April 9, 1999 - the world's first production active directory domain
2y 2mon ago in technology from www.youtube.com
April 9, 1999 - the first production active directory domain
2y 2mon ago in computerhistory@lemmy.capebreton.social from www.youtube.com
Microsoft April 2024 Patch Tuesday fixes 150 security flaws, 67 RCEs
2y 2mon ago in cybersecurity@lemmy.capebreton.social from www.bleepingcomputer.com
How a single buck bought bragging rights in the battle to port Windows 95 to
2y 2mon ago in computerhistory@lemmy.capebreton.social from www.theregister.com
Launched on 25 March 1995, The WikiWikiWeb is the first wiki, or user-editable website.
2y 2mon ago in technology from en.wikipedia.org
Launched on 25 March 1995, The WikiWikiWeb is the first wiki, or user-editable website.
2y 2mon ago in computerhistory@lemmy.capebreton.social from en.wikipedia.org
Secure by Design Alert: Eliminating SQL Injection Vulnerabilities in Software | CISA
2y 2mon ago in cybersecurity@lemmy.capebreton.social from www.cisa.gov
The Lost Worlds of Telnet
2y 2mon ago in computerhistory@lemmy.capebreton.social from thenewstack.io
Record mega breach in France impacts up to 43 million people
2y 3mon ago in cybersecurity@lemmy.capebreton.social from www.theregister.com
Microsoft March 2024 Patch Tuesday fixes 60 flaws, 18 RCE bugs
2y 3mon ago in cybersecurity@lemmy.capebreton.social from www.bleepingcomputer.comCanadian Man Stuck in Triangle of E-Commerce Fraud – Krebs on Security
2y 4mon ago in cybersecurity@lemmy.capebreton.social from krebsonsecurity.com"Eager to clear his name, Barker said he shared with the police copies of his credit card bills and purchase history at Amazon. But on April 21, the investigator called again to say he was coming to arrest Barker for theft."
Lemmy Recap - See your stats for the past year
2y 5mon ago in lemmy@lemmy.ml from recap.pangora.social
Verizon Gave Phone Data to Armed Stalker Who Posed as Cop Over Email
2y 6mon ago in cybersecurity@lemmy.capebreton.social from www.404media.coThere is nothing stopping it.
Proper verification is a good start.
GamingMonk - 654,510 breached accounts
2y 7mon ago in cybersecurity@lemmy.capebreton.social from haveibeenpwned.comYes, but just added to the haveibeenpwnd db
They Cracked the Code to a Locked USB Drive Worth $235 Million in Bitcoin. Then It Got Weird
2y 7mon ago in cybersecurity@lemmy.capebreton.social from www.wired.comArchive link -> https://archive.ph/q9gJJ
The Rise of Excel Part 1
2y 7mon ago in technology from www.youtube.comdrama
Microsoft's Patch Tuesday is 20 years old
2y 8mon ago in technology from en.wikipedia.orgsorry… fucking hell i’m old.
haha, I too suffer from the same affliction. 👴
WatchGuard Firewall Clientless SSO sends out its password hashes to random devices on the network.
2y 8mon ago in cybersecurity@lemmy.capebreton.social from projectblack.ioFROM THE ARTICLE:
Exploitation and Impact
In GuardLapse, there are two main exploitation routes:
1. Cracking the Password Hash
Malicious Malory can set up a rogue SMB server. Instead of working as expected, this server accepts authentication requests and grabs the password hash.
If she cracks the password hash successfully, she gains access to whatever the WatchGuard AD account can access.
Even with ZERO privileges assigned to the WatchGuard AD account, authenticated access to the domain in AD environments exposes many attack avenues - Kerberoasting, user enumeration for password spraying, BloodHound recon, and more.
2. SMB Relaying
If other domain PCs don't require SMB signing, she can directly relay the authentication requests to access targeted hosts, eliminating the need to crack the password hash! (This depends on the AD account having admin privileges on targeted hosts).
To show the impact, in my recent engagement, we transitioned from an unauthenticated device on the network to Domain Admin using this issue. We relayed WatchGuard authentication requests to get an initial foothold on several devices. We then exploited other vulnerabilities to secure Domain Admin privileges.
WatchGuard's Response
When I contacted WatchGuard about the behaviour I observed, they responded promptly and helpfully.
They pointed me to the documentation about WatchGuard's Clientless AD SSO methods, which they thought explained what I saw. When I asked about their plans to retire or rework this feature, WatchGuard said they might retire AD Mode but would keep the Event Log Monitor.
They also said they were exploring options to enhance the visibility of security risks associated with Clientless SSO based on my report.
Action
If you use a WatchGuard firewall and rely on clientless SSO, my current, unvalidated recommendation is:
Switch off AD mode and rely on the SSO Client. Remove the Event Log Monitor if you've installed it. NOTE: I haven't validated this fix because I don't own a WatchGuard firewall. If you want to collaborate to validate this fix, please get in touch!
I've also asked WatchGuard for their remediation advice given their customers' current risk. Once they reply, I'll update this post with their guidance.
Critical Atlassian Confluence bug under attack. Patch now
2y 8mon ago in cybersecurity@lemmy.capebreton.social from go.theregister.com
Gary Kildall - The Man That Should Have Been Bill Gates - Part I
2y 9mon ago in retrocomputing@lemmy.sdf.org from www.youtube.comGreat podcast! 👍