FBI Accessed Windows Laptops After Microsoft Shared BitLocker Recovery Keys

If you are using a Windows PC, your privacy and security are nothing short of a myth, and this incident proves it...

DOGE May Have Misused Social Security Data, DOJ Admits

Plus: The FAA blocks drones over DHS operations, Microsoft admits it hands over Bitlocker encryption keys to the cops, and more...

Azure Linux 3.0 Security Update: samba (CVE-2023-0614)

The version of samba installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-0614 advisory. - The fix in 4.6.16, 4.7.9, 4.8.4 and 4.9.7 for CVE-2018-10919 Confidential attribute disclosure vi LDAP filters...

The fix in 4.6.16 4.7.9 4.8.4 and 4.9.7 for CVE-2018-10919 Confidential attribute disclosure vi LDAP filters was insufficient and an attacker may be able to obtain confidential BitLocker recovery keys from a Samba AD DC.

...

CVE-2023-29063 Lack of DMA Access Protections

The FACSChorus workstation does not prevent physical access to its PCI express PCIe slots, which could allow a threat actor to insert a PCI card designed for memory capture. A threat actor can then isolate sensitive information such as a BitLocker encryption key from a dump of the workstation RAM...

PT-2023-22120 · Unknown · Facschorus Workstation

Name of the Vulnerable Software and Affected Versions: FACSChorus workstation affected versions not specified Description: The issue concerns the lack of physical access prevention to the PCI express PCIe slots in the workstation. This could allow a threat actor to insert a PCI card designed for...

OESA-2023-1220 libldb security update

An extensible library that implements an LDAP like API to access remote LDAP servers, or use local tdb databases. Security Fixes: The fix in 4.6.16, 4.7.9, 4.8.4 and 4.9.7 for CVE-2018-10919 Confidential attribute disclosure vi LDAP filters was insufficient and an attacker may be able to obtain...

AZL-37019 CVE-2023-0614 affecting package samba for versions less than 4.18.3-1

The fix in 4.6.16, 4.7.9, 4.8.4 and 4.9.7 for CVE-2018-10919 Confidential attribute disclosure vi LDAP filters was insufficient and an attacker may be able to obtain confidential BitLocker recovery keys from a Samba AD DC...

AZL-26697 CVE-2023-0614 affecting package samba 4.12.5-7

The fix in 4.6.16, 4.7.9, 4.8.4 and 4.9.7 for CVE-2018-10919 Confidential attribute disclosure vi LDAP filters was insufficient and an attacker may be able to obtain confidential BitLocker recovery keys from a Samba AD DC...

DEBIAN-CVE-2023-0614

The fix in 4.6.16, 4.7.9, 4.8.4 and 4.9.7 for CVE-2018-10919 Confidential attribute disclosure vi LDAP filters was insufficient and an attacker may be able to obtain confidential BitLocker recovery keys from a Samba AD DC...

CVE-2023-0614

The fix in 4.6.16, 4.7.9, 4.8.4 and 4.9.7 for CVE-2018-10919 Confidential attribute disclosure vi LDAP filters was insufficient and an attacker may be able to obtain confidential BitLocker recovery keys from a Samba AD DC...

SUSE CVE-2023-0614

The fix in 4.6.16, 4.7.9, 4.8.4 and 4.9.7 for CVE-2018-10919 Confidential attribute disclosure vi LDAP filters was insufficient and an attacker may be able to obtain confidential BitLocker recovery keys from a Samba AD DC...

PT-2023-2254 · Samba +6 · Samba +6

Name of the Vulnerable Software and Affected Versions: Samba versions prior to 4.6.16 Samba versions prior to 4.7.9 Samba versions prior to 4.8.4 Samba versions prior to 4.9.7 Description: The issue is related to insufficient protection of service data, which may allow a remote attacker to disclo...

The vulnerability of the Windows operating system, which allows a perpetrator to bypass authentication procedures or obtain BitLocker keys

The vulnerability of the Kerberos protocol in Windows operating systems is related to errors in the management of registration data. Exploiting this vulnerability allows a malicious actor to bypass authentication procedures or obtain BitLocker keys by connecting to the KDC servers...