Tag Archives: Zoom

Security News: Exchange ProxyShell, Zoom RCE, Citrix Canceled PT Acknowledgments, Cisco No Patch Router RCEs

Security News: Exchange ProxyShell, Zoom RCE, Citrix Canceled PT Acknowledgments, Cisco No Patch Router RCEs. Hello everyone! This is a new episode with my comments on the latest Information Security news.

Exchange ProxyShell

I want to start with something about attacks on Exchange. ProxyShell is in the news, the LockFile ransomware compromised more than 2000 servers. On the other hand, there is basically nothing to say here.

ProxyShell is the name for 3 vulnerabilities. The bulletins for Remote Code Execution CVE-2021-34473 and Server Elevation of Privilege CVE-2021-34523 were released on July 13, but were fixed by April Patch Tuesday patches. Yes, it happens sometimes. The bulletin for Security Feature Bypass CVE-2021-31207 was released on May 11. Users had 4 months to install the updates. Interestingly, 2 out of 3 vulnerabilities have the property “Less likely to be exploited”. As you can see, it’s pretty useless.

Continue reading

My projects that are not related to Information Security: Yennysay TTS and PyTouchOk companion app

My projects that are not related to Information Security: Yennysay TTS and PyTouchOk companion app. Thanks to the long New Year holidays in Russia, I had time to work on my own projects that are not related to information security. I released them on github and recorded short demos (by the way, Zoom is quite convenient for this! ?).

Yennysay is a GUI text-to-speach tool that uses a free offline TTS engine in Windows 10. This was my first experience with Tkinter and it turned out to be quite successful. I use this tool a lot now. Yennysay can read English and Russian texts aloud, show progress, track clipboard, retrieve text from copied URL, open YouTube URL in SMPlayer, and so on.

Check out the video

and sources on github

PyTouchOk is also a Tkinter application for automating routine actions with GUI (similar to SikuliX and AutoIt). The idea was to create a companion app that would track the content of the screen and, under certain conditions, take control to perform routine actions. As an example of such a routine action, I implemented the export of slides from LibreOffice Impress in svg format via pyautogui by automatically clicking in the interface. This operation cannot be performed for all slides through the GUI, and LibreOffice API is quite difficult to work with. But the main goal was to create a companion app that could be easily expanded with new skills. And it succeeded, the program “understands” that LibreOffice Impress is open on the screen and starts automatic actions.
Here is the demo on youtube

аnd the sources on github.