Jan's diary entry "One way to fail at malspam - give recipients the wrong password for an encrypted attachment" got my attention: it's an opportunity for me to do some password cracking :-) I asked Jan for the sample.
Wireshark version 3.4.7 was released.
Phew, this was a really bad week for Microsoft (and a lot of reading for all of us). And just when we thought that the fiasco with the SAM hive was over, a new vulnerability popped up, which is much, much more dangerous unfortunately – it allows a user to completely take over a Windows domain that has the ADCS service running. And those are probably...
A few days ago, I found an interesting file delivered by email (why change a winning combination?). The file has a nice extension: “.daa” (Direct Access Archive). We already reported such files in 2019 and Didier wrote a diary about them. Default Windows installation, can’t process “.daa” files, you need a specific tool to open them (like PowerISO)....
Today’s diary revisits hunting for dodgy domains via Hurricane Electric's BGP Toolkit . This was previously done in an earlier diary , and I plan to do this occasionally to share potential or identified threats so that readers can be aware of them.
As we already got a number of notes from readers: Currently, Akamai's DNS service appears to experience an outage that affects numerous other large websites.
Microsoft released a knowledge base article regarding CVE-2021-36934 . Bojan yesterday explained the vulnerability in more detail. Recent versions of Microsoft Windows expose several system files due to overly permissive access control lists. Of main interest is the Security Accounts Manager (SAM), which exposes password hashes. It has been demonstrated...
Subscribe to RSS Feeds, Blogs, Podcasts, Twitter searches, Facebook pages, even Email Newsletters! Get unfiltered news feeds or filter them to your liking.Get Inoreader