rottenpotato #eternalblue #printnightmare #сетевой_протокол #кибербезопасность #информационная_безопасность
-
Potatoes, EternalBlue, PrintNightmare: способы детектирования уязвимостей протокола SMB
Всем привет! Меня зовут Влад Кузнецов, я аналитик SOC в К2 Кибербезопасность . SMB — один из самых распространенных протоколов сетевой коммуникации для безопасного управления файлами и различными службами удаленного сервера. Несмотря на свою незаменимость, протокол SMB может быть отличной лазейкой для хакерских атак. В этой статье я расскажу о принципах эксплуатации и способах детектирования таких уязвимостей, как Potatoes, EternalBlue, PrintNightmare, а также о скрипте SMBExec. В конце материала вы найдете подробную информацию о настройке политик расширенного аудита и список общих рекомендаций по локализации и устранению уязвимостей, связанных с протоколом SMB.
https://habr.com/ru/companies/k2tech/articles/892202/
#smb #smb_протокол #уязвимости #уязвимость #rottenpotato #eternalblue #printnightmare #сетевой_протокол #кибербезопасность #информационная_безопасность
-
Potatoes, EternalBlue, PrintNightmare: способы детектирования уязвимостей протокола SMB
Всем привет! Меня зовут Влад Кузнецов, я аналитик SOC в К2 Кибербезопасность . SMB — один из самых распространенных протоколов сетевой коммуникации для безопасного управления файлами и различными службами удаленного сервера. Несмотря на свою незаменимость, протокол SMB может быть отличной лазейкой для хакерских атак. В этой статье я расскажу о принципах эксплуатации и способах детектирования таких уязвимостей, как Potatoes, EternalBlue, PrintNightmare, а также о скрипте SMBExec. В конце материала вы найдете подробную информацию о настройке политик расширенного аудита и список общих рекомендаций по локализации и устранению уязвимостей, связанных с протоколом SMB.
https://habr.com/ru/companies/k2tech/articles/892202/
#smb #smb_протокол #уязвимости #уязвимость #rottenpotato #eternalblue #printnightmare #сетевой_протокол #кибербезопасность #информационная_безопасность
-
𝐇𝐎𝐖 𝐓𝐎 𝐃𝐈𝐒𝐀𝐁𝐋𝐄 𝐏𝐑𝐈𝐍𝐓 𝐒𝐏𝐎𝐎𝐋𝐄𝐑 𝐎𝐍 𝐃𝐎𝐌𝐀𝐈𝐍 𝐂𝐎𝐍𝐓𝐑𝐎𝐋𝐋𝐄𝐑𝐒
Print Spooler is a service that takes care of print management. This includes, but is not limited to, managing printer drivers, scheduling print jobs, etc.
Print Spooler had a critical vulnerability in the past referred to as PrintNightmare (CVE-2021-34527). This vulnerability allowed attackers to execute code with administrator privileges.
The Print Spooler vulnerability was patched promptly, so if you have updated systems, the immediate risk associated with PrintNightmare is no longer present. And for normal systems, it is usually not feasible to disable Print Spooler. It would make printing impossible, which is usually not desirable.
But domain controllers are a critical part of Active Directory and need to be as secure as possible, which means blocking everything that is not needed. And you certainly should not need to print on domain controllers, so it’s a good idea to disable Print Spooler on domain controllers.
📺 Watch my YouTube video bellow on how to disable Print Spooler on Domain Controllers 👇 👇
https://youtu.be/O80HHKdnbcQ#cswlrd #printspooler #domaincontrollers #printnightmare #videotutorial
-
𝐇𝐎𝐖 𝐓𝐎 𝐃𝐈𝐒𝐀𝐁𝐋𝐄 𝐏𝐑𝐈𝐍𝐓 𝐒𝐏𝐎𝐎𝐋𝐄𝐑 𝐎𝐍 𝐃𝐎𝐌𝐀𝐈𝐍 𝐂𝐎𝐍𝐓𝐑𝐎𝐋𝐋𝐄𝐑𝐒
Print Spooler is a service that takes care of print management. This includes, but is not limited to, managing printer drivers, scheduling print jobs, etc.
Print Spooler had a critical vulnerability in the past referred to as PrintNightmare (CVE-2021-34527). This vulnerability allowed attackers to execute code with administrator privileges.
The Print Spooler vulnerability was patched promptly, so if you have updated systems, the immediate risk associated with PrintNightmare is no longer present. And for normal systems, it is usually not feasible to disable Print Spooler. It would make printing impossible, which is usually not desirable.
But domain controllers are a critical part of Active Directory and need to be as secure as possible, which means blocking everything that is not needed. And you certainly should not need to print on domain controllers, so it’s a good idea to disable Print Spooler on domain controllers.
📺 Watch my YouTube video bellow on how to disable Print Spooler on Domain Controllers 👇 👇
https://youtu.be/O80HHKdnbcQ#cswlrd #printspooler #domaincontrollers #printnightmare #videotutorial
-
𝐇𝐎𝐖 𝐓𝐎 𝐃𝐈𝐒𝐀𝐁𝐋𝐄 𝐏𝐑𝐈𝐍𝐓 𝐒𝐏𝐎𝐎𝐋𝐄𝐑 𝐎𝐍 𝐃𝐎𝐌𝐀𝐈𝐍 𝐂𝐎𝐍𝐓𝐑𝐎𝐋𝐋𝐄𝐑𝐒
Print Spooler is a service that takes care of print management. This includes, but is not limited to, managing printer drivers, scheduling print jobs, etc.
Print Spooler had a critical vulnerability in the past referred to as PrintNightmare (CVE-2021-34527). This vulnerability allowed attackers to execute code with administrator privileges.
The Print Spooler vulnerability was patched promptly, so if you have updated systems, the immediate risk associated with PrintNightmare is no longer present. And for normal systems, it is usually not feasible to disable Print Spooler. It would make printing impossible, which is usually not desirable.
But domain controllers are a critical part of Active Directory and need to be as secure as possible, which means blocking everything that is not needed. And you certainly should not need to print on domain controllers, so it’s a good idea to disable Print Spooler on domain controllers.
📺 Watch my YouTube video bellow on how to disable Print Spooler on Domain Controllers 👇 👇
https://youtu.be/O80HHKdnbcQ#cswlrd #printspooler #domaincontrollers #printnightmare #videotutorial
-
𝐇𝐎𝐖 𝐓𝐎 𝐃𝐈𝐒𝐀𝐁𝐋𝐄 𝐏𝐑𝐈𝐍𝐓 𝐒𝐏𝐎𝐎𝐋𝐄𝐑 𝐎𝐍 𝐃𝐎𝐌𝐀𝐈𝐍 𝐂𝐎𝐍𝐓𝐑𝐎𝐋𝐋𝐄𝐑𝐒
Print Spooler is a service that takes care of print management. This includes, but is not limited to, managing printer drivers, scheduling print jobs, etc.
Print Spooler had a critical vulnerability in the past referred to as PrintNightmare (CVE-2021-34527). This vulnerability allowed attackers to execute code with administrator privileges.
The Print Spooler vulnerability was patched promptly, so if you have updated systems, the immediate risk associated with PrintNightmare is no longer present. And for normal systems, it is usually not feasible to disable Print Spooler. It would make printing impossible, which is usually not desirable.
But domain controllers are a critical part of Active Directory and need to be as secure as possible, which means blocking everything that is not needed. And you certainly should not need to print on domain controllers, so it’s a good idea to disable Print Spooler on domain controllers.
📺 Watch my YouTube video bellow on how to disable Print Spooler on Domain Controllers 👇 👇
https://youtu.be/O80HHKdnbcQ#cswlrd #printspooler #domaincontrollers #printnightmare #videotutorial
-
PrintNightmare Aftermath: Windows Print Spooler is Better. What’s Next? – Source: www.darkreading.com https://ciso2ciso.com/printnightmare-aftermath-windows-print-spooler-is-better-whats-next-source-www-darkreading-com/ #rssfeedpostgeneratorecho #DarkReadingSecurity #CyberSecurityNews #PrintNightmare #DARKReading
-
🆕 New blog post! "The PrintNightmare is not Over Yet"
ℹ️ In this article, I take a look back at a previous post I wrote earlier this year about PrintNightmare. It turns out the Point and Print configuration I recommended at the end is still prone to Man-in-the-Middle attacks. So, I discuss that here, as well as additional mitigation I considered.
Props to @parzel and @l4x4 who both reported this issue to me.
-
🆕 New blog post! "The PrintNightmare is not Over Yet"
ℹ️ In this article, I take a look back at a previous post I wrote earlier this year about PrintNightmare. It turns out the Point and Print configuration I recommended at the end is still prone to Man-in-the-Middle attacks. So, I discuss that here, as well as additional mitigation I considered.
Props to @parzel and @l4x4 who both reported this issue to me.
-
🆕 New blog post! "The PrintNightmare is not Over Yet"
ℹ️ In this article, I take a look back at a previous post I wrote earlier this year about PrintNightmare. It turns out the Point and Print configuration I recommended at the end is still prone to Man-in-the-Middle attacks. So, I discuss that here, as well as additional mitigation I considered.
Props to @parzel and @l4x4 who both reported this issue to me.
-
🆕 New blog post! "The PrintNightmare is not Over Yet"
ℹ️ In this article, I take a look back at a previous post I wrote earlier this year about PrintNightmare. It turns out the Point and Print configuration I recommended at the end is still prone to Man-in-the-Middle attacks. So, I discuss that here, as well as additional mitigation I considered.
Props to @parzel and @l4x4 who both reported this issue to me.
-
🆕 New blog post! "The PrintNightmare is not Over Yet"
ℹ️ In this article, I take a look back at a previous post I wrote earlier this year about PrintNightmare. It turns out the Point and Print configuration I recommended at the end is still prone to Man-in-the-Middle attacks. So, I discuss that here, as well as additional mitigation I considered.
Props to @parzel and @l4x4 who both reported this issue to me.
-
Another Hypetweet FAIL
#CUPS vuln isnt exactly nothing. It's an rce vulnerability and is now exploitable. however it isnt #Printnightmare.
Im firmly of the opinion that one should either fully disclose or coordinate disclosure of vulnerabilities.
anything else just panics people, harms our ability to respond to real threats, and distracts from things that really matter.
pick a lane.
-
Another Hypetweet FAIL
#CUPS vuln isnt exactly nothing. It's an rce vulnerability and is now exploitable. however it isnt #Printnightmare.
Im firmly of the opinion that one should either fully disclose or coordinate disclosure of vulnerabilities.
anything else just panics people, harms our ability to respond to real threats, and distracts from things that really matter.
pick a lane.
-
Another Hypetweet FAIL
#CUPS vuln isnt exactly nothing. It's an rce vulnerability and is now exploitable. however it isnt #Printnightmare.
Im firmly of the opinion that one should either fully disclose or coordinate disclosure of vulnerabilities.
anything else just panics people, harms our ability to respond to real threats, and distracts from things that really matter.
pick a lane.
-
Print Spooler is a service that takes care of print management. This includes, but is not limited to, managing printer drivers, scheduling print jobs, etc.
Print Spooler had a critical vulnerability in the past referred to as PrintNightmare (CVE-2021-34527). This vulnerability allowed attackers to execute code with administrator privileges.
The Print Spooler vulnerability was patched promptly, so if you have updated systems, the immediate risk associated with PrintNightmare is no longer present. And for normal systems, it is usually not feasible to disable Print Spooler. It would make printing impossible, which is usually not desirable.
But domain controllers are a critical part of Active Directory and need to be as secure as possible, which means blocking everything that is not needed. And you certainly should not need to print on domain controllers, so it’s a good idea to disable Print Spooler on domain controllers.
📺 𝐖𝐚𝐭𝐜𝐡 𝐭𝐡𝐞 𝐫𝐞𝐜𝐨𝐫𝐝𝐢𝐧𝐠 𝐨𝐧 𝐏𝐚𝐭𝐫𝐞𝐨𝐧 (English)
https://www.patreon.com/posts/how-to-disable-106780220?utm_medium=clipboard_copy&utm_source=copyLink&utm_campaign=postshare_creator&utm_content=join_link📺 𝐖𝐚𝐭𝐜𝐡 𝐭𝐡𝐞 𝐫𝐞𝐜𝐨𝐫𝐝𝐢𝐧𝐠 𝐨𝐧 𝐅𝐨𝐫𝐞𝐧𝐝𝐨𝐫𝐬 (Czech)
https://www.forendors.cz/p/39ff110621ce2c644f22b4208dbd07d4📺 𝐖𝐚𝐭𝐜𝐡 𝐭𝐡𝐞 𝐫𝐞𝐜𝐨𝐫𝐝𝐢𝐧𝐠 𝐨𝐧 𝐇𝐞𝐫𝐨𝐡𝐞𝐫𝐨 (Czech)
https://herohero.co/cswrld/post/bceroxowdykkdetywahfshfeaca👍Share, like, comment!
-
Print Spooler is a service that takes care of print management. This includes, but is not limited to, managing printer drivers, scheduling print jobs, etc.
Print Spooler had a critical vulnerability in the past referred to as PrintNightmare (CVE-2021-34527). This vulnerability allowed attackers to execute code with administrator privileges.
The Print Spooler vulnerability was patched promptly, so if you have updated systems, the immediate risk associated with PrintNightmare is no longer present. And for normal systems, it is usually not feasible to disable Print Spooler. It would make printing impossible, which is usually not desirable.
But domain controllers are a critical part of Active Directory and need to be as secure as possible, which means blocking everything that is not needed. And you certainly should not need to print on domain controllers, so it’s a good idea to disable Print Spooler on domain controllers.
📺 𝐖𝐚𝐭𝐜𝐡 𝐭𝐡𝐞 𝐫𝐞𝐜𝐨𝐫𝐝𝐢𝐧𝐠 𝐨𝐧 𝐏𝐚𝐭𝐫𝐞𝐨𝐧 (English)
https://www.patreon.com/posts/how-to-disable-106780220?utm_medium=clipboard_copy&utm_source=copyLink&utm_campaign=postshare_creator&utm_content=join_link📺 𝐖𝐚𝐭𝐜𝐡 𝐭𝐡𝐞 𝐫𝐞𝐜𝐨𝐫𝐝𝐢𝐧𝐠 𝐨𝐧 𝐅𝐨𝐫𝐞𝐧𝐝𝐨𝐫𝐬 (Czech)
https://www.forendors.cz/p/39ff110621ce2c644f22b4208dbd07d4📺 𝐖𝐚𝐭𝐜𝐡 𝐭𝐡𝐞 𝐫𝐞𝐜𝐨𝐫𝐝𝐢𝐧𝐠 𝐨𝐧 𝐇𝐞𝐫𝐨𝐡𝐞𝐫𝐨 (Czech)
https://herohero.co/cswrld/post/bceroxowdykkdetywahfshfeaca👍Share, like, comment!
-
Print Spooler is a service that takes care of print management. This includes, but is not limited to, managing printer drivers, scheduling print jobs, etc.
Print Spooler had a critical vulnerability in the past referred to as PrintNightmare (CVE-2021-34527). This vulnerability allowed attackers to execute code with administrator privileges.
The Print Spooler vulnerability was patched promptly, so if you have updated systems, the immediate risk associated with PrintNightmare is no longer present. And for normal systems, it is usually not feasible to disable Print Spooler. It would make printing impossible, which is usually not desirable.
But domain controllers are a critical part of Active Directory and need to be as secure as possible, which means blocking everything that is not needed. And you certainly should not need to print on domain controllers, so it’s a good idea to disable Print Spooler on domain controllers.
📺 𝐖𝐚𝐭𝐜𝐡 𝐭𝐡𝐞 𝐫𝐞𝐜𝐨𝐫𝐝𝐢𝐧𝐠 𝐨𝐧 𝐏𝐚𝐭𝐫𝐞𝐨𝐧 (English)
https://www.patreon.com/posts/how-to-disable-106780220?utm_medium=clipboard_copy&utm_source=copyLink&utm_campaign=postshare_creator&utm_content=join_link📺 𝐖𝐚𝐭𝐜𝐡 𝐭𝐡𝐞 𝐫𝐞𝐜𝐨𝐫𝐝𝐢𝐧𝐠 𝐨𝐧 𝐅𝐨𝐫𝐞𝐧𝐝𝐨𝐫𝐬 (Czech)
https://www.forendors.cz/p/39ff110621ce2c644f22b4208dbd07d4📺 𝐖𝐚𝐭𝐜𝐡 𝐭𝐡𝐞 𝐫𝐞𝐜𝐨𝐫𝐝𝐢𝐧𝐠 𝐨𝐧 𝐇𝐞𝐫𝐨𝐡𝐞𝐫𝐨 (Czech)
https://herohero.co/cswrld/post/bceroxowdykkdetywahfshfeaca👍Share, like, comment!
-
Print Spooler is a service that takes care of print management. This includes, but is not limited to, managing printer drivers, scheduling print jobs, etc.
Print Spooler had a critical vulnerability in the past referred to as PrintNightmare (CVE-2021-34527). This vulnerability allowed attackers to execute code with administrator privileges.
The Print Spooler vulnerability was patched promptly, so if you have updated systems, the immediate risk associated with PrintNightmare is no longer present. And for normal systems, it is usually not feasible to disable Print Spooler. It would make printing impossible, which is usually not desirable.
But domain controllers are a critical part of Active Directory and need to be as secure as possible, which means blocking everything that is not needed. And you certainly should not need to print on domain controllers, so it’s a good idea to disable Print Spooler on domain controllers.
📺 𝐖𝐚𝐭𝐜𝐡 𝐭𝐡𝐞 𝐫𝐞𝐜𝐨𝐫𝐝𝐢𝐧𝐠 𝐨𝐧 𝐏𝐚𝐭𝐫𝐞𝐨𝐧 (English)
https://www.patreon.com/posts/how-to-disable-106780220?utm_medium=clipboard_copy&utm_source=copyLink&utm_campaign=postshare_creator&utm_content=join_link📺 𝐖𝐚𝐭𝐜𝐡 𝐭𝐡𝐞 𝐫𝐞𝐜𝐨𝐫𝐝𝐢𝐧𝐠 𝐨𝐧 𝐅𝐨𝐫𝐞𝐧𝐝𝐨𝐫𝐬 (Czech)
https://www.forendors.cz/p/39ff110621ce2c644f22b4208dbd07d4📺 𝐖𝐚𝐭𝐜𝐡 𝐭𝐡𝐞 𝐫𝐞𝐜𝐨𝐫𝐝𝐢𝐧𝐠 𝐨𝐧 𝐇𝐞𝐫𝐨𝐡𝐞𝐫𝐨 (Czech)
https://herohero.co/cswrld/post/bceroxowdykkdetywahfshfeaca👍Share, like, comment!
-
A Practical Guide to #Windows #PrintNightmare in 2024 by @itm4n
-
Что общего между PetitPotam, NTLM Relay и PrintNighmare? Рассказываем, к чему может привести отсутствие обновлений
Команда Центра кибербезопасности УЦСБ продолжает рассказывать о самых интересных практиках пентеста. Напоминаем, что в прошлой статье мы писали о том, как нам удалось пробить периметр с двух точек: Windows- и Linux-серверов, а также захватить внутреннюю инфраструктуру компании. В этот раз мы покажем, как компрометация домена Active Directory (AD) может привести к полной остановке деятельности компании на неопределенное время. Надеемся, наши кейсы будут вам полезны, а этот опыт позволит избежать схожих проблем!
https://habr.com/ru/articles/787018/
#информационная_безопасность #пентест #activedirectory #petitpotam #ntlm_relay #printnightmare
-
Happy Monday everyone!
I am sifting through the Cisco Talos Intelligence Group "Year In Review" report that was recently published and highlighting some of the things that I found useful/interesting from my perspective.
Top Targeted Vulnerabilities:
7/10 of the top CVE's belonged to #Microsoft. Now I am not pointing fingers, I think it is there simply because the vast majority of environments are Windows.
What IS concerning is that there are multiple vulnerabilities that were being exploited that were either 10 years old or ALMOST 10 years old.
8/10 of the top CVE's had a score of 9 or above.One of these CVE's was CVE-2021-1675, which is a remote code execution vulnerability that exists when the Windows Print Spooler service improperly performs privileged file operations. One product of this vulnerability was the #PrintNightmare exploit that was leveraged by the #Magniber ransomware group.
Stay tuned for more as we work our way through this report! Enjoy and Happy Hunting!
https://blog.talosintelligence.com/talos-year-in-review-2022/
-
Do you have Print Spooler enabled on your Domain Controllers? Do you know that the PrintNightmare critical vulnerability was related to the Print Spooler service?
Print Spooler should be disabled on Domain Controllers completely. You can easily disable it via GPO. #cybersecurity #tip #ad #dc #printspooler #printnightmare https://www.cswrld.com/2023/12/how-to-disable-print-spooler-on-domain-controllers/
-
Do you have Print Spooler enabled on your Domain Controllers? Do you know that the PrintNightmare critical vulnerability was related to the Print Spooler service?
Print Spooler should be disabled on Domain Controllers completely. You can easily disable it via GPO. #cybersecurity #tip #ad #dc #printspooler #printnightmare https://www.cswrld.com/2023/12/how-to-disable-print-spooler-on-domain-controllers/
-
Do you have Print Spooler enabled on your Domain Controllers? Do you know that the PrintNightmare critical vulnerability was related to the Print Spooler service?
Print Spooler should be disabled on Domain Controllers completely. You can easily disable it via GPO. #cybersecurity #tip #ad #dc #printspooler #printnightmare https://www.cswrld.com/2023/12/how-to-disable-print-spooler-on-domain-controllers/
-
Do you have Print Spooler enabled on your Domain Controllers? Do you know that the PrintNightmare critical vulnerability was related to the Print Spooler service?
Print Spooler should be disabled on Domain Controllers completely. You can easily disable it via GPO. #cybersecurity #tip #ad #dc #printspooler #printnightmare https://www.cswrld.com/2023/12/how-to-disable-print-spooler-on-domain-controllers/
-
Do you have Print Spooler enabled on your Domain Controllers? Do you know that the PrintNightmare critical vulnerability was related to the Print Spooler service?
Print Spooler should be disabled on Domain Controllers completely. You can easily disable it via GPO. #cybersecurity #tip #ad #dc #printspooler #printnightmare https://www.cswrld.com/2023/12/how-to-disable-print-spooler-on-domain-controllers/
-
Ich habe einen Hacker-Spickzettel geschrieben, den ich bei CTFs oder Pentests benutze: https://www.1337.observer
Neben kleineren Tricks, wie verschiedene Hackingtools verwendet werden, sind dort auch Anleitungen zu aktuellen, kritischen Sicherheitslücken mit drin, wie #Log4Shell (Java), #PrintNightmare (Windows) oder #PwnKit (Linux).
Die Datei ist natürlich noch am Anfang. Vielleicht hilft das ja noch jemanden außer mir.
-
This Week in Security: Zimbra, Lockbit 2, And Hacking NK - Unknown attackers have been exploiting a 0-day attack against the Zimbra e-mail su... - https://hackaday.com/2022/02/11/this-week-in-security-zimbra-lockbit-2-and-hacking-nk/ #horribleacronyms #hackadaycolumns #printnightmare #northkorea #security #column #sha256 #log4j #news #fbi
-
Sicherheitsupdates vom 14. September gegen die "PrintNightmare"-Schwachstellen können neue Probleme verursachen. Workarounds & weitere Maßnahmen helfen dagegen.
Windows: September-Updates verursachen Druckprobleme, Workarounds verfügbar -
#printnightmare 🥝- If you have problem(s) to install/print after KB5005565 patch (or others KB on September 2021 patch tuesday)
DO NOT UNINSTALL KB, several settings can help
➡️ restrict to your print servers THEN allow non admin to install from them.> https://github.com/gentilkiwi/mimikatz/blob/master/mimispool/README.md#protect
🐦🔗: https://twitter.com/gentilkiwi/status/1438930842408075268
-
Seit Anfang September haben Angreifer eine Windows-Lücke im Visier. Nun gibt es Sicherheitsupdates. Auch PrintNightmare spielt am Patchday nochmal eine Rolle.
Patchday: Microsoft schließt von Angreifern ausgenutzte Lücke in Windows -
If Microsoft could be kind enough to offer a patch for #printnightmare that doesn't wreck the shit out everything else that'd be just swell
-
Rund 6000 Einwohner des Schweizer Städtchens Rolle im Kanton Waadt wurden Opfer eines folgenschweren Hackerangriffs. Die Gemeinde räumt eigene Naivität ein.
Schweiz: Bürger- und Gemeindedaten im Darknet veröffentlicht -
Genau wegen sowas sollten keine zentralisierten Cloud-Produkte verwendet werden.
Cloud-Datenbank-GAU: Microsoft informiert Azure-Kunden über gravierende Lücke | heise online
https://www.heise.de/news/Cloud-Datenbank-GAU-Microsoft-informiert-Azure-Kunden-ueber-gravierende-Luecke-6176601.htmlNoch was? Ach ja, ggf. reicht es bei Windows schon eine Maus anzustecken um Adminrechte zu erhalten
https://www.heise.de/news/Das-Anstecken-einer-Razer-Maus-macht-Angreifer-zu-Windows-10-Admins-6171968.htmlKann man unter Windows eigentlich schon wieder drucken? #PrintNightmare
-
Mehrere Drucker-Schwachstellen bedrohen Windows. An diesen setzen Angreifer nun abermals an und infizieren Systeme mit Schadcode. Admins sollten jetzt handeln.
Windows: Vice-Society-Ransomware schlüpft durch PrintNightmare-Lücken -
Microsoft kriegt seine Druckerverwaltung offensichtlich nicht in den Griff, Angreifer könnten sich erneut System-Rechte verschaffen.
PrintNightmare: Schon wieder eine Drucker-Lücke in Windows ohne Patch -
Es gibt wichtige Sicherheitsupdates für unter anderem kritische Lücken in Azure, Edge und verschiedenen Windows-Versionen.
Patchday: Microsoft meldet abermals Attacken auf Windows -
Great #patchtuesday Microsoft, but did you not forgot something for #printnightmare? 🤔
Still SYSTEM from standard user...
(I may have missed something, but #mimikatz🥝mimispool library still loads... 🤷♂️)
🐦🔗: https://twitter.com/gentilkiwi/status/1425154484167188480
-
Microsoft Patch Tuesday, August 2021 Edition https://krebsonsecurity.com/2021/08/microsoft-patch-tuesday-august-2021-edition/ #TrendMicroZeroDayInitiative #sansinternetstormcenter #PatchTuesdayAugust2021 #WindowsUpdateMedic #CVE-2021-26424 #CVE-2021-34481 #CVE-2021-34535 #CVE-2021-36936 #CVE-2021-36948 #PrintNightmare #ImmersiveLabs #AskWoody.com #DustinChilds #TimetoPatch #KevinBreen
-
Drei Beispiele zeigen, wie gefährlich Angriffe aus dem Internet sind. Ein Klinikum muss auf Papier und Stift umsteigen, zwei Stadtverwaltungen sind lahmgelegt.
Cyber-Katastrophenfall nach Ransomware und Trojaner -
heise-Angebot: heise-Security-Webinar: Wege aus dem Windows-Security-Albtraum
Das steckt hinter Windows-Sicherheitsproblemen wie PrintNightMare, dem HiveNightmare und Petit Potam und so können Admins vernünftig damit umgehen.
heise-Security-Webinar: Wege aus dem Windows-Security-Albtraum -
Windows 10 KB5005394 - Emergency patch fixes the #printnightmare hole
KB5005394 Document:
https://support.microsoft.com/en-us/topic/july-27-2021-kb5005394-os-build-17763-2091-out-of-band-58863c8f-e514-47cc-b68e-14dbb883777fAll updates:
https://www.catalog.update.microsoft.com/Search.aspx?q=KB5005394CVE-2021-33764 fixed:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-33764 -
You can avoid getting attacked by #PrintNightmare with a Simple GPO
-
Microsoft Patch Tuesday, July 2021 Edition https://krebsonsecurity.com/2021/07/microsoft-patch-tuesday-july-2021-edition/ #MicrosoftPatchTuesdayJuly2021 #ChadMcNaughton #CVE-2021-31979 #CVE-2021-33771 #CVE-2021-34448 #CVE-2021-34458 #CVE-2021-34473 #CVE-2021-34494 #CVE-2021-34523 #CVE-2021-34527 #PrintNightmare #Windowsupdates #SecurityTools #SatnamNarang #TimetoPatch #Automox #Tenable
-
Security Alert: PrintNightmare in Windows
Normalerweise poste ich ja selten etwas über Sicherheitslücken in #Windows, weil mir dazu einfach das notwendige Windows-Knowhow fehlt. Aber diese hier, eine Lücke im Print Spooler Service – #PrintNightmare genannt –, scheint mir wichtig zu sein. Denn zuerst hat Microsoft mit einem Notfall-Update diese extrem kritische Lücke, die auch schon aktiv ausgenutzt wird, für alle Windows-Versionenangeblich korrigiert. http://blog.schockwellenreiter.de/2021/07/2021070901.html #Update #Secuirty
-
📬PrintNightmare RCE: Microsofts Notfallpatch behebt Sicherheitslücke nicht vollständig📬 https://tarnkappe.info/printnightmare-rce-microsofts-notfallpatch-behebt-sicherheitsluecke-nicht-vollstaendig/ #BenjaminDelphy #PrintNightmare #gentilkiwi #Microsoft #Mimikatz #Security #Hacking