home.social

#printnightmare — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #printnightmare, aggregated by home.social.

  1. Potatoes, EternalBlue, PrintNightmare: способы детектирования уязвимостей протокола SMB

    Всем привет! Меня зовут Влад Кузнецов, я аналитик SOC в К2 Кибербезопасность . SMB — один из самых распространенных протоколов сетевой коммуникации для безопасного управления файлами и различными службами удаленного сервера. Несмотря на свою незаменимость, протокол SMB может быть отличной лазейкой для хакерских атак. В этой статье я расскажу о принципах эксплуатации и способах детектирования таких уязвимостей, как Potatoes, EternalBlue, PrintNightmare, а также о скрипте SMBExec. В конце материала вы найдете подробную информацию о настройке политик расширенного аудита и список общих рекомендаций по локализации и устранению уязвимостей, связанных с протоколом SMB.

    habr.com/ru/companies/k2tech/a

    #smb #smb_протокол #уязвимости #уязвимость #rottenpotato #eternalblue #printnightmare #сетевой_протокол #кибербезопасность #информационная_безопасность

  2. Potatoes, EternalBlue, PrintNightmare: способы детектирования уязвимостей протокола SMB

    Всем привет! Меня зовут Влад Кузнецов, я аналитик SOC в К2 Кибербезопасность . SMB — один из самых распространенных протоколов сетевой коммуникации для безопасного управления файлами и различными службами удаленного сервера. Несмотря на свою незаменимость, протокол SMB может быть отличной лазейкой для хакерских атак. В этой статье я расскажу о принципах эксплуатации и способах детектирования таких уязвимостей, как Potatoes, EternalBlue, PrintNightmare, а также о скрипте SMBExec. В конце материала вы найдете подробную информацию о настройке политик расширенного аудита и список общих рекомендаций по локализации и устранению уязвимостей, связанных с протоколом SMB.

    habr.com/ru/companies/k2tech/a

    #smb #smb_протокол #уязвимости #уязвимость #rottenpotato #eternalblue #printnightmare #сетевой_протокол #кибербезопасность #информационная_безопасность

  3. Potatoes, EternalBlue, PrintNightmare: способы детектирования уязвимостей протокола SMB

    Всем привет! Меня зовут Влад Кузнецов, я аналитик SOC в К2 Кибербезопасность . SMB — один из самых распространенных протоколов сетевой коммуникации для безопасного управления файлами и различными службами удаленного сервера. Несмотря на свою незаменимость, протокол SMB может быть отличной лазейкой для хакерских атак. В этой статье я расскажу о принципах эксплуатации и способах детектирования таких уязвимостей, как Potatoes, EternalBlue, PrintNightmare, а также о скрипте SMBExec. В конце материала вы найдете подробную информацию о настройке политик расширенного аудита и список общих рекомендаций по локализации и устранению уязвимостей, связанных с протоколом SMB.

    habr.com/ru/companies/k2tech/a

    #smb #smb_протокол #уязвимости #уязвимость #rottenpotato #eternalblue #printnightmare #сетевой_протокол #кибербезопасность #информационная_безопасность

  4. Potatoes, EternalBlue, PrintNightmare: способы детектирования уязвимостей протокола SMB

    Всем привет! Меня зовут Влад Кузнецов, я аналитик SOC в К2 Кибербезопасность . SMB — один из самых распространенных протоколов сетевой коммуникации для безопасного управления файлами и различными службами удаленного сервера. Несмотря на свою незаменимость, протокол SMB может быть отличной лазейкой для хакерских атак. В этой статье я расскажу о принципах эксплуатации и способах детектирования таких уязвимостей, как Potatoes, EternalBlue, PrintNightmare, а также о скрипте SMBExec. В конце материала вы найдете подробную информацию о настройке политик расширенного аудита и список общих рекомендаций по локализации и устранению уязвимостей, связанных с протоколом SMB.

    habr.com/ru/companies/k2tech/a

    #smb #smb_протокол #уязвимости #уязвимость #rottenpotato #eternalblue #printnightmare #сетевой_протокол #кибербезопасность #информационная_безопасность

  5. 𝐇𝐎𝐖 𝐓𝐎 𝐃𝐈𝐒𝐀𝐁𝐋𝐄 𝐏𝐑𝐈𝐍𝐓 𝐒𝐏𝐎𝐎𝐋𝐄𝐑 𝐎𝐍 𝐃𝐎𝐌𝐀𝐈𝐍 𝐂𝐎𝐍𝐓𝐑𝐎𝐋𝐋𝐄𝐑𝐒

    Print Spooler is a service that takes care of print management. This includes, but is not limited to, managing printer drivers, scheduling print jobs, etc.

    Print Spooler had a critical vulnerability in the past referred to as PrintNightmare (CVE-2021-34527). This vulnerability allowed attackers to execute code with administrator privileges.

    The Print Spooler vulnerability was patched promptly, so if you have updated systems, the immediate risk associated with PrintNightmare is no longer present. And for normal systems, it is usually not feasible to disable Print Spooler. It would make printing impossible, which is usually not desirable.

    But domain controllers are a critical part of Active Directory and need to be as secure as possible, which means blocking everything that is not needed. And you certainly should not need to print on domain controllers, so it’s a good idea to disable Print Spooler on domain controllers.

    📺 Watch my YouTube video bellow on how to disable Print Spooler on Domain Controllers 👇 👇
    youtu.be/O80HHKdnbcQ

    #cswlrd #printspooler #domaincontrollers #printnightmare #videotutorial

  6. 𝐇𝐎𝐖 𝐓𝐎 𝐃𝐈𝐒𝐀𝐁𝐋𝐄 𝐏𝐑𝐈𝐍𝐓 𝐒𝐏𝐎𝐎𝐋𝐄𝐑 𝐎𝐍 𝐃𝐎𝐌𝐀𝐈𝐍 𝐂𝐎𝐍𝐓𝐑𝐎𝐋𝐋𝐄𝐑𝐒

    Print Spooler is a service that takes care of print management. This includes, but is not limited to, managing printer drivers, scheduling print jobs, etc.

    Print Spooler had a critical vulnerability in the past referred to as PrintNightmare (CVE-2021-34527). This vulnerability allowed attackers to execute code with administrator privileges.

    The Print Spooler vulnerability was patched promptly, so if you have updated systems, the immediate risk associated with PrintNightmare is no longer present. And for normal systems, it is usually not feasible to disable Print Spooler. It would make printing impossible, which is usually not desirable.

    But domain controllers are a critical part of Active Directory and need to be as secure as possible, which means blocking everything that is not needed. And you certainly should not need to print on domain controllers, so it’s a good idea to disable Print Spooler on domain controllers.

    📺 Watch my YouTube video bellow on how to disable Print Spooler on Domain Controllers 👇 👇
    youtu.be/O80HHKdnbcQ

    #cswlrd #printspooler #domaincontrollers #printnightmare #videotutorial

  7. 𝐇𝐎𝐖 𝐓𝐎 𝐃𝐈𝐒𝐀𝐁𝐋𝐄 𝐏𝐑𝐈𝐍𝐓 𝐒𝐏𝐎𝐎𝐋𝐄𝐑 𝐎𝐍 𝐃𝐎𝐌𝐀𝐈𝐍 𝐂𝐎𝐍𝐓𝐑𝐎𝐋𝐋𝐄𝐑𝐒

    Print Spooler is a service that takes care of print management. This includes, but is not limited to, managing printer drivers, scheduling print jobs, etc.

    Print Spooler had a critical vulnerability in the past referred to as PrintNightmare (CVE-2021-34527). This vulnerability allowed attackers to execute code with administrator privileges.

    The Print Spooler vulnerability was patched promptly, so if you have updated systems, the immediate risk associated with PrintNightmare is no longer present. And for normal systems, it is usually not feasible to disable Print Spooler. It would make printing impossible, which is usually not desirable.

    But domain controllers are a critical part of Active Directory and need to be as secure as possible, which means blocking everything that is not needed. And you certainly should not need to print on domain controllers, so it’s a good idea to disable Print Spooler on domain controllers.

    📺 Watch my YouTube video bellow on how to disable Print Spooler on Domain Controllers 👇 👇
    youtu.be/O80HHKdnbcQ

    #cswlrd #printspooler #domaincontrollers #printnightmare #videotutorial

  8. 𝐇𝐎𝐖 𝐓𝐎 𝐃𝐈𝐒𝐀𝐁𝐋𝐄 𝐏𝐑𝐈𝐍𝐓 𝐒𝐏𝐎𝐎𝐋𝐄𝐑 𝐎𝐍 𝐃𝐎𝐌𝐀𝐈𝐍 𝐂𝐎𝐍𝐓𝐑𝐎𝐋𝐋𝐄𝐑𝐒

    Print Spooler is a service that takes care of print management. This includes, but is not limited to, managing printer drivers, scheduling print jobs, etc.

    Print Spooler had a critical vulnerability in the past referred to as PrintNightmare (CVE-2021-34527). This vulnerability allowed attackers to execute code with administrator privileges.

    The Print Spooler vulnerability was patched promptly, so if you have updated systems, the immediate risk associated with PrintNightmare is no longer present. And for normal systems, it is usually not feasible to disable Print Spooler. It would make printing impossible, which is usually not desirable.

    But domain controllers are a critical part of Active Directory and need to be as secure as possible, which means blocking everything that is not needed. And you certainly should not need to print on domain controllers, so it’s a good idea to disable Print Spooler on domain controllers.

    📺 Watch my YouTube video bellow on how to disable Print Spooler on Domain Controllers 👇 👇
    youtu.be/O80HHKdnbcQ

    #cswlrd #printspooler #domaincontrollers #printnightmare #videotutorial

  9. 🆕 New blog post! "The PrintNightmare is not Over Yet"

    ℹ️ In this article, I take a look back at a previous post I wrote earlier this year about PrintNightmare. It turns out the Point and Print configuration I recommended at the end is still prone to Man-in-the-Middle attacks. So, I discuss that here, as well as additional mitigation I considered.

    Props to @parzel and @l4x4 who both reported this issue to me.

    👉 itm4n.github.io/printnightmare

    #printnightmare #windows #privesc #pentesting #pentest

  10. 🆕 New blog post! "The PrintNightmare is not Over Yet"

    ℹ️ In this article, I take a look back at a previous post I wrote earlier this year about PrintNightmare. It turns out the Point and Print configuration I recommended at the end is still prone to Man-in-the-Middle attacks. So, I discuss that here, as well as additional mitigation I considered.

    Props to @parzel and @l4x4 who both reported this issue to me.

    👉 itm4n.github.io/printnightmare

    #printnightmare #windows #privesc #pentesting #pentest

  11. 🆕 New blog post! "The PrintNightmare is not Over Yet"

    ℹ️ In this article, I take a look back at a previous post I wrote earlier this year about PrintNightmare. It turns out the Point and Print configuration I recommended at the end is still prone to Man-in-the-Middle attacks. So, I discuss that here, as well as additional mitigation I considered.

    Props to @parzel and @l4x4 who both reported this issue to me.

    👉 itm4n.github.io/printnightmare

    #printnightmare #windows #privesc #pentesting #pentest

  12. 🆕 New blog post! "The PrintNightmare is not Over Yet"

    ℹ️ In this article, I take a look back at a previous post I wrote earlier this year about PrintNightmare. It turns out the Point and Print configuration I recommended at the end is still prone to Man-in-the-Middle attacks. So, I discuss that here, as well as additional mitigation I considered.

    Props to @parzel and @l4x4 who both reported this issue to me.

    👉 itm4n.github.io/printnightmare

    #printnightmare #windows #privesc #pentesting #pentest

  13. 🆕 New blog post! "The PrintNightmare is not Over Yet"

    ℹ️ In this article, I take a look back at a previous post I wrote earlier this year about PrintNightmare. It turns out the Point and Print configuration I recommended at the end is still prone to Man-in-the-Middle attacks. So, I discuss that here, as well as additional mitigation I considered.

    Props to @parzel and @l4x4 who both reported this issue to me.

    👉 itm4n.github.io/printnightmare

    #printnightmare #windows #privesc #pentesting #pentest

  14. Another Hypetweet FAIL

    #CUPS vuln isnt exactly nothing. It's an rce vulnerability and is now exploitable. however it isnt #Printnightmare.

    Im firmly of the opinion that one should either fully disclose or coordinate disclosure of vulnerabilities.

    anything else just panics people, harms our ability to respond to real threats, and distracts from things that really matter.

    pick a lane.

    #Glassof0J #Infosec #Vulnerability #TVM

    youtu.be/WimG264WkXM

  15. Another Hypetweet FAIL

    #CUPS vuln isnt exactly nothing. It's an rce vulnerability and is now exploitable. however it isnt #Printnightmare.

    Im firmly of the opinion that one should either fully disclose or coordinate disclosure of vulnerabilities.

    anything else just panics people, harms our ability to respond to real threats, and distracts from things that really matter.

    pick a lane.

    #Glassof0J #Infosec #Vulnerability #TVM

    youtu.be/WimG264WkXM

  16. Another Hypetweet FAIL

    #CUPS vuln isnt exactly nothing. It's an rce vulnerability and is now exploitable. however it isnt #Printnightmare.

    Im firmly of the opinion that one should either fully disclose or coordinate disclosure of vulnerabilities.

    anything else just panics people, harms our ability to respond to real threats, and distracts from things that really matter.

    pick a lane.

    #Glassof0J #Infosec #Vulnerability #TVM

    youtu.be/WimG264WkXM

  17. Print Spooler is a service that takes care of print management. This includes, but is not limited to, managing printer drivers, scheduling print jobs, etc.

    Print Spooler had a critical vulnerability in the past referred to as PrintNightmare (CVE-2021-34527). This vulnerability allowed attackers to execute code with administrator privileges.

    The Print Spooler vulnerability was patched promptly, so if you have updated systems, the immediate risk associated with PrintNightmare is no longer present. And for normal systems, it is usually not feasible to disable Print Spooler. It would make printing impossible, which is usually not desirable.

    But domain controllers are a critical part of Active Directory and need to be as secure as possible, which means blocking everything that is not needed. And you certainly should not need to print on domain controllers, so it’s a good idea to disable Print Spooler on domain controllers.

    📺 𝐖𝐚𝐭𝐜𝐡 𝐭𝐡𝐞 𝐫𝐞𝐜𝐨𝐫𝐝𝐢𝐧𝐠 𝐨𝐧 𝐏𝐚𝐭𝐫𝐞𝐨𝐧 (English)
    patreon.com/posts/how-to-disab

    📺 𝐖𝐚𝐭𝐜𝐡 𝐭𝐡𝐞 𝐫𝐞𝐜𝐨𝐫𝐝𝐢𝐧𝐠 𝐨𝐧 𝐅𝐨𝐫𝐞𝐧𝐝𝐨𝐫𝐬 (Czech)
    forendors.cz/p/39ff110621ce2c6

    📺 𝐖𝐚𝐭𝐜𝐡 𝐭𝐡𝐞 𝐫𝐞𝐜𝐨𝐫𝐝𝐢𝐧𝐠 𝐨𝐧 𝐇𝐞𝐫𝐨𝐡𝐞𝐫𝐨 (Czech)
    herohero.co/cswrld/post/bcerox

    👍Share, like, comment!

    #video #tutorial #cswrld #printspooler #printnightmare

  18. Print Spooler is a service that takes care of print management. This includes, but is not limited to, managing printer drivers, scheduling print jobs, etc.

    Print Spooler had a critical vulnerability in the past referred to as PrintNightmare (CVE-2021-34527). This vulnerability allowed attackers to execute code with administrator privileges.

    The Print Spooler vulnerability was patched promptly, so if you have updated systems, the immediate risk associated with PrintNightmare is no longer present. And for normal systems, it is usually not feasible to disable Print Spooler. It would make printing impossible, which is usually not desirable.

    But domain controllers are a critical part of Active Directory and need to be as secure as possible, which means blocking everything that is not needed. And you certainly should not need to print on domain controllers, so it’s a good idea to disable Print Spooler on domain controllers.

    📺 𝐖𝐚𝐭𝐜𝐡 𝐭𝐡𝐞 𝐫𝐞𝐜𝐨𝐫𝐝𝐢𝐧𝐠 𝐨𝐧 𝐏𝐚𝐭𝐫𝐞𝐨𝐧 (English)
    patreon.com/posts/how-to-disab

    📺 𝐖𝐚𝐭𝐜𝐡 𝐭𝐡𝐞 𝐫𝐞𝐜𝐨𝐫𝐝𝐢𝐧𝐠 𝐨𝐧 𝐅𝐨𝐫𝐞𝐧𝐝𝐨𝐫𝐬 (Czech)
    forendors.cz/p/39ff110621ce2c6

    📺 𝐖𝐚𝐭𝐜𝐡 𝐭𝐡𝐞 𝐫𝐞𝐜𝐨𝐫𝐝𝐢𝐧𝐠 𝐨𝐧 𝐇𝐞𝐫𝐨𝐡𝐞𝐫𝐨 (Czech)
    herohero.co/cswrld/post/bcerox

    👍Share, like, comment!

    #video #tutorial #cswrld #printspooler #printnightmare

  19. Print Spooler is a service that takes care of print management. This includes, but is not limited to, managing printer drivers, scheduling print jobs, etc.

    Print Spooler had a critical vulnerability in the past referred to as PrintNightmare (CVE-2021-34527). This vulnerability allowed attackers to execute code with administrator privileges.

    The Print Spooler vulnerability was patched promptly, so if you have updated systems, the immediate risk associated with PrintNightmare is no longer present. And for normal systems, it is usually not feasible to disable Print Spooler. It would make printing impossible, which is usually not desirable.

    But domain controllers are a critical part of Active Directory and need to be as secure as possible, which means blocking everything that is not needed. And you certainly should not need to print on domain controllers, so it’s a good idea to disable Print Spooler on domain controllers.

    📺 𝐖𝐚𝐭𝐜𝐡 𝐭𝐡𝐞 𝐫𝐞𝐜𝐨𝐫𝐝𝐢𝐧𝐠 𝐨𝐧 𝐏𝐚𝐭𝐫𝐞𝐨𝐧 (English)
    patreon.com/posts/how-to-disab

    📺 𝐖𝐚𝐭𝐜𝐡 𝐭𝐡𝐞 𝐫𝐞𝐜𝐨𝐫𝐝𝐢𝐧𝐠 𝐨𝐧 𝐅𝐨𝐫𝐞𝐧𝐝𝐨𝐫𝐬 (Czech)
    forendors.cz/p/39ff110621ce2c6

    📺 𝐖𝐚𝐭𝐜𝐡 𝐭𝐡𝐞 𝐫𝐞𝐜𝐨𝐫𝐝𝐢𝐧𝐠 𝐨𝐧 𝐇𝐞𝐫𝐨𝐡𝐞𝐫𝐨 (Czech)
    herohero.co/cswrld/post/bcerox

    👍Share, like, comment!

    #video #tutorial #cswrld #printspooler #printnightmare

  20. Print Spooler is a service that takes care of print management. This includes, but is not limited to, managing printer drivers, scheduling print jobs, etc.

    Print Spooler had a critical vulnerability in the past referred to as PrintNightmare (CVE-2021-34527). This vulnerability allowed attackers to execute code with administrator privileges.

    The Print Spooler vulnerability was patched promptly, so if you have updated systems, the immediate risk associated with PrintNightmare is no longer present. And for normal systems, it is usually not feasible to disable Print Spooler. It would make printing impossible, which is usually not desirable.

    But domain controllers are a critical part of Active Directory and need to be as secure as possible, which means blocking everything that is not needed. And you certainly should not need to print on domain controllers, so it’s a good idea to disable Print Spooler on domain controllers.

    📺 𝐖𝐚𝐭𝐜𝐡 𝐭𝐡𝐞 𝐫𝐞𝐜𝐨𝐫𝐝𝐢𝐧𝐠 𝐨𝐧 𝐏𝐚𝐭𝐫𝐞𝐨𝐧 (English)
    patreon.com/posts/how-to-disab

    📺 𝐖𝐚𝐭𝐜𝐡 𝐭𝐡𝐞 𝐫𝐞𝐜𝐨𝐫𝐝𝐢𝐧𝐠 𝐨𝐧 𝐅𝐨𝐫𝐞𝐧𝐝𝐨𝐫𝐬 (Czech)
    forendors.cz/p/39ff110621ce2c6

    📺 𝐖𝐚𝐭𝐜𝐡 𝐭𝐡𝐞 𝐫𝐞𝐜𝐨𝐫𝐝𝐢𝐧𝐠 𝐨𝐧 𝐇𝐞𝐫𝐨𝐡𝐞𝐫𝐨 (Czech)
    herohero.co/cswrld/post/bcerox

    👍Share, like, comment!

    #video #tutorial #cswrld #printspooler #printnightmare

  21. Что общего между PetitPotam, NTLM Relay и PrintNighmare? Рассказываем, к чему может привести отсутствие обновлений

    Команда Центра кибербезопасности УЦСБ продолжает рассказывать о самых интересных практиках пентеста. Напоминаем, что в прошлой статье мы писали о том, как нам удалось пробить периметр с двух точек: Windows- и Linux-серверов, а также захватить внутреннюю инфраструктуру компании. В этот раз мы покажем, как компрометация домена Active Directory (AD) может привести к полной остановке деятельности компании на неопределенное время. Надеемся, наши кейсы будут вам полезны, а этот опыт позволит избежать схожих проблем!

    habr.com/ru/articles/787018/

    #информационная_безопасность #пентест #activedirectory #petitpotam #ntlm_relay #printnightmare

  22. Happy Monday everyone!

    I am sifting through the Cisco Talos Intelligence Group "Year In Review" report that was recently published and highlighting some of the things that I found useful/interesting from my perspective.

    Top Targeted Vulnerabilities:
    7/10 of the top CVE's belonged to #Microsoft. Now I am not pointing fingers, I think it is there simply because the vast majority of environments are Windows.
    What IS concerning is that there are multiple vulnerabilities that were being exploited that were either 10 years old or ALMOST 10 years old.
    8/10 of the top CVE's had a score of 9 or above.

    One of these CVE's was CVE-2021-1675, which is a remote code execution vulnerability that exists when the Windows Print Spooler service improperly performs privileged file operations. One product of this vulnerability was the #PrintNightmare exploit that was leveraged by the #Magniber ransomware group.

    Stay tuned for more as we work our way through this report! Enjoy and Happy Hunting!

    blog.talosintelligence.com/tal

  23. Do you have Print Spooler enabled on your Domain Controllers? Do you know that the PrintNightmare critical vulnerability was related to the Print Spooler service?

    Print Spooler should be disabled on Domain Controllers completely. You can easily disable it via GPO. #cybersecurity #tip #ad #dc #printspooler #printnightmare cswrld.com/2023/12/how-to-disa

  24. Do you have Print Spooler enabled on your Domain Controllers? Do you know that the PrintNightmare critical vulnerability was related to the Print Spooler service?

    Print Spooler should be disabled on Domain Controllers completely. You can easily disable it via GPO. #cybersecurity #tip #ad #dc #printspooler #printnightmare cswrld.com/2023/12/how-to-disa

  25. Do you have Print Spooler enabled on your Domain Controllers? Do you know that the PrintNightmare critical vulnerability was related to the Print Spooler service?

    Print Spooler should be disabled on Domain Controllers completely. You can easily disable it via GPO. #cybersecurity #tip #ad #dc #printspooler #printnightmare cswrld.com/2023/12/how-to-disa

  26. Do you have Print Spooler enabled on your Domain Controllers? Do you know that the PrintNightmare critical vulnerability was related to the Print Spooler service?

    Print Spooler should be disabled on Domain Controllers completely. You can easily disable it via GPO. #cybersecurity #tip #ad #dc #printspooler #printnightmare cswrld.com/2023/12/how-to-disa

  27. Do you have Print Spooler enabled on your Domain Controllers? Do you know that the PrintNightmare critical vulnerability was related to the Print Spooler service?

    Print Spooler should be disabled on Domain Controllers completely. You can easily disable it via GPO. #cybersecurity #tip #ad #dc #printspooler #printnightmare cswrld.com/2023/12/how-to-disa

  28. Ich habe einen Hacker-Spickzettel geschrieben, den ich bei CTFs oder Pentests benutze: 1337.observer

    Neben kleineren Tricks, wie verschiedene Hackingtools verwendet werden, sind dort auch Anleitungen zu aktuellen, kritischen Sicherheitslücken mit drin, wie #Log4Shell (Java), #PrintNightmare (Windows) oder #PwnKit (Linux).

    Die Datei ist natürlich noch am Anfang. Vielleicht hilft das ja noch jemanden außer mir.

  29. Sicherheitsupdates vom 14. September gegen die "PrintNightmare"-Schwachstellen können neue Probleme verursachen. Workarounds & weitere Maßnahmen helfen dagegen.
    Windows: September-Updates verursachen Druckprobleme, Workarounds verfügbar
  30. RT @[email protected]

    #printnightmare 🥝- If you have problem(s) to install/print after KB5005565 patch (or others KB on September 2021 patch tuesday)

    DO NOT UNINSTALL KB, several settings can help
    ➡️ restrict to your print servers THEN allow non admin to install from them.

    > github.com/gentilkiwi/mimikatz

    🐦🔗: twitter.com/gentilkiwi/status/

  31. Seit Anfang September haben Angreifer eine Windows-Lücke im Visier. Nun gibt es Sicherheitsupdates. Auch PrintNightmare spielt am Patchday nochmal eine Rolle.
    Patchday: Microsoft schließt von Angreifern ausgenutzte Lücke in Windows
  32. If Microsoft could be kind enough to offer a patch for #printnightmare that doesn't wreck the shit out everything else that'd be just swell

  33. Rund 6000 Einwohner des Schweizer Städtchens Rolle im Kanton Waadt wurden Opfer eines folgenschweren Hackerangriffs. Die Gemeinde räumt eigene Naivität ein.
    Schweiz: Bürger- und Gemeindedaten im Darknet veröffentlicht
  34. Genau wegen sowas sollten keine zentralisierten Cloud-Produkte verwendet werden.

    Cloud-Datenbank-GAU: Microsoft informiert Azure-Kunden über gravierende Lücke | heise online
    heise.de/news/Cloud-Datenbank-

    Noch was? Ach ja, ggf. reicht es bei Windows schon eine Maus anzustecken um Adminrechte zu erhalten
    heise.de/news/Das-Anstecken-ei

    Kann man unter Windows eigentlich schon wieder drucken? #PrintNightmare

  35. Mehrere Drucker-Schwachstellen bedrohen Windows. An diesen setzen Angreifer nun abermals an und infizieren Systeme mit Schadcode. Admins sollten jetzt handeln.
    Windows: Vice-Society-Ransomware schlüpft durch PrintNightmare-Lücken
  36. Microsoft kriegt seine Druckerverwaltung offensichtlich nicht in den Griff, Angreifer könnten sich erneut System-Rechte verschaffen.
    PrintNightmare: Schon wieder eine Drucker-Lücke in Windows ohne Patch
  37. Es gibt wichtige Sicherheitsupdates für unter anderem kritische Lücken in Azure, Edge und verschiedenen Windows-Versionen.
    Patchday: Microsoft meldet abermals Attacken auf Windows
  38. RT @[email protected]

    Great #patchtuesday Microsoft, but did you not forgot something for #printnightmare? 🤔

    Still SYSTEM from standard user...

    (I may have missed something, but #mimikatz🥝mimispool library still loads... 🤷‍♂️)

    🐦🔗: twitter.com/gentilkiwi/status/

  39. Drei Beispiele zeigen, wie gefährlich Angriffe aus dem Internet sind. Ein Klinikum muss auf Papier und Stift umsteigen, zwei Stadtverwaltungen sind lahmgelegt.
    Cyber-Katastrophenfall nach Ransomware und Trojaner
  40. heise-Angebot: heise-Security-Webinar: Wege aus dem Windows-Security-Albtraum

    Das steckt hinter Windows-Sicherheitsproblemen wie PrintNightMare, dem HiveNightmare und Petit Potam und so können Admins vernünftig damit umgehen.
    heise-Security-Webinar: Wege aus dem Windows-Security-Albtraum
  41. Security Alert: PrintNightmare in Windows

    Normalerweise poste ich ja selten etwas über Sicherheitslücken in #Windows, weil mir dazu einfach das notwendige Windows-Knowhow fehlt. Aber diese hier, eine Lücke im Print Spooler Service – #PrintNightmare genannt –, scheint mir wichtig zu sein. Denn zuerst hat Microsoft mit einem Notfall-Update diese extrem kritische Lücke, die auch schon aktiv ausgenutzt wird, für alle Windows-Versionenangeblich korrigiert. blog.schockwellenreiter.de/202 #Update #Secuirty