ICT Security-Sécurité PC et Internet
87.1K views | +0 today
Follow
ICT Security-Sécurité PC et Internet
Education Technology
ICT Security + Privacy + Piracy + Data Protection - Censorship - Des cours et infos gratuites sur la"Sécurité PC et Internet" pour usage non-commercial... (FR, EN+DE)...
Curated by Gust MEES
Your new post is loading...
Your new post is loading...
Scooped by Gust MEES
Scoop.it!

FBI, CISA Warn of Russian Hackers Exploiting MFA and PrintNightmare Bug

FBI, CISA Warn of Russian Hackers Exploiting MFA and PrintNightmare Bug | ICT Security-Sécurité PC et Internet | Scoop.it
From thehackernews.com - March 16, 2022 5:05 PM

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have released a joint advisory warning that Russia-backed threat actors hacked the network of an unnamed non-governmental entity by exploiting a combination of flaws.

"As early as May 2021, Russian state-sponsored cyber actors took advantage of a misconfigured account set to default [multi-factor authentication] protocols at a non-governmental organization (NGO), allowing them to enroll a new device for MFA and access the victim network," the agencies said.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/securite-pc-et-internet/?&tag=Two-factor+authentication

 

https://www.scoop.it/topic/securite-pc-et-internet/?&tag=2FA

 

https://www.scoop.it/t/securite-pc-et-internet/?&tag=DATA-BREACHES

 

https://www.scoop.it/topic/securite-pc-et-internet/?&tag=MFA

 

Gust MEES's insight:

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have released a joint advisory warning that Russia-backed threat actors hacked the network of an unnamed non-governmental entity by exploiting a combination of flaws.

"As early as May 2021, Russian state-sponsored cyber actors took advantage of a misconfigured account set to default [multi-factor authentication] protocols at a non-governmental organization (NGO), allowing them to enroll a new device for MFA and access the victim network," the agencies said.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/securite-pc-et-internet/?&tag=Two-factor+authentication

 

https://www.scoop.it/topic/securite-pc-et-internet/?&tag=2FA

 

https://www.scoop.it/t/securite-pc-et-internet/?&tag=DATA-BREACHES

 

https://www.scoop.it/topic/securite-pc-et-internet/?&tag=MFA

 

more...
No comment yet.
Sign up to comment
Scooped by Gust MEES
Scoop.it!

The PrintNightmare continues: Microsoft confirms presence of vulnerable code in all versions of Windows | #CyberSecurity

The PrintNightmare continues: Microsoft confirms presence of vulnerable code in all versions of Windows | #CyberSecurity | ICT Security-Sécurité PC et Internet | Scoop.it
From www.theregister.com - July 2, 2021 9:28 AM

Microsoft has assigned CVE-2021-34527 to the print spooler remote code execution vulnerability known as "PrintNightmare" and confirmed that the offending code is lurking in all versions of Windows.

The megacorp said it was still investigating whether the vulnerability was exploitable in every version, but domain controllers are indeed affected.

Microsoft also confirmed that this nasty was distinct from CVE-2021-1675, which was all about a different attack vector and a different vulnerability in RpcAddPrinterDriverEx(). The June 2021 Security update dealt with that, according to Microsoft, and did not introduce the new badness. That had existed prior to the update.

The Windows giant also confirmed that the PrintNightmare vulnerability was being exploited in the wild.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/topic/securite-pc-et-internet/?&tag=Windows

 

https://www.scoop.it/topic/securite-pc-et-internet/?&tag=PrintNightmare

 

 

 

Gust MEES's insight:

Microsoft has assigned CVE-2021-34527 to the print spooler remote code execution vulnerability known as "PrintNightmare" and confirmed that the offending code is lurking in all versions of Windows.

The megacorp said it was still investigating whether the vulnerability was exploitable in every version, but domain controllers are indeed affected.

Microsoft also confirmed that this nasty was distinct from CVE-2021-1675, which was all about a different attack vector and a different vulnerability in RpcAddPrinterDriverEx(). The June 2021 Security update dealt with that, according to Microsoft, and did not introduce the new badness. That had existed prior to the update.

The Windows giant also confirmed that the PrintNightmare vulnerability was being exploited in the wild.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/topic/securite-pc-et-internet/?&tag=Windows

 

https://www.scoop.it/topic/securite-pc-et-internet/?&tag=PrintNightmare

 

 

 

more...
No comment yet.
Sign up to comment
Scooped by Gust MEES
Scoop.it!

Printnightmare: Erste Patches für Windows-Sicherheitslücke | #CyberSecurity #Windows #Updates

Printnightmare: Erste Patches für Windows-Sicherheitslücke | #CyberSecurity #Windows #Updates | ICT Security-Sécurité PC et Internet | Scoop.it
From www.golem.de - July 7, 2021 11:14 AM

Microsoft hat Notfallpatches für eine Sicherheitslücke mit dem Namen Printnightmare veröffentlicht. Ein Problem mit dem Druck-Spooler ermöglichte es Angreifern, Code aus der Ferne auszuführen.

Über die Remote Code Execution könnten Angreifer weitere Programme installieren oder Nutzerkonten mit Administratorrechten erstellen. Zunächst war für das Problem kein Patch verfügbar. Offenbar veröffentlichten Sicherheitsforscher versehentlich einen Proof-of-Concept für einen Exploit, der sich weiterhin ausnutzen ließ.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/topic/securite-pc-et-internet/?&tag=Windows

 

https://www.scoop.it/topic/securite-pc-et-internet/?&tag=PrintNightmare

 

Gust MEES's insight:

Microsoft hat Notfallpatches für eine Sicherheitslücke mit dem Namen Printnightmare veröffentlicht. Ein Problem mit dem Druck-Spooler ermöglichte es Angreifern, Code aus der Ferne auszuführen.

Über die Remote Code Execution könnten Angreifer weitere Programme installieren oder Nutzerkonten mit Administratorrechten erstellen. Zunächst war für das Problem kein Patch verfügbar. Offenbar veröffentlichten Sicherheitsforscher versehentlich einen Proof-of-Concept für einen Exploit, der sich weiterhin ausnutzen ließ.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/topic/securite-pc-et-internet/?&tag=Windows

 

https://www.scoop.it/topic/securite-pc-et-internet/?&tag=PrintNightmare

 

 

more...
No comment yet.
Sign up to comment
About Follow us Resources Terms Mobile Features
Facebook
X
LinkedIn