|
https://blog.qualys.com/vulnerabili...c-cve-2021-4034 PwnKit: Local Privilege Escalation Vulnerability Discovered in polkit’s pkexec (CVE-2021-4034) | Qualys Security Blog The Qualys Research Team has discovered a memory corruption vulnerability in polkit's pkexec, a SUID-root program that is installed by default on every major Linux distribution. Qualys posted:Successful exploitation of this vulnerability allows any unprivileged user to gain root privileges on the vulnerable host. 
|
#
?
Jan 26, 2022 01:13
|
|
|
|
| # ? May 24, 2024 19:34 |
|
|
I've been dipping my toes into the cyber world with HackTheBox. Is there something on the flip side where you can practice defensive stuff? "Here is the environment, what/how would you lock down" etc... ?
|
|
#
?
Jan 26, 2022 01:25
|
|
|
Hughmoris posted:I've been dipping my toes into the cyber world with HackTheBox. Hackthebox is kinda a starting place imo - get a toe into some of the ways people craft an attack chain, then think of ways to break those chains
|
|
#
?
Jan 26, 2022 01:42
|
|
|
https://arstechnica.com/information-technology/2022/01/booby-trapped-sites-delivered-potent-new-backdoor-trojan-to-macos-users/ Well that's exciting.
|
|
#
?
Jan 26, 2022 01:42
|
|
|
Did a bunch of poo poo just break? E: never mind just your run of the mill global iCloud outage cr0y fucked around with this message at 03:11 on Jan 26, 2022 |
|
#
?
Jan 26, 2022 02:40
|
|
|
Potato Salad posted:Hackthebox is kinda a starting place imo - get a toe into some of the ways people craft an attack chain, then think of ways to break those chains Thanks. It's been interesting, coming from a data analyst background, to hack a few boxes and read the Walkthroughs and better understand the method of thinking that is needed.
|
|
#
?
Jan 26, 2022 03:42
|
|
|
New root exploit dropped https://www.bleepingcomputer.com/news/security/linux-system-service-bug-gives-root-on-all-major-distros-exploit-released/
|
|
#
?
Jan 27, 2022 18:05
|
|
|
Frozen Peach posted:New root exploit dropped Yeah, its a fun one too. Feels like one of the worse to be seen for a while
|
|
#
?
Jan 27, 2022 18:10
|
|
|
There's a bunch of new NAS targeted ransomware that kicked off a few days ago. And that's how I found out one of our subs has an exposed NAS.
|
|
#
?
Jan 27, 2022 18:55
|
|
|
A free audit of your firewall rules, what more could you want!
|
|
#
?
Jan 27, 2022 18:57
|
|
|
Frozen Peach posted:New root exploit dropped Oh yeah, there’s an exploit on GitHub which is like 23 LoC and it works beautifully. Ask me how I know. Patched a couple of dozen servers today. Yay.
|
|
#
?
Jan 27, 2022 19:37
|
|
|
Meh this one is bad, but its not log4j bad. Then again see my recent post in the poo poo pissing you off thread: BaseballPCHiker posted:Today in response to news of the PwnKit CVE I found out that my company has no regular patching schedule, or policy even, for Linux/Unix hosts.
|
|
#
?
Jan 27, 2022 20:42
|
|
|
At least it only works if you already have unprivileged access! "Only" ...
|
|
#
?
Jan 27, 2022 20:54
|
|
|
the difference between l4j and arbitrary, run-on-host rce is that you had to kinda know what you do wanted from a java product to use l4j, but anyone can rattle off a few high value targets to go looking for on any arbitrary nix host
|
|
#
?
Jan 27, 2022 20:56
|
|
|
finally, my days of needing to type sudo are done
|
|
#
?
Jan 27, 2022 20:56
|
|
|
Lol, this QNAP thing is huge. Anyone I know with a qnap got owned. My poor synology just sits here, unowned.
|
|
#
?
Jan 27, 2022 21:00
|
|
|
It's just another LPE... like the sudo one a while back. Or the myriad of kernel bugs of previous years. It's a really nice lpe, but still just an lpe. I don't see the reason for the fuss tbh.
|
|
#
?
Jan 27, 2022 21:11
|
|
|
Sickening posted:Lol, this QNAP thing is huge. Anyone I know with a qnap got owned. My poor synology just sits here, unowned. My QNAP Plex box isn't owned yet. I guess this pa-200 I stole from work is doing it's job.
|
|
#
?
Jan 27, 2022 21:45
|
|
|
Who knowingly exposes a NAS to the Internet wtf
|
|
#
?
Jan 27, 2022 22:06
|
|
|
Rust Martialis posted:Who knowingly exposes a NAS to the Internet wtf people who don't trust popular cloud storage offerings often justifiably
|
|
#
?
Jan 27, 2022 22:15
|
|
|
everything is bad but that's ok
|
|
#
?
Jan 27, 2022 22:16
|
|
|
Potato Salad posted:people who don't trust popular cloud storage offerings the solution to not trusting cloud storage options is not exposing your own home NAS to the internet
|
|
#
?
Jan 27, 2022 22:19
|
|
|
CLAM DOWN posted:the solution to not trusting cloud storage options is not exposing your own home NAS to the internet you'd think so but some of these people also think windmills cause cancer, or that federal agencies aren't extremely conservative at a baseline
|
|
#
?
Jan 27, 2022 22:21
|
|
|
So we manage the security for a lot of our stores, and more than once we've had store owners put NAS on their store network and then try to get us to allow them through the firewalls. Fun times.
|
|
#
?
Jan 27, 2022 22:25
|
|
|
Sickening posted:Lol, this QNAP thing is huge. Anyone I know with a qnap got owned. qnap p recently added auto-updating firmware which should mitigate it.. if they updated in the past 6 months
|
|
#
?
Jan 27, 2022 23:18
|
|
|
Yeah there's hundreds of thousands of results on Shodan with the management interface of these boxes exposed to the world
|
|
#
?
Jan 27, 2022 23:21
|
|
|
i expect nothing less
|
|
#
?
Jan 27, 2022 23:24
|
|
|
I think there was a similar thing with Ubiquiti radios and while yes if there's a way to bypass the authentication on a device it's bad, you should also have your management interfaces not on the Internet.
|
|
#
?
Jan 27, 2022 23:27
|
|
|
The QNAP exploit is only 2 days old too, so its gonna be a while.
|
|
#
?
Jan 27, 2022 23:27
|
|
|
Sickening posted:Lol, this QNAP thing is huge. Anyone I know with a qnap got owned. My poor synology just sits here, unowned. Is there a bigger issue with security in general with QNAP vs Synology? Or is this a one-off where in the long run they both are equally vulnerable systems?
|
|
#
?
Jan 28, 2022 01:47
|
|
|
I’ve done zero actual research but every time I see a pro/con list someone invariably mentions that QNAP software is less secure, whatever that means. I disconnected my Synology from the cloud access thing just to be safe, but also I remembered that I’ve literally never once used it in all the time I owned a Synology, and I can just VPN home from any of my devices if I really want some files. I was going to pick up a QNAP for some datastore backing because they’re the only “brand” NAS that has an affordable 10gbe consumer option and tbh I’m not really sure this changes my opinion on something I will literally only use inside my network, but I guess if it was my only device it might make me think twice.
|
|
#
?
Jan 28, 2022 02:57
|
|
|
Martytoof posted:I’ve done zero actual research but every time I see a pro/con list someone invariably mentions that QNAP software is less secure, whatever that means. QNAP uses textarea rather than input for the username/password fields so take that as you will as an example of their development prowess
|
|
#
?
Jan 28, 2022 04:07
|
|
|
BaseballPCHiker posted:Meh this one is bad, but its not log4j bad. The log4j RCE can be combined with the LPE to get remote root access to a system, and at that point only things like FreeBSD jails (or anything else made to isolate root) can protect you. Few 0days stands alone, and any hat-wearer worth their salt knows how to chain different exploits.
|
|
#
?
Jan 28, 2022 06:04
|
|
|
Sickening posted:Lol, this QNAP thing is huge. Anyone I know with a qnap got owned. My poor synology just sits here, unowned. I have an 8 bay Dell server and a 12 bay DAS loaded with 2TB drives from a previous company that was getting rid of them.  and now you can get the same amount of storage in 2 drives for a grand
|
|
#
?
Jan 28, 2022 06:11
|
|
|
KillHour posted:I have an 8 bay Dell server and a 12 bay DAS loaded with 2TB drives from a previous company that was getting rid of them. Basically, it's the RAID5 dilemma but for single disks.
|
|
#
?
Jan 28, 2022 06:40
|
|
|
Buff Hardback posted:QNAP uses textarea rather than input for the username/password fields Just checked, username is textarea while password is input. Also, as per 5.0, QTS will nag you constantly to activate MFA on every user so i think that there are some devs that want security while others don't. Having owned QNAPs for quite a while, there is no need for exposing the nas over then internet since you have their cloud intermediate relay service(which is far faster than synology equivalent in my experience) and native vpn options, but then i only use my nas for file storage and dlna which will happily work on most mediums. SlowBloke fucked around with this message at 09:19 on Jan 28, 2022 |
|
#
?
Jan 28, 2022 08:18
|
|
|
BlankSystemDaemon posted:This is a less-than-ideal way of thinking about these things, because it precludes you practicing defense in depth. I cant even get a list of linux hosts we have in the org, asset management is non-existent here. So while I understand your point, I am so far off from being able to do defense in a total depth of 1 layer let alone multiple.
|
|
#
?
Jan 28, 2022 12:34
|
|
|
BaseballPCHiker posted:I cant even get a list of linux hosts we have in the org, asset management is non-existent here. So while I understand your point, I am so far off from being able to do defense in a total depth of 1 layer let alone multiple. 
|
|
#
?
Jan 28, 2022 12:55
|
|
|
Things are so bad here that I am beginning to wonder if it will affect my long term judgement. Like if you're surrounded by dumpster fires the flaming bag of poo poo on the doorway doesnt seem as bad and you just sort of become numb to it. If my personal life wasnt so busy right now I would be looking for other jobs. Here is an example of something that literally happened yesterday. Some meaningless details changed as to not doxx myself: A user put in a helpdesk ticket that upon logging into a host used for training there was an open browser page with credit card information entered in. The helpdesk sat on this ticket for 4 hours before someone emailed my team directly. Upon initial investigation it seems that someone went completely rogue at a branch location. They got a secondary internet connection put in, purchased a Ubiquiti dream machine to hook up to it, and a server to run off of it. This apparently sat unnoticed in a closet at this branch office. All setup without the involvement of anyone in IT. Just a guy in sales who knew enough to be dangerous. Supposedly the VMs running on this server were to be used for training and contained no corp or customer data. The machine wasnt on our domain but did have a NIC connected to the internal corp network as well. After scrambling to get details on all this and locate the machine so that we could at least use the limited tools at our disposal to investigate it I was able to start pulling some logs associated with the dream machine and a single VM hosted on the server. As far as I could tell in the brief time I had access someone had created a new admin user on the VM and had logins going back as far as 3 months. Then my connection dropped and I got no further information. A helpdesk tech finally picked up the ticket, drove out to the branch, and factory reset the dream machine and formatted the disk on the server. Any information we would've had access to is now gone and I cant even begin to tell higher ups how we managed to gently caress up so many steps along the way as to make this possible. The best part, in the brief interaction I had with a manager yesterday about this before rage quitting for the day, he didnt even care!!!! Said he thought it sounded like it was taken care of by the helpdesk tech. This is the poo poo I am dealing with.
|
|
#
?
Jan 28, 2022 14:30
|
|
|
|
| # ? May 24, 2024 19:34 |
|
|
BaseballPCHiker posted:Things are so bad here that I am beginning to wonder if it will affect my long term judgement. Like if you're surrounded by dumpster fires the flaming bag of poo poo on the doorway doesnt seem as bad and you just sort of become numb to it. If my personal life wasnt so busy right now I would be looking for other jobs. 
|
|
#
?
Jan 28, 2022 15:17
|
|