HUP cikkturkáló

[KV] Kibervédelmi intézet: lassulhat az internet

( toMpEr | 2020. 03. 17., k – 15:12 )
HUP cikkturkáló

Az új koronavírus terjedésének megakadályozása és a munkatársak védelme érdekében egyre több munkáltató dönt az otthoni munkavégzés (home office) elrendelése mellett, amely a becslések szerint jelentős internetes forgalomnövekedést eredményezhet. 

https://koronavirus.gov.hu/cikkek/kibervedelmi-intezet-lassulhat-az-internet

Új SMBv3 unauthenticated remote code execution [CVE-2020-0796]

( toMpEr | 2020. 03. 10., k – 22:39 )
HUP cikkturkáló

CVE-2020-0796 is a remote code execution vulnerability in Microsoft Server Message Block 3.0 (SMBv3). An attacker could exploit this bug by sending a specially crafted packet to the target SMBv3 server, which the victim needs to be connected to. Users are encouraged to disable SMBv3 compression and block TCP port 445 on firewalls and client computers. The exploitation of this vulnerability opens systems up to a “wormable” attack, which means it would be easy to move from victim to victim.

Egyelőre nincs fix, csak workaround:

Until Microsoft will release a security update designed to patch the CVE-2020-0796 RCE vulnerability, Cisco Talos shared that disabling SMBv3 compression and blocking the 445 TCP port on client computers and firewalls should block attacks attempting to exploit the flaw.

Although an official way of disabling SMBv3 compression was not shared by Microsoft, Foregenix Solutions Architect Niall Newman was able to find after analyzing the Srv2.sys file that it can be done by:

1. Going to HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManWorkstation\Parameters
2. Creating a DWORD value called CompressionEnabled
3. Setting its value to 0.

https://www.bleepingcomputer.com/news/security/microsoft-leaks-info-on-…

Az OTRS Group információbiztonsági díjat nyert az RSA 2020 konferencián

( gyarakilaszlo | 2020. 03. 10., k – 20:33 )
HUP cikkturkáló

A bejelentés elolvasható itt.

AMD "Take A Way" side-channel attack

( toMpEr | 2020. 03. 09., h – 16:50 )
HUP cikkturkáló

AMD processors from as early as 2011 to 2019 carry previously undisclosed vulnerabilities that open them to two new different side-channel attacks, according to a freshly published research.

Furthermore, the security researchers were able to successfully stage a Collide+Probe attack on some common browsers, namely Chrome and Firefox, by bypassing address space layout randomization (ASLR) in browsers, thereby reducing the entropy, and retrieving address information.

"In Firefox, we are able to reduce the entropy by 15 bits with a success rate of 98% and an average run time of 2.33 s (σ=0.03s, n=1000)," the researchers noted. "With Chrome, we can correctly reduce the bits with a success rate of 86.1% and an average run time of 2.90s (σ=0.25s, n=1000)."

The good news is that the twin attacks can be mitigated through a variety of hardware-only, hardware and software changes, and software-only solutions — including designing the processor in a way that allows for dynamically disabling the way predictor temporarily and clearing the state of the way predictor when switching between kernel mode and user mode.

https://thehackernews.com/2020/03/amd-processors-vulnerability.html

Szellemjáratokat üzemeltetnek a légitársaságok Európában

( trey | 2020. 03. 08., v – 15:20 )
HUP cikkturkáló

A foglalások beszakadása után üres járatokkal repkednek az európai légitársaságok, mert egy szabály értelmében elveszíthetik a repülési slotjaikat ha a gépeik a földön maradnak:

Under Europe's rules, airlines operating out of the continent must continue to run 80% of their allocated slots or risk losing them to a competitor.

This has led to some operators flying empty planes into and out of European countries at huge costs, The Times of London reported.

Feliratkozás a következőre: HUP cikkturkáló