Bill Sempf
SMBv3 is borked. Block port 445.
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200005
Sometimes I hate the human race. Someone built a fake COVID-19 map and is using it to spread malware.
https://www.grahamcluley.com/coronavirus-map-used-to-spread-malware/
Not an appsec thing but NordVPN got popped - again.
https://www.theregister.co.uk/2020/03/06/nordvpn_no_auth_needed_view_user_payments/
Really need exploit on file upload in web applications that allows NTLMv2 hash theft.
http://www.mannulinux.org/2020/03/abusing-file-system-functions-in-web.html?m=1
Another neat finding from a bug bounty with CSRF in a JSON web service.
https://medium.com/@secureITmania/how-i-exploit-the-json-csrf-with-method-override-technique-71c0a9a7f3b0
Stay safe - and healthy - folks.
Tags:
Husband. Father. Pentester. Secure software composer. Brewer. Lockpicker. Ninja. Insurrectionist. Lumberjack. All words that have been used to describe me recently. I help people write more secure software.
Subscribe