Tag Archives: reCAPTCHA

September episode of “In The Trend of VM”: 7 CVEs, fake reCAPTCHA, lebanese pagers, VM and IT annual bonuses

September episode of “In The Trend of VM”: 7 CVEs, fake reCAPTCHA, lebanese pagers, VM and IT annual bonuses. Starting this month, we decided to slightly expand the topics of the videos and increase their duration. I cover not only the trending vulnerabilities of September, but also social engineering cases, real-world vulnerability exploitation, and practices of vulnerability management process. At the end we announce a contest of questions about Vulnerability Management with gifts. 🎁

📹 Video “In The Trend of VM” on YouTube
🗞 A post on Habr (rus) a slightly expanded script of the video
🗒 A compact digest on the official PT website

Content:

🔻 00:51 Elevation of Privilege – Windows Installer (CVE-2024-38014) and details about this vulnerability
🔻 02:42 Security Feature Bypass – Windows Mark of the Web “LNK Stomping” (CVE-2024-38217)
🔻 03:50 Spoofing – Windows MSHTML Platform (CVE-2024-43461)
🔻 05:07 Remote Code Execution – VMware vCenter (CVE-2024-38812)
🔻 06:20 Remote Code Execution – Veeam Backup & Replication (CVE-2024-40711), while the video was being edited, data about exploitation in the wild appeared
🔻 08:33 Cross Site Scripting – Roundcube Webmail (CVE-2024-37383)
🔻 09:31 SQL Injection – The Events Calendar plugin for WordPress (CVE-2024-8275)
🔻 10:30 Human vulnerabilities: fake reCAPTCHA
🔻 11:45 Real world vulnerabilities: еxplosions of pagers and other electronic devices in Lebanon and the consequences for the whole world
🔻 14:42 Vulnerability management process practices: tie annual bonuses of IT specialists to meeting SLAs for eliminating vulnerabilities
🔻 16:03 Final and announcement of the contest
🔻 16:24 Backstage

На русском

Fake reCAPTCHA

Leave a reply

Fake reCAPTCHA. Probably the most interesting example of exploitation of human vulnerability in the last month. This trick works for two reasons:

🔹 Various captcha services have taught people to do the strangest things: click on pictures with certain content, retype words, solve some puzzles. Many people do not even think when they see another window “prove that you are not a robot” and just do what they are asked. 🤷‍♂️

🔹 Websites have the ability to write arbitrary text to the site visitor’s clipboard. 😏

Fake captcha asks the user to launch the Run window in Windows (Win + R), then paste a malicious command from the clipboard into this window (Ctrl + V) and run the command (Enter). Very primitive, but it works! 🤩 This is how attackers trick victims into running malicious PowerShell scripts and HTA applications. 👾

John Hammond recreated the code of such a “captcha”. You can use it in anti-phishing training.

На русском

Security News: Microsoft Patch Tuesday August 2021, Phishers Started Using reCAPTCHA, Scan 1 IP and Go to Jail

Leave a reply

Security News: Microsoft Patch Tuesday August 2021, Phishers Started Using reCAPTCHA, Scan 1 IP and Go to Jail. Hello everyone! Yet another news episode.

Microsoft’s August Patch Tuesday

Let’s start with Microsoft’s August Patch Tuesday. I think the most interesting thing is that it contains a fix for the PetitPotam vulnerability. I talked about this vulnerability two weeks ago. At the time, Microsoft had no plans to release a patch because PetitPotam was a “classic NTLM Relay Attack”. But the patch was actually released as part of August Patch Tuesday.

A quote from Rapid7: “Tracked as CVE-2021-36942, the August 2021 Patch Tuesday security update blocks the affected API calls OpenEncryptedFileRawA and OpenEncryptedFileRawW through the LSARPC interface”.

There are no formal signs that this vulnerability is critical other than comments from the vendors. My Vulristics tool has flagged this “Windows LSA Spoofing” as a Medium level Vulnerability. But this fix seems to be the most important thing in this Patch Tuesday. So install this patch first.

Continue reading →

Anti-Phishing process with advanced phishing attacks simulation

Leave a reply

Anti-Phishing process with advanced phishing attacks simulation. This time I want to write about the service of my friends from Antiphish. They call it “security awareness and employee behaviour management platform”. Simply put, they teach company employees how to detect and avoid phishing attacks.

By the way, they are great guys, made a demo for me, prepared custom templates, like in real PoC for a corporate client. Thanks so much for the excellent work!

The main idea

When you sign in to the Antiphish interface, you see the dashboards with information about the people who studied security courses, were tested during the course and were checked using emulated phishing attacks (some of these attacks are amazing, and I’ll show them at the end). This is the main idea. How can you protect your organization from phishing attacks? Educate people and constantly provoke them. Not just to send an email and see the employees who visited your “malicious” website. No, there should be a process!

Continue reading →

This is my personal blog. The opinions expressed here are my own and not of my employer. All product names, logos, and brands are property of their respective owners. All company, product and service names used here for identification purposes only. Use of these names, logos, and brands does not imply endorsement. You can freely use materials of this site, but it would be nice if you place a link on https://avleonov.com and send message about it at me@avleonov.com or contact me any other way.

Alexander V. Leonov

Vulnerability Management and more

Tag Archives: reCAPTCHA

Fake reCAPTCHA

Security News: Microsoft Patch Tuesday August 2021, Phishers Started Using reCAPTCHA, Scan 1 IP and Go to Jail

Microsoft’s August Patch Tuesday

Anti-Phishing process with advanced phishing attacks simulation

The main idea