Microsoft Windows SMB Direct Session Takeover

This module will intercept direct SMB authentication requests to another host, gaining access to an authenticated SMB session if successful. If the connecting user is an administrator and network logins are allowed to the target machine, this module will execute an arbitrary payload. To exploit...

Microsoft Windows SMB Direct Session Takeover

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Microsoft Windows SMB Direct Session Takeover', 'Description' = %q This module will intercept direct SMB authentication requests to another host,...

Apple Pay Can be Abused to Make Contactless Payments From Locked iPhones

Cybersecurity researchers have disclosed an unpatched flaw in Apple Pay that attackers could abuse to make an unauthorized Visa payment with a locked iPhone by taking advantage of the Express Travel mode set up in the device's wallet. "An attacker only needs a stolen, powered on iPhone. The...

Apple Pay with Visa Hacked to Make Payments via Unlocked iPhones

An attacker who steals a locked iPhone can use a stored Visa card to make contactless payments worth up to thousands of dollars without unlocking the phone, researchers are warning. The problem is due to unpatched vulnerabilities in both the Apple Pay and Visa systems, according to an academic te...

Apple Pay with Visa Hacked to Make Payments via Locked iPhones

An attacker who steals a locked iPhone can use a stored Visa card to make contactless payments worth up to thousands of dollars without unlocking the phone, researchers are warning. The problem is due to unpatched vulnerabilities in both the Apple Pay and Visa systems, according to an academic te...

LockFile Ransomware Uses Never-Before Seen Encryption to Avoid Detection

Researchers discovered a novel ransomware emerging on the heels of the ProxyShell vulnerabilities discovery in Microsoft Exchange servers. The threat, dubbed LockFile, uses a unique “intermittent encryption” method as a way to evade detection as well as adopting tactics from previous ransomware...

Patch now! Microsoft Exchange is being attacked via ProxyShell

Last Saturday the Cybersecurity and Infrastructure Security Agency issued an urgent warning that threat actors are actively exploiting three Microsoft Exchange vulnerabilities—CVE-2021-34473, CVE-2021-34523, and CVE-2021-31207. These vulnerabilities can be chained together to remotely execute...

PetitPotam: Novel Attack Chain Can Fully Compromise Windows Domains Running AD CS

The PetitPotam attack vector was assigned CVE-2021-36942 and patched on August 10, 2021. See the Updates section at the end of this post for more information. Late last month July 2021, security researcher Topotam published a proof-of-concept PoC implementation of a novel NTLM relay attack...

Microsoft Windows Active Directory Certificate Services can allow for AD compromise via PetitPotam NTLM relay attacks

Overview Microsoft Windows Active Directory Certificate Services AD CS by default can be used as a target for NTLM relay attacks, which can allow a domain-joined computer to take over the entire Active Directory. Description PetitPotam is a tool to force Windows hosts to authenticate to other...

New PetitPotam NTLM Relay Attack Lets Hackers Take Over Windows Domains

A newly uncovered security flaw in the Windows operating system can be exploited to coerce remote Windows servers, including Domain Controllers, to authenticate with a malicious destination, thereby allowing an adversary to stage an NTLM relay attack and completely take over a Windows domain. The...

KLA12248 Microsoft Advisory (ESU) for Active Directory Certificate Services

Microsoft is aware of PetitPotam which can potentially be used in an attack on Windows domain controllers or other Microsoft Products Extended Security Update.To prevent NTLM Relay Attacks on networks with NTLM enabled, domain administrators must ensure that services that permit NTLM authenticati...

Trojan-Dropper.Win32.Googite.a Unauthenticated Open Proxy

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/ff30fbee3724d80dcb9471c0b553c99a.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan-Dropper.Win32.Googite.a Vulnerability: Unauthenticated Open Proxy Description: Googite malwar...

New Hack Lets Attackers Bypass MasterCard PIN by Using Them As Visa Card

Cybersecurity researchers have disclosed a novel attack that could allow criminals to trick a point of sale terminal into transacting with a victim's Mastercard contactless card while believing it to be a Visa card. The research, published by a group of academics from ETH Zurich, builds on a stud...

CVE-2021-21472

SAP Software Provisioning Manager 1.0 SAP NetWeaver Master Data Management Server 7.1 does not have an option to set password during its installation, this allows an authenticated attacker to perform various security attacks like Directory Traversal, Password Brute force Attack, SMB Relay attack,...

CVE-2021-21472

SAP Software Provisioning Manager 1.0 SAP NetWeaver Master Data Management Server 7.1 does not have an option to set password during its installation, this allows an authenticated attacker to perform various security attacks like Directory Traversal, Password Brute force Attack, SMB Relay attack,...

CVE-2021-21472

CVE-2021-21472 affects SAP Software Provisioning Manager 1.0 and SAP NetWeaver Master Data Management Server 7.1. The root cause is the absence of a password option during installation, allowing an authenticated attacker on the network to perform attacks such as directory traversal, password brut...

PT-2021-14540 · Sap · Sap Software Provisioning Manager +1

Name of the Vulnerable Software and Affected Versions: SAP Software Provisioning Manager version 1.0 SAP NetWeaver Master Data Management Server version 7.1 Description: The issue allows an authenticated attacker to perform various security attacks due to the lack of an option to set a password...

Experts Detail A Recent Remotely Exploitable Windows Vulnerability

More details have emerged about a security feature bypass vulnerability in Windows NT LAN Manager NTLM that was addressed by Microsoft as part of its monthly Patch Tuesday updates earlier this month. The flaw, tracked as CVE-2021-1678 CVSS score 4.3, was described as a "remotely exploitable" bug...

CVE-2021-21469

When security guidelines for SAP NetWeaver Master Data Management running on windows have not been thoroughly reviewed, it might be possible for an external operator to try and set custom paths in the MDS server configuration. When no adequate protection has been enforced on any level e.g., MDS...

Information disclosure

When security guidelines for SAP NetWeaver Master Data Management running on windows have not been thoroughly reviewed, it might be possible for an external operator to try and set custom paths in the MDS server configuration. When no adequate protection has been enforced on any level e.g., MDS...