The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My badges

    Mastodon

  • Twitter Updates

  • My Flickr Stream

    20140508-Delphi-2007--Project-Options--Cannot-Edit-Application-Title-HelpFile-Icon-Theming20140430-Fiddler-Filter-Actions-Button-Run-Filterset-now20140424-VMware-Fusion-6.0.3.-no-reclaimable
    More Photos

  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 4,230 other subscribers

Archive for the ‘Security’ Category

« Previous Entries

How to encourage phishing: send email to users from a different domain than they are subscribed to

Posted by jpluimers on 2023/06/08

Many organisations train their personell with phishing attempts from domains that are different from the one the organisation uses.

The mantra is: only respond to emails (or clicking links in them) from domains you know.

Microsoft sent (still sends?) account expiration emails for various *.microsoft.com, *.visualstudio.com and other Microsoft domains like this:

[Wayback/Archive] 232840055-2ccfdb9b-2a13-4a34-92f5-f27f337825f8.png (766×653) email from Microsoft account team <account-security-noreply@mail.msa.msidentity.com>

Read the rest of this entry »

Posted in Pen Testing, Phishing, Power User, Red team, Security | Leave a Comment »

Mysk 🇨🇦🇩🇪 on Twitter: “Google has just updated its 2FA Authenticator app and added a much-needed feature: the ability to sync secrets across devices. TL;DR: Don’t turn it on. The new update allows users to sign in with their Google Account and sync 2FA secrets across their iOS and Android devices.… https://t.co/a8hhelupZR” / Twitter

Posted by jpluimers on 2023/05/10

Do not use the Google 2FA Authenticator to to sync secrets across devices.

The why is explained in the (long) tweet by [Wayback/Archive] Mysk on Twitter: “Google has just updated its 2FA Authenticator app and added a much-needed feature: the ability to sync secrets across devices. TL;DR: Don’t turn it on. The new update allows users to sign in with their Google Account and sync 2FA secrets across their iOS and Android devices.…”

For similar reasons, you might not want to use Authy by Twilio to sync between devices either.

Related (most in Dutch):

Read the rest of this entry »

Posted in 2FA/MFA, Authentication, Google, GoogleAuthenticator, Power User, Security | Leave a Comment »

Kevin Beaumont on Twitter: “Folks, we named blue team and red team wrong. https://t.co/eWKCSH8lqQ” / Twitter

Posted by jpluimers on 2023/04/28

[Archive] Kevin Beaumont on Twitter: “Folks, we named blue team and red team wrong. ” / Twitter

–jeroen

Read the rest of this entry »

Posted in Fun, Power User, Security | Leave a Comment »

VMware fixes critical zero-day Workstation/Player/Fusion exploit revealed at Pwn2Own

Posted by jpluimers on 2023/04/26

A less clickbaity title than most articles today as the below only applies to the VMware hypervisors running on MacOS and Windows.

The last Pwn2Own Zero Day Initiative revealed two major issues that allow a virtual machine to either execute code or read hypervisor memory on the VMware Workstation/Player/Fusion host:

  1. [Wayback/Archive] NVD – CVE-2023-20869

    VMware Workstation (17.x) and VMware Fusion (13.x) contain a stack-based buffer-overflow vulnerability that exists in the functionality for sharing host Bluetooth devices with the virtual machine.

  2. [Wayback/Archive] NVD – CVE-2023-20870

    VMware Workstation and Fusion contain an out-of-bounds read vulnerability that exists in the functionality for sharing host Bluetooth devices with the virtual machine.

Both issues have been fixed now, so be sure to deploy the fixes or, if you can’t, apply the workarounds.

Read the rest of this entry »

Posted in Fusion, Power User, Security, Virtualization, VMware, VMware Player, VMware Workstation | Leave a Comment »

Canarytokens

Posted by jpluimers on 2023/03/02

Cool: [Wayback/Archive] Canarytokens

Canary tokens are a free, quick, painless way to help defenders discover they’ve been breached (by having attackers announce themselves.)

How tokens works (in 3 short steps):

  1. Visit the site and get a free token (which could look like an URL or a hostname, depending on your selection.)
  2. If an attacker ever uses the token somehow, we will give you an out of band (email or sms) notification that it’s been visited.
  3. As an added bonus, we give you a bunch of hints and tools that increase the likelihood of an attacker tripping on a canary token.

The above documentation is just a small portion of what is at [Wayback/Archive] Canarytokens.org – Quick, Free, Detection for the Masses with even more documentation starting at [Wayback/Archive] Introduction | Canarytokens.

Source code (either the site or a docker image):

It is provided by [Wayback/Archive] Thinkst Canary.

I learned it at the height of the Log4Shell mitigation stress. Some related posts from that period:

Via: [Archive] ᖇ⦿ᖘ Gonggrijp on Twitter: “IP in Luxembourg, owned by Frantech Solutions from Cheyenne, WY. Judging from a quick round of Google appears to be a bulletproof VM hoster, with clients to match. ” / Twitter

Below image via [Wayback/Archive] Tweet2Img.com | Perfect Tweet screenshots with just one click

jeroen

Posted in Power User, Security | Leave a Comment »

« Previous Entries
 
%d bloggers like this: