The lawyers continue to gather their billable hours as the legal tussle between data science company hiQ Labs and LinkedIn plays out in the United States federal courts. The most recent update took place in the Ninth Circuit Court of Appeals, with Judge Marsha Berzon writing the opinion, where hiQ Labs was granted a continued preliminary injunction, which would allow the company access LinkedIn’s publicly available corpus of data. The ruling also remanded the companies for further proceedings on the subject. In addition, the court held that hiQ’s actions do not violate the U.S. Computer Fraud and Abuse Act (CFAA).
Daily Archives: June 1, 2022
How to audit Microsoft Active Directory
If you have a traditional domain, it’s time to audit your Active Directory. In fact, it’s probably way past time. You probably have accounts that have been unchanged for years and might not have reviewed settings or registry entries. Attackers know that these domains have legacy settings that allow them to take greater control and use techniques to gain domain rights. Active Directory security came into the news with the release of several updates in May, you need to take many more steps than mere patching to protect your network.
Microsoft’s server tools include Best Practices Analyzer (BPA), but it doesn’t identify some of the means that attackers use to go after Active Directory domains. Several other resources analyze the health and security of Active Directory domains including Purple Knight from Semperis, PingCastle, or Quest’s Active Directory health check tool.
Nearly Three-Quarters of Firms Suffer Downtime from DNS Attacks
Euro Cops Bust $47m Money Laundering Operation
CVE-2022-1285
Server-Side Request Forgery (SSRF) in GitHub repository gogs/gogs prior to 0.12.8.
ZDI-22-807: Microsoft Visual Studio VSIX Auto Update Deserialization of Untrusted Data Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Visual Studio. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
ZDI-22-808: Microsoft Windows DiagTrack Service Link Following Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
ZDI-22-809: Microsoft Excel XLS File Parsing Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
ZDI-22-810: Microsoft Windows Installer Service Link Following Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
USN-5443-2: Linux kernel vulnerabilities
Kyle Zeng discovered that the Network Queuing and Scheduling subsystem of
the Linux kernel did not properly perform reference counting in some
situations, leading to a use-after-free vulnerability. A local attacker
could use this to cause a denial of service (system crash) or execute
arbitrary code. (CVE-2022-29581)
Jann Horn discovered that the Linux kernel did not properly enforce seccomp
restrictions in some situations. A local attacker could use this to bypass
intended seccomp sandbox restrictions. (CVE-2022-30594)