Discussion in 'Business & Enterprise Computing' started by Gunna, Nov 18, 2019.
DNS Rebinding: Stealing WiFi credentials through your solar panel inverter
Worth noting that an exploit for the recent exchange vulnerability (CVE 2020-0688) has just landed in metasploit
Privesc from mailbox user to SYSTEM.
SMB 3 is vulnerable
(Proceeds to block 445 as instructed)
The patch for the SMB compression RCE is released. https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0796… It applies to all Windows 10 version 1903 & 1909, and Windows Server version 1903 & 1909. Does not apply to Windows Server 2019, W10 LTSC, or any older OSes and versions.
Pretty highly unlikely to hit orgs, very few places are rolling 1903 and 1909
1000 devices in our org.
1809 goes EoL in May
upgrade to Enterprise!
I like how InfoSec discussion has devolved to security patches and compromises
Disappointment we haven't mentioned firewalls for a while though.
I don't need to patch, I've got a security appliance
It's amusing seeing how rapidly patching processes go to shit when people need to meet level 3 of essential eight. Other fun one recently was an org wanting a small subset of whitelisted machines for high risk users, okay whatever, but the number of business processes that broke when those high value users could only use specific machine was incredible. Showed a lot of cruft. Also possibly one illegal practice
It's 2020 and hackers are still hijacking Windows PCs by exploiting font parser security holes. No patch, either
So whose to blame here. Since MS and Adobe pointing at each other ? Probably a bit of both to be honest.
All the quick shit people are doing now in response to Covid19, is going to have a long tail when it comes to Infosec.
Yup yup, I'm already working with mobs to help them limit the potential risk already.
Done a number of tests in the past with a line saying 'well this is possible but no account we configured had remote access so we couldn't explore the impact of this' which probably have a new risk rating now
Indeed it will, but they should have had proper BCP in place before now.
I don't blame the hasty reaction to keeping businesses running and keeping people employed. I blame the inaction over a decade to this point.
Proper Planning Prevents Piss Poor Performance.
No plan of operations extends with any certainty beyond the first contact with the main hostile force.
Lotsa places finding that out right about now. Even places that have sunk time and money into BCP.
More guaranteed employment, yay
I'm not sure why strange war analogies are in place, but all my BCP conversations with business owners start with the question "your building has vanished - how do you keep business going for the next month? The next 6 months?". That then leads into a comprehensive discussion on work-from-home/remote solutions.
If somewhere has sunk "time and money into BCP", and they don't have secure methods to keep work going remotely in the current climate, they did their BCP wrong.
None of this stuff has to be expensive. If it's costing you 100% extra, you're also doing it wrong. This stuff should be used in production and tested every day with staff voluntarily working from home. If it only gets tested once a year (or never), you're doing it wrong.
Likewise, plenty of places proudly hold their DR plans lofty, forgetting that DR is about getting things back to normal after the shit goes down, rather than working through the shit while its happening.
It's OK, Hospitals can spend all their cash on Ventilators and Test Kits because
Ours started in the same spot, but instead, everyone's building has vanished, and the systems you relied upon to provide connectivity for remote solutions aren't keeping up with demand. I don't know what your plans look like, but mine don't mention "Use IP Over Avian because NBN is shit"