image
Patrick Domingues

Monthly Archives: November 2021


Windows Zero-Day Allows Privileged File Access

A Windows security vulnerability could allow information disclosure and local privilege escalation (LPE), researchers have warned. The issue (CVE-2021-24084) has yet to get an official fix, but there is a way to protect yourself. A micropatch has been rolled out as a stop-gap measure.
 
 
Security researcher Abdelhamid Naceri reported a bug in Microsoft’s Autopilot software last October. Microsoft patched it in April, but it has not yet been released. Naceri recently discovered that CVE-2021-24084 could also be exploited for local privilege escalation. He demonstrates that users can copy files from a chosen location into a Cabinet (.CAB) archive, which they can then open and read.
 
 
The process of exploiting the bug is very similar to the LPE exploitation techniques used in a vulnerability in Windows 10, CVE-2021-36934. This bug affects the Security Accounts Manager (SAM) database, which houses user account credentials and network domain information.
 

Windows 10 Bug Exploitation Details

Read the rest
Vulnerabilities

Stripchat Breach Exposed 200m User Records

Stripchat founded in 2016 is an adult site for live nude cam shows has had its 200m user database exposed online. This data exposure puts both models and users at risk of extortion, violence, and other risks. 

The database was found on Nov. 5 by a security researcher. It contained about 200 million records from Stripchat, including 65 million user records with email addresses, IP addresses, the amount in tips they gave to models, when they created their accounts and when they last logged in. Another database discovered which had a lot of information about models. This data included their usernames, gender, studio IDs, tip menus and prices, whether they were online or not, and a number that reflects how much money they earned during private shows. We don’t know if anyone evil saw this information before they secured it.

 

Stripchat Data Exposure Threat

“The exposure could pose a significant

Read the rest
Data Breach
UniFi Tutorials

How to configure Windows Server and UDM-PRO UniFi Controller for RADIUS VPN access

In this tutorial you will be shown how to configure Windows Server and UDM-PRO UniFi Controller for RADIUS VPN access. Why is this useful? Well this allows us to just disable a user account in Active Directory after a termination and the previous employee will no longer have VPN access to the network. This will prevent Tech Support having to manually remove VPN users every time an employee is terminated.

Prerequisites for this tutorial.

  1. Internal Unifi Controller and Firewall, I myself am using a UDM-PRO for that function.
  2. Your Unifi equipment should be assigned static IP addresses outside your DHCP Scope. Once done write down the IP addresses alongside their model or unique name.
  3. Stand up a new physical or virtual server with Windows Server 2019.
    • I called my new virtual server HDN-RADIUS. 1vcpu 4GBram 60GB HDD
    • Install all updates on new Radius server
    • Assign static IP address.
    • Join new
Read the rest
Tutorials

Why HIPAA Compliance Matters In Telehealth

While the world has dealt with the far reaching effects of COVID-19, the healthcare industry has had to deal with many unique challenges. The procedure to protect both patients and staff from possible exposure to virus’s is a tricky process, especially when in some locations hospitals have also been dealing with patient surges. Keeping up with scheduled visits and procedures is a challenge, and keeping patients and staff aware of what is going on around them is a challenge as well.

 

Telehealth Grew Exponentially Due To COVID

The Centers for Disease Control and Prevention (CDC) has created a specific condition in which many physicians’ offices are finding themselves doing routine patient visits virtually. While the concept of telehealth appointments has been around for years, telemedicine has only recently become the new norm for many people. During the recent pandemic, the number of Medicare beneficiaries using telehealth services increased by 11,700%. … Read the rest

Security Policies and Compliance

Google Banned 150 Android Apps And They Need To Be Removed From Your Phone

It’s a rough world out there. You must be wary of threats — even if it’s as simple as an email or text message. We can’t go a week without a new threat popping up, and the latest crucial warning concerns 150+ fake Android apps on the Google Play Store that can steal your information.

Security software company Avast has been reporting on a scam campaign that has been going on for more than a year. The scam is called UltimaSMS, and it involves hundreds of fake apps that are disguised as popular ones, such as photo editors and camera filters. What they actually do is get victims to sign up for expensive SMS services and charge their accounts. It’s all about getting consumers to give their consent and payment information.

 

A list of the apps removed from the Google Play store

If you are wondering which apps are the … Read the rest

Security Awareness

Available On Amazon

Polls

What tutorials do you prefer?

View Results

Loading ... Loading ...

Categories

Archives

Subscribe Today

Want to know when new posts are published? Enter your email & click on that subscribe button.

Stay Informed

Receive instant notifications when new content is released.