Entries by Basefarm

Local privilege escalation vulnerability in Linux

Published: 2021-06-11CVE-2021-3560 “A flaw was found in polkit. When a requesting process disconnects from dbus-daemon just before the call to polkit_system_bus_name_get_creds_sync starts, the process cannot get a unique uid and pid of the process and it cannot verify the privileges of the requesting process.” The error is not handled correctly and the request is granted […]

Who is reeling in the phish?

…or what happens if a link in a phishing e-mail is clicked? It is a hard question to answer because attackers usually implement filtering methods. For example: If you have an apple device you get directed to one place If two hours go by before you click the link, its sent to a different place […]

Supply chain attacks and Zero-days

The year 2021 has seen several high profiled vulnerabilities being actively exploited in bigand popular software, including Microsoft Exchange and Solar Winds Orion. Experience shows that in some cases it is too late to patch even after a few days.Many organizations work with the guideline of patching within 30 days, if the vendor states theupdate […]

0-days in Microsoft exchange servers

Published: 2021-03-02CVE-2021-26855CVE-2021-26857CVE-2021-26858 CVE-2021-27065  “Microsoft has detected multiple 0-day exploits being used to attack on-premises versions of Microsoft Exchange Server in limited and targeted attacks. In the attacks observed, the threat actor used these vulnerabilities to access on-premises Exchange servers which enabled access to email accounts, and allowed installation of additional malware to facilitate long-term access to […]

Centreon IT monitoring software and Russian Sandworm hackers

Basefarm has become aware of published news telling of Russian-accredited advanced persistent threat actors, given the name of Sandworm, having exploited Centreon IT monitoring software. Basefarm is aware that some news report mention Orange as on the customer-list of Centreon and while Basefarm is owned by Orange Business Services we would like to make it […]

Microsoft Windows Multiple Security Updates Affecting TCP/IP | CVE-2021-24074, CVE-2021-24094, and CVE-2021-24086

Published: 2021-02-09MITRE CVE-2021-24074MITRE CVE-2021-24094MITRE CVE-2021-24086 “Microsoft released a set of fixes affecting Windows TCP/IP implementation that include two Critical Remote Code Execution (RCE) vulnerabilities (CVE-2021-24074, CVE-2021-24094) and an Important Denial of Service (DoS) vulnerability (CVE-2021-24086). The two RCE vulnerabilities are complex which make it difficult to create functional exploits, so they are not likely in the […]

Don’t get caught in the cold with ransomware

Ransoms is sadly the trend these days. We want to share a cheap and effective way to enable prevention that most probably fail to consider. Using the ransomware simulator from KnowBe4, RanSim, we could see that our endpoints did no prevention previously. An easy way to minimize the attack surface for ransomware is to use […]

CVE-2021-3156 | Heap-Based Buffer Overflow in Sudo

Published: 2021-01-26MITRE CVE-2021-3156 “The Qualys Research Team has discovered a heap overflow vulnerability in sudo, a near-ubiquitous utility available on major Unix-like operating systems. Successful exploitation of this vulnerability allows any unprivileged user to gain root privileges on the vulnerable host.” This is especially bad for multi-user environments where some users have login access, but […]

CVE-2020-17095 | Windows Hyper-V Remote Code Execution Vulnerability

Published: 2020-12-08MITRE CVE-2020-17095 “A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit this vulnerability, an attacker could run a specially crafted application on a Hyper-V guest that could cause the Hyper-V host operating system to […]