ElizabethNoir

@[email protected]
61 Followers
76 Following
41 Posts
Sysadmin and Infosec Professional, learning something new every day. Linux, retro computing and retro gaming enthusiast. She/her
Twitterhttps://twitter.com/NoirElizabeth
ElizabethNoirJul 29, 2024
Kevin BeaumontJul 29, 2024

Great research for Microsoft here - Black Basta and Akira ransomware deployment using a logic flaw in VMware ESXi, using a zero day (which they don't mention).

If you get domain admin in Windows, you can make an Active Directory group called "ESX Admins", and then you can log into ESXi - this allows you to encrypt non-Windows systems (and everything else in VMware)

https://www.microsoft.com/en-us/security/blog/2024/07/29/ransomware-operators-exploit-esxi-hypervisor-vulnerability-for-mass-encryption/

#threatintel

Ransomware operators exploit ESXi hypervisor vulnerability for mass encryption | Microsoft Security Blog

Microsoft Security researchers have observed a vulnerability used by various ransomware operators to get full administrative access to domain-joined ESXi hypervisors and encrypt the virtual machines running on them. The vulnerability involves creating a group called “ESX Admins” in Active Directory and adding an attacker-controlled user account to this group. This manipulation of the Active Directory group takes advantage of a privilege escalation vulnerability (CVE-2024-37085) in ESXi hypervisors that grants the added user full administrative access to the ESXi hypervisor. The vulnerability was fixed by VMware in their June release and ESXi administrators should install this security update.

Microsoft Security Blog
ElizabethNoirFeb 17, 2024
Nina KalininaFeb 6, 2024

What if I told you there is an immensely popular operating system that you likely used it at least once, but did not realise what it was?

In fact, it is so popular and important there is an IEEE standard based on it.

It is uncanny how immensely popular AND immensely obscure this system is.

It is scary that until today I have never even heard of its reference desktop implementation.

The system is called "TRON".

🧵 thread~

p.s. thanks @fkinoshita for the pointer!

ElizabethNoirOct 13, 2023
BleepingComputerOct 13, 2023

Microsoft announced earlier this week that the NTLM authentication protocol will be killed off in Windows 11 in the future.

https://www.bleepingcomputer.com/news/security/microsoft-plans-to-kill-off-ntlm-authentication-in-windows-11/

Microsoft plans to kill off NTLM authentication in Windows 11

Microsoft announced earlier this week that the NTLM authentication protocol will be killed off in Windows 11 in the future.

BleepingComputer
Show threadElizabethNoirOct 13, 2023

@xsan64 Hah, you’re for sure not wrong, and I won’t deny that I’ve ended up with a couple broken Win 98SE installs these days just due to dramatic driver issues and more.

That being said, once you get the right mix of these drivers, and now unchanging since it’s retro, you’re kinda set.

I for sure remember some of the struggles back in the day though, although I lucked out installing Win 2K on my PIII as it was getting into the 00s. Best Windows release 👌

Show threadElizabethNoirOct 11, 2023
@xsan64 Hah you’re not too far off the mark. I can say my Win 98SE install has been fine but all it’s doing is gaming and FTP.
Show threadElizabethNoirOct 11, 2023
@xsan64 Absolutely, I didn’t have this one back in the era so it’s great playing games I otherwise wouldn’t have thanks to retro computing. Plenty of classics I missed!
ElizabethNoirSep 16, 2023
@deepthaw Funnily enough we had an old 1989 32” RCA CRT TV in the living room back in the day and it would loose signal anytime there was too much Simpsons skin yellow on screen
ElizabethNoirSep 16, 2023
@deepthaw hah that’s too funny, yeah not sure how much stock to put into that but better than nothing. CRT repair wizardry is a bit over my head
ElizabethNoirSep 16, 2023
@deepthaw That’s too bad, I don’t have many recommendations for a restoration but I love my Dell Ultrascan P990 (also Trinitron). I’d be interested to here where this goes
ElizabethNoirMar 10, 2023
Kevin BeaumontMar 10, 2023

PSA: If you use #Veeam Backup & Replication (very common), upgrade. Especially if you face server to internet.

Screenshot from Code White, the API lets you remotely request Windows admin credentials for some reason, no auth request.

In their advisory Veeam claimed these are encrypted... it's base64 (lololol)

#CVE202327532 https://www.veeam.com/kb4424

KB4424: CVE-2023-27532

Vulnerability CVE-2023-27532 in a Veeam Backup & Replication component allows an unauthenticated user operating within the backup infrastructure network perimeter to obtain encrypted credentials stored in the configuration database. This may lead to an attacker gaining access to the backup infrastructure hosts.

Veeam Software