From Security Weekly Wiki
Jump to navigationJump to search
#[ Microsoft advises users to stop using SMS- and voice-based MFA - Help Net Security] - Still better than no MFA: ''Last year, Weinert noted that using any form of MFA is better than relying just on a password for security, as it “significantly increases the costs for attackers, which is why the rate of compromise of accounts using any type of MFA is less than 0.1% of the general population.”''
#[ The alleged decompiled source code of Cobalt Strike toolkit leaked online] - Crap: ''The repository has been already forked more than hundreds of times and is rapidly spreading online.''
#[ How to get root on Ubuntu 20.04 by pretending nobodys /home - GitHub Security Lab]- Best part is here: ''Here’s what happened: I had found a couple of denial-of-service vulnerabilities in accountsservice. I considered them low severity, but was writing them up for a vulnerability report to send to Ubuntu. Around 6pm, I stopped work and closed my laptop lid. Later in the evening, I opened the laptop lid and discovered that I was locked out of my account. I had been experimenting with the .pam_environment symlink and had forgotten to delete it before closing the lid. No big deal: I used Ctrl-Alt-F4 to open a console, logged in (the console login was not affected by the accountsservice DOS), and killed accounts-daemon with a SIGSEGV. I didn’t need to use sudo due to the privilege dropping vulnerability. The next thing I knew, I was looking at the gnome-initial-setup dialog boxes, and was amazed to discover that I was able to create a new user with administrator privileges.''
#[ Decrypting OpenSSH sessions for fun and profit]
#[ This new malware wants to add your Linux servers and IoT devices to its botnet | ZDNet]
#[ Mysterious Bugs Were Used to Hack iPhones and Android Phones and No One Will Talk About It]
#[ Computer Scientists Achieve Crown Jewel of Cryptography]


Navigation menu