Tag Archives: VPN

Microsoft Patch Tuesday June 2022: Follina RCE, NFSV4.1 RCE, LDAP RCEs and bad patches

Hello everyone! This will be an episode about the Microsoft vulnerabilities that were released on June Patch Tuesday and also between May and June Patch Tuesdays.

Alternative video link (for Russia): https://vk.com/video-149273431_456239094

On June Patch Tuesday, June 14, 56 vulnerabilities were released. Between May and June Patch Tuesdays, 38 vulnerabilities were released. This gives us 94 vulnerabilities in the report.

Continue reading

Last Week’s Security News: Black Hat Pwnie Awards, iPhone Checks Photos, Evil Windows Print Server, Cisco VPN Routers Takeovers

Hello everyone! Last Week’s Security News, August 1 – August 8.

Black Hat Pwnie Awards

Last week was more quiet than normal with Black Hat USA and DEF CON security conferences. I would like to start with the Pwnie Awards, which are held annually at Black Hat. It’s like an Oscar or Tony in the information security world. Pwnie Awards recognizes both excellence and incompetence. And, in general, is a very respectable, adequate and fun event.

There were 10 nominations. I will note a few.

  • Firstly 2 nominations, which were received by the guys from Qualys.
    Best Privilege Escalation Bug: Baron Samedit, a 10-year-old exploit in sudo.
    Most Under-Hyped Research: 21Nails, 21 vulnerabilities in Exim, the Internet’s most popular mail server.
  • Best Server-Side Bug: Orange Tsai, for his Microsoft Exchange Server ProxyLogon attack surface discoveries.
  • Most Epic Fail: Microsoft, for their failure to fix PrintNightmare.
  • Best Song: The Ransomware Song by Forrest Brazeal
Continue reading

Not for Russians

Let’s talk about web-site blocking. Not about cases of government censorship, not about cases where content is blocked for copyright reasons and not even about sanctions. I want to pay attention to the cases when companies block access to their own sites voluntarily for user from the whole country, in particular for the users from Russia.

I do not know why they actually do such things. Perhaps they are trying to defend themselves against evil Russian hackers. Not the most effective measure. Attackers know how to use proxies and VPNs. Maybe they are under constant DDoS attack from Russian IPs? But these problems can also be solved more effectively without blocking an entire country. And this can be understood for the company, which is not much in Information Security, but I see this regularly on the websites of Security Vendors. For example, Tanium:

Tanium

Or a very recent purchase of Qualys, start-up Nevis Networks:

Nevis Networks

But okay, in these cases, only sales of these companies in Russia suffer (if they even exist).

A slightly different case was recently seen on the Amazon recruiting site.

Continue reading