Posts

Showing posts from October, 2024

The Hacker News - New Phishing Kit Xiū gǒu Targets Users Across Five Countries With 2,000 Fake Sites

Cybersecurity researchers have disclosed a new phishing kit that has been put to use in campaigns targeting Australia, Japan, Spain, the U.K., and the U.S. since at least September 2024. Netcraft said more than 2,000 phishing websites have been identified the kit, known as Xiū gǒu, with the offering used in attacks aimed at a variety of verticals, such as public sectors, postal, digital services from The Hacker News https://thehackernews.com/2024/11/new-phishing-kit-xiu-gou-targets-users.html

The Hacker News - New LightSpy Spyware Version Targets iPhones with Increased Surveillance Tactics

Cybersecurity researchers have discovered an improved version of an Apple iOS spyware called LightSpy that not only expands on its functionality, but also incorporates destructive capabilities to prevent the compromised device from booting up. "While the iOS implant delivery method closely mirrors that of the macOS version, the post-exploitation and privilege escalation stages differ from The Hacker News https://thehackernews.com/2024/10/new-lightspy-spyware-version-targets.html

Black Hills InfoSec - Pentesting, Threat Hunting, and SOC: An Overview

Image
By Ray Van Hoose, Wade Wells, and Edna Jonsson || Guest Authors This post is comprised of 3 articles that were originally published in the second edition of the InfoSec […] The post Pentesting, Threat Hunting, and SOC: An Overview appeared first on Black Hills Information Security . from Black Hills Information Security https://www.blackhillsinfosec.com/pentesting-threat-hunting-and-soc-an-overview/

The Hacker News - LottieFiles Issues Warning About Compromised "lottie-player" npm Package

LottieFiles has revealed that its npm package "lottie-player" was compromised as part of a supply chain attack, prompting it to release an updated version of the library. "On October 30th ~6:20 PM UTC - LottieFiles were notified that our popular open source npm package for the web player @lottiefiles/lottie-player had unauthorized new versions pushed with malicious code," the company said in a from The Hacker News https://thehackernews.com/2024/10/lottiefiles-issues-warning-about.html

The Hacker News - Enterprise Identity Threat Report 2024: Unveiling Hidden Threats to Corporate Identities

In the modern, browser-centric workplace, the corporate identity acts as the frontline defense for organizations. Often referred to as “the new perimeter”, the identity stands between safe data management and potential breaches. However, a new report reveals how enterprises are often unaware of how their identities are being used across various platforms. This leaves them vulnerable to data from The Hacker News https://thehackernews.com/2024/10/enterprise-identity-threat-report-2024.html

The Hacker News - LiteSpeed Cache Plugin Vulnerability Poses Significant Risk to WordPress Websites

A high-severity security flaw has been disclosed in the LiteSpeed Cache plugin for WordPress that could allow an unauthenticated threat actor to elevate their privileges and perform malicious actions. The vulnerability, tracked as CVE-2024-50550 (CVSS score: 8.1), has been addressed in version 6.5.2 of the plugin. "The plugin suffers from an unauthenticated privilege escalation vulnerability from The Hacker News https://thehackernews.com/2024/10/litespeed-cache-plugin-vulnerability.html

KnowBe4 - QR Code Phishing is Growing More Sophisticated

Image
Sophos describes a QR code phishing (quishing) campaign that targeted its employees in an attempt to steal information. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/qr-code-phishing-is-growing-more-sophisticated

The Hacker News - Researchers Uncover Python Package Targeting Crypto Wallets with Malicious Code

Cybersecurity researchers have discovered a new malicious Python package that masquerades as a cryptocurrency trading tool but harbors functionality designed to steal sensitive data and drain assets from victims' crypto wallets. The package, named "CryptoAITools," is said to have been distributed via both Python Package Index (PyPI) and bogus GitHub repositories. It was downloaded over 1,300 from The Hacker News https://thehackernews.com/2024/10/researchers-uncover-python-package.html

The Hacker News - Embarking on a Compliance Journey? Here’s How Intruder Can Help

Navigating the complexities of compliance frameworks like ISO 27001, SOC 2, or GDPR can be daunting. Luckily, Intruder simplifies the process by helping you address the key vulnerability management criteria these frameworks demand, making your compliance journey much smoother. Read on to understand how to meet the requirements of each framework to keep your customer data safe. How Intruder from The Hacker News https://thehackernews.com/2024/10/embarking-on-compliance-journey-heres.html

KnowBe4 - 75% of Organizations Have Experienced a Deepfake-Related Attack

Image
As generative AI evolves and becomes a mainstream part of cyber attacks, deepfakes lead the way and new data shows how most organizations are experiencing them. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/three-quarters-of-organizations-have-experienced-a-deepfake-related-attack

KnowBe4 - Crooks are Sending Halloween-Themed Phishing Emails

Image
Halloween-themed spam and phishing emails have surged over the past two months, with a significant increase beginning in October, according to researchers at Bitdefender. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/crooks-are-sending-halloween-themed-phishing-emails

KnowBe4 - CyberheistNews Vol 14 #44 [Heads Up] Cyber Attacks Now Shift to Mobile. Are Your Users Prepared?

Image
from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/cyberheistnews-vol-14-44-cyber-attacks-now-shift-to-mobile-are-your-users-prepared

The Hacker News - U.S. Government Issues New TLP Guidance for Cross-Sector Threat Intelligence Sharing

The U.S. government (USG) has issued new guidance governing the use of the Traffic Light Protocol (TLP) to handle the threat intelligence information shared between the private sector, individual researchers, and Federal Departments and Agencies. "The USG follows TLP markings on cybersecurity information voluntarily shared by an individual, company, or other any organization, when not in from The Hacker News https://thehackernews.com/2024/10/us-government-issues-new-tlp-guidance.html

The Hacker News - New Research Reveals Spectre Vulnerability Persists in Latest AMD and Intel Processors

More than six years after the Spectre security flaw impacting modern CPU processors came to light, new research has found that the latest AMD and Intel processors are still susceptible to speculative execution attacks. The attack, disclosed by ETH Zürich researchers Johannes Wikner and Kaveh Razavi, aims to undermine the Indirect Branch Predictor Barrier (IBPB) on x86 chips, a crucial mitigation from The Hacker News https://thehackernews.com/2024/10/new-research-reveals-spectre.html

The Hacker News - Chinese Hackers Use CloudScout Toolset to Steal Session Cookies from Cloud Services

A government entity and a religious organization in Taiwan were the target of a China-linked threat actor known as Evasive Panda that infected them with a previously undocumented post-compromise toolset codenamed CloudScout. "The CloudScout toolset is capable of retrieving data from various cloud services by leveraging stolen web session cookies," ESET security researcher Anh Ho said. "Through from The Hacker News https://thehackernews.com/2024/10/chinese-hackers-use-cloudscout-toolset.html

BuzzSec - The Evolution of AI-Driven Cyber Threats: What to Expect in the Next Decade

The cybersecurity landscape is transforming at an unprecedented pace, driven by the rapid evolution of AI. Over the next five to ten years, we will witness profound changes in the way attacks are launched and defended against, with AI acting as both a powerful weapon and a critical defense tool. These developments will introduce entirely new attack vectors that challenge traditional security paradigms, forcing organizations to rethink how they approach protection and risk management. The Rise of Autonomous AI-Driven Attacks One of the most significant changes on the horizon is the rise of autonomous AI-powered hacking systems . These systems will operate independently, continuously adapting their strategies in real time as they encounter different defenses. Unlike human-led attacks that follow predictable phases—reconnaissance, exploitation, and attack—autonomous systems will seamlessly pivot between tactics without human intervention. If a system detects that one vulnerability is patc...

Schneier - Criminals Are Blowing up ATMs in Germany

It’s low tech , but effective. Why Germany? It has more ATMs than other European countries, and—if I read the article right—they have more money in them. from Schneier on Security https://www.schneier.com/blog/archives/2024/10/criminals-are-blowing-up-atms-in-germany.html

KnowBe4 - Cyber Attack Tools Now Being Used To Help Phishing Pages Avoid Detection

Image
Cybercriminals are offering tools to help phishing pages avoid detection by security tools, according to researchers at SlashNext. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/criminal-tools-help-phishing-pages-avoid-detection

KnowBe4 - The £3 Million Daily Heist

Image
A recent report from UK Finance covered by the BBC paints a concerning picture of the evolving landscape of financial fraud. With a 16% rise in fraud cases and criminals stealing over £3 million daily, it's clear that awareness of cybersecurity threats has never been more crucial. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/the-3-million-daily-heist

The Hacker News - Researchers Uncover OS Downgrade Vulnerability Targeting Microsoft Windows Kernel

A new attack technique could be used to bypass Microsoft's Driver Signature Enforcement (DSE) on fully patched Windows systems, leading to operating system (OS) downgrade attacks. "This bypass allows loading unsigned kernel drivers, enabling attackers to deploy custom rootkits that can neutralize security controls, hide processes and network activity, maintain stealth, and much more," SafeBreach from The Hacker News https://thehackernews.com/2024/10/researchers-uncover-os-downgrade.html

The Hacker News - Four REvil Ransomware Members Sentenced in Rare Russian Cybercrime Convictions

Four members of the now-defunct REvil ransomware operation have been sentenced to several years in prison in Russia, marking one of the rare instances where cybercriminals from the country have been convicted of hacking and money laundering charges. Russian news publication Kommersant reported that a court in St. Petersburg found Artem Zaets, Alexei Malozemov, Daniil Puzyrevsky, and Ruslan from The Hacker News https://thehackernews.com/2024/10/four-revil-ransomware-members-sentenced.html

The Hacker News - Researchers Discover Command Injection Flaw in Wi-Fi Alliance's Test Suite

A security flaw impacting the Wi-Fi Test Suite could enable unauthenticated local attackers to execute arbitrary code with elevated privileges. The CERT Coordination Center (CERT/CC) said the vulnerability, tracked as CVE-2024-41992, said the susceptible code from the Wi-Fi Alliance has been found deployed on Arcadyan FMIMG51AX000J routers. "This flaw allows an unauthenticated local attacker to from The Hacker News https://thehackernews.com/2024/10/researchers-discover-command-injection.html

Schneier - Watermark for LLM-Generated Text

Researchers at Google have developed a watermark for LLM-generated text. The basics are pretty obvious: the LLM chooses between tokens partly based on a cryptographic key, and someone with knowledge of the key can detect those choices. What makes this hard is (1) how much text is required for the watermark to work, and (2) how robust the watermark is to post-generation editing. Google’s version looks pretty good: it’s detectable in text as small as 200 tokens. from Schneier on Security https://www.schneier.com/blog/archives/2024/10/watermark-for-llm-generated-text.html

The Hacker News - Apple Opens PCC Source Code for Researchers to Identify Bugs in Cloud AI Security

Apple has publicly made available its Private Cloud Compute (PCC) Virtual Research Environment (VRE), allowing the research community to inspect and verify the privacy and security guarantees of its offering. PCC, which Apple unveiled earlier this June, has been marketed as the "most advanced security architecture ever deployed for cloud AI compute at scale." With the new technology, the idea is from The Hacker News https://thehackernews.com/2024/10/apple-opens-pcc-source-code-for.html

Rapid 7 - Building a Custom Risk Prioritization and Risk Scoring Methodology with Surface Command

Image
Over the 15 years I spent as a practitioner and consultant prior to joining Rapid7, a metric that I found to be ever elusive was a true custom prioritization score. You could get close- with enough time, energy, spreadsheets, and logs. But even then it wasn’t without fault. There were still questions like “what if that data isn’t there?” or “which tool do you trust most”. Ultimately it was a challenge and with every vendor having their own risk scores and priority matrices and scoring models, it was hard to make those predetermined elements fit into your particular environment with all the nuances you cared about. With our recent launch of the Command Platform, Rapid7 now delivers a more comprehensive view of your attack surface, with transparency that you can trust. Anchored by Surface Command , our new unified asset inventory and attack surface management product, customers can get a more complete, vendor agnostic view of their internal and external attack surface—at a disruptive,...

The Hacker News - Eliminating AI Deepfake Threats: Is Your Identity Security AI-Proof?

Artificial Intelligence (AI) has rapidly evolved from a futuristic concept to a potent weapon in the hands of bad actors. Today, AI-based attacks are not just theoretical threats—they're happening across industries and outpacing traditional defense mechanisms.  The solution, however, is not futuristic. It turns out a properly designed identity security platform is able to deliver defenses from The Hacker News https://thehackernews.com/2024/10/eliminating-ai-deepfake-threats-is-your.html

The Hacker News - SEC Charges 4 Companies Over Misleading SolarWinds Cyberattack Disclosures

The U.S. Securities and Exchange Commission (SEC) has charged four current and former public companies for making "materially misleading disclosures" related to the large-scale cyber attack that stemmed from the hack of SolarWinds in 2020. The SEC said the companies – Avaya, Check Point, Mimecast, and Unisys – are being penalized for how they handled the disclosure process in the aftermath of from The Hacker News https://thehackernews.com/2024/10/sec-charges-4-companies-over-misleading.html

The Hacker News - Irish Watchdog Imposes Record €310 Million Fine on LinkedIn for GDPR Violations

The Irish data protection watchdog on Thursday fined LinkedIn €310 million ($335 million) for violating the privacy of its users by conducting behavioral analyses of personal data for targeted advertising. "The inquiry examined LinkedIn's processing of personal data for the purposes of behavioral analysis and targeted advertising of users who have created LinkedIn profiles (members)," the Data from The Hacker News https://thehackernews.com/2024/10/irish-watchdog-imposes-record-310.html

KnowBe4 - [2025 Is Too Late] - European Companies Must Act Now Against AI-Powered Cyber Threats

Image
European Organizations Can't Afford to Wait: Critical Cybersecurity Threats Demand Immediate Action from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/2025-is-too-late-european-companies-must-act-now-against-ai-powered-cyber-threats

The Hacker News - New Qilin.B Ransomware Variant Emerges with Improved Encryption and Evasion Tactics

Cybersecurity researchers have discovered an advanced version of the Qilin ransomware sporting increased sophistication and tactics to evade detection. The new variant is being tracked by cybersecurity firm Halcyon under the moniker Qilin.B. "Notably, Qilin.B now supports AES-256-CTR encryption for systems with AESNI capabilities, while still retaining Chacha20 for systems that lack this support from The Hacker News https://thehackernews.com/2024/10/new-qilinb-ransomware-variant-emerges.html

The Hacker News - AWS Cloud Development Kit Vulnerability Exposes Users to Potential Account Takeover Risks

Cybersecurity researchers have disclosed a security flaw impacting Amazon Web Services (AWS) Cloud Development Kit (CDK) that could have resulted in an account takeover under specific circumstances. "The impact of this issue could, in certain scenarios, allow an attacker to gain administrative access to a target AWS account, resulting in a full account takeover," Aqua said in a report shared from The Hacker News https://thehackernews.com/2024/10/aws-cloud-development-kit-vulnerability.html

Black Hills InfoSec - QEMU, MSYS2, and Emacs: Running Open-Source Virtual Machines on Windows

Image
As a tester, I do all my work inside a Virtual Machine (VM). Recently, I found myself in a situation where I needed to get a VM on a Windows […] The post QEMU, MSYS2, and Emacs: Running Open-Source Virtual Machines on Windows appeared first on Black Hills Information Security . from Black Hills Information Security https://www.blackhillsinfosec.com/qemu-msys2-and-emacs/

The Hacker News - Cisco Issues Urgent Fix for ASA and FTD Software Vulnerability Under Active Attack

Cisco on Wednesday said it has released updates to address an actively exploited security flaw in its Adaptive Security Appliance (ASA) that could lead to a denial-of-service (DoS) condition. The vulnerability, tracked as CVE-2024-20481 (CVSS score: 5.8), affects the Remote Access VPN (RAVPN) service of Cisco ASA and Cisco Firepower Threat Defense (FTD) Software. Arising due to resource from The Hacker News https://thehackernews.com/2024/10/cisco-issues-urgent-fix-for-asa-and-ftd.html

The Hacker News - Why Phishing-Resistant MFA Is No Longer Optional: The Hidden Risks of Legacy MFA

Sometimes, it turns out that the answers we struggled so hard to find were sitting right in front of us for so long that we somehow overlooked them. When the Department of Homeland Security, through the Cybersecurity and Infrastructure Security Agency (CISA), in coordination with the FBI, issues a cybersecurity warning and prescribes specific action, it’s a pretty good idea to at least read the from The Hacker News https://thehackernews.com/2024/10/why-phishing-resistant-mfa-is-no-longer.html

HACKMAGEDDON - 16-31 July 2024 Cyber Attacks Timeline

In the second timeline of July 2024 I collected 116 events (7.25 events/day) with a threat landscape dominated by malware with... from HACKMAGEDDON https://www.hackmageddon.com/2024/10/24/16-31-july-2024-cyber-attacks-timeline/

The Hacker News - Lazarus Group Exploits Google Chrome Vulnerability to Control Infected Devices

The North Korean threat actor known as Lazarus Group has been attributed to the zero-day exploitation of a now-patched security flaw in Google Chrome to seize control of infected devices. Cybersecurity vendor Kaspersky said it discovered a novel attack chain in May 2024 that targeted the personal computer of an unnamed Russian national with the Manuscrypt backdoor. This entails triggering the from The Hacker News https://thehackernews.com/2024/10/lazarus-group-exploits-google-chrome.html

The Hacker News - Fortinet Warns of Critical Vulnerability in FortiManager Under Active Exploitation

Fortinet has confirmed details of a critical security flaw impacting FortiManager that has come under active exploitation in the wild. Tracked as CVE-2024-47575 (CVSS score: 9.8), the vulnerability is also known as FortiJump and is rooted in the FortiGate to FortiManager (FGFM) protocol. "A missing authentication for critical function vulnerability [CWE-306] in FortiManager fgfmd daemon may from The Hacker News https://thehackernews.com/2024/10/fortinet-warns-of-critical.html

Krebs - The Global Surveillance Free-for-All in Mobile Ad Data

Image
Not long ago, the ability to digitally track someone’s daily movements just by knowing their home address, employer, or place of worship was considered a dangerous power that should remain only within the purview of nation states. But a new lawsuit in a likely constitutional battle over a New Jersey privacy law shows that anyone can now access this capability, thanks to a proliferation of commercial services that hoover up the digital exhaust emitted by widely-used mobile apps and websites. Image: Shutterstock, Arthimides. Delaware-based Atlas Data Privacy Corp. helps its users remove their personal information from the clutches of consumer data brokers, and from people-search services online . Backed by millions of dollars in litigation financing, Atlas so far this year has sued 151 consumer data brokers on behalf of a class that includes more than 20,000 New Jersey law enforcement officers who are signed up for Atlas services. Atlas alleges all of these data brokers have ignore...

The Hacker News - Ransomware Gangs Use LockBit's Fame to Intimidate Victims in Latest Attacks

Threat actors have been observed abusing Amazon S3 (Simple Storage Service) Transfer Acceleration feature as part of ransomware attacks designed to exfiltrate victim data and upload them to S3 buckets under their control. "Attempts were made to disguise the Golang ransomware as the notorious LockBit ransomware," Trend Micro researchers Jaromir Horejsi and Nitesh Surana said. "However, such is from The Hacker News https://thehackernews.com/2024/10/ransomware-gangs-use-lockbits-fame-to.html

KnowBe4 - CyberheistNews Vol 14 #43 North Korean IT Worker Threat: 10 Critical Updates to Your Hiring Process

Image
from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/cyberheistnews-vol-14-43-north-korean-it-worker-threat-ten-critical-updates-to-your-hiring-process

The Hacker News - Malicious npm Packages Target Developers' Ethereum Wallets with SSH Backdoor

Cybersecurity researchers have discovered a number of suspicious packages published to the npm registry that are designed to harvest Ethereum private keys and gain remote access to the machine via the secure shell (SSH) protocol. The packages attempt to "gain SSH access to the victim's machine by writing the attacker’s SSH public key in the root user’s authorized_keys file," software supply from The Hacker News https://thehackernews.com/2024/10/malicious-npm-packages-target.html

The Hacker News - VMware Releases vCenter Server Update to Fix Critical RCE Vulnerability

VMware has released software updates to address an already patched security flaw in vCenter Server that could pave the way for remote code execution. The vulnerability, tracked as CVE-2024-38812 (CVSS score: 9.8), concerns a case of heap-overflow vulnerability in the implementation of the DCE/RPC protocol. "A malicious actor with network access to vCenter Server may trigger this vulnerability by from The Hacker News https://thehackernews.com/2024/10/vmware-releases-vcenter-server-update.html

The Hacker News - CISA Adds ScienceLogic SL1 Vulnerability to Exploited Catalog After Active Zero-Day Attack

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a critical security flaw impacting ScienceLogic SL1 to its Known Exploited Vulnerabilities (KEV) catalog, following reports of active exploitation as a zero-day. The vulnerability in question, tracked as CVE-2024-9537 (CVSS v4 score: 9.3), refers to a bug involving an unspecified third-party component that could from The Hacker News https://thehackernews.com/2024/10/cisa-adds-sciencelogic-sl1.html

KnowBe4 - KnowBe4's Cybersecurity Experts Shine at Barnes & Noble in New York City

Image
New York City's iconic Barnes & Noble on 5th Avenue recently featured the newly released books of two of KnowBe4's leading cybersecurity experts: Chief Human Risk Management Officer Perry Carpenter and Data-Driven Defense Evangelist Roger A. Grimes. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/knowbe4s-cybersecurity-experts-shine-barnes-noble-5th-ave

The Hacker News - Guide:  The Ultimate Pentest Checklist for Full-Stack Security

Pentest Checklists Are More Important Than Ever Given the expanding attack surface coupled with the increasing sophistication of attacker tactics and techniques, penetration testing checklists have become essential for ensuring thorough assessments across an organization’s attack surface, both internal and external. By providing a structured approach, these checklists help testers systematically from The Hacker News https://thehackernews.com/2024/10/guide-ultimate-pentest-checklist-for.html

The Hacker News - THN Cybersecurity Recap: Top Threats, Tools and News (Oct 14 - Oct 20)

Hi there! Here’s your quick update on the latest in cybersecurity. Hackers are using new tricks to break into systems we thought were secure—like finding hidden doors in locked houses. But the good news? Security experts are fighting back with smarter tools to keep data safe. Some big companies were hit with attacks, while others fixed their vulnerabilities just in time. It's a constant battle. from The Hacker News https://thehackernews.com/2024/10/thn-cybersecurity-recap-top-threats_21.html

The Hacker News - Researchers Discover Severe Security Flaws in Major E2EE Cloud Storage Providers

Cybersecurity researchers have discovered severe cryptographic issues in various end-to-end encrypted (E2EE) cloud storage platforms that could be exploited to leak sensitive data. "The vulnerabilities range in severity: in many cases a malicious server can inject files, tamper with file data, and even gain direct access to plaintext," ETH Zurich researchers Jonas Hofmann and Kien Tuong Truong from The Hacker News https://thehackernews.com/2024/10/researchers-discover-severe-security.html

The Hacker News - Hackers Exploit Roundcube Webmail XSS Vulnerability to Steal Login Credentials

Unknown threat actors have been observed attempting to exploit a now-patched security flaw in the open-source Roundcube webmail software as part of a phishing attack designed to steal user credentials. Russian cybersecurity company Positive Technologies said it discovered last month that an email was sent to an unspecified governmental organization located in one of the Commonwealth of from The Hacker News https://thehackernews.com/2024/10/hackers-exploit-roundcube-webmail-xss.html

KnowBe4 - North Korean IT Worker Threat: 10 Critical Updates to Your Hiring Process

Image
KnowBe4 was asked what changes were made in the hiring process after the North Korean (DPRK) fake IT worker discovery. Here is the summary and we strongly suggest you talk this over with your own HR department and make these same changes or similar process updates.  from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/north-korean-it-worker-threat-10-critical-updates-to-your-hiring-process

Rapid 7 - Metasploit Weekly Wrap-Up 10/18/2024

Image
ESC15: EKUwu AD CS continues to be a popular target for penetration testers and security practitioners. The latest escalation technique (hence the the ESC in ESC15) was discovered by Justin Bollinger with details being released just last week. This latest configuration flaw has common issuance requirements to other ESC flaws such as requiring no authorized signatures or manager approval. Additionally, templates must be schema version 1 which enables an attacker to craft a signing request with a custom set of EKU OIDs which will be present in the issued certificate. By overriding the OIDs, the template can be used in a few ways with the most useful being as a certificate enrollment agent. With a valid enrollment agent certificate, a user can issue certificates for other users which, when combined with the builtin “User” certificate, can enable Kerberos authentication to a wide variety of services. This week’s release of Metasploit has added support to our existing AD CS related mo...