E Amazings
  • Home
  • Automotive
  • Business
  • CBD
  • Crypto
  • Education
  • Entertainment
  • Fashion
  • Finance
  • Health
  • Home Improvement
  • Law \ Legal
  • News
  • Shopping
  • Sports
  • Technology
  • Travel

Subscribe to Updates

Get the latest creative news from FooBar about art, design and business.

What's Hot

Justice U U Lalit appointed 49th CJI, to take oath on August 27

August 10, 2022

BTC Soars Towards $24K on CPI Numbers, Will the Resistance Fall? (Bitcoin Price Analysis)

August 10, 2022

Langya virus China: What this virus is, symptoms and treatment – all you need to know

August 10, 2022
Facebook Twitter Instagram
E Amazings
  • Home
  • Automotive
  • Business
  • CBD
  • Crypto
  • Education
  • Entertainment
  • Fashion
  • Finance
  • Health
  • Home Improvement
  • Law \ Legal
  • News
  • Shopping
  • Sports
  • Technology
  • Travel
Facebook Twitter Instagram
E Amazings
You are at:Home»Technology»This Week In Security:Breaking CACs To Fix NTLM, The Biggest Leak Ever, And Fixing Firefox By Breaking It
Technology

This Week In Security:Breaking CACs To Fix NTLM, The Biggest Leak Ever, And Fixing Firefox By Breaking It

Paul EasterBy Paul EasterJuly 8, 2022No Comments5 Mins Read
Facebook Twitter Pinterest LinkedIn Tumblr Email
Share
Facebook Twitter Pinterest WhatsApp Email


To start with, Microsoft’s June Security Patch has a fix for CVE-2022-26925, a Man-In-The-Middle attack against NTLM. According to NIST, this attack is actively being exploited in the wild, so it landed on the KEV (Known Exploited Vulnerabilities) Catalog. That list tracks the most important vulnerabilities to address, and triggers a mandated patch install no later than July 22nd. The quirk here is that the Microsoft Patch that fixes CVE-2022-26925 also includes a fix for a couple certificate vulnerabilities including CVE-2022-2693, Certifried. That vulnerability was one where a machine certificate could be renamed to the same as a domain controller, leading to organization-wide compromise.

The fix that rolled out in June now requires that a “strong certificate mapping” be in place to tie a user to a certificate. Having the same common name is no longer sufficient, and a secure value like the Security IDentifier (SID) must be mapped from certificate to user in Active Directory. The patch puts AD in a compatibility mode, which accepts the insecure mapping, so long as the user account predates the security certificate. This has an unintended consequence of breaking how the US Government uses CACs (Common Access Cards) to authenticate their users. Government agencies typically start their onboarding by issuing a CAC, and then establishing an AD account for that user. That makes the certificate older, which means the newest patch rejects it. Thankfully there’s a registry key that can be set, allowing the older mapping to still work, though likely with a bit of a security weakness opened up as a result.

Decryptor Released Because of Copycat?

One of the stranger things we’ve seen out of the ransomware plague is the release of decryptors when a criminal group closes up shop. In this case, AstraLocker has closed its doors, and released a set of decryption routines. While those decryption programs have been demonstrated to work, if you happen to be one of the unfortunate victims, wait until a reputable group like Emsisoft takes those shady tools and packages them into a known-good solution.

Why does a group close down and release the keys to their kingdom? In some cases it’s because law enforcement is getting uncomfortably close and the jig is simply up. Here, it appears that a copycat group has started distributing their own iteration on Astralocker. The problem with AstraLocker 2.0 is that it’s a “smash and grab”, a low effort campaign that appears to never actually provide decryption keys. One possible explanation is that this copycat campaign is spoiling the “good name” of the original actor, and makes it much harder to convince victims to pay for decryption, leading to the retirement.

Chinese Police Leaks Database

We’ve covered some database breaches in the past, where entire countries are exposed, but this one seems to take the cake. Over a billion users have been exposed in what appears to be a leak of a Chinese police database — likely the result of credentials unintentionally leaked in a blog post. The database was offered for sale for 10 bitcoins, less than the price of a pizza. That thread has since been deleted from the forum where it was being offered. This is likely the biggest database leak ever seen, and at this scale, it’s going to be hard to top.

Firefox Sanitizer

Mozilla is developing a new JavaScript feature in Firefox, Sanitizer. It’s an effort to defeat Cross-Site Scripting (XSS) attacks, by adding a standardized way to sanitize data. Part of the thought is that the browser itself can be a very reliable source of “truth” when it comes to how HTML will be understood.

It’s an experimental feature that’s still being built, but it’s available for testing, and researchers are already starting to work to make it better. [Gareth Heyes] took a crack at it, and discovered a potential problem with SVG handling. SVGs are images generated by XML code, and one of the valid elements is a use statement, essentially including SVG code from somewhere else. That somewhere else could potentially be malicious, and some very clever work can result in arbitrary JavaScript execution as a result. The flaw was fixed in Firefox 102, and ideally when this feature leaves expiremental, all those bugs will be worked out. If it proves useful, Chrome will pick it up, and it may even get on a track for inclusion as a web standard.

Bits and Bytes

Project Zero has an overview of the in-the-wild bugs they’ve tracked so far this year. There 18 total bugs, but nine of those were variants of previous bugs, instances when the patch to fix a known problem was insufficient to actually fix the root problem. In a couple cases, it wasn’t even a variant, but the exact same bug that was fixed and then made vulnerable again. If nothing else, it’s a powerful testament to the value of regression tests.

The British Army’s official Twitter and YouTube accounts were accessed by a malicious third party this week. With this access, all that was posted was links to crypto scam site — hardly living up to the potential of having access to such valuable accounts. Appears to decidedly not have been a state-sponsored actor.

And finally, in the long tradition of security software introducing security vulnerabilities, Trend Micro has patched a vulnerability that allowed privilege escalation via mount point manipulation on Windows. The issue was found and reported privately, and the fix was rolled out in version 17.7. There’s no sign this one was ever exploited, so chalk one up for the good guys!



Source link

Paul Easter

Related Posts

Here’s The World’s Smallest Wood Plane…Probably

By Paul EasterAugust 10, 2022

Linux Fu: The Chrome OS Flex Virtualization

By Paul EasterAugust 10, 2022

Should’ve Used a 555 — Or 276 of Them

By Paul EasterAugust 10, 2022

A Steam Box For Not A Lot

By Paul EasterAugust 10, 2022
Add A Comment

Comments are closed.

Our Picks

Justice U U Lalit appointed 49th CJI, to take oath on August 27

By Paul EasterAugust 10, 2022

BTC Soars Towards $24K on CPI Numbers, Will the Resistance Fall? (Bitcoin Price Analysis)

By Paul EasterAugust 10, 2022

Langya virus China: What this virus is, symptoms and treatment – all you need to know

By Paul EasterAugust 10, 2022
Recent Posts
  • Justice U U Lalit appointed 49th CJI, to take oath on August 27 August 10, 2022
  • BTC Soars Towards $24K on CPI Numbers, Will the Resistance Fall? (Bitcoin Price Analysis) August 10, 2022
  • Langya virus China: What this virus is, symptoms and treatment – all you need to know August 10, 2022
  • Here’s The World’s Smallest Wood Plane…Probably August 10, 2022
  • Cardano Aggressively Priced Ahead of Vasil, Claims Messari’s Report August 10, 2022
  • NYC Now Leasing 11 Hotels for Families as Homeless Population Rises August 10, 2022
  • Ford Raises The Price of The F150 Lightning Due To America’s Proxy War With Russia August 10, 2022
Archives
  • August 2022
  • July 2022
  • June 2022
Facebook Twitter Instagram Pinterest TikTok
  • Home
© 2022 E Amazings - All Rights Reserved.

Type above and press Enter to search. Press Esc to cancel.